diff options
12 files changed, 13 insertions, 12 deletions
diff --git a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg index e80dfe23..8d402f77 100644 --- a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -30,7 +30,7 @@ policyset.cmcUserCertSet.2.default.params.range=180 policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint -policyset.cmcUserCertSet.3.constraint.params.keyType=RSA +policyset.cmcUserCertSet.3.constraint.params.keyType=- policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg index 127a1332..c9507b56 100644 --- a/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg @@ -30,7 +30,7 @@ policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 -policyset.cmcUserCertSet.3.constraint.params.keyType=RSA +policyset.cmcUserCertSet.3.constraint.params.keyType=- policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl diff --git a/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg index 36721c1d..43588fe3 100644 --- a/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg @@ -30,7 +30,7 @@ policyset.caCertSet.2.default.params.range=720 policyset.caCertSet.2.default.params.startTime=0 policyset.caCertSet.3.constraint.class_id=keyConstraintImpl policyset.caCertSet.3.constraint.name=Key Constraint -policyset.caCertSet.3.constraint.params.keyType=RSA +policyset.caCertSet.3.constraint.params.keyType=- policyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.caCertSet.3.default.class_id=userKeyDefaultImpl policyset.caCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg index 3d72b20f..11b8d78f 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthAuditSigningCert.cfg @@ -30,7 +30,7 @@ policyset.auditSigningCertSet.2.default.params.range=720 policyset.auditSigningCertSet.2.default.params.startTime=0 policyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl policyset.auditSigningCertSet.3.constraint.name=Key Constraint -policyset.auditSigningCertSet.3.constraint.params.keyType=RSA +policyset.auditSigningCertSet.3.constraint.params.keyType=- policyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl policyset.auditSigningCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg index 55185aa9..de226b63 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -30,7 +30,7 @@ policyset.ocspCertSet.2.default.params.range=720 policyset.ocspCertSet.2.default.params.startTime=0 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl policyset.ocspCertSet.3.constraint.name=Key Constraint -policyset.ocspCertSet.3.constraint.params.keyType=RSA +policyset.ocspCertSet.3.constraint.params.keyType=- policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl policyset.ocspCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg index 9d42b852..de07df56 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg @@ -30,7 +30,7 @@ policyset.ocspCertSet.2.default.params.range=720 policyset.ocspCertSet.2.default.params.startTime=0 policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl policyset.ocspCertSet.3.constraint.name=Key Constraint -policyset.ocspCertSet.3.constraint.params.keyType=RSA +policyset.ocspCertSet.3.constraint.params.keyType=- policyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl policyset.ocspCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg index a343a384..f639d243 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -30,7 +30,7 @@ policyset.serverCertSet.2.default.params.range=720 policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint -policyset.serverCertSet.3.constraint.params.keyType=RSA +policyset.serverCertSet.3.constraint.params.keyType=- policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg index c6cf2dd0..73f21948 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg @@ -32,7 +32,7 @@ policyset.serverCertSet.2.default.params.range=720 policyset.serverCertSet.2.default.params.startTime=0 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl policyset.serverCertSet.3.constraint.name=Key Constraint -policyset.serverCertSet.3.constraint.params.keyType=RSA +policyset.serverCertSet.3.constraint.params.keyType=- policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl policyset.serverCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg index ddbc37a5..1faa6100 100644 --- a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -30,7 +30,7 @@ policyset.transportCertSet.2.default.params.range=720 policyset.transportCertSet.2.default.params.startTime=0 policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl policyset.transportCertSet.3.constraint.name=Key Constraint -policyset.transportCertSet.3.constraint.params.keyType=RSA +policyset.transportCertSet.3.constraint.params.keyType=- policyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl policyset.transportCertSet.3.default.name=Key Default diff --git a/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg index ee0df883..a823bab1 100644 --- a/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg @@ -29,7 +29,7 @@ policyset.cmcUserCertSet.2.default.params.startTime=0 policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl policyset.cmcUserCertSet.3.constraint.name=Key Constraint policyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096 -policyset.cmcUserCertSet.3.constraint.params.keyType=RSA +policyset.cmcUserCertSet.3.constraint.params.keyType=- policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl policyset.cmcUserCertSet.3.default.name=Key Default policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 01fd7eb0..a94536e8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -84,7 +84,7 @@ public class KeyConstraint extends EnrollConstraint { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RSA,EC", + return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else if (name.equals(CONFIG_KEY_PARAMETERS)) { @@ -144,7 +144,7 @@ public class KeyConstraint extends EnrollConstraint { if (alg.equals("EC")) { //For now only check for legal EC key type. //We don't have the required EC key class to evaluate curve names. - if (!alg.equals(keyType)) { + if (!alg.equals(keyType) && !isOptional(keyType)) { throw new ERejectException( CMS.getUserMessage( getLocale(request), diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 43fa3e0d..dc8adaf9 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -58,6 +58,7 @@ public class CertUtil { throws IOException { HttpClient httpclient = new HttpClient(); String c = null; + CMS.debug("CertUtil createRemoteCert: content " + content); try { JssSSLSocketFactory factory = new JssSSLSocketFactory(); |