diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java | 113 |
1 files changed, 57 insertions, 56 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java index 686529f4..546bd741 100644 --- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java +++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.constraints; - import java.util.Date; import java.util.Locale; import java.util.Vector; @@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** * Whether to allow revocation of an expired cert. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class RevocationConstraints extends APolicyRule - implements IRevocationPolicy, IExtendedPluginInfo { +public class RevocationConstraints extends APolicyRule implements + IRevocationPolicy, IExtendedPluginInfo { private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts"; private static final String PROP_ALLOW_ON_HOLD = "allowOnHold"; @@ -71,16 +70,18 @@ public class RevocationConstraints extends APolicyRule public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate", - PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-revocationconstraints", - IExtendedPluginInfo.HELP_TEXT + - ";Allow administrator to decide policy on whether to allow " + - "recovation of expired certificates" + - "and set reason to On-Hold" - - }; + PROP_ALLOW_EXPIRED_CERTS + + ";boolean;Allow a user to revoke an already-expired certificate", + PROP_ALLOW_ON_HOLD + + ";boolean;Allow a user to set reason to On-Hold", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-revocationconstraints", + IExtendedPluginInfo.HELP_TEXT + + ";Allow administrator to decide policy on whether to allow " + + "recovation of expired certificates" + + "and set reason to On-Hold" + + }; return params; @@ -89,36 +90,36 @@ public class RevocationConstraints extends APolicyRule /** * Initializes this policy rule. * <P> - * + * * The entries probably are of the form: - * - * ra.Policy.rule.<ruleName>.implName=ValidityConstraints - * ra.Policy.rule.<ruleName>.enable=true - * ra.Policy.rule.<ruleName>.allowExpiredCerts=true - * - * @param config The config store reference + * + * ra.Policy.rule.<ruleName>.implName=ValidityConstraints + * ra.Policy.rule.<ruleName>.enable=true + * ra.Policy.rule.<ruleName>.allowExpiredCerts=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EPolicyException { + throws EPolicyException { // Get min and max validity in days and onfigure them. try { - mAllowExpiredCerts = - config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true); - mAllowOnHold = - config.getBoolean(PROP_ALLOW_ON_HOLD, true); + mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, + true); + mAllowOnHold = config.getBoolean(PROP_ALLOW_ON_HOLD, true); } catch (EBaseException e) { // never happen. } - CMS.debug("RevocationConstraints: allow expired certs " + mAllowExpiredCerts); + CMS.debug("RevocationConstraints: allow expired certs " + + mAllowExpiredCerts); CMS.debug("RevocationConstraints: allow on hold " + mAllowOnHold); } /** * Applies the policy on the given Request. * <P> - * - * @param req The request on which to apply policy. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { @@ -127,8 +128,8 @@ public class RevocationConstraints extends APolicyRule CMS.debug("RevocationConstraints: apply: no revocationReason found in request"); return PolicyResult.REJECTED; } - RevocationReason rr = RevocationReason.fromInt( - req.getExtDataInInteger(IRequest.REVOKED_REASON).intValue()); + RevocationReason rr = RevocationReason.fromInt(req.getExtDataInInteger( + IRequest.REVOKED_REASON).intValue()); if (!mAllowOnHold && (rr != null)) { int reason = rr.toInt(); @@ -136,37 +137,37 @@ public class RevocationConstraints extends APolicyRule if (reason == RevocationReason.CERTIFICATE_HOLD.toInt()) { String params[] = { getInstanceName() }; - setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_NO_ON_HOLD_ALLOWED", params), ""); return PolicyResult.REJECTED; - } + } } if (mAllowExpiredCerts) // nothing to check. return PolicyResult.ACCEPTED; - + PolicyResult result = PolicyResult.ACCEPTED; try { // Get the certificates being renwed. - X509CertImpl[] oldCerts = - req.getExtDataInCertArray(IRequest.OLD_CERTS); + X509CertImpl[] oldCerts = req + .getExtDataInCertArray(IRequest.OLD_CERTS); if (oldCerts == null) { setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"), - getInstanceName()); + getInstanceName()); return PolicyResult.REJECTED; } // check if each cert to be renewed is expired. for (int i = 0; i < oldCerts.length; i++) { - X509CertInfo oldCertInfo = (X509CertInfo) - oldCerts[i].get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateValidity oldValidity = (CertificateValidity) - oldCertInfo.get(X509CertInfo.VALIDITY); - Date notAfter = (Date) - oldValidity.get(CertificateValidity.NOT_AFTER); + X509CertInfo oldCertInfo = (X509CertInfo) oldCerts[i] + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateValidity oldValidity = (CertificateValidity) oldCertInfo + .get(X509CertInfo.VALIDITY); + Date notAfter = (Date) oldValidity + .get(CertificateValidity.NOT_AFTER); // Is the Certificate still valid? Date now = CMS.getCurrentDate(); @@ -174,18 +175,19 @@ public class RevocationConstraints extends APolicyRule if (notAfter.before(now)) { String params[] = { getInstanceName() }; - setError(req, - CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", - params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", params), + ""); result = PolicyResult.REJECTED; break; } } } catch (Exception e) { - String params[] = {getInstanceName(), e.toString()}; + String params[] = { getInstanceName(), e.toString() }; - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); + setError(req, CMS.getUserMessage( + "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), ""); result = PolicyResult.REJECTED; } return result; @@ -193,22 +195,21 @@ public class RevocationConstraints extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { Vector confParams = new Vector(); - confParams.addElement( - PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts); - confParams.addElement( - PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); + confParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + + mAllowExpiredCerts); + confParams.addElement(PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold); return confParams; } /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getDefaultParams() { |