diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java | 193 |
1 files changed, 85 insertions, 108 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index 400a6d35..cec8051b 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; + import java.io.IOException; import java.security.cert.CertificateException; import java.util.Hashtable; @@ -49,18 +50,18 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; + /** - * The type of the distribution point or issuer name. The name is expressed as a - * simple string in the configuration file, so this attribute is needed to tell - * whether the simple string should be stored in an X.500 Name, a URL, or an - * RDN. + * The type of the distribution point or issuer name. The name is expressed + * as a simple string in the configuration file, so this attribute is needed + * to tell whether the simple string should be stored in an X.500 Name, + * a URL, or an RDN. * <P> - * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -68,7 +69,7 @@ class NameType { private NameType() { } // no default constructor - private String stringRep; // string representation of this type + private String stringRep; // string representation of this type private NameType(String s) { map.put(s, this); @@ -78,8 +79,8 @@ class NameType { private static Hashtable map = new Hashtable(); /** - * Looks up a NameType from its string representation. Returns null if no - * matching NameType was found. + * Looks up a NameType from its string representation. Returns null + * if no matching NameType was found. */ public static NameType fromString(String s) { return (NameType) map.get(s); @@ -91,14 +92,15 @@ class NameType { public static final NameType DIRECTORY_NAME = new NameType("DirectoryName"); public static final NameType URI = new NameType("URI"); - public static final NameType RELATIVE_TO_ISSUER = new NameType( - "RelativeToIssuer"); + public static final NameType RELATIVE_TO_ISSUER = + new NameType("RelativeToIssuer"); } + /** - * These are the parameters that may be given in the configuration file for each - * distribution point. They are parsed by DPParamsToDP(). Any of them may be - * null. + * These are the parameters that may be given in the configuration file + * for each distribution point. They are parsed by DPParamsToDP(). + * Any of them may be null. */ class DistPointParams { public String pointName; @@ -122,12 +124,13 @@ class DistPointParams { } + /** - * CRL Distribution Points policy. Adds the CRL Distribution Points extension to - * the certificate. + * CRL Distribution Points policy. + * Adds the CRL Distribution Points extension to the certificate. */ -public class CRLDistributionPointsExt extends APolicyRule implements - IEnrollmentPolicy, IExtendedPluginInfo { +public class CRLDistributionPointsExt extends APolicyRule + implements IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_IS_CRITICAL = "critical"; public static final String PROP_NUM_POINTS = "numPoints"; @@ -169,40 +172,32 @@ public class CRLDistributionPointsExt extends APolicyRule implements // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed for (int i = 0; i < MAX_POINTS; i++) { - v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" - + "DirectoryName,URI,RelativeToIssuer);" - + "The type of the CRL distribution point."); - v.addElement(PROP_POINT_NAME - + Integer.toString(i) - + ";string;" - + "The name of the CRL distribution point depending on the CRLDP type."); - v.addElement(PROP_REASONS - + Integer.toString(i) - + ";string;" - + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); - v.addElement(PROP_ISSUER_TYPE - + Integer.toString(i) - + ";choice(" - + "DirectoryName,URI);" - + "The type of the issuer that has signed the CRL maintained at this distribution point."); - v.addElement(PROP_ISSUER_NAME - + Integer.toString(i) - + ";string;" - + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); + v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" + + "DirectoryName,URI,RelativeToIssuer);" + + "The type of the CRL distribution point."); + v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + + "The name of the CRL distribution point depending on the CRLDP type."); + v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); + v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + + "DirectoryName,URI);" + + "The type of the issuer that has signed the CRL maintained at this distribution point."); + v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } - v.addElement(PROP_NUM_POINTS - + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); - v.addElement(PROP_IS_CRITICAL - + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); - v.addElement(IExtendedPluginInfo.HELP_TOKEN - + ";configuration-policyrules-crldistributionpoints"); - v.addElement(IExtendedPluginInfo.HELP_TEXT - + ";This policy inserts the CRL Distribution Points " - + "Extension into the certificate. See RFC 2459 (4.2.1.14). "); - - mExtParams = com.netscape.cmsutil.util.Utils - .getStringArrayFromVector(v); + v.addElement(PROP_NUM_POINTS + + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); + v.addElement(PROP_IS_CRITICAL + + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-crldistributionpoints"); + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";This policy inserts the CRL Distribution Points " + + "Extension into the certificate. See RFC 2459 (4.2.1.14). " + ); + + mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); } public String[] getExtendedPluginInfo(Locale locale) { @@ -217,13 +212,13 @@ public class CRLDistributionPointsExt extends APolicyRule implements * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // Register the CRL Distribution Points extension. try { netscape.security.x509.OIDMap.addAttribute( - CRLDistributionPointsExtension.class.getName(), - CRLDistributionPointsExtension.OID, - CRLDistributionPointsExtension.NAME); + CRLDistributionPointsExtension.class.getName(), + CRLDistributionPointsExtension.OID, + CRLDistributionPointsExtension.NAME); } catch (CertificateException e) { // ignore, just means it has already been added } @@ -247,15 +242,11 @@ public class CRLDistributionPointsExt extends APolicyRule implements DistPointParams configparams = new DistPointParams(params); CRLDistributionPoint crldp = DPParamsToDP(params); - mParams.addElement(PROP_POINT_TYPE + i + "=" - + configparams.pointType); - mParams.addElement(PROP_POINT_NAME + i + "=" - + configparams.pointName); + mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType); + mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName); mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons); - mParams.addElement(PROP_ISSUER_TYPE + i + "=" - + configparams.issuerType); - mParams.addElement(PROP_ISSUER_NAME + i + "=" - + configparams.issuerName); + mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType); + mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName); // add the distribution point to the extension if (mCrldpExt == null) { @@ -265,7 +256,8 @@ public class CRLDistributionPointsExt extends APolicyRule implements } } - boolean crit = config.getBoolean(PROP_IS_CRITICAL, DEFAULT_CRITICALITY); + boolean crit = config.getBoolean(PROP_IS_CRITICAL, + DEFAULT_CRITICALITY); mParams.addElement(PROP_IS_CRITICAL + "=" + crit); if (mCrldpExt != null) { @@ -277,11 +269,11 @@ public class CRLDistributionPointsExt extends APolicyRule implements } /** - * Parses the parameters in the config file to create an actual CRL - * Distribution Point object. + * Parses the parameters in the config file to create an + * actual CRL Distribution Point object. */ private CRLDistributionPoint DPParamsToDP(DistPointParams params) - throws EBaseException { + throws EBaseException { CRLDistributionPoint crlDP = new CRLDistributionPoint(); try { @@ -310,39 +302,33 @@ public class CRLDistributionPointsExt extends APolicyRule implements if (nType == null) { String err = "Unknown name type: " + params.pointType; - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CA_UNKNOWN_NAME_TYPE", params.pointType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType)); throw new EBaseException(err); } if (nType == NameType.DIRECTORY_NAME) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new X500Name( - params.pointName))); + gen.addElement(new GeneralName(new X500Name(params.pointName))); crlDP.setFullName(gen); } else if (nType == NameType.URI) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName( - new URIName(params.pointName))); + gen.addElement(new GeneralName(new URIName(params.pointName))); crlDP.setFullName(gen); } else if (nType == NameType.RELATIVE_TO_ISSUER) { crlDP.setRelativeName(new RDN(params.pointName)); } else { String err = "Unknown name type: " + nType.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", - nType.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString())); throw new EBaseException(err); } } // deal with the reasons if (params.reasons != null) { - StringTokenizer tok = new StringTokenizer(params.reasons, - ", \t"); + StringTokenizer tok = new StringTokenizer(params.reasons, ", \t"); byte reasonBits = 0; while (tok.hasMoreTokens()) { @@ -350,15 +336,15 @@ public class CRLDistributionPointsExt extends APolicyRule implements Reason r = Reason.fromString(s); if (r == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_UNKNOWN_REASON", s)); - throw new EBaseException("Unknown reason: " + s); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s)); + throw new EBaseException("Unknown reason: " + s); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] { reasonBits }); + BitArray ba = new BitArray(8, new byte[] { reasonBits } + ); crlDP.setReasons(ba); } @@ -372,29 +358,24 @@ public class CRLDistributionPointsExt extends APolicyRule implements if (nType == null) { String err = "Unknown name type: " + params.issuerType; - log(ILogger.LL_FAILURE, CMS.getLogMessage( - "CA_UNKNOWN_NAME_TYPE", params.issuerType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType)); throw new EBaseException(err); } if (nType == NameType.DIRECTORY_NAME) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new X500Name( - params.issuerName))); + gen.addElement(new GeneralName(new X500Name(params.issuerName))); crlDP.setCRLIssuer(gen); } else if (nType == NameType.URI) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new URIName( - params.issuerName))); + gen.addElement(new GeneralName(new URIName(params.issuerName))); crlDP.setCRLIssuer(gen); } else { String err = "Unknown name type: " + nType.toString(); - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", - nType.toString())); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString())); throw new EBaseException(err); } } @@ -439,16 +420,16 @@ public class CRLDistributionPointsExt extends APolicyRule implements try { // find the extensions in the certInfo - CertificateExtensions extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); extensions = new CertificateExtensions(); - certInfo.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { // remove any previously computed version of the extension @@ -463,19 +444,15 @@ public class CRLDistributionPointsExt extends APolicyRule implements return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, - e.getMessage())); - setError(req, - CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, + e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); - setError(req, - CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), - NAME, e.getMessage()); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", + e.getMessage())); + setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, + e.getMessage()); return PolicyResult.REJECTED; } } @@ -494,7 +471,7 @@ public class CRLDistributionPointsExt extends APolicyRule implements /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { |