summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java131
1 files changed, 65 insertions, 66 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
index 3caee615..075f7a1f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.math.BigInteger;
import java.security.interfaces.DSAParams;
import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* DSAKeyConstraints policy enforces min and max size of the key.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class DSAKeyConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class DSAKeyConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private int mMinSize;
private int mMaxSize;
@@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule
defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
}
-
+
public DSAKeyConstraints() {
NAME = "DSAKeyConstraints";
DESC = "Enforces DSA Key Constraints.";
@@ -83,11 +82,10 @@ public class DSAKeyConstraints extends APolicyRule
String[] params = {
PROP_MIN_SIZE + ";number;Minimum key size",
PROP_MAX_SIZE + ";number;Maximum key size",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-dsakeyconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Rejects request if DSA key size is out of range"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-dsakeyconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Rejects request if DSA key size is out of range" };
return params;
}
@@ -95,18 +93,19 @@ public class DSAKeyConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minSize=512
- * ra.Policy.rule.<ruleName>.maxSize=1024
- * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minSize=512
+ * ra.Policy.rule.<ruleName>.maxSize=1024
+ * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+ * netscape.com
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get Min and Max sizes
mConfig = config;
@@ -119,49 +118,46 @@ public class DSAKeyConstraints extends APolicyRule
String msg = "cannot be more than " + DEF_MAX_SIZE;
log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MAX_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MAX_SIZE, msg));
}
if (mMinSize < DEF_MIN_SIZE) {
String msg = "cannot be less than " + DEF_MIN_SIZE;
log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
if (mMaxSize % INCREMENT != 0) {
String msg = "must be in increments of " + INCREMENT;
log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
if (mMaxSize % INCREMENT != 0) {
String msg = "must be in increments of " + INCREMENT;
log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
-
+
config.putInteger(PROP_MIN_SIZE, mMinSize);
config.putInteger(PROP_MAX_SIZE, mMaxSize);
} catch (Exception e) {
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", getInstanceName(), e.toString()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", getInstanceName(),
+ e.toString()));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -170,59 +166,60 @@ public class DSAKeyConstraints extends APolicyRule
try {
// Get the certificate info from the request
- X509CertInfo ci[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo ci[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// There should be a certificate info set.
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
return PolicyResult.REJECTED;
}
// Else check if the key size(s) are within the limit.
for (int i = 0; i < ci.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key)
- ci[i].get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) ci[i]
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().toString();
if (!alg.equalsIgnoreCase(DSA))
continue;
- // Check DSAKey parameters.
- // size refers to the p parameter.
+ // Check DSAKey parameters.
+ // size refers to the p parameter.
DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
DSAParams keyParams = dsaKey.getParams();
- if (keyParams == null) {
+ if (keyParams == null) {
// key parameters could not be parsed.
- Object[] params = new Object[] {
- getInstanceName(), String.valueOf(i + 1) };
+ Object[] params = new Object[] { getInstanceName(),
+ String.valueOf(i + 1) };
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_KEY_PARAMS", getInstanceName(),
+ String.valueOf(i + 1)), "");
return PolicyResult.REJECTED;
}
BigInteger p = keyParams.getP();
int len = p.bitLength();
- if (len < mMinSize || len > mMaxSize ||
- (len % INCREMENT) != 0) {
- String[] parms = new String[] {
- getInstanceName(),
- String.valueOf(len),
- String.valueOf(mMinSize),
- String.valueOf(mMaxSize),
- String.valueOf(INCREMENT) };
+ if (len < mMinSize || len > mMaxSize || (len % INCREMENT) != 0) {
+ String[] parms = new String[] { getInstanceName(),
+ String.valueOf(len), String.valueOf(mMinSize),
+ String.valueOf(mMaxSize), String.valueOf(INCREMENT) };
- setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION_1", parms), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_KEY_SIZE_VIOLATION_1", parms), "");
return PolicyResult.REJECTED;
}
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = { getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -230,27 +227,29 @@ public class DSAKeyConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector confParams = new Vector();
try {
- confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
- confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
- } catch (EBaseException e) {;
+ confParams.addElement(PROP_MIN_SIZE + "="
+ + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
+ confParams.addElement(PROP_MAX_SIZE + "="
+ + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
+ } catch (EBaseException e) {
+ ;
}
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 13:42:00 +0000