diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java | 361 |
1 files changed, 181 insertions, 180 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java index e146a0cf..4c2eb464 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; + import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -46,100 +47,103 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; + /** - * Basic Constraints policy. Adds the Basic constraints extension. + * Basic Constraints policy. + * Adds the Basic constraints extension. * <P> - * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ -public class BasicConstraintsExt extends APolicyRule implements - IEnrollmentPolicy, IExtendedPluginInfo { +public class BasicConstraintsExt extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { protected static final String PROP_MAXPATHLEN = "maxPathLen"; protected static final String PROP_IS_CA = "isCA"; protected static final String PROP_IS_CRITICAL = "critical"; protected static final String ARG_PATHLEN = "BasicConstraintsPathLen"; - protected int mMaxPathLen = 0; // < 0 means unlimited + protected int mMaxPathLen = 0; // < 0 means unlimited protected String mOrigMaxPathLen = ""; // for UI display only protected boolean mCritical = true; - protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. - protected int mCAPathLen = 0; + protected int mDefaultMaxPathLen = 0; // depends on the CA's path length. + protected int mCAPathLen = 0; protected boolean mRemoveExt = true; protected boolean mIsCA = true; public static final boolean DEFAULT_CRITICALITY = true; /** - * Adds the basic constraints extension as a critical extension in CA - * certificates i.e. certype is ca, with either a requested or configured - * path len. The requested or configured path length cannot be greater than - * or equal to the CA's basic constraints path length. If the CA path length - * is 0, all requests for CA certs are rejected. + * Adds the basic constraints extension as a critical extension in + * CA certificates i.e. certype is ca, with either a requested + * or configured path len. + * The requested or configured path length cannot be greater than + * or equal to the CA's basic constraints path length. + * If the CA path length is 0, all requests for CA certs are rejected. */ public BasicConstraintsExt() { NAME = "BasicConstraintsExt"; - DESC = "Sets critical basic constraints extension in subordinate CA certs"; + DESC = + "Sets critical basic constraints extension in subordinate CA certs"; } /** * Initializes this policy rule. * <p> * The entries may be of the form: - * - * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl - * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. - * ca.Policy.rule.<ruleName>.enable=true - * - * @param config The config store reference + * + * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl + * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined. + * ca.Policy.rule.<ruleName>.enable=true + * + * @param config The config store reference */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // get the CA's path len to check against configured max path len. - ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner) - .getAuthority(); + ICertAuthority certAuthority = (ICertAuthority) + ((IPolicyProcessor) owner).getAuthority(); if (certAuthority == null) { // should never get here. log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER")); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", - "Cannot find the Certificate Manager or Registration Manager")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", + "Cannot find the Certificate Manager or Registration Manager")); } if (certAuthority instanceof IRegistrationAuthority) { - log(ILogger.LL_WARN, - "default basic constraints extension path len to -1."); + log(ILogger.LL_WARN, + "default basic constraints extension path len to -1."); mCAPathLen = -1; } else { CertificateChain caChain = certAuthority.getCACertChain(); - if (caChain == null || CMS.isPreOpMode()) { + if( caChain == null || CMS.isPreOpMode() ) { return; } X509Certificate caCert = caChain.getFirstCertificate(); mCAPathLen = caCert.getBasicConstraints(); } - // set default to one less than the CA's pathlen or 0 if CA's - // pathlen is 0. + // set default to one less than the CA's pathlen or 0 if CA's + // pathlen is 0. // If it's unlimited default the max pathlen also to unlimited. - if (mCAPathLen < 0) + if (mCAPathLen < 0) mDefaultMaxPathLen = -1; - else if (mCAPathLen > 0) + else if (mCAPathLen > 0) mDefaultMaxPathLen = mCAPathLen - 1; - else // (mCAPathLen == 0) + else // (mCAPathLen == 0) { - log(ILogger.LL_WARN, CMS.getLogMessage("POLICY_PATHLEN_ZERO")); - // return; + log(ILogger.LL_WARN, + CMS.getLogMessage("POLICY_PATHLEN_ZERO")); + //return; } - // get configured max path len, use defaults if not configured. + // get configured max path len, use defaults if not configured. boolean pathLenConfigured = true; try { @@ -147,19 +151,19 @@ public class BasicConstraintsExt extends APolicyRule implements mIsCA = config.getBoolean(PROP_IS_CA, true); mMaxPathLen = config.getInteger(PROP_MAXPATHLEN); if (mMaxPathLen < 0) { - log(ILogger.LL_MISCONF, CMS.getLogMessage( - "POLICY_INVALID_MAXPATHLEN_4", "", - String.valueOf(mMaxPathLen))); - throw new EPolicyException(CMS.getUserMessage( - "CMS_POLICY_INVALID_MAXPATHLEN_1", NAME, + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "", String.valueOf(mMaxPathLen))); + throw new EPolicyException( + CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1", + NAME, String.valueOf(mMaxPathLen))); } mOrigMaxPathLen = Integer.toString(mMaxPathLen); } catch (EBaseException e) { - if (!(e instanceof EPropertyNotFound) - && !(e instanceof EPropertyNotDefined)) { - log(ILogger.LL_MISCONF, - CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); + if (!(e instanceof EPropertyNotFound) && + !(e instanceof EPropertyNotDefined)) { + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN")); throw e; } @@ -171,52 +175,53 @@ public class BasicConstraintsExt extends APolicyRule implements // check if configured path len is valid. if (pathLenConfigured) { - // if CA's pathlen is unlimited, any max pathlen is ok. - // else maxPathlen must be at most one less than the CA's - // pathlen or 0 if CA's pathlen is 0. - - if (mCAPathLen > 0 - && (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { - String maxStr = (mMaxPathLen < 0) ? String.valueOf(mMaxPathLen) - + "(unlimited)" : String.valueOf(mMaxPathLen); - - log(ILogger.LL_MISCONF, CMS.getLogMessage( - "POLICY_MAXPATHLEN_TOO_BIG_3", "", maxStr, + // if CA's pathlen is unlimited, any max pathlen is ok. + // else maxPathlen must be at most one less than the CA's + // pathlen or 0 if CA's pathlen is 0. + + if (mCAPathLen > 0 && + (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) { + String maxStr = (mMaxPathLen < 0) ? + String.valueOf(mMaxPathLen) + "(unlimited)" : + String.valueOf(mMaxPathLen); + + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "", + maxStr, String.valueOf(mCAPathLen))); - throw new EPolicyException(CMS.getUserMessage( - "CMS_POLICY_MAXPATHLEN_TOO_BIG_1", NAME, maxStr, - Integer.toString(mCAPathLen))); + throw new EPolicyException( + CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1", + NAME, maxStr, Integer.toString(mCAPathLen))); } else if (mCAPathLen == 0 && mMaxPathLen != 0) { - log(ILogger.LL_MISCONF, CMS.getLogMessage( - "POLICY_INVALID_MAXPATHLEN_2", "", - String.valueOf(mMaxPathLen))); - throw new EPolicyException(CMS.getUserMessage( - "CMS_POLICY_INVALID_MAXPATHLEN", NAME, - String.valueOf(mMaxPathLen))); + log(ILogger.LL_MISCONF, + CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); + throw new EPolicyException( + CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN", + NAME, String.valueOf(mMaxPathLen))); } } } /** - * Checks if the basic contraints extension in certInfo is valid and add the - * basic constraints extension for CA certs if none exists. Non-CA certs do - * not get a basic constraints extension. - * - * @param req The request on which to apply policy. + * Checks if the basic contraints extension in certInfo is valid and + * add the basic constraints extension for CA certs if none exists. + * Non-CA certs do not get a basic constraints extension. + * + * @param req The request on which to apply policy. * @return The policy result object. */ public PolicyResult apply(IRequest req) { PolicyResult res = PolicyResult.ACCEPTED; // get cert info. - X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO); + X509CertInfo[] ci = + req.getExtDataInCertInfoArray(IRequest.CERT_INFO); X509CertInfo certInfo = null; if (ci == null || (certInfo = ci[0]) == null) { - setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), - ""); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } @@ -224,22 +229,24 @@ public class BasicConstraintsExt extends APolicyRule implements boolean isCA = mIsCA; /** - * boolean isCA = false; String type = - * (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (type - * != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { isCA = true; } + boolean isCA = false; + String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); + if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { + isCA = true; + } **/ for (int i = 0; i < ci.length; i++) { PolicyResult certResult = applyCert(req, isCA, certInfo); - if (certResult == PolicyResult.REJECTED) + if (certResult == PolicyResult.REJECTED) return certResult; } return PolicyResult.ACCEPTED; } - public PolicyResult applyCert(IRequest req, boolean isCA, - X509CertInfo certInfo) { + public PolicyResult applyCert( + IRequest req, boolean isCA, X509CertInfo certInfo) { // get basic constraints extension from cert info if any. CertificateExtensions extensions = null; @@ -247,11 +254,11 @@ public class BasicConstraintsExt extends APolicyRule implements try { // get basic constraints extension if any. - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { - basicExt = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + basicExt = (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.NAME); } } catch (IOException e) { // no extensions or basic constraints extension. @@ -259,19 +266,19 @@ public class BasicConstraintsExt extends APolicyRule implements // no extensions or basic constraints extension. } - // for non-CA certs, pkix says it SHOULD NOT have the extension + // for non-CA certs, pkix says it SHOULD NOT have the extension // so remove it. if (!isCA) { if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { } catch (IOException e) { - // not possible + // not possible } } if (basicExt != null) { @@ -284,62 +291,56 @@ public class BasicConstraintsExt extends APolicyRule implements BasicConstraintsExtension critExt; try { - critExt = new BasicConstraintsExtension(isCA, mCritical, - mMaxPathLen); + critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", - e.toString())); - setError(req, CMS.getUserMessage( - "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", + e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } - + try { extensions.set(BasicConstraintsExtension.NAME, critExt); } catch (IOException e) { } - CMS.debug("BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " - + req.getRequestId()); + CMS.debug( + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } // For CA certs, check if existing extension is valid, and adjust. - // Extension must be marked critial and pathlen must be < CA's pathlen. + // Extension must be marked critial and pathlen must be < CA's pathlen. // if CA's pathlen is 0 all ca certs are rejected. if (mCAPathLen == 0) { - // reject all subordinate CA cert requests because CA's + // reject all subordinate CA cert requests because CA's // path length is 0. - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); - setError(req, CMS.getUserMessage( - "CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME)); + setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); return PolicyResult.REJECTED; } - if (basicExt != null) { + if (basicExt != null) { try { - boolean extIsCA = ((Boolean) basicExt - .get(BasicConstraintsExtension.IS_CA)).booleanValue(); - int pathLen = ((Integer) basicExt - .get(BasicConstraintsExtension.PATH_LEN)).intValue(); + boolean extIsCA = + ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); + int pathLen = + ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue(); if (mMaxPathLen > -1) { if (pathLen > mMaxPathLen || pathLen < 0) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "POLICY_MAXPATHLEN_TOO_BIG_3", NAME, - "unlimited", String.valueOf(pathLen))); - if (pathLen < 0) - setError(req, - CMS.getUserMessage( - "CMS_POLICY_MAXPATHLEN_TOO_BIG", - NAME, "unlimited", - Integer.toString(mMaxPathLen)), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); + if (pathLen < 0) + setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", + NAME, "unlimited", Integer.toString(mMaxPathLen)), ""); else - setError(req, CMS.getUserMessage( - "CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME, - Integer.toString(pathLen), + setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG", + NAME, Integer.toString(pathLen), Integer.toString(mMaxPathLen)), ""); return PolicyResult.REJECTED; } @@ -347,20 +348,20 @@ public class BasicConstraintsExt extends APolicyRule implements // adjust isCA field if (!extIsCA) { - basicExt.set(BasicConstraintsExtension.IS_CA, - Boolean.valueOf(true)); + basicExt.set(BasicConstraintsExtension.IS_CA, + Boolean.valueOf(true)); } // adjust path length field. if (mMaxPathLen == 0) { if (pathLen != 0) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(0)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(0)); pathLen = 0; } } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) { - basicExt.set(BasicConstraintsExtension.PATH_LEN, - Integer.valueOf(mMaxPathLen)); + basicExt.set(BasicConstraintsExtension.PATH_LEN, + Integer.valueOf(mMaxPathLen)); pathLen = mMaxPathLen; } @@ -369,13 +370,12 @@ public class BasicConstraintsExt extends APolicyRule implements BasicConstraintsExtension critExt; try { - critExt = new BasicConstraintsExtension(isCA, - mCritical, pathLen); + critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); - setError(req, CMS.getUserMessage( - "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME)); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } extensions.delete(BasicConstraintsExtension.NAME); @@ -384,8 +384,9 @@ public class BasicConstraintsExt extends APolicyRule implements } catch (IOException e) { // not possible in these cases. } - CMS.debug("BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " - + req.getRequestId()); + CMS.debug( + "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } @@ -393,14 +394,14 @@ public class BasicConstraintsExt extends APolicyRule implements if (extensions == null) { try { // create extensions set if none. - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } catch (CertificateException e) { // not possible } catch (IOException e) { - // not possible + // not possible } } @@ -412,28 +413,29 @@ public class BasicConstraintsExt extends APolicyRule implements if (reqPathLenStr == null) { reqPathLen = mMaxPathLen; } else { - try { - reqPathLen = Integer.parseInt(reqPathLenStr); - if ((mMaxPathLen == 0 && reqPathLen != 0) - || (mMaxPathLen > 0 && (reqPathLen > mMaxPathLen || reqPathLen < 0))) { - String plenStr = ((reqPathLen < 0) ? reqPathLenStr - + "(unlimited)" : reqPathLenStr); - - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "POLICY_PATHLEN_TOO_BIG_3", plenStr, + try { + reqPathLen = Integer.parseInt(reqPathLenStr); + if ((mMaxPathLen == 0 && reqPathLen != 0) || + (mMaxPathLen > 0 && + (reqPathLen > mMaxPathLen || reqPathLen < 0))) { + String plenStr = + ((reqPathLen < 0) ? + reqPathLenStr + "(unlimited)" : reqPathLenStr); + + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr, String.valueOf(mMaxPathLen))); - setError(req, CMS.getUserMessage( - "CMS_POLICY_PATHLEN_TOO_BIG", NAME, plenStr, - String.valueOf(mMaxPathLen)), ""); + setError(req, + CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG", + NAME, plenStr, String.valueOf(mMaxPathLen)), ""); return PolicyResult.REJECTED; } } catch (NumberFormatException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); - setError(req, CMS.getUserMessage( - "CMS_POLICY_INVALID_PATHLEN_FORMAT", NAME, - reqPathLenStr), ""); - return PolicyResult.REJECTED; + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr)); + setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", + NAME, reqPathLenStr), ""); + return PolicyResult.REJECTED; } } BasicConstraintsExtension newExt; @@ -441,29 +443,29 @@ public class BasicConstraintsExt extends APolicyRule implements try { newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen); } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", - e.toString())); - setError(req, CMS.getUserMessage( - "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString())); + setError(req, + CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), ""); return PolicyResult.REJECTED; // unrecoverable error. } try { extensions.set(BasicConstraintsExtension.NAME, newExt); - } catch (IOException e) { + }catch (IOException e) { // doesn't happen. } - CMS.debug("BasicConstraintsExt: added the extension to request " - + req.getRequestId()); + CMS.debug( + "BasicConstraintsExt: added the extension to request " + + req.getRequestId()); return PolicyResult.ACCEPTED; } /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getInstanceParams() { + public Vector getInstanceParams() { Vector params = new Vector(); // Because of one of the UI bugs 385273, we should leave the empty space @@ -476,10 +478,10 @@ public class BasicConstraintsExt extends APolicyRule implements /** * Return default parameters for a policy implementation. - * + * * @return nvPairs A Vector of name/value pairs. */ - public Vector getDefaultParams() { + public Vector getDefaultParams() { Vector defParams = new Vector(); defParams.addElement(PROP_IS_CRITICAL + "=true"); @@ -490,20 +492,19 @@ public class BasicConstraintsExt extends APolicyRule implements public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - PROP_MAXPATHLEN - + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", - PROP_IS_CRITICAL - + ";boolean;" - + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", - PROP_IS_CA - + ";boolean;" - + "Identifies the subject of the certificate is a CA or not.", - IExtendedPluginInfo.HELP_TOKEN - + ";configuration-policyrules-basicconstraints", - IExtendedPluginInfo.HELP_TEXT - + ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" }; + PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.", + PROP_IS_CRITICAL + ";boolean;" + + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.", + PROP_IS_CA + ";boolean;" + + "Identifies the subject of the certificate is a CA or not.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-basicconstraints", + IExtendedPluginInfo.HELP_TEXT + + ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" + }; return params; } } + |