summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java225
1 files changed, 105 insertions, 120 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
index 8bf4c75f..94bc7ca9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
@@ -39,21 +38,19 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements a CA signing cert enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
+ * This class implements a CA signing cert enrollment default policy that
+ * populates a server-side configurable validity into the certificate template.
* It allows an agent to bypass the CA's signing cert's expiration constraint
*/
public class CAValidityDefault extends EnrollDefault {
public static final String CONFIG_RANGE = "range";
public static final String CONFIG_START_TIME = "startTime";
- public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+ public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
public static final String VAL_NOT_BEFORE = "notBefore";
public static final String VAL_NOT_AFTER = "notAfter";
- public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+ public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
@@ -72,47 +69,41 @@ public class CAValidityDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
- mCA = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_RANGE)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_RANGE));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ }
} else if (name.equals(CONFIG_START_TIME)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_RANGE)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "2922", /* 8 years */
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_RANGE"));
+ return new Descriptor(IDescriptor.STRING, null, "2922", /* 8 years */
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
} else if (name.equals(CONFIG_START_TIME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "60", /* 1 minute */
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_START_TIME"));
+ return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME"));
} else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
+ return new Descriptor(
+ IDescriptor.BOOLEAN,
+ null,
"false",
CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
@@ -129,7 +120,9 @@ public class CAValidityDefault extends EnrollDefault {
return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
+ return new Descriptor(
+ IDescriptor.BOOLEAN,
+ null,
"false",
CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
} else {
@@ -137,90 +130,87 @@ public class CAValidityDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- if (value == null || value.equals("")) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (value == null || value.equals("")) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- CMS.debug("CAValidityDefault: setValue name= "+ name);
+ CMS.debug("CAValidityDefault: setValue name= " + name);
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_BEFORE,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_BEFORE, date);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_AFTER,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_AFTER, date);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue();
- CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity);
+ CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="
+ + bypassCAvalidity);
- BasicConstraintsExtension ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert.");
return;
}
try {
- Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
- if(isCA.booleanValue() != true) {
+ Boolean isCA = (Boolean) ext
+ .get(BasicConstraintsExtension.IS_CA);
+ if (isCA.booleanValue() != true) {
CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert.");
return;
}
} catch (Exception e) {
- CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString());
+ CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."
+ + e.toString());
return;
}
CertificateValidity validity = null;
Date notAfter = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
// not to exceed CA's expiration
- Date caNotAfter =
- mCA.getSigningUnit().getCertImpl().getNotAfter();
+ Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter();
if (notAfter.after(caNotAfter)) {
if (bypassCAvalidity == false) {
@@ -231,86 +221,80 @@ public class CAValidityDefault extends EnrollDefault {
}
}
try {
- validity.set(CertificateValidity.NOT_AFTER,
- notAfter);
+ validity.set(CertificateValidity.NOT_AFTER, notAfter);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
-
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
- CMS.debug("CAValidityDefault: getValue: name= "+ name);
+ CMS.debug("CAValidityDefault: getValue: name= " + name);
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_BEFORE));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_BEFORE));
} catch (Exception e) {
CMS.debug("CAValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_AFTER));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_AFTER));
} catch (Exception e) {
CMS.debug("CAValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
return "false";
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_RANGE),
- getConfig(CONFIG_BYPASS_CA_NOTAFTER)
- };
+ String params[] = { getConfig(CONFIG_RANGE),
+ getConfig(CONFIG_BYPASS_CA_NOTAFTER) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
// always + 60 seconds
String startTimeStr = getConfig(CONFIG_START_TIME);
try {
- startTimeStr = mapPattern(request, startTimeStr);
+ startTimeStr = mapPattern(request, startTimeStr);
} catch (IOException e) {
CMS.debug("CAValidityDefault: populate " + e.toString());
}
@@ -319,32 +303,33 @@ public class CAValidityDefault extends EnrollDefault {
startTimeStr = "60";
}
int startTime = Integer.parseInt(startTimeStr);
- Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
+ Date notBefore = new Date(CMS.getCurrentDate().getTime()
+ + (1000 * startTime));
long notAfterVal = 0;
try {
String rangeStr = getConfig(CONFIG_RANGE);
rangeStr = mapPattern(request, rangeStr);
- notAfterVal = notBefore.getTime() +
- (mDefault * Integer.parseInt(rangeStr));
+ notAfterVal = notBefore.getTime()
+ + (mDefault * Integer.parseInt(rangeStr));
} catch (Exception e) {
// configured value is not correct
CMS.debug("CAValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
}
Date notAfter = new Date(notAfterVal);
- CertificateValidity validity =
- new CertificateValidity(notBefore, notAfter);
+ CertificateValidity validity = new CertificateValidity(notBefore,
+ notAfter);
try {
info.set(X509CertInfo.VALIDITY, validity);
} catch (Exception e) {
// failed to insert subject name
CMS.debug("CAValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
}
}
}
generated by cgit (git 2.34.1) at 2024-05-05 12:39:32 +0000