summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java305
1 files changed, 148 insertions, 157 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
index 2ececcf9..f920b47b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -46,45 +45,44 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * NS Cert Type policy.
- * Adds the ns cert type extension depending on cert type requested.
+ * NS Cert Type policy. Adds the ns cert type extension depending on cert type
+ * requested.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class NSCertTypeExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class NSCertTypeExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits";
protected static final boolean DEF_SET_DEFAULT_BITS = true;
- protected static final String DEF_SET_DEFAULT_BITS_VAL =
- Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
+ protected static final String DEF_SET_DEFAULT_BITS_VAL = Boolean.valueOf(
+ DEF_SET_DEFAULT_BITS).toString();
protected static final int DEF_PATHLEN = -1;
- protected static final boolean[] DEF_BITS =
- new boolean[NSCertTypeExtension.NBITS];
+ protected static final boolean[] DEF_BITS = new boolean[NSCertTypeExtension.NBITS];
- // XXX for future use. currenlty always allow.
+ // XXX for future use. currenlty always allow.
protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
protected static final String PROP_EE_OVERR = "AllowEEOverride";
- // XXX for future use. currently always critical
- // (standard says SHOULD be marked critical if included.)
+ // XXX for future use. currently always critical
+ // (standard says SHOULD be marked critical if included.)
protected static final String PROP_CRITICAL = "critical";
- // XXX for future use to allow overrides from forms.
+ // XXX for future use to allow overrides from forms.
// request must be agent approved or authenticated.
protected boolean mAllowAgentOverride = false;
protected boolean mAllowEEOverride = false;
- // XXX for future use. currently always non-critical
+ // XXX for future use. currently always non-critical
protected boolean mCritical = false;
protected int mCAPathLen = -1;
@@ -112,25 +110,25 @@ public class NSCertTypeExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
- * ra.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
+ * ra.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
// XXX future use.
- //mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
- //mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
+ // mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
+ // mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
mCritical = config.getBoolean(PROP_CRITICAL, false);
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority instanceof ICertificateAuthority) {
CertificateChain caChain = certAuthority.getCACertChain();
@@ -141,35 +139,34 @@ public class NSCertTypeExt extends APolicyRule
// CA reject if it does not allow any subordinate CA certs.
if (caChain != null) {
caCert = caChain.getFirstCertificate();
- if (caCert != null)
+ if (caCert != null)
mCAPathLen = caCert.getBasicConstraints();
}
}
- mSetDefaultBits = mConfig.getBoolean(
- PROP_SET_DEFAULT_BITS, DEF_SET_DEFAULT_BITS);
+ mSetDefaultBits = mConfig.getBoolean(PROP_SET_DEFAULT_BITS,
+ DEF_SET_DEFAULT_BITS);
}
/**
- * Adds the ns cert type if not set already.
- * reads ns cert type choices from form. If no choices from form
- * will defaults to all.
+ * Adds the ns cert type if not set already. reads ns cert type choices from
+ * form. If no choices from form will defaults to all.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
- CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()");
+ CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: "
+ + getInstanceName() + "::apply()");
PolicyResult res = PolicyResult.ACCEPTED;
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
X509CertInfo certInfo = null;
if (ci == null || (certInfo = ci[0]) == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -184,30 +181,29 @@ public class NSCertTypeExt extends APolicyRule
public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
try {
- String certType =
- req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
NSCertTypeExtension nsCertTypeExt = null;
if (extensions != null) {
// See if extension is already set and contains correct values.
try {
- nsCertTypeExt = (NSCertTypeExtension)
- extensions.get(NSCertTypeExtension.NAME);
+ nsCertTypeExt = (NSCertTypeExtension) extensions
+ .get(NSCertTypeExtension.NAME);
} catch (IOException e) {
// extension isn't there.
nsCertTypeExt = null;
}
// XXX agent servlet currently sets this. it should be
// delayed to here.
- if (nsCertTypeExt != null &&
- extensionIsGood(nsCertTypeExt, req)) {
- CMS.debug(
- "NSCertTypeExt: already has correct ns cert type ext");
+ if (nsCertTypeExt != null
+ && extensionIsGood(nsCertTypeExt, req)) {
+ CMS.debug("NSCertTypeExt: already has correct ns cert type ext");
return PolicyResult.ACCEPTED;
- } else if ((nsCertTypeExt != null) &&
- (certType.equals("ocspResponder"))) {
+ } else if ((nsCertTypeExt != null)
+ && (certType.equals("ocspResponder"))) {
// Fix for #528732 : Always delete
// this extension from OCSP signing cert
extensions.delete(NSCertTypeExtension.NAME);
@@ -216,12 +212,11 @@ public class NSCertTypeExt extends APolicyRule
} else {
// create extensions set if none.
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
- CMS.debug(
- "NSCertTypeExt: Created extensions for adding ns cert type..");
+ CMS.debug("NSCertTypeExt: Created extensions for adding ns cert type..");
}
}
// add ns cert type extension if not set or not set correctly.
@@ -229,13 +224,15 @@ public class NSCertTypeExt extends APolicyRule
bits = getBitsFromRequest(req, mSetDefaultBits);
- // check if ca doesn't allow any subordinate ca
- if (mCAPathLen == 0 && bits != null) {
- if (bits[NSCertTypeExtension.SSL_CA_BIT] ||
- bits[NSCertTypeExtension.EMAIL_CA_BIT] ||
- bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
+ // check if ca doesn't allow any subordinate ca
+ if (mCAPathLen == 0 && bits != null) {
+ if (bits[NSCertTypeExtension.SSL_CA_BIT]
+ || bits[NSCertTypeExtension.EMAIL_CA_BIT]
+ || bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
+ NAME);
return PolicyResult.REJECTED;
}
}
@@ -249,11 +246,11 @@ public class NSCertTypeExt extends APolicyRule
int j;
for (j = 0; bits != null && j < bits.length; j++)
- if (bits[j]) break;
+ if (bits[j])
+ break;
if (bits == null || j == bits.length) {
if (!mSetDefaultBits) {
- CMS.debug(
- "NSCertTypeExt: no bits requested, not setting default.");
+ CMS.debug("NSCertTypeExt: no bits requested, not setting default.");
return PolicyResult.ACCEPTED;
} else
bits = DEF_BITS;
@@ -263,39 +260,40 @@ public class NSCertTypeExt extends APolicyRule
extensions.set(NSCertTypeExtension.NAME, nsCertTypeExt);
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
/**
- * check if ns cert type extension is set correctly,
- * correct bits if not.
- * if not authorized to set extension, bits will be replaced.
+ * check if ns cert type extension is set correctly, correct bits if not. if
+ * not authorized to set extension, bits will be replaced.
*/
- protected boolean extensionIsGood(
- NSCertTypeExtension nsCertTypeExt, IRequest req)
- throws IOException, CertificateException {
+ protected boolean extensionIsGood(NSCertTypeExtension nsCertTypeExt,
+ IRequest req) throws IOException, CertificateException {
// always return false for now to make sure minimum is set.
// agents and ee can add others.
- // must be agent approved or authenticated for allowing extensions
+ // must be agent approved or authenticated for allowing extensions
// which is always the case if we get to this point.
IAuthToken token = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
if (!agentApproved(req) && token == null) {
// don't know where this came from.
// set all bits to false to reset.
- CMS.debug(
- "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
+ CMS.debug("NSCertTypeExt: unknown origin: setting ns cert type bits to false");
boolean[] bits = new boolean[8];
for (int i = bits.length - 1; i >= 0; i--) {
@@ -315,37 +313,37 @@ public class NSCertTypeExt extends APolicyRule
return true;
}
if (certType.equals(IRequest.CA_CERT)) {
- if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
- !nsCertTypeExt.isSet(
- NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
+ if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.EMAIL_CA_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
// min not set so set all.
- CMS.debug(
- "NSCertTypeExt: is extension good: no ca bits set. set all");
+ CMS.debug("NSCertTypeExt: is extension good: no ca bits set. set all");
- nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
- Boolean.valueOf(true));
+ nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
+ Boolean.valueOf(true));
nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA,
- Boolean.valueOf(true));
+ Boolean.valueOf(true));
nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
- Boolean.valueOf(true));
+ Boolean.valueOf(true));
}
return true;
} else if (certType.equals(IRequest.CLIENT_CERT)) {
- if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
- !nsCertTypeExt.isSet(
- NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
+ if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT)
+ && !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.SSL_SERVER_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
// min not set so set all.
- CMS.debug(
- "NSCertTypeExt: is extension good: no cl bits set. set all");
- nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
- new Boolean(true));
- nsCertTypeExt.set(NSCertTypeExtension.EMAIL,
- new Boolean(true));
+ CMS.debug("NSCertTypeExt: is extension good: no cl bits set. set all");
+ nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
+ new Boolean(true));
+ nsCertTypeExt.set(NSCertTypeExtension.EMAIL, new Boolean(
+ true));
nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING,
- new Boolean(true));
+ new Boolean(true));
}
return true;
} else if (certType.equals(IRequest.SERVER_CERT)) {
@@ -358,14 +356,13 @@ public class NSCertTypeExt extends APolicyRule
}
/**
- * Gets ns cert type bits from request.
- * If none set, use cert type to determine correct bits.
- * If no cert type, use default.
- */
+ * Gets ns cert type bits from request. If none set, use cert type to
+ * determine correct bits. If no cert type, use default.
+ */
protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) {
boolean[] bits = null;
-
+
CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars");
bits = getNSCertTypeBits(req);
if (bits == null && setDefault) {
@@ -388,34 +385,31 @@ public class NSCertTypeExt extends APolicyRule
boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
bits[NSCertTypeExtension.SSL_CLIENT_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_CLIENT, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.SSL_CLIENT, false);
- bits[NSCertTypeExtension.SSL_SERVER_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_SERVER, false);
+ bits[NSCertTypeExtension.SSL_SERVER_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.SSL_SERVER, false);
bits[NSCertTypeExtension.EMAIL_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.EMAIL, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.EMAIL, false);
bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.OBJECT_SIGNING, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.OBJECT_SIGNING, false);
- bits[NSCertTypeExtension.SSL_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_CA, false);
+ bits[NSCertTypeExtension.SSL_CA_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.SSL_CA, false);
- bits[NSCertTypeExtension.EMAIL_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.EMAIL_CA, false);
+ bits[NSCertTypeExtension.EMAIL_CA_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.EMAIL_CA, false);
- bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] = req
+ .getExtDataInBoolean(IRequest.HTTP_PARAMS,
NSCertTypeExtension.OBJECT_SIGNING_CA, false);
// if nothing set, return null.
@@ -439,24 +433,24 @@ public class NSCertTypeExt extends APolicyRule
* get cert type bits according to cert type.
*/
protected boolean[] getCertTypeBits(IRequest req) {
- String certType =
- req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
- if (certType == null || certType.length() == 0)
+ if (certType == null || certType.length() == 0)
return null;
boolean[] bits = new boolean[KeyUsageExtension.NBITS];
- for (int i = bits.length - 1; i >= 0; i--)
+ for (int i = bits.length - 1; i >= 0; i--)
bits[i] = false;
if (certType.equals(IRequest.CLIENT_CERT)) {
CMS.debug("NSCertTypeExt: setting bits for client cert");
- // we can only guess here when it's client.
+ // we can only guess here when it's client.
// sets all client bit for default.
bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
bits[NSCertTypeExtension.EMAIL_BIT] = true;
- //bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
+ // bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
} else if (certType.equals(IRequest.SERVER_CERT)) {
CMS.debug("NSCertTypeExt: setting bits for server cert");
bits[NSCertTypeExtension.SSL_SERVER_BIT] = true;
@@ -477,9 +471,8 @@ public class NSCertTypeExt extends APolicyRule
}
/**
- * merge bits with those set from form.
- * make sure required minimum is set. Agent or auth can set others.
- * XXX form shouldn't set the extension
+ * merge bits with those set from form. make sure required minimum is set.
+ * Agent or auth can set others. XXX form shouldn't set the extension
*/
public void mergeBits(NSCertTypeExtension nsCertTypeExt, boolean[] bits) {
for (int i = bits.length - 1; i >= 0; i--) {
@@ -492,49 +485,47 @@ public class NSCertTypeExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
params.addElement(PROP_CRITICAL + "=" + mCritical);
params.addElement(PROP_SET_DEFAULT_BITS + "=" + mSetDefaultBits);
- //new Boolean(mSetDefaultBits).toString());
+ // new Boolean(mSetDefaultBits).toString());
return params;
}
private static Vector mDefParams = new Vector();
static {
- mDefParams.addElement(
- PROP_CRITICAL + "=false");
- mDefParams.addElement(
- PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
+ mDefParams.addElement(PROP_CRITICAL + "=false");
+ mDefParams.addElement(PROP_SET_DEFAULT_BITS + "="
+ + DEF_SET_DEFAULT_BITS);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
- PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " +
- "type extension with default bits ('ssl client' and 'email') in certificates " +
- "specified by the predicate " +
- "expression.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-nscerttype",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Netscape Certificate Type extension."
- };
+ PROP_CRITICAL
+ + ";boolean;Netscape recommendation: non-critical.",
+ PROP_SET_DEFAULT_BITS
+ + ";boolean;Specify whether to set the Netscape certificate "
+ + "type extension with default bits ('ssl client' and 'email') in certificates "
+ + "specified by the predicate " + "expression.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-nscerttype",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Netscape Certificate Type extension." };
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 09:54:05 +0000