summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java141
1 files changed, 69 insertions, 72 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
index 7f7537bf..839a8134 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * RSAKeyConstraints policy enforces min and max size of the key.
- * Optionally checks the exponents.
+ * RSAKeyConstraints policy enforces min and max size of the key. Optionally
+ * checks the exponents.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RSAKeyConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class RSAKeyConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private Vector mExponents;
private int mMinSize;
private int mMaxSize;
@@ -79,13 +78,13 @@ public class RSAKeyConstraints extends APolicyRule
String[] params = {
PROP_MIN_SIZE + ";number;Minimum size of user's RSA key (bits)",
PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)",
- PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-rsakeyconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Reject request if RSA key length is not within the " +
- "specified constraints"
- };
+ PROP_EXPONENTS
+ + ";string;Comma-separated list of permissible exponents",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-rsakeyconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Reject request if RSA key length is not within the "
+ + "specified constraints" };
return params;
}
@@ -98,40 +97,40 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minSize=512
- * ra.Policy.rule.<ruleName>.maxSize=2048
- * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minSize=512
+ * ra.Policy.rule.<ruleName>.maxSize=2048
+ * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
if (config == null || config.size() == 0)
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG",
- getInstanceName()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_POLICY_CONFIG", getInstanceName()));
String exponents = null;
// Get Min and Max sizes
mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
- if (mMinSize <= 0)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
- if (mMaxSize <= 0)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
+ if (mMinSize <= 0)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
+ if (mMaxSize <= 0)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
- if (mMinSize > mMaxSize)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE));
+ if (mMinSize > mMaxSize)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE,
+ PROP_MAX_SIZE));
mExponents = new Vector();
@@ -149,11 +148,11 @@ public class RSAKeyConstraints extends APolicyRule
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = {getInstanceName(), exponents,
- PROP_EXPONENTS};
+ String[] params = { getInstanceName(), exponents,
+ PROP_EXPONENTS };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_CONFIG_PARAM", params));
}
}
}
@@ -161,8 +160,8 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -171,20 +170,20 @@ public class RSAKeyConstraints extends APolicyRule
try {
// Get the certificate info from the request
- X509CertInfo certInfo[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// There should be a certificate info set.
if (certInfo == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
// Else check if the key size(s) are within the limit.
for (int i = 0; i < certInfo.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key)
- certInfo[i].get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo[i]
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().toString();
@@ -193,28 +192,25 @@ public class RSAKeyConstraints extends APolicyRule
X509Key newkey = null;
try {
- newkey = new X509Key(AlgorithmId.get("RSA"),
- key.getKey());
+ newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey());
} catch (Exception e) {
- CMS.debug( "RSAKeyConstraints::apply() - "
- + "Exception="+e.toString() );
- setError( req,
- CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION",
- getInstanceName() ),
- "" );
+ CMS.debug("RSAKeyConstraints::apply() - " + "Exception="
+ + e.toString());
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
+ getInstanceName()), "");
return PolicyResult.REJECTED;
}
RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
int keySize = rsaKey.getKeySize();
if (keySize < mMinSize || keySize > mMaxSize) {
- String[] params = {getInstanceName(),
- String.valueOf(keySize),
- String.valueOf(mMinSize),
- String.valueOf(mMaxSize)};
+ String[] params = { getInstanceName(),
+ String.valueOf(keySize), String.valueOf(mMinSize),
+ String.valueOf(mMaxSize) };
- setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_KEY_SIZE_VIOLATION", params), "");
result = PolicyResult.REJECTED;
}
@@ -226,26 +222,28 @@ public class RSAKeyConstraints extends APolicyRule
if (!mExponents.contains(exp)) {
StringBuffer sb = new StringBuffer();
- for (Enumeration e = mExponents.elements();
- e.hasMoreElements();) {
+ for (Enumeration e = mExponents.elements(); e
+ .hasMoreElements();) {
BigInt bi = (BigInt) e.nextElement();
sb.append(bi.toBigInteger().toString());
sb.append(" ");
}
- String[] params = {getInstanceName(),
- exp.toBigInteger().toString(), new String(sb)};
+ String[] params = { getInstanceName(),
+ exp.toBigInteger().toString(), new String(sb) };
- setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_EXPONENT_VIOLATION", params), "");
result = PolicyResult.REJECTED;
}
}
}
} catch (Exception e) {
// e.printStackTrace();
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -253,10 +251,10 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector confParams = new Vector();
confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize);
@@ -275,11 +273,10 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 09:09:23 +0000