summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java193
1 files changed, 85 insertions, 108 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
index 400a6d35..cec8051b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
+
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Hashtable;
@@ -49,18 +50,18 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
+
/**
- * The type of the distribution point or issuer name. The name is expressed as a
- * simple string in the configuration file, so this attribute is needed to tell
- * whether the simple string should be stored in an X.500 Name, a URL, or an
- * RDN.
+ * The type of the distribution point or issuer name. The name is expressed
+ * as a simple string in the configuration file, so this attribute is needed
+ * to tell whether the simple string should be stored in an X.500 Name,
+ * a URL, or an RDN.
* <P>
- *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -68,7 +69,7 @@ class NameType {
private NameType() {
} // no default constructor
- private String stringRep; // string representation of this type
+ private String stringRep; // string representation of this type
private NameType(String s) {
map.put(s, this);
@@ -78,8 +79,8 @@ class NameType {
private static Hashtable map = new Hashtable();
/**
- * Looks up a NameType from its string representation. Returns null if no
- * matching NameType was found.
+ * Looks up a NameType from its string representation. Returns null
+ * if no matching NameType was found.
*/
public static NameType fromString(String s) {
return (NameType) map.get(s);
@@ -91,14 +92,15 @@ class NameType {
public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
public static final NameType URI = new NameType("URI");
- public static final NameType RELATIVE_TO_ISSUER = new NameType(
- "RelativeToIssuer");
+ public static final NameType RELATIVE_TO_ISSUER =
+ new NameType("RelativeToIssuer");
}
+
/**
- * These are the parameters that may be given in the configuration file for each
- * distribution point. They are parsed by DPParamsToDP(). Any of them may be
- * null.
+ * These are the parameters that may be given in the configuration file
+ * for each distribution point. They are parsed by DPParamsToDP().
+ * Any of them may be null.
*/
class DistPointParams {
public String pointName;
@@ -122,12 +124,13 @@ class DistPointParams {
}
+
/**
- * CRL Distribution Points policy. Adds the CRL Distribution Points extension to
- * the certificate.
+ * CRL Distribution Points policy.
+ * Adds the CRL Distribution Points extension to the certificate.
*/
-public class CRLDistributionPointsExt extends APolicyRule implements
- IEnrollmentPolicy, IExtendedPluginInfo {
+public class CRLDistributionPointsExt extends APolicyRule
+ implements IEnrollmentPolicy, IExtendedPluginInfo {
public static final String PROP_IS_CRITICAL = "critical";
public static final String PROP_NUM_POINTS = "numPoints";
@@ -169,40 +172,32 @@ public class CRLDistributionPointsExt extends APolicyRule implements
// should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
for (int i = 0; i < MAX_POINTS; i++) {
- v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice("
- + "DirectoryName,URI,RelativeToIssuer);"
- + "The type of the CRL distribution point.");
- v.addElement(PROP_POINT_NAME
- + Integer.toString(i)
- + ";string;"
- + "The name of the CRL distribution point depending on the CRLDP type.");
- v.addElement(PROP_REASONS
- + Integer.toString(i)
- + ";string;"
- + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
- v.addElement(PROP_ISSUER_TYPE
- + Integer.toString(i)
- + ";choice("
- + "DirectoryName,URI);"
- + "The type of the issuer that has signed the CRL maintained at this distribution point.");
- v.addElement(PROP_ISSUER_NAME
- + Integer.toString(i)
- + ";string;"
- + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
+ v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
+ "DirectoryName,URI,RelativeToIssuer);" +
+ "The type of the CRL distribution point.");
+ v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
+ "The name of the CRL distribution point depending on the CRLDP type.");
+ v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" +
+ "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
+ v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
+ "DirectoryName,URI);" +
+ "The type of the issuer that has signed the CRL maintained at this distribution point.");
+ v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" +
+ "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
}
- v.addElement(PROP_NUM_POINTS
- + ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
- v.addElement(PROP_IS_CRITICAL
- + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN
- + ";configuration-policyrules-crldistributionpoints");
- v.addElement(IExtendedPluginInfo.HELP_TEXT
- + ";This policy inserts the CRL Distribution Points "
- + "Extension into the certificate. See RFC 2459 (4.2.1.14). ");
-
- mExtParams = com.netscape.cmsutil.util.Utils
- .getStringArrayFromVector(v);
+ v.addElement(PROP_NUM_POINTS +
+ ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
+ v.addElement(PROP_IS_CRITICAL +
+ ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN +
+ ";configuration-policyrules-crldistributionpoints");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT +
+ ";This policy inserts the CRL Distribution Points " +
+ "Extension into the certificate. See RFC 2459 (4.2.1.14). "
+ );
+
+ mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -217,13 +212,13 @@ public class CRLDistributionPointsExt extends APolicyRule implements
* Performs one-time initialization of the policy.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// Register the CRL Distribution Points extension.
try {
netscape.security.x509.OIDMap.addAttribute(
- CRLDistributionPointsExtension.class.getName(),
- CRLDistributionPointsExtension.OID,
- CRLDistributionPointsExtension.NAME);
+ CRLDistributionPointsExtension.class.getName(),
+ CRLDistributionPointsExtension.OID,
+ CRLDistributionPointsExtension.NAME);
} catch (CertificateException e) {
// ignore, just means it has already been added
}
@@ -247,15 +242,11 @@ public class CRLDistributionPointsExt extends APolicyRule implements
DistPointParams configparams = new DistPointParams(params);
CRLDistributionPoint crldp = DPParamsToDP(params);
- mParams.addElement(PROP_POINT_TYPE + i + "="
- + configparams.pointType);
- mParams.addElement(PROP_POINT_NAME + i + "="
- + configparams.pointName);
+ mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType);
+ mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName);
mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons);
- mParams.addElement(PROP_ISSUER_TYPE + i + "="
- + configparams.issuerType);
- mParams.addElement(PROP_ISSUER_NAME + i + "="
- + configparams.issuerName);
+ mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType);
+ mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName);
// add the distribution point to the extension
if (mCrldpExt == null) {
@@ -265,7 +256,8 @@ public class CRLDistributionPointsExt extends APolicyRule implements
}
}
- boolean crit = config.getBoolean(PROP_IS_CRITICAL, DEFAULT_CRITICALITY);
+ boolean crit = config.getBoolean(PROP_IS_CRITICAL,
+ DEFAULT_CRITICALITY);
mParams.addElement(PROP_IS_CRITICAL + "=" + crit);
if (mCrldpExt != null) {
@@ -277,11 +269,11 @@ public class CRLDistributionPointsExt extends APolicyRule implements
}
/**
- * Parses the parameters in the config file to create an actual CRL
- * Distribution Point object.
+ * Parses the parameters in the config file to create an
+ * actual CRL Distribution Point object.
*/
private CRLDistributionPoint DPParamsToDP(DistPointParams params)
- throws EBaseException {
+ throws EBaseException {
CRLDistributionPoint crlDP = new CRLDistributionPoint();
try {
@@ -310,39 +302,33 @@ public class CRLDistributionPointsExt extends APolicyRule implements
if (nType == null) {
String err = "Unknown name type: " + params.pointType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CA_UNKNOWN_NAME_TYPE", params.pointType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(
- params.pointName)));
+ gen.addElement(new GeneralName(new X500Name(params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(
- new URIName(params.pointName)));
+ gen.addElement(new GeneralName(new URIName(params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.RELATIVE_TO_ISSUER) {
crlDP.setRelativeName(new RDN(params.pointName));
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
- nType.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
throw new EBaseException(err);
}
}
// deal with the reasons
if (params.reasons != null) {
- StringTokenizer tok = new StringTokenizer(params.reasons,
- ", \t");
+ StringTokenizer tok = new StringTokenizer(params.reasons, ", \t");
byte reasonBits = 0;
while (tok.hasMoreTokens()) {
@@ -350,15 +336,15 @@ public class CRLDistributionPointsExt extends APolicyRule implements
Reason r = Reason.fromString(s);
if (r == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_UNKNOWN_REASON", s));
- throw new EBaseException("Unknown reason: " + s);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
+ throw new EBaseException("Unknown reason: " + s);
} else {
reasonBits |= r.getBitMask();
}
}
if (reasonBits != 0) {
- BitArray ba = new BitArray(8, new byte[] { reasonBits });
+ BitArray ba = new BitArray(8, new byte[] { reasonBits }
+ );
crlDP.setReasons(ba);
}
@@ -372,29 +358,24 @@ public class CRLDistributionPointsExt extends APolicyRule implements
if (nType == null) {
String err = "Unknown name type: " + params.issuerType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CA_UNKNOWN_NAME_TYPE", params.issuerType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(
- params.issuerName)));
+ gen.addElement(new GeneralName(new X500Name(params.issuerName)));
crlDP.setCRLIssuer(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new URIName(
- params.issuerName)));
+ gen.addElement(new GeneralName(new URIName(params.issuerName)));
crlDP.setCRLIssuer(gen);
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
- nType.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
throw new EBaseException(err);
}
}
@@ -439,16 +420,16 @@ public class CRLDistributionPointsExt extends APolicyRule implements
try {
// find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions) certInfo
- .get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions)
+ certInfo.get(X509CertInfo.EXTENSIONS);
// prepare the extensions data structure
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
- CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION,
+ new CertificateVersion(CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// remove any previously computed version of the extension
@@ -463,19 +444,15 @@ public class CRLDistributionPointsExt extends APolicyRule implements
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME,
- e.getMessage()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
+ e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
+ e.getMessage()));
+ setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
+ e.getMessage());
return PolicyResult.REJECTED;
}
}
@@ -494,7 +471,7 @@ public class CRLDistributionPointsExt extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
generated by cgit (git 2.34.1) at 2024-05-20 21:37:11 +0000