diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile')
89 files changed, 6866 insertions, 6298 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java index 57832486..acaf9772 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import java.util.Hashtable; import java.util.Locale; @@ -48,9 +49,10 @@ import com.netscape.certsrv.registry.IPluginRegistry; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; + /** * This class implements a basic profile. - * + * * @version $Revision$, $Date$ */ public abstract class BasicProfile implements IProfile { @@ -74,8 +76,8 @@ public abstract class BasicProfile implements IProfile { public static final String PROP_NAME = "name"; public static final String PROP_DESC = "desc"; public static final String PROP_NO_DEFAULT = "noDefaultImpl"; - public static final String PROP_NO_CONSTRAINT = "noConstraintImpl"; - public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl"; + public static final String PROP_NO_CONSTRAINT= "noConstraintImpl"; + public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl"; protected IProfileSubsystem mOwner = null; protected IConfigStore mConfig = null; @@ -142,19 +144,21 @@ public abstract class BasicProfile implements IProfile { public IProfileAuthenticator getAuthenticator() throws EProfileException { try { - IAuthSubsystem authSub = (IAuthSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_AUTH); - IProfileAuthenticator auth = (IProfileAuthenticator) authSub - .get(mAuthInstanceId); - - if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 - && auth == null) { - throw new EProfileException("Cannot load " + mAuthInstanceId); + IAuthSubsystem authSub = (IAuthSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_AUTH); + IProfileAuthenticator auth = (IProfileAuthenticator) + authSub.get(mAuthInstanceId); + + if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 + && auth == null) { + throw new EProfileException("Cannot load " + + mAuthInstanceId); } return auth; } catch (Exception e) { if (mAuthInstanceId != null) { - throw new EProfileException("Cannot load " + mAuthInstanceId); + throw new EProfileException("Cannot load " + + mAuthInstanceId); } return null; } @@ -163,7 +167,7 @@ public abstract class BasicProfile implements IProfile { public String getRequestorDN(IRequest request) { return null; } - + public String getAuthenticatorId() { return mAuthInstanceId; } @@ -181,7 +185,7 @@ public abstract class BasicProfile implements IProfile { * Initializes this profile. */ public void init(IProfileSubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { CMS.debug("BasicProfile: start init"); mOwner = owner; mConfig = config; @@ -200,19 +204,17 @@ public abstract class BasicProfile implements IProfile { // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName // policy.p1.default.params.x1=x1 // policy.p1.default.params.x2=x2 - // policy.p1.constraint.class= ... - // .cms.profile.constraints.ValidityRange + // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange // policy.p1.constraint.params.x1=x1 // policy.p1.constraint.params.x2=x2 - // handle profile authentication plugins + // handle profile authentication plugins try { - mAuthInstanceId = config - .getString("auth." + PROP_INSTANCE_ID, null); + mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null); mAuthzAcl = config.getString("authz.acl", ""); } catch (EBaseException e) { - CMS.debug("BasicProfile: authentication class not found " - + e.toString()); + CMS.debug("BasicProfile: authentication class not found " + + e.toString()); } // handle profile input plugins @@ -222,8 +224,8 @@ public abstract class BasicProfile implements IProfile { while (input_st.hasMoreTokens()) { String input_id = (String) input_st.nextToken(); - String inputClassId = inputStore.getString(input_id + "." - + PROP_CLASS_ID); + String inputClassId = inputStore.getString(input_id + "." + + PROP_CLASS_ID); IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", inputClassId); String inputClass = inputInfo.getClassName(); @@ -231,12 +233,13 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) Class.forName(inputClass).newInstance(); + input = (IProfileInput) + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: input plugin Class.forName " - + inputClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: input plugin Class.forName " + + inputClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore inputConfig = inputStore.getSubStore(input_id); input.init(this, inputConfig); @@ -252,8 +255,8 @@ public abstract class BasicProfile implements IProfile { while (output_st.hasMoreTokens()) { String output_id = (String) output_st.nextToken(); - String outputClassId = outputStore.getString(output_id + "." - + PROP_CLASS_ID); + String outputClassId = outputStore.getString(output_id + "." + + PROP_CLASS_ID); IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput", outputClassId); String outputClass = outputInfo.getClassName(); @@ -261,13 +264,13 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) Class.forName(outputClass) - .newInstance(); + output = (IProfileOutput) + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: output plugin Class.forName " - + outputClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: output plugin Class.forName " + + outputClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore outputConfig = outputStore.getSubStore(output_id); output.init(this, outputConfig); @@ -283,22 +286,22 @@ public abstract class BasicProfile implements IProfile { while (updater_st.hasMoreTokens()) { String updater_id = (String) updater_st.nextToken(); - String updaterClassId = updaterStore.getString(updater_id + "." - + PROP_CLASS_ID); + String updaterClassId = updaterStore.getString(updater_id + "." + + PROP_CLASS_ID); IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater", - updaterClassId); + updaterClassId); String updaterClass = updaterInfo.getClassName(); IProfileUpdater updater = null; try { - updater = (IProfileUpdater) Class.forName(updaterClass) - .newInstance(); + updater = (IProfileUpdater) + Class.forName(updaterClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: updater plugin Class.forName " - + updaterClass + " " + e.toString()); - throw new EBaseException(e.toString()); + CMS.debug("BasicProfile: updater plugin Class.forName " + + updaterClass + " " + e.toString()); + throw new EBaseException( e.toString() ); } IConfigStore updaterConfig = updaterStore.getSubStore(updater_id); updater.init(this, updaterConfig); @@ -322,15 +325,15 @@ public abstract class BasicProfile implements IProfile { String id = (String) st1.nextToken(); String defaultRoot = id + "." + PROP_DEFAULT; - String defaultClassId = policyStore.getString(defaultRoot + "." - + PROP_CLASS_ID); + String defaultClassId = policyStore.getString(defaultRoot + "." + + PROP_CLASS_ID); String constraintRoot = id + "." + PROP_CONSTRAINT; - String constraintClassId = policyStore.getString(constraintRoot - + "." + PROP_CLASS_ID); + String constraintClassId = + policyStore.getString(constraintRoot + "." + PROP_CLASS_ID); - createProfilePolicy(setId, id, defaultClassId, - constraintClassId, false); + createProfilePolicy(setId, id, defaultClassId, + constraintClassId, false); } } CMS.debug("BasicProfile: done init"); @@ -377,20 +380,20 @@ public abstract class BasicProfile implements IProfile { } public String getInput(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return null; } public void setInput(String name, Locale locale, IRequest request, - String value) throws EProfileException { + String value) throws EProfileException { } public Enumeration getProfilePolicySetIds() { return mPolicySet.keys(); } - public void deleteProfilePolicy(String setId, String policyId) - throws EProfileException { + public void deleteProfilePolicy(String setId, String policyId) + throws EProfileException { Vector policies = (Vector) mPolicySet.get(setId); if (policies == null) { @@ -433,28 +436,26 @@ public abstract class BasicProfile implements IProfile { policies.removeElementAt(i); if (size == 1) { mPolicySet.remove(setId); - String setlist = policySetSubStore.getString( - PROP_POLICY_LIST, null); + String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null); StringTokenizer st1 = new StringTokenizer(setlist, ","); String newlist1 = ""; while (st1.hasMoreTokens()) { String e = st1.nextToken(); - if (!e.equals(setId)) + if (!e.equals(setId)) newlist1 = newlist1 + e + ","; } - if (!newlist1.equals("")) - newlist1 = newlist1.substring(0, - newlist1.length() - 1); + if (!newlist1.equals("")) + newlist1 = newlist1.substring(0, newlist1.length() - 1); policySetSubStore.putString(PROP_POLICY_LIST, newlist1); } break; } } - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -495,8 +496,8 @@ public abstract class BasicProfile implements IProfile { mInputs.remove(inputId); mConfig.putString("input." + PROP_INPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } @@ -536,22 +537,24 @@ public abstract class BasicProfile implements IProfile { mOutputs.remove(outputId); mConfig.putString("output." + PROP_OUTPUT_LIST, newlist); - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (Exception e) { } } - public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps) throws EProfileException { - return createProfileOutput(id, outputId, nvps, true); + public IProfileOutput createProfileOutput(String id, String outputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileOutput(id, outputId, nvps, true); } public IProfileOutput createProfileOutput(String id, String outputId, - NameValuePairs nvps, boolean createConfig) + NameValuePairs nvps, boolean createConfig) - throws EProfileException { + + throws EProfileException { IConfigStore outputStore = mConfig.getSubStore("output"); String output_list = null; @@ -573,7 +576,8 @@ public abstract class BasicProfile implements IProfile { IProfileOutput output = null; try { - output = (IProfileOutput) Class.forName(outputClass).newInstance(); + output = (IProfileOutput) + Class.forName(outputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -606,8 +610,7 @@ public abstract class BasicProfile implements IProfile { String pid = st1.nextToken(); if (pid.equals(id)) { - throw new EProfileException("Duplicate output id: " - + id); + throw new EProfileException("Duplicate output id: " + id); } } outputStore.putString(PROP_OUTPUT_LIST, list + "," + id); @@ -615,7 +618,7 @@ public abstract class BasicProfile implements IProfile { String prefix = id + "."; outputStore.putString(prefix + "name", - outputInfo.getName(Locale.getDefault())); + outputInfo.getName(Locale.getDefault())); outputStore.putString(prefix + "class_id", outputId); Enumeration enum1 = nvps.getNames(); @@ -623,20 +626,19 @@ public abstract class BasicProfile implements IProfile { while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - outputStore.putString(prefix + "params." + name, - nvps.getValue(name)); + outputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (output != null) { - output.setConfig(name, nvps.getValue(name)); - } + if (output != null) { + output.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -646,13 +648,15 @@ public abstract class BasicProfile implements IProfile { return output; } - public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps) throws EProfileException { - return createProfileInput(id, inputId, nvps, true); + public IProfileInput createProfileInput(String id, String inputId, + NameValuePairs nvps) + throws EProfileException { + return createProfileInput(id, inputId, nvps, true); } public IProfileInput createProfileInput(String id, String inputId, - NameValuePairs nvps, boolean createConfig) throws EProfileException { + NameValuePairs nvps, boolean createConfig) + throws EProfileException { IConfigStore inputStore = mConfig.getSubStore("input"); String input_list = null; @@ -662,8 +666,8 @@ public abstract class BasicProfile implements IProfile { } catch (Exception ee) { } - IPluginInfo inputInfo = mRegistry - .getPluginInfo("profileInput", inputId); + IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput", + inputId); if (inputInfo == null) { CMS.debug("Cannot find " + inputId); @@ -675,7 +679,8 @@ public abstract class BasicProfile implements IProfile { IProfileInput input = null; try { - input = (IProfileInput) Class.forName(inputClass).newInstance(); + input = (IProfileInput) + Class.forName(inputClass).newInstance(); } catch (Exception e) { // throw Exception CMS.debug(e.toString()); @@ -715,29 +720,28 @@ public abstract class BasicProfile implements IProfile { } String prefix = id + "."; - inputStore.putString(prefix + "name", - inputInfo.getName(Locale.getDefault())); + inputStore.putString(prefix + "name", + inputInfo.getName(Locale.getDefault())); inputStore.putString(prefix + "class_id", inputId); - + Enumeration enum1 = nvps.getNames(); while (enum1.hasMoreElements()) { String name = (String) enum1.nextElement(); - inputStore.putString(prefix + "params." + name, - nvps.getValue(name)); + inputStore.putString(prefix + "params." + name, nvps.getValue(name)); try { - if (input != null) { - input.setConfig(name, nvps.getValue(name)); - } + if (input != null) { + input.setConfig(name, nvps.getValue(name)); + } } catch (EBaseException e) { - CMS.debug(e.toString()); + CMS.debug(e.toString()); } } try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); mConfig.commit(false); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -750,25 +754,23 @@ public abstract class BasicProfile implements IProfile { /** * Creates a profile policy */ - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId) - throws EProfileException { - return createProfilePolicy(setId, id, defaultClassId, + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId) + throws EProfileException { + return createProfilePolicy(setId, id, defaultClassId, constraintClassId, true); } - public IProfilePolicy createProfilePolicy(String setId, String id, - String defaultClassId, String constraintClassId, - boolean createConfig) throws EProfileException { - + public IProfilePolicy createProfilePolicy(String setId, String id, + String defaultClassId, String constraintClassId, + boolean createConfig) + throws EProfileException { + // String setId ex: policyset.set1 - // String id Id of policy : examples: p1,p2,p3 - // String defaultClassId : id of the default plugin ex: - // validityDefaultImpl - // String constraintClassId : if of the constraint plugin ex: - // basicConstraintsExtConstraintImpl - // boolean createConfig : true : being called from the console. false: - // being called from server startup code + // String id Id of policy : examples: p1,p2,p3 + // String defaultClassId : id of the default plugin ex: validityDefaultImpl + // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl + // boolean createConfig : true : being called from the console. false: being called from server startup code Vector policies = (Vector) mPolicySet.get(setId); @@ -776,9 +778,9 @@ public abstract class BasicProfile implements IProfile { if (policies == null) { policies = new Vector(); mPolicySet.put(setId, policies); - if (createConfig) { + if (createConfig) { // re-create policyset.list - StringBuffer setlist = new StringBuffer(); + StringBuffer setlist =new StringBuffer(); Enumeration keys = mPolicySet.keys(); while (keys.hasMoreElements()) { @@ -792,64 +794,62 @@ public abstract class BasicProfile implements IProfile { mConfig.putString("policyset.list", setlist.toString()); } } else { - String ids = null; + String ids = null; - try { - ids = policyStore.getString(PROP_POLICY_LIST, ""); - } catch (Exception ee) { - } + try { + ids = policyStore.getString(PROP_POLICY_LIST, ""); + } catch (Exception ee) { + } - if (ids == null) { - CMS.debug("BasicProfile::createProfilePolicy() - ids is null!"); - return null; - } + if( ids == null ) { + CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" ); + return null; + } - StringTokenizer st1 = new StringTokenizer(ids, ","); - int appearances = 0; - int appearancesTooMany = 0; - if (createConfig) - appearancesTooMany = 1; - else - appearancesTooMany = 2; + StringTokenizer st1 = new StringTokenizer(ids, ","); + int appearances = 0; + int appearancesTooMany = 0; + if (createConfig) + appearancesTooMany = 1; + else + appearancesTooMany = 2; - while (st1.hasMoreTokens()) { - String pid = st1.nextToken(); - if (pid.equals(id)) { - appearances++; - if (appearances >= appearancesTooMany) { - CMS.debug("WARNING detected duplicate policy id: " - + id + " Profile: " + mId); - if (createConfig) { - throw new EProfileException("Duplicate policy id: " - + id); + while (st1.hasMoreTokens()) { + String pid = st1.nextToken(); + if (pid.equals(id)) { + appearances++; + if (appearances >= appearancesTooMany) { + CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId); + if (createConfig) { + throw new EProfileException("Duplicate policy id: " + id); + } } } } - } } // Now make sure we aren't trying to add a policy that already exists IConfigStore policySetStore = mConfig.getSubStore("policyset"); - String setlist = null; + String setlist = null; try { setlist = policySetStore.getString("list", ""); } catch (Exception e) { } StringTokenizer st = new StringTokenizer(setlist, ","); - int matches = 0; + int matches = 0; while (st.hasMoreTokens()) { String sId = (String) st.nextToken(); - // Only search the setId set. Ex: encryptionCertSet + //Only search the setId set. Ex: encryptionCertSet if (!sId.equals(setId)) { continue; } IConfigStore pStore = policySetStore.getSubStore(sId); - + String list = null; try { - list = pStore.getString(PROP_POLICY_LIST, ""); + list = pStore.getString(PROP_POLICY_LIST, ""); } catch (Exception e) { CMS.debug("WARNING, can't get policy id list!"); } @@ -862,48 +862,38 @@ public abstract class BasicProfile implements IProfile { String defaultRoot = curId + "." + PROP_DEFAULT; String curDefaultClassId = null; try { - curDefaultClassId = pStore.getString(defaultRoot + "." - + PROP_CLASS_ID); - } catch (Exception e) { + curDefaultClassId = pStore.getString(defaultRoot + "." + + PROP_CLASS_ID); + } catch(Exception e) { CMS.debug("WARNING, can't get default plugin id!"); } String constraintRoot = curId + "." + PROP_CONSTRAINT; String curConstraintClassId = null; try { - curConstraintClassId = pStore.getString(constraintRoot - + "." + PROP_CLASS_ID); + curConstraintClassId = pStore.getString(constraintRoot + "." + PROP_CLASS_ID); } catch (Exception e) { CMS.debug("WARNING, can't get constraint plugin id!"); } - // Disallow duplicate defaults with the following exceptions: + //Disallow duplicate defaults with the following exceptions: // noDefaultImpl, genericExtDefaultImpl - if ((curDefaultClassId.equals(defaultClassId) - && !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId - .equals(PROP_GENERIC_EXT_DEFAULT))) { + if ((curDefaultClassId.equals(defaultClassId) && + !curDefaultClassId.equals(PROP_NO_DEFAULT) && + !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) { matches++; if (createConfig) { if (matches == 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId - + ":" - + constraintClassId - + " Contact System Administrator."); - throw new EProfileException( - "Attempt to add duplicate Policy : " - + defaultClassId + ":" - + constraintClassId); + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); + throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId); } } else { - if (matches > 1) { - CMS.debug("WARNING attempt to add duplicate Policy " - + defaultClassId - + ":" - + constraintClassId - + " Contact System Administrator."); + if( matches > 1) { + CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId + + " Contact System Administrator."); } } } @@ -925,11 +915,12 @@ public abstract class BasicProfile implements IProfile { IPolicyDefault def = null; try { - def = (IPolicyDefault) Class.forName(defaultClass).newInstance(); + def = (IPolicyDefault) + Class.forName(defaultClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: default policy " + defaultClass + " " - + e.toString()); + CMS.debug("BasicProfile: default policy " + + defaultClass + " " + e.toString()); } if (def == null) { CMS.debug("BasicProfile: failed to create " + defaultClass); @@ -940,18 +931,18 @@ public abstract class BasicProfile implements IProfile { def.init(this, defStore); } - IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", + IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", constraintClassId); String constraintClass = conInfo.getClassName(); IPolicyConstraint constraint = null; try { - constraint = (IPolicyConstraint) Class.forName(constraintClass) - .newInstance(); + constraint = (IPolicyConstraint) + Class.forName(constraintClass).newInstance(); } catch (Exception e) { // throw Exception - CMS.debug("BasicProfile: constraint policy " + constraintClass - + " " + e.toString()); + CMS.debug("BasicProfile: constraint policy " + + constraintClass + " " + e.toString()); } ProfilePolicy policy = null; if (constraint == null) { @@ -977,20 +968,21 @@ public abstract class BasicProfile implements IProfile { } else { policyStore.putString(PROP_POLICY_LIST, list + "," + id); } - policyStore.putString(id + ".default.name", - defInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".default.class_id", defaultClassId); - policyStore.putString(id + ".constraint.name", - conInfo.getName(Locale.getDefault())); - policyStore.putString(id + ".constraint.class_id", - constraintClassId); + policyStore.putString(id + ".default.name", + defInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".default.class_id", + defaultClassId); + policyStore.putString(id + ".constraint.name", + conInfo.getName(Locale.getDefault())); + policyStore.putString(id + ".constraint.class_id", + constraintClassId); try { - mConfig.putString("lastModified", - Long.toString(CMS.getCurrentDate().getTime())); + mConfig.putString("lastModified", + Long.toString(CMS.getCurrentDate().getTime())); policyStore.commit(false); } catch (EBaseException e) { - CMS.debug("BasicProfile: commiting config store " - + e.toString()); + CMS.debug("BasicProfile: commiting config store " + + e.toString()); } } @@ -1046,7 +1038,7 @@ public abstract class BasicProfile implements IProfile { * Creates request. */ public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale) - throws EProfileException; + throws EProfileException; /** * Returns the profile description. @@ -1064,12 +1056,12 @@ public abstract class BasicProfile implements IProfile { } public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { Enumeration ids = getProfileInputIds(); while (ids.hasMoreElements()) { String id = (String) ids.nextElement(); - IProfileInput input = getProfileInput(id); + IProfileInput input = getProfileInput(id); input.populate(ctx, request); } @@ -1082,32 +1074,36 @@ public abstract class BasicProfile implements IProfile { } /** - * Passes the request to the set of default policies that populate the - * profile information against the profile. - */ - public void populate(IRequest request) throws EProfileException { + * Passes the request to the set of default policies that + * populate the profile information against the profile. + */ + public void populate(IRequest request) + throws EProfileException { String setId = getPolicySetId(request); Vector policies = getPolicies(setId); - CMS.debug("BasicProfile: populate() policy setid =" + setId); + CMS.debug("BasicProfile: populate() policy setid ="+ setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); policy.getDefault().populate(request); } } /** - * Passes the request to the set of constraint policies that validate the - * request against the profile. - */ - public void validate(IRequest request) throws ERejectException { + * Passes the request to the set of constraint policies + * that validate the request against the profile. + */ + public void validate(IRequest request) + throws ERejectException { String setId = getPolicySetId(request); - CMS.debug("BasicProfile: validate start on setId=" + setId); + CMS.debug("BasicProfile: validate start on setId="+ setId); Vector policies = getPolicies(setId); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); policy.getConstraint().validate(request); } @@ -1133,23 +1129,25 @@ public abstract class BasicProfile implements IProfile { Vector v = new Vector(); for (int i = 0; i < policies.size(); i++) { - ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i); + ProfilePolicy policy = (ProfilePolicy) + policies.elementAt(i); - v.addElement(policy.getId()); + v.addElement(policy.getId()); } return v.elements(); } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { } /** * Signed Audit Log - * - * This method is inherited by all extended "BasicProfile"s, and is called - * to store messages to the signed audit log. + * + * This method is inherited by all extended "BasicProfile"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -1160,17 +1158,21 @@ public abstract class BasicProfile implements IProfile { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "BasicProfile"s, and is called - * to obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "BasicProfile"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -1185,7 +1187,8 @@ public abstract class BasicProfile implements IProfile { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); @@ -1199,3 +1202,4 @@ public abstract class BasicProfile implements IProfile { return subjectID; } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java index f589e7ef..681f2b4a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,97 +28,103 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for CA - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for CA Certificates. + * * @version $Revision$, $Date$ */ -public class CACertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class CACertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", - "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); - // create outputs + // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); // extensions - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "true"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "true"); - defConfig5.putString("params.keyUsageKeyEncipherment", "false"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","true"); + defConfig5.putString("params.keyUsageDataEncipherment","false"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","true"); + defConfig5.putString("params.keyUsageKeyEncipherment","false"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); - IProfilePolicy policy6 = createProfilePolicy("set1", "p6", - "basicConstraintsExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy6 = + createProfilePolicy("set1", "p6", + "basicConstraintsExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def6 = policy6.getDefault(); IConfigStore defConfig6 = def6.getConfigStore(); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); - defConfig6.putString("params.basicConstraintsIsCA", "true"); - defConfig6.putString("params.basicConstraintsPathLen", "-1"); + defConfig6.putString("params.basicConstraintsPathLen","-1"); + defConfig6.putString("params.basicConstraintsIsCA","true"); + defConfig6.putString("params.basicConstraintsPathLen","-1"); IPolicyConstraint con6 = policy6.getConstraint(); IConfigStore conConfig6 = con6.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java index 20d5f4de..32cd51b5 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -40,21 +41,27 @@ import com.netscape.certsrv.profile.IProfileUpdater; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.RequestStatus; + /** - * This class implements a Certificate Manager enrollment profile. - * + * This class implements a Certificate Manager enrollment + * profile. + * * @version $Revision$, $Date$ */ public class CAEnrollProfile extends EnrollProfile { - private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; + private final static String + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = + "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4"; + public CAEnrollProfile() { super(); } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (authority == null) return null; @@ -62,17 +69,18 @@ public class CAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X500Name issuerName = ca.getX500Name(); return issuerName; } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { long startTime = CMS.getCurrentDate().getTime(); - + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); @@ -83,13 +91,14 @@ public class CAEnrollProfile extends EnrollProfile { String auditRequesterID = auditRequesterID(request); String auditArchiveID = ILogger.UNIDENTIFIED; + String id = request.getRequestId().toString(); if (id != null) { auditArchiveID = id.trim(); } - CMS.debug("CAEnrollProfile: execute reqId=" - + request.getRequestId().toString()); + CMS.debug("CAEnrollProfile: execute reqId=" + + request.getRequestId().toString()); ICertificateAuthority ca = (ICertificateAuthority) getAuthority(); ICAService caService = (ICAService) ca.getCAService(); @@ -99,59 +108,64 @@ public class CAEnrollProfile extends EnrollProfile { // if PKI Archive Option present, send this request // to DRM - byte optionsData[] = request - .getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); + byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS); // do not archive keys for renewal requests - if ((optionsData != null) - && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { - PKIArchiveOptions options = (PKIArchiveOptions) toPKIArchiveOptions(optionsData); + if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) { + PKIArchiveOptions options = (PKIArchiveOptions) + toPKIArchiveOptions(optionsData); if (options != null) { - CMS.debug("CAEnrollProfile: execute found " - + "PKIArchiveOptions"); + CMS.debug("CAEnrollProfile: execute found " + + "PKIArchiveOptions"); try { IConnector kraConnector = caService.getKRAConnector(); if (kraConnector == null) { - CMS.debug("CAEnrollProfile: KRA connector " - + "not configured"); + CMS.debug("CAEnrollProfile: KRA connector " + + "not configured"); - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); - + } else { CMS.debug("CAEnrollProfile: execute send request"); kraConnector.send(request); + + // check response if (!request.isSuccess()) { - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditArchiveID); audit(auditMessage); throw new ERejectException( request.getError(getLocale(request))); } - auditMessage = CMS - .getLogMessage( - LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.SUCCESS, - auditRequesterID, auditArchiveID); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditArchiveID); audit(auditMessage); } } catch (Exception e) { + if (e instanceof ERejectException) { throw (ERejectException) e; } @@ -160,7 +174,9 @@ public class CAEnrollProfile extends EnrollProfile { auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST, - auditSubjectID, ILogger.FAILURE, auditRequesterID, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, auditArchiveID); audit(auditMessage); @@ -173,17 +189,17 @@ public class CAEnrollProfile extends EnrollProfile { X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); X509CertImpl theCert = null; - // #615460 - added audit log (transaction) + // #615460 - added audit log (transaction) SessionContext sc = SessionContext.getExistingContext(); sc.put("profileId", getId()); String setId = request.getExtDataInString("profileSetId"); if (setId != null) { - sc.put("profileSetId", setId); + sc.put("profileSetId", setId); } try { - theCert = caService - .issueX509Cert(info, getId() /* profileId */, id /* requestId */); + theCert = caService.issueX509Cert(info, getId() /* profileId */, + id /* requestId */); } catch (EBaseException e) { CMS.debug(e.toString()); @@ -193,27 +209,26 @@ public class CAEnrollProfile extends EnrollProfile { long endTime = CMS.getCurrentDate().getTime(); - String initiative = AuditFormat.FROMAGENT + " userID: " - + (String) sc.get(SessionContext.USER_ID); - String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID); + String initiative = AuditFormat.FROMAGENT + + " userID: " + + (String)sc.get(SessionContext.USER_ID); + String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID); ILogger logger = CMS.getLogger(); - if (logger != null) { - logger.log( - ILogger.EV_AUDIT, - ILogger.S_OTHER, - AuditFormat.LEVEL, - AuditFormat.FORMAT, - new Object[] { - request.getRequestType(), - request.getRequestId(), - initiative, - authMgr, - "completed", - theCert.getSubjectDN(), - "cert issued serial number: 0x" - + theCert.getSerialNumber().toString(16) - + " time: " + (endTime - startTime) }); + if( logger != null ) { + logger.log( ILogger.EV_AUDIT, + ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, + new Object[] { + request.getRequestType(), + request.getRequestId(), + initiative, + authMgr, + "completed", + theCert.getSubjectDN(), + "cert issued serial number: 0x" + + theCert.getSerialNumber().toString(16) + + " time: " + (endTime - startTime) } + ); } request.setRequestStatus(RequestStatus.COMPLETE); @@ -221,9 +236,9 @@ public class CAEnrollProfile extends EnrollProfile { // notifies updater plugins Enumeration updaterIds = getProfileUpdaterIds(); while (updaterIds.hasMoreElements()) { - String updaterId = (String) updaterIds.nextElement(); - IProfileUpdater updater = getProfileUpdater(updaterId); - updater.update(request, RequestStatus.COMPLETE); + String updaterId = (String)updaterIds.nextElement(); + IProfileUpdater updater = getProfileUpdater(updaterId); + updater.update(request, RequestStatus.COMPLETE); } // set value for predicate value - checking in getRule @@ -233,3 +248,4 @@ public class CAEnrollProfile extends EnrollProfile { request.setExtData("isEncryptionCert", "false"); } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java index e0c86303..95c360f8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -99,19 +100,21 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.cmsutil.util.HMACDigest; + /** * This class implements a generic enrollment profile. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollProfile extends BasicProfile implements - IEnrollProfile { +public abstract class EnrollProfile extends BasicProfile + implements IEnrollProfile { - private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = + "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; private PKIData mCMCData; - public EnrollProfile() { super(); } @@ -132,11 +135,11 @@ public abstract class EnrollProfile extends BasicProfile implements * Creates request. */ public IRequest[] createRequests(IProfileContext context, Locale locale) - throws EProfileException { + throws EProfileException { EnrollProfileContext ctx = (EnrollProfileContext) context; // determine how many requests should be created - String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); + String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); String cert_request = ctx.get(CTX_CERT_REQUEST); String is_renewal = ctx.get(CTX_RENEWAL); Integer renewal_seq_num = 0; @@ -166,16 +169,17 @@ public abstract class EnrollProfile extends BasicProfile implements num_requests = msgs.length; } - // only 1 request for renewal + // only 1 request for renewal if ((is_renewal != null) && (is_renewal.equals("true"))) { num_requests = 1; String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM); if (renewal_seq_num_str != null) { renewal_seq_num = Integer.parseInt(renewal_seq_num_str); } else { - renewal_seq_num = 0; + renewal_seq_num =0; } } + // populate requests with appropriate content IRequest result[] = new IRequest[num_requests]; @@ -183,7 +187,7 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < num_requests; i++) { result[i] = createEnrollmentRequest(); if ((is_renewal != null) && (is_renewal.equals("true"))) { - result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num); + result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num); } else { result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i)); } @@ -204,35 +208,36 @@ public abstract class EnrollProfile extends BasicProfile implements // retrieve issuer name X500Name issuerName = getIssuerName(); - byte[] dummykey = new byte[] { 48, 92, 48, 13, 6, 9, 42, -122, 72, - -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, - 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48, - -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112, - -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, - -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, - -124, -85, 105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, - 1, 0, 1 }; + byte[] dummykey = new byte[] { + 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, + 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66, + -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108, + 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24, + -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101, + -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53, + -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1}; // default values into x509 certinfo. This thing is // not serializable by default try { - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( - new BigInteger("0"))); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerName)); - info.set( - X509CertInfo.KEY, - new CertificateX509Key(X509Key - .parse(new DerValue(dummykey)))); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - issuerName)); - info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(), - new Date())); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); + info.set(X509CertInfo.SERIAL_NUMBER, + new CertificateSerialNumber(new BigInteger("0"))); + info.set(X509CertInfo.ISSUER, + new CertificateIssuerName(issuerName)); + info.set(X509CertInfo.KEY, + new CertificateX509Key(X509Key.parse(new DerValue(dummykey)))); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(issuerName)); + info.set(X509CertInfo.VALIDITY, + new CertificateValidity(new Date(), new Date())); + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( AlgorithmId.getAlgorithmId("MD5withRSA"))); // add default extension container - info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions()); + info.set(X509CertInfo.EXTENSIONS, + new CertificateExtensions()); } catch (Exception e) { // throw exception - add key to template CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString()); @@ -241,7 +246,8 @@ public abstract class EnrollProfile extends BasicProfile implements req.setExtData(REQUEST_CERTINFO, info); } - public IRequest createEnrollmentRequest() throws EProfileException { + public IRequest createEnrollmentRequest() + throws EProfileException { IRequest req = null; try { @@ -250,20 +256,22 @@ public abstract class EnrollProfile extends BasicProfile implements setDefaultCertInfo(req); // put the certificate info into request - req.setExtData(REQUEST_EXTENSIONS, new CertificateExtensions()); + req.setExtData(REQUEST_EXTENSIONS, + new CertificateExtensions()); - CMS.debug("EnrollProfile: createRequest " - + req.getRequestId().toString()); + CMS.debug("EnrollProfile: createRequest " + + req.getRequestId().toString()); } catch (EBaseException e) { // raise exception - CMS.debug("EnrollProfile: create new enroll request " - + e.toString()); + CMS.debug("EnrollProfile: create new enroll request " + + e.toString()); } return req; } - public abstract void execute(IRequest request) throws EProfileException; + public abstract void execute(IRequest request) + throws EProfileException; /** * Perform simple policy set assignment. @@ -290,8 +298,8 @@ public abstract class EnrollProfile extends BasicProfile implements X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { @@ -301,34 +309,35 @@ public abstract class EnrollProfile extends BasicProfile implements } /** - * This method is called after the user submits the request from the - * end-entity page. + * This method is called after the user submits the + * request from the end-entity page. */ public void submit(IAuthToken token, IRequest request) - throws EDeferException, EProfileException { + throws EDeferException, EProfileException { // Request Submission Logic: // // if (Authentication Failed) { - // return Error - // } else { - // if (No Auth Token) { - // queue request + // return Error // } else { - // process request - // } + // if (No Auth Token) { + // queue request + // } else { + // process request + // } // } - IAuthority authority = (IAuthority) getAuthority(); + IAuthority authority = (IAuthority) + getAuthority(); IRequestQueue queue = authority.getRequestQueue(); - // this profile queues request that is authenticated - // by NoAuth - try { - queue.updateRequest(request); - } catch (EBaseException e) { - // save request to disk - CMS.debug("EnrollProfile: Update request " + e.toString()); - } + // this profile queues request that is authenticated + // by NoAuth + try { + queue.updateRequest(request); + } catch (EBaseException e) { + // save request to disk + CMS.debug("EnrollProfile: Update request " + e.toString()); + } if (token == null) { CMS.debug("EnrollProfile: auth token is null"); @@ -337,8 +346,7 @@ public abstract class EnrollProfile extends BasicProfile implements try { queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("EnrollProfile: Update request (after validation) " - + e.toString()); + CMS.debug("EnrollProfile: Update request (after validation) " + e.toString()); } throw new EDeferException("defer request"); @@ -352,12 +360,12 @@ public abstract class EnrollProfile extends BasicProfile implements } public TaggedRequest[] parseCMC(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCMC() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCMC(): " + certreq); @@ -367,24 +375,22 @@ public abstract class EnrollProfile extends BasicProfile implements String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(data); - - org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo - .getTemplate().decode(cmcBlobIn); - org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq - .getInterpretedContent(); - org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq - .getContentInfo(); + ByteArrayInputStream cmcBlobIn = + new ByteArrayInputStream(data); + + org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn); + org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent(); + org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo(); OBJECT_IDENTIFIER id = ci.getContentType(); OCTET_STRING content = ci.getContent(); - - ByteArrayInputStream s = new ByteArrayInputStream( - content.toByteArray()); + + ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray()); PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s); mCMCData = pkiData; - // PKIData pkiData = (PKIData) - // (new PKIData.Template()).decode(cmcBlobIn); + //PKIData pkiData = (PKIData) + // (new PKIData.Template()).decode(cmcBlobIn); SEQUENCE controlSeq = pkiData.getControlSequence(); int numcontrols = controlSeq.size(); SEQUENCE reqSeq = pkiData.getReqSequence(); @@ -394,24 +400,22 @@ public abstract class EnrollProfile extends BasicProfile implements if (numcontrols > 0) { context.put("numOfControls", Integer.valueOf(numcontrols)); TaggedAttribute[] attributes = new TaggedAttribute[numcontrols]; - for (int i = 0; i < numcontrols; i++) { - attributes[i] = (TaggedAttribute) controlSeq - .elementAt(i); + for (int i=0; i<numcontrols; i++) { + attributes[i] = (TaggedAttribute)controlSeq.elementAt(i); OBJECT_IDENTIFIER oid = attributes[i].getType(); if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) { - boolean valid = verifyIdentityProof(attributes[i], - reqSeq); + boolean valid = verifyIdentityProof(attributes[i], + reqSeq); if (!valid) { - SEQUENCE bpids = getRequestBpids(reqSeq); + SEQUENCE bpids = getRequestBpids(reqSeq); context.put("identityProof", bpids); return null; } - } else if (oid - .equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { + } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) { SET vals = attributes[i].getValues(); - OCTET_STRING ostr = (OCTET_STRING) (ASN1Util - .decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + OCTET_STRING ostr = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); randomSeed = ostr.toByteArray(); } else { context.put(attributes[i].getType(), attributes[i]); @@ -419,19 +423,18 @@ public abstract class EnrollProfile extends BasicProfile implements } } } - + SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence(); int numOtherMsgs = otherMsgSeq.size(); if (!context.containsKey("numOfOtherMsgs")) { context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs)); - for (int i = 0; i < numOtherMsgs; i++) { - OtherMsg omsg = (OtherMsg) (ASN1Util.decode( - OtherMsg.getTemplate(), - ASN1Util.encode(otherMsgSeq.elementAt(i)))); - context.put("otherMsg" + i, omsg); + for (int i=0; i<numOtherMsgs; i++) { + OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(), + ASN1Util.encode(otherMsgSeq.elementAt(i)))); + context.put("otherMsg"+i, omsg); } } - + int nummsgs = reqSeq.size(); if (nummsgs > 0) { msgs = new TaggedRequest[reqSeq.size()]; @@ -441,11 +444,10 @@ public abstract class EnrollProfile extends BasicProfile implements msgs[i] = (TaggedRequest) reqSeq.elementAt(i); if (!context.containsKey("POPLinkWitness")) { if (randomSeed != null) { - valid = verifyPOPLinkWitness(randomSeed, msgs[i], - bpids); + valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids); if (!valid || bpids.size() > 0) { context.put("POPLinkWitness", bpids); - return null; + return null; } } } @@ -456,13 +458,13 @@ public abstract class EnrollProfile extends BasicProfile implements return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCMC " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req, - SEQUENCE bpids) { + SEQUENCE bpids) { ISharedToken tokenClass = null; boolean sharedSecretFound = true; String name = null; @@ -477,15 +479,15 @@ public abstract class EnrollProfile extends BasicProfile implements } try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); sharedSecretFound = false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); sharedSecretFound = false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); sharedSecretFound = false; } @@ -494,7 +496,7 @@ public abstract class EnrollProfile extends BasicProfile implements String sharedSecret = null; if (tokenClass != null) sharedSecret = tokenClass.getSharedToken(mCMCData); - if (req.getType().equals(TaggedRequest.PKCS10)) { + if (req.getType().equals(TaggedRequest.PKCS10)) { TaggedCertificationRequest tcr = req.getTcr(); if (!sharedSecretFound) { bpids.addElement(tcr.getBodyPartID()); @@ -503,27 +505,25 @@ public abstract class EnrollProfile extends BasicProfile implements CertificationRequest creq = tcr.getCertificationRequest(); CertificationRequestInfo cinfo = creq.getInfo(); SET attrs = cinfo.getAttributes(); - for (int j = 0; j < attrs.size(); j++) { - Attribute pkcs10Attr = (Attribute) attrs.elementAt(j); - if (pkcs10Attr.getType().equals( - OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + for (int j=0; j<attrs.size(); j++) { + Attribute pkcs10Attr = (Attribute)attrs.elementAt(j); + if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { SET witnessVal = pkcs10Attr.getValues(); if (witnessVal.size() > 0) { try { - OCTET_STRING str = (OCTET_STRING) (ASN1Util - .decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(witnessVal - .elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(witnessVal.elementAt(0)))); bv = str.toByteArray(); return verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); } catch (InvalidBERException ex) { return false; } } - } + } } - + return false; } } else if (req.getType().equals(TaggedRequest.CRMF)) { @@ -537,15 +537,14 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals( - OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { + if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { ASN1Value value = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(value)); + ASN1Util.encode(value)); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING) (new OCTET_STRING.Template()) - .decode(bis); + ostr = (OCTET_STRING) + (new OCTET_STRING.Template()).decode(bis); bv = ostr.toByteArray(); } catch (Exception e) { bpids.addElement(reqId); @@ -553,7 +552,7 @@ public abstract class EnrollProfile extends BasicProfile implements } boolean valid = verifyDigest(sharedSecret.getBytes(), - randomSeed, bv); + randomSeed, bv); if (!valid) { bpids.addElement(reqId); return valid; @@ -572,7 +571,7 @@ public abstract class EnrollProfile extends BasicProfile implements MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -583,7 +582,7 @@ public abstract class EnrollProfile extends BasicProfile implements hmacDigest.update(text); finalDigest = hmacDigest.digest(); } catch (NoSuchAlgorithmException ex) { - CMS.debug("EnrollProfile: No such algorithm for this message digest."); + CMS.debug("EnrollProfile: No such algorithm for this message digest."); return false; } @@ -592,9 +591,9 @@ public abstract class EnrollProfile extends BasicProfile implements return false; } - for (int j = 0; j < bv.length; j++) { + for (int j=0; j<bv.length; j++) { if (bv[j] != finalDigest[j]) { - CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); + CMS.debug("EnrollProfile: The content of two HMAC digest are not the same."); return false; } } @@ -636,24 +635,23 @@ public abstract class EnrollProfile extends BasicProfile implements else { ISharedToken tokenClass = null; try { - tokenClass = (ISharedToken) Class.forName(name).newInstance(); + tokenClass = (ISharedToken)Class.forName(name).newInstance(); } catch (ClassNotFoundException e) { - CMS.debug("EnrollProfile: Failed to find class name: " + name); + CMS.debug("EnrollProfile: Failed to find class name: "+name); return false; } catch (InstantiationException e) { - CMS.debug("EnrollProfile: Failed to instantiate class: " + name); + CMS.debug("EnrollProfile: Failed to instantiate class: "+name); return false; } catch (IllegalAccessException e) { - CMS.debug("EnrollProfile: Illegal access: " + name); + CMS.debug("EnrollProfile: Illegal access: "+name); return false; } - + String token = tokenClass.getSharedToken(mCMCData); OCTET_STRING ostr = null; try { - ostr = (OCTET_STRING) (ASN1Util.decode( - OCTET_STRING.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { CMS.debug("EnrollProfile: Failed to decode the byte value."); return false; @@ -665,33 +663,35 @@ public abstract class EnrollProfile extends BasicProfile implements } } - public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info, + IRequest req) + throws EProfileException { TaggedRequest.Type type = tagreq.getType(); - if (type.equals(TaggedRequest.PKCS10)) { + if (type.equals(TaggedRequest.PKCS10)) { try { - TaggedCertificationRequest tcr = tagreq.getTcr(); - CertificationRequest p10 = tcr.getCertificationRequest(); - ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + TaggedCertificationRequest tcr = tagreq.getTcr(); + CertificationRequest p10 = tcr.getCertificationRequest(); + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); - p10.encode(ostream); + p10.encode(ostream); PKCS10 pkcs10 = new PKCS10(ostream.toByteArray()); req.setExtData("bodyPartId", tcr.getBodyPartID()); fillPKCS10(locale, pkcs10, info, req); } catch (Exception e) { - CMS.debug("EnrollProfile: fillTaggedRequest " + e.toString()); + CMS.debug("EnrollProfile: fillTaggedRequest " + + e.toString()); } - } else if (type.equals(TaggedRequest.CRMF)) { - CertReqMsg crm = tagreq.getCrm(); + } else if (type.equals(TaggedRequest.CRMF)) { + CertReqMsg crm = tagreq.getCrm(); SessionContext context = SessionContext.getContext(); - Integer nums = (Integer) (context.get("numOfControls")); + Integer nums = (Integer)(context.get("numOfControls")); // check if the LRA POP Witness Control attribute exists if (nums != null && nums.intValue() > 0) { - TaggedAttribute attr = (TaggedAttribute) (context - .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); + TaggedAttribute attr = + (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness)); if (attr != null) { parseLRAPopWitness(locale, crm, attr); } else { @@ -705,58 +705,53 @@ public abstract class EnrollProfile extends BasicProfile implements fillCertReqMsg(locale, crm, info, req); } else { - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - private void parseLRAPopWitness(Locale locale, CertReqMsg crm, - TaggedAttribute attr) throws EProfileException { + private void parseLRAPopWitness(Locale locale, CertReqMsg crm, + TaggedAttribute attr) throws EProfileException { SET vals = attr.getValues(); boolean donePOP = false; INTEGER reqId = null; if (vals.size() > 0) { LraPopWitness lraPop = null; try { - lraPop = (LraPopWitness) (ASN1Util.decode( - LraPopWitness.getTemplate(), - ASN1Util.encode(vals.elementAt(0)))); + lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(), + ASN1Util.encode(vals.elementAt(0)))); } catch (InvalidBERException e) { - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_ENCODING_ERROR")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR")); } SEQUENCE bodyIds = lraPop.getBodyIds(); reqId = crm.getCertReq().getCertReqId(); - for (int i = 0; i < bodyIds.size(); i++) { - INTEGER num = (INTEGER) (bodyIds.elementAt(i)); + for (int i=0; i<bodyIds.size(); i++) { + INTEGER num = (INTEGER)(bodyIds.elementAt(i)); if (num.toString().equals(reqId.toString())) { donePOP = true; - CMS.debug("EnrollProfile: skip POP for request: " - + reqId.toString() - + " because LRA POP Witness control is found."); + CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found."); break; } } } if (!donePOP) { - CMS.debug("EnrollProfile: not skip POP for request: " - + reqId.toString() - + " because this request id is not part of the body list in LRA Pop witness control."); + CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control."); verifyPOP(locale, crm); } } public CertReqMsg[] parseCRMF(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile: parseCRMF() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq); @@ -764,9 +759,11 @@ public abstract class EnrollProfile extends BasicProfile implements String creq = normalizeCertReq(certreq); try { byte data[] = CMS.AtoB(creq); - ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(data); - SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template( - new CertReqMsg.Template()).decode(crmfBlobIn); + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(data); + SEQUENCE crmfMsgs = (SEQUENCE) + new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(crmfBlobIn); int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) @@ -778,23 +775,24 @@ public abstract class EnrollProfile extends BasicProfile implements return msgs; } catch (Exception e) { CMS.debug("EnrollProfile: parseCRMF " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = new OBJECT_IDENTIFIER( - new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }); + private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = + new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4} + ); - protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { - ASN1Value archVal = ava.getValue(); + protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { + ASN1Value archVal = ava.getValue(); ByteArrayInputStream bis = new ByteArrayInputStream( - ASN1Util.encode(archVal)); + ASN1Util.encode(archVal)); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) - .decode(bis); + try { + archOpts = (PKIArchiveOptions) + (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString()); } @@ -805,21 +803,22 @@ public abstract class EnrollProfile extends BasicProfile implements ByteArrayInputStream bis = new ByteArrayInputStream(options); PKIArchiveOptions archOpts = null; - try { - archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template()) - .decode(bis); + try { + archOpts = (PKIArchiveOptions) + (new PKIArchiveOptions.Template()).decode(bis); } catch (Exception e) { CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString()); } return archOpts; } - public byte[] toByteArray(PKIArchiveOptions options) { + public byte[] toByteArray(PKIArchiveOptions options) { return ASN1Util.encode(options); } - public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info, + IRequest req) + throws EProfileException { try { CMS.debug("Start parseCertReqMsg "); CertRequest certReq = certReqMsg.getCertReq(); @@ -828,11 +827,12 @@ public abstract class EnrollProfile extends BasicProfile implements for (int i = 0; i < certReq.numControls(); i++) { AVA ava = certReq.controlAt(i); - if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { + if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { PKIArchiveOptions opt = getPKIArchiveOptions(ava); - // req.set(REQUEST_ARCHIVE_OPTIONS, opt); - req.setExtData(REQUEST_ARCHIVE_OPTIONS, toByteArray(opt)); + //req.set(REQUEST_ARCHIVE_OPTIONS, opt); + req.setExtData(REQUEST_ARCHIVE_OPTIONS, + toByteArray(opt)); } } @@ -849,24 +849,23 @@ public abstract class EnrollProfile extends BasicProfile implements key.decode(keybytes); // XXX - kmccarth - this may simply undo the decoding above - // but for now it's unclear whether X509Key - // changest the format when decoding. + // but for now it's unclear whether X509Key + // changest the format when decoding. CertificateX509Key certKey = new CertificateX509Key(key); ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream(); certKey.encode(certKeyOut); req.setExtData(REQUEST_KEY, certKeyOut.toByteArray()); // parse validity - if (certTemplate.getNotBefore() != null - || certTemplate.getNotAfter() != null) { - CMS.debug("EnrollProfile: requested notBefore: " - + certTemplate.getNotBefore()); - CMS.debug("EnrollProfile: requested notAfter: " - + certTemplate.getNotAfter()); + if (certTemplate.getNotBefore() != null || + certTemplate.getNotAfter() != null) { + CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore()); + CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter()); CMS.debug("EnrollProfile: current CA time: " + new Date()); CertificateValidity certValidity = new CertificateValidity( certTemplate.getNotBefore(), certTemplate.getNotAfter()); - ByteArrayOutputStream certValidityOut = new ByteArrayOutputStream(); + ByteArrayOutputStream certValidityOut = + new ByteArrayOutputStream(); certValidity.encode(certValidityOut); req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray()); } else { @@ -876,32 +875,31 @@ public abstract class EnrollProfile extends BasicProfile implements // parse subject if (certTemplate.hasSubject()) { Name subjectdn = certTemplate.getSubject(); - ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); + ByteArrayOutputStream subjectEncStream = + new ByteArrayOutputStream(); subjectdn.encode(subjectEncStream); byte[] subjectEnc = subjectEncStream.toByteArray(); X500Name subject = new X500Name(subjectEnc); - // info.set(X509CertInfo.SUBJECT, - // new CertificateSubjectName(subject)); + //info.set(X509CertInfo.SUBJECT, + // new CertificateSubjectName(subject)); req.setExtData(REQUEST_SUBJECT_NAME, new CertificateSubjectName(subject)); try { - String subjectCN = subject.getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); + String subjectCN = subject.getCommonName(); + if (subjectCN == null) subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); } try { String subjectUID = subject.getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); + if (subjectUID == null) subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); } } @@ -910,11 +908,11 @@ public abstract class EnrollProfile extends BasicProfile implements // try { extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS); - // } catch (CertificateException e) { - // extensions = null; + // } catch (CertificateException e) { + // extensions = null; // } catch (IOException e) { - // extensions = null; - // } + // extensions = null; + // } if (certTemplate.hasExtensions()) { // put each extension from CRMF into CertInfo. // index by extension name, consistent with @@ -924,54 +922,57 @@ public abstract class EnrollProfile extends BasicProfile implements int numexts = certTemplate.numExtensions(); for (int j = 0; j < numexts; j++) { - org.mozilla.jss.pkix.cert.Extension jssext = certTemplate - .extensionAt(j); + org.mozilla.jss.pkix.cert.Extension jssext = + certTemplate.extensionAt(j); boolean isCritical = jssext.getCritical(); - org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext - .getExtnId(); + org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = + jssext.getExtnId(); long[] numbers = jssoid.getNumbers(); int[] oidNumbers = new int[numbers.length]; for (int k = numbers.length - 1; k >= 0; k--) { oidNumbers[k] = (int) numbers[k]; } - ObjectIdentifier oid = new ObjectIdentifier(oidNumbers); - org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext - .getExtnValue(); - ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream(); + ObjectIdentifier oid = + new ObjectIdentifier(oidNumbers); + org.mozilla.jss.asn1.OCTET_STRING jssvalue = + jssext.getExtnValue(); + ByteArrayOutputStream jssvalueout = + new ByteArrayOutputStream(); jssvalue.encode(jssvalueout); byte[] extValue = jssvalueout.toByteArray(); - Extension ext = new Extension(oid, isCritical, extValue); + Extension ext = + new Extension(oid, isCritical, extValue); extensions.parseExtension(ext); } - // info.set(X509CertInfo.EXTENSIONS, extensions); + // info.set(X509CertInfo.EXTENSIONS, extensions); req.setExtData(REQUEST_EXTENSIONS, extensions); } } catch (IOException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (InvalidKeyException e) { CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); - // } catch (CertificateException e) { - // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); - // throw new EProfileException(e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + // } catch (CertificateException e) { + // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString()); + // throw new EProfileException(e.toString()); } } public PKCS10 parsePKCS10(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { /* cert request must not be null */ if (certreq == null) { CMS.debug("EnrollProfile:parsePKCS10() certreq null"); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } CMS.debug("Start parsePKCS10(): " + certreq); @@ -987,20 +988,17 @@ public abstract class EnrollProfile extends BasicProfile implements try { cm = CryptoManager.getInstance(); - sigver = CMS.getConfigStore().getBoolean( - "ca.requestVerify.enabled", true); + sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true); if (sigver) { CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled"); - String tokenName = CMS.getConfigStore().getString( - "ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); savedToken = cm.getThreadToken(); CryptoToken signToken = null; if (tokenName.equals("internal")) { CMS.debug("EnrollProfile: parsePKCS10: use internal token"); signToken = cm.getInternalCryptoToken(); } else { - CMS.debug("EnrollProfile: parsePKCS10: tokenName=" - + tokenName); + CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName); signToken = cm.getTokenByName(tokenName); } CMS.debug("EnrollProfile: parsePKCS10 setting thread token"); @@ -1012,8 +1010,8 @@ public abstract class EnrollProfile extends BasicProfile implements } } catch (Exception e) { CMS.debug("EnrollProfile: parsePKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } finally { if (sigver) { CMS.debug("EnrollProfile: parsePKCS10 restoring thread token"); @@ -1024,8 +1022,8 @@ public abstract class EnrollProfile extends BasicProfile implements return pkcs10; } - public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, - IRequest req) throws EProfileException { + public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) + throws EProfileException { X509Key key = pkcs10.getSubjectPublicKeyInfo(); try { @@ -1037,41 +1035,36 @@ public abstract class EnrollProfile extends BasicProfile implements req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(pkcs10.getSubjectName())); try { - String subjectCN = pkcs10.getSubjectName().getCommonName(); - if (subjectCN == null) - subjectCN = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN); + String subjectCN = pkcs10.getSubjectName().getCommonName(); + if (subjectCN == null) subjectCN = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".cn", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".cn", ""); } try { String subjectUID = pkcs10.getSubjectName().getUserID(); - if (subjectUID == null) - subjectUID = ""; - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID); + if (subjectUID == null) subjectUID = ""; + req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID); } catch (Exception ee) { - req.setExtData(REQUEST_SUBJECT_NAME + ".uid", ""); + req.setExtData(REQUEST_SUBJECT_NAME+".uid", ""); } info.set(X509CertInfo.KEY, certKey); PKCS10Attributes p10Attrs = pkcs10.getAttributes(); if (p10Attrs != null) { - PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs - .getAttribute(CertificateExtensions.NAME)); - if (p10Attr != null - && p10Attr.getAttributeId().equals( - PKCS9Attribute.EXTENSION_REQUEST_OID)) { - CMS.debug("Found PKCS10 extension"); - Extensions exts0 = (Extensions) (p10Attr - .getAttributeValue()); + PKCS10Attribute p10Attr = (PKCS10Attribute) + (p10Attrs.getAttribute(CertificateExtensions.NAME)); + if (p10Attr != null && p10Attr.getAttributeId().equals( + PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension"); + Extensions exts0 = (Extensions) + (p10Attr.getAttributeValue()); DerOutputStream extOut = new DerOutputStream(); exts0.encode(extOut); byte[] extB = extOut.toByteArray(); DerInputStream extIn = new DerInputStream(extB); - CertificateExtensions exts = new CertificateExtensions( - extIn); + CertificateExtensions exts = new CertificateExtensions(extIn); if (exts != null) { CMS.debug("Set extensions " + exts); // info.set(X509CertInfo.EXTENSIONS, exts); @@ -1079,73 +1072,75 @@ public abstract class EnrollProfile extends BasicProfile implements } } else { CMS.debug("PKCS10 extension Not Found"); - } - } + } + } CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName()); } catch (IOException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillPKCS10 " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } - // for netkey - public void fillNSNKEY(Locale locale, String sn, String skey, - X509CertInfo info, IRequest req) throws EProfileException { - try { - // cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("screenname", sn); - // keeping "aoluid" to be backward compatible - req.setExtData("aoluid", sn); - req.setExtData("uid", sn); - CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn); + // for netkey + public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("screenname", sn); + // keeping "aoluid" to be backward compatible + req.setExtData("aoluid", sn); + req.setExtData("uid", sn); + CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn); + + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + } } - } - - // for house key - public void fillNSHKEY(Locale locale, String tcuid, String skey, - X509CertInfo info, IRequest req) throws EProfileException { - - try { - // cfu - is the algorithm going to be replaced by the policy? - X509Key key = new X509Key(); - key.decode(CMS.AtoB(skey)); - info.set(X509CertInfo.KEY, new CertificateX509Key(key)); - // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, - // new CertificateSubjectName(new - // X500Name("CN="+sn))); - req.setExtData("tokencuid", tcuid); + // for house key + public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req) + throws EProfileException { - CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid); - - } catch (Exception e) { - CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + try { + //cfu - is the algorithm going to be replaced by the policy? + X509Key key = new X509Key(); + key.decode(CMS.AtoB(skey)); + + info.set(X509CertInfo.KEY, new CertificateX509Key(key)); + // req.set(EnrollProfile.REQUEST_SUBJECT_NAME, + // new CertificateSubjectName(new + // X500Name("CN="+sn))); + req.setExtData("tokencuid", tcuid); + + CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid); + + } catch (Exception e) { + CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString()); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); + } } - } + public DerInputStream parseKeyGen(Locale locale, String certreq) - throws EProfileException { + throws EProfileException { byte data[] = CMS.AtoB(certreq); DerInputStream derIn = new DerInputStream(data); @@ -1153,8 +1148,9 @@ public abstract class EnrollProfile extends BasicProfile implements return derIn; } - public void fillKeyGen(Locale locale, DerInputStream derIn, - X509CertInfo info, IRequest req) throws EProfileException { + public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req + ) + throws EProfileException { try { /* get SPKAC Algorithm & Signature */ @@ -1184,12 +1180,12 @@ public abstract class EnrollProfile extends BasicProfile implements info.set(X509CertInfo.KEY, certKey); } catch (IOException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } catch (CertificateException e) { CMS.debug("EnrollProfile: fillKeyGen " + e.toString()); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_PROFILE_INVALID_REQUEST")); + throw new EProfileException( + CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST")); } } @@ -1224,8 +1220,8 @@ public abstract class EnrollProfile extends BasicProfile implements public Locale getLocale(IRequest request) { Locale locale = null; - String language = request - .getExtDataInString(EnrollProfile.REQUEST_LOCALE); + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -1235,36 +1231,37 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Populate input * <P> - * + * * (either all "agent" profile cert requests NOT made through a connector, - * or all "EE" profile cert requests NOT made through a connector) + * or all "EE" profile cert requests NOT made through a connector) * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a * profile cert request is made (before approval process) * </ul> - * * @param ctx profile context * @param request the certificate request * @exception EProfileException an error related to this profile has - * occurred + * occurred */ public void populateInput(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { super.populateInput(ctx, request); } - public void populate(IRequest request) throws EProfileException { + public void populate(IRequest request) + throws EProfileException { super.populate(request); } /** - * Passes the request to the set of constraint policies that validate the - * request against the profile. + * Passes the request to the set of constraint policies + * that validate the request against the profile. */ - public void validate(IRequest request) throws ERejectException { + public void validate(IRequest request) + throws ERejectException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditRequesterID = auditRequesterID(request); @@ -1276,25 +1273,28 @@ public abstract class EnrollProfile extends BasicProfile implements X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO); try { - CertificateSubjectName sn = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); + CertificateSubjectName sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); // if the cert subject name is NOT MISSING, retrieve the // actual "auditCertificateSubjectName" and "normalize" it if (sn != null) { subject = sn.toString(); if (subject != null) { - // NOTE: This is ok even if the cert subject name - // is "" (empty)! + // NOTE: This is ok even if the cert subject name + // is "" (empty)! auditCertificateSubjectName = subject.trim(); } } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.SUCCESS, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.SUCCESS, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (CertificateException e) { @@ -1302,9 +1302,12 @@ public abstract class EnrollProfile extends BasicProfile implements // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.FAILURE, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } catch (IOException e) { @@ -1312,9 +1315,12 @@ public abstract class EnrollProfile extends BasicProfile implements // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID, - ILogger.FAILURE, auditRequesterID, auditProfileID, - auditCertificateSubjectName); + LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, + auditSubjectID, + ILogger.FAILURE, + auditRequesterID, + auditProfileID, + auditCertificateSubjectName); audit(auditMessage); } @@ -1331,8 +1337,8 @@ public abstract class EnrollProfile extends BasicProfile implements if (key == null) { Locale locale = getLocale(request); - throw new ERejectException(CMS.getUserMessage(locale, - "CMS_PROFILE_EMPTY_KEY")); + throw new ERejectException(CMS.getUserMessage( + locale, "CMS_PROFILE_EMPTY_KEY")); } try { @@ -1344,11 +1350,12 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Signed Audit Log Requester ID - * - * This method is inherited by all extended "EnrollProfile"s, and is called - * to obtain the "RequesterID" for a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, + * and is called to obtain the "RequesterID" for + * a signed audit log message. * <P> - * + * * @param request the actual request * @return id string containing the signed audit log message RequesterID */ @@ -1374,11 +1381,12 @@ public abstract class EnrollProfile extends BasicProfile implements /** * Signed Audit Log Profile ID - * - * This method is inherited by all extended "EnrollProfile"s, and is called - * to obtain the "ProfileID" for a signed audit log message. + * + * This method is inherited by all extended "EnrollProfile"s, + * and is called to obtain the "ProfileID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message ProfileID */ protected String auditProfileID() { @@ -1399,7 +1407,7 @@ public abstract class EnrollProfile extends BasicProfile implements } public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { + throws EProfileException { CMS.debug("EnrollProfile ::in verifyPOP"); String auditMessage = null; @@ -1418,35 +1426,37 @@ public abstract class EnrollProfile extends BasicProfile implements try { CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString( - "ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); if (tokenName.equals("internal")) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:" + tokenName); + CMS.debug("POP verification using token:"+ tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.SUCCESS); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); + audit( auditMessage ); } catch (Exception e) { - CMS.debug("Failed POP verify! " + e.toString()); + CMS.debug("Failed POP verify! "+e.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + "CMS_POP_VERIFICATION_ERROR")); } } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java index 972412f7..199aa794 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java @@ -17,15 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.profile.IProfileContext; + /** - * This class implements an enrollment profile context that carries information - * for request creation. - * + * This class implements an enrollment profile context + * that carries information for request creation. + * * @version $Revision$, $Date$ */ -public class EnrollProfileContext extends ProfileContext implements - IProfileContext { +public class EnrollProfileContext extends ProfileContext + implements IProfileContext { } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java index 7a275b1e..147d9c82 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java @@ -17,13 +17,15 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Hashtable; import com.netscape.certsrv.profile.IProfileContext; + /** * This class implements the profile context. - * + * * @version $Revision$, $Date$ */ public class ProfileContext implements IProfileContext { diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java index a7895746..a0f0ed25 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java @@ -17,14 +17,17 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.profile.IPolicyConstraint; import com.netscape.certsrv.profile.IPolicyDefault; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a profile policy that contains a default policy and a - * constraint policy. - * + * This class implements a profile policy that + * contains a default policy and a constraint + * policy. + * * @version $Revision$, $Date$ */ public class ProfilePolicy implements IProfilePolicy { @@ -32,8 +35,7 @@ public class ProfilePolicy implements IProfilePolicy { private IPolicyDefault mDefault = null; private IPolicyConstraint mConstraint = null; - public ProfilePolicy(String id, IPolicyDefault def, - IPolicyConstraint constraint) { + public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) { mId = id; mDefault = def; mConstraint = constraint; diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java index b00ac56b..f82e7313 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import java.util.Enumeration; import netscape.security.x509.X500Name; @@ -34,9 +35,11 @@ import com.netscape.certsrv.request.IRequestListener; import com.netscape.certsrv.request.IRequestQueue; import com.netscape.certsrv.request.RequestStatus; + /** - * This class implements a Registration Manager enrollment profile. - * + * This class implements a Registration Manager + * enrollment profile. + * * @version $Revision$, $Date$ */ public class RAEnrollProfile extends EnrollProfile { @@ -46,7 +49,8 @@ public class RAEnrollProfile extends EnrollProfile { } public IAuthority getAuthority() { - IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IAuthority authority = (IAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (authority == null) return null; @@ -54,27 +58,31 @@ public class RAEnrollProfile extends EnrollProfile { } public X500Name getIssuerName() { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); X500Name issuerName = ra.getX500Name(); return issuerName; } - public void execute(IRequest request) throws EProfileException { + public void execute(IRequest request) + throws EProfileException { + if (!isEnable()) { CMS.debug("CAEnrollProfile: Profile Not Enabled"); throw new EProfileException("Profile Not Enabled"); } - IRegistrationAuthority ra = (IRegistrationAuthority) getAuthority(); + IRegistrationAuthority ra = + (IRegistrationAuthority) getAuthority(); IRAService raService = (IRAService) ra.getRAService(); if (raService == null) { throw new EProfileException("No RA Service"); } + IRequestQueue queue = ra.getRequestQueue(); // send request to CA @@ -86,16 +94,15 @@ public class RAEnrollProfile extends EnrollProfile { } else { caConnector.send(request); // check response - if (!request.isSuccess()) { + if (!request.isSuccess()) { CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING"); request.setRequestStatus(RequestStatus.SVC_PENDING); try { - queue.updateRequest(request); + queue.updateRequest(request); } catch (EBaseException e) { - CMS.debug("RAEnrollProfile: Update request " - + e.toString()); + CMS.debug("RAEnrollProfile: Update request " + e.toString()); } throw new ERejectException( request.getError(getLocale(request))); diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java index 7d650864..4a18ff14 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,86 +28,91 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for Server - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for Server Certificates. + * * @version $Revision$, $Date$ */ -public class ServerCertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class ServerCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "certReqInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "certReqInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", - "submitterInfoInputImpl", inputParams2); + IProfileInput input2 = + createProfileInput("i2", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); IPolicyDefault def1 = policy1.getDefault(); IConfigStore defConfig1 = def1.getConfigStore(); IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); IPolicyDefault def2 = policy2.getDefault(); IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); IPolicyDefault def3 = policy3.getDefault(); IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); IPolicyDefault def4 = policy4.getDefault(); IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); - IPolicyDefault def5 = policy5.getDefault(); - IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "true"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); - IPolicyConstraint con5 = policy5.getConstraint(); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); + IPolicyDefault def5 = policy5.getDefault(); + IConfigStore defConfig5 = def5.getConfigStore(); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","false"); + defConfig5.putString("params.keyUsageDataEncipherment","true"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","false"); + defConfig5.putString("params.keyUsageKeyEncipherment","true"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); + IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java index 833f0f10..7d4254bf 100644 --- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java +++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.common; + import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.common.NameValuePairs; @@ -27,89 +28,94 @@ import com.netscape.certsrv.profile.IProfileInput; import com.netscape.certsrv.profile.IProfileOutput; import com.netscape.certsrv.profile.IProfilePolicy; + /** - * This class implements a Certificate Manager enrollment profile for User - * Certificates. - * + * This class implements a Certificate Manager enrollment + * profile for User Certificates. + * * @version $Revision$, $Date$ */ -public class UserCertCAEnrollProfile extends CAEnrollProfile implements - IProfileEx { +public class UserCertCAEnrollProfile extends CAEnrollProfile + implements IProfileEx { /** - * Called after initialization. It populates default policies, inputs, and - * outputs. + * Called after initialization. It populates default + * policies, inputs, and outputs. */ - public void populate() throws EBaseException { + public void populate() throws EBaseException + { // create inputs NameValuePairs inputParams1 = new NameValuePairs(); - IProfileInput input1 = createProfileInput("i1", "keyGenInputImpl", - inputParams1); + IProfileInput input1 = + createProfileInput("i1", "keyGenInputImpl", inputParams1); NameValuePairs inputParams2 = new NameValuePairs(); - IProfileInput input2 = createProfileInput("i2", "subjectNameInputImpl", - inputParams2); + IProfileInput input2 = + createProfileInput("i2", "subjectNameInputImpl", inputParams2); NameValuePairs inputParams3 = new NameValuePairs(); - IProfileInput input3 = createProfileInput("i3", - "submitterInfoInputImpl", inputParams2); + IProfileInput input3 = + createProfileInput("i3", "submitterInfoInputImpl", inputParams2); // create outputs NameValuePairs outputParams1 = new NameValuePairs(); - IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl", - outputParams1); + IProfileOutput output1 = + createProfileOutput("o1", "certOutputImpl", outputParams1); // create policies - IProfilePolicy policy1 = createProfilePolicy("set1", "p1", - "userSubjectNameDefaultImpl", "noConstraintImpl"); - IPolicyDefault def1 = policy1.getDefault(); - IConfigStore defConfig1 = def1.getConfigStore(); - IPolicyConstraint con1 = policy1.getConstraint(); + IProfilePolicy policy1 = + createProfilePolicy("set1", "p1", + "userSubjectNameDefaultImpl", "noConstraintImpl"); + IPolicyDefault def1 = policy1.getDefault(); + IConfigStore defConfig1 = def1.getConfigStore(); + IPolicyConstraint con1 = policy1.getConstraint(); IConfigStore conConfig1 = con1.getConfigStore(); - IProfilePolicy policy2 = createProfilePolicy("set1", "p2", - "validityDefaultImpl", "noConstraintImpl"); - IPolicyDefault def2 = policy2.getDefault(); - IConfigStore defConfig2 = def2.getConfigStore(); - defConfig2.putString("params.range", "180"); - defConfig2.putString("params.startTime", "0"); - IPolicyConstraint con2 = policy2.getConstraint(); + IProfilePolicy policy2 = + createProfilePolicy("set1", "p2", + "validityDefaultImpl", "noConstraintImpl"); + IPolicyDefault def2 = policy2.getDefault(); + IConfigStore defConfig2 = def2.getConfigStore(); + defConfig2.putString("params.range","180"); + defConfig2.putString("params.startTime","0"); + IPolicyConstraint con2 = policy2.getConstraint(); IConfigStore conConfig2 = con2.getConfigStore(); - IProfilePolicy policy3 = createProfilePolicy("set1", "p3", - "userKeyDefaultImpl", "noConstraintImpl"); - IPolicyDefault def3 = policy3.getDefault(); - IConfigStore defConfig3 = def3.getConfigStore(); - defConfig3.putString("params.keyType", "RSA"); - defConfig3.putString("params.keyMinLength", "512"); - defConfig3.putString("params.keyMaxLength", "4096"); - IPolicyConstraint con3 = policy3.getConstraint(); + IProfilePolicy policy3 = + createProfilePolicy("set1", "p3", + "userKeyDefaultImpl", "noConstraintImpl"); + IPolicyDefault def3 = policy3.getDefault(); + IConfigStore defConfig3 = def3.getConfigStore(); + defConfig3.putString("params.keyType","RSA"); + defConfig3.putString("params.keyMinLength","512"); + defConfig3.putString("params.keyMaxLength","4096"); + IPolicyConstraint con3 = policy3.getConstraint(); IConfigStore conConfig3 = con3.getConfigStore(); - IProfilePolicy policy4 = createProfilePolicy("set1", "p4", - "signingAlgDefaultImpl", "noConstraintImpl"); - IPolicyDefault def4 = policy4.getDefault(); - IConfigStore defConfig4 = def4.getConfigStore(); - defConfig4.putString("params.signingAlg", "-"); - defConfig4 - .putString( - "params.signingAlgsAllowed", - "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); - IPolicyConstraint con4 = policy4.getConstraint(); + IProfilePolicy policy4 = + createProfilePolicy("set1", "p4", + "signingAlgDefaultImpl", "noConstraintImpl"); + IPolicyDefault def4 = policy4.getDefault(); + IConfigStore defConfig4 = def4.getConfigStore(); + defConfig4.putString("params.signingAlg","-"); + defConfig4.putString("params.signingAlgsAllowed", + "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC"); + IPolicyConstraint con4 = policy4.getConstraint(); IConfigStore conConfig4 = con4.getConfigStore(); - IProfilePolicy policy5 = createProfilePolicy("set1", "p5", - "keyUsageExtDefaultImpl", "noConstraintImpl"); + IProfilePolicy policy5 = + createProfilePolicy("set1", "p5", + "keyUsageExtDefaultImpl", "noConstraintImpl"); IPolicyDefault def5 = policy5.getDefault(); IConfigStore defConfig5 = def5.getConfigStore(); - defConfig5.putString("params.keyUsageCritical", "true"); - defConfig5.putString("params.keyUsageCrlSign", "false"); - defConfig5.putString("params.keyUsageDataEncipherment", "false"); - defConfig5.putString("params.keyUsageDecipherOnly", "false"); - defConfig5.putString("params.keyUsageDigitalSignature", "true"); - defConfig5.putString("params.keyUsageEncipherOnly", "false"); - defConfig5.putString("params.keyUsageKeyAgreement", "false"); - defConfig5.putString("params.keyUsageKeyCertSign", "false"); - defConfig5.putString("params.keyUsageKeyEncipherment", "true"); - defConfig5.putString("params.keyUsageNonRepudiation", "true"); + defConfig5.putString("params.keyUsageCritical","true"); + defConfig5.putString("params.keyUsageCrlSign","false"); + defConfig5.putString("params.keyUsageDataEncipherment","false"); + defConfig5.putString("params.keyUsageDecipherOnly","false"); + defConfig5.putString("params.keyUsageDigitalSignature","true"); + defConfig5.putString("params.keyUsageEncipherOnly","false"); + defConfig5.putString("params.keyUsageKeyAgreement","false"); + defConfig5.putString("params.keyUsageKeyCertSign","false"); + defConfig5.putString("params.keyUsageKeyEncipherment","true"); + defConfig5.putString("params.keyUsageNonRepudiation","true"); IPolicyConstraint con5 = policy5.getConstraint(); IConfigStore conConfig5 = con5.getConfigStore(); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java index 8c9fd70d..4e4c2f60 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.io.IOException; import java.util.Locale; @@ -39,18 +40,24 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; + /** - * This class implements the basic constraints extension constraint. It checks - * if the basic constraint in the certificate template satisfies the criteria. - * + * This class implements the basic constraints extension constraint. + * It checks if the basic constraint in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtConstraint extends EnrollConstraint { - public static final String CONFIG_CRITICAL = "basicConstraintsCritical"; - public static final String CONFIG_IS_CA = "basicConstraintsIsCA"; - public static final String CONFIG_MIN_PATH_LEN = "basicConstraintsMinPathLen"; - public static final String CONFIG_MAX_PATH_LEN = "basicConstraintsMaxPathLen"; + public static final String CONFIG_CRITICAL = + "basicConstraintsCritical"; + public static final String CONFIG_IS_CA = + "basicConstraintsIsCA"; + public static final String CONFIG_MIN_PATH_LEN = + "basicConstraintsMinPathLen"; + public static final String CONFIG_MAX_PATH_LEN = + "basicConstraintsMaxPathLen"; public BasicConstraintsExtConstraint() { super(); @@ -64,42 +71,50 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { * Initializes this constraint plugin. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_MIN_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, "-1", + return new Descriptor(IDescriptor.INTEGER, null, + "-1", CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN")); } else if (name.equals(CONFIG_MAX_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, "100", + return new Descriptor(IDescriptor.INTEGER, null, + "100", CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateExtensions exts = null; try { - BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), + info); if (ext == null) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } // check criticality @@ -109,66 +124,67 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { boolean critical = getBoolean(value); if (critical != ext.isCritical()) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } value = getConfig(CONFIG_IS_CA); if (!isOptional(value)) { boolean isCA = getBoolean(value); - Boolean extIsCA = (Boolean) ext - .get(BasicConstraintsExtension.IS_CA); + Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); if (isCA != extIsCA.booleanValue()) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA")); } - } + } value = getConfig(CONFIG_MIN_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); - Integer extPathLen = (Integer) ext - .get(BasicConstraintsExtension.PATH_LEN); + Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); if (pathLen > extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" - + pathLen + " > extPathLen=" + extPathLen); + CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH")); } } value = getConfig(CONFIG_MAX_PATH_LEN); if (!isOptional(value)) { int pathLen = getInt(value); - Integer extPathLen = (Integer) ext - .get(BasicConstraintsExtension.PATH_LEN); + Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN); if (pathLen < extPathLen.intValue()) { - CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" - + pathLen + " < extPathLen=" + extPathLen); + CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen); throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH")); } } } catch (IOException e) { CMS.debug("BasicConstraintsExt: validate " + e.toString()); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.BasicConstraints_Id.toString())); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.BasicConstraints_Id.toString())); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), getConfig(CONFIG_MIN_PATH_LEN), - getConfig(CONFIG_MAX_PATH_LEN) }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params); + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_IS_CA), + getConfig(CONFIG_MIN_PATH_LEN), + getConfig(CONFIG_MAX_PATH_LEN) + }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", + params); } public boolean isApplicable(IPolicyDefault def) { @@ -181,17 +197,19 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { return false; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { + if (mConfig.getSubStore("params") == null) { CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null"); // } else { - CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " - + value); + CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value); - if (name.equals(CONFIG_MAX_PATH_LEN)) { + if(name.equals(CONFIG_MAX_PATH_LEN)) + { String minPathLen = getConfig(CONFIG_MIN_PATH_LEN); @@ -199,12 +217,13 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint { int maxLen = getInt(value); - if (minLen >= maxLen) { + if(minLen >= maxLen) { CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!"); throw new EPropertyException("bad value"); } + } mConfig.getSubStore("params").putString(name, value); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java index 8b2eab44..9759af73 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java @@ -17,13 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; + /** - * This class represents an abstract class for CA enrollment constraint. + * This class represents an abstract class for CA enrollment + * constraint. */ public abstract class CAEnrollConstraint extends EnrollConstraint { @@ -38,8 +41,8 @@ public abstract class CAEnrollConstraint extends EnrollConstraint { * Retrieves the CA certificate. */ public X509CertImpl getCACert() { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); return caCert; diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java index 17c6c34f..4d89e739 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -37,10 +38,12 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; + /** - * This class implements the validity constraint. It checks if the validity in - * the certificate template is within the CA's validity. - * + * This class implements the validity constraint. + * It checks if the validity in the certificate + * template is within the CA's validity. + * * @version $Revision$, $Date$ */ public class CAValidityConstraint extends CAEnrollConstraint { @@ -53,7 +56,7 @@ public class CAValidityConstraint extends CAEnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); X509CertImpl caCert = getCACert(); @@ -62,18 +65,19 @@ public class CAValidityConstraint extends CAEnrollConstraint { } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("CAValidityConstraint: validate start"); CertificateValidity v = null; try { v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notBefore = null; @@ -81,8 +85,8 @@ public class CAValidityConstraint extends CAEnrollConstraint { notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE); } catch (IOException e) { CMS.debug("CAValidity: not before " + e.toString()); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_NOT_BEFORE")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } Date notAfter = null; @@ -90,33 +94,37 @@ public class CAValidityConstraint extends CAEnrollConstraint { notAfter = (Date) v.get(CertificateValidity.NOT_AFTER); } catch (IOException e) { CMS.debug("CAValidity: not after " + e.toString()); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_NOT_AFTER")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); } if (mDefNotBefore != null) { - CMS.debug("ValidtyConstraint: notBefore=" + notBefore - + " defNotBefore=" + mDefNotBefore); + CMS.debug("ValidtyConstraint: notBefore=" + notBefore + + " defNotBefore=" + mDefNotBefore); if (notBefore.before(mDefNotBefore)) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); + getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE")); } } - CMS.debug("ValidtyConstraint: notAfter=" + notAfter + " defNotAfter=" - + mDefNotAfter); + CMS.debug("ValidtyConstraint: notAfter=" + notAfter + + " defNotAfter=" + mDefNotAfter); if (notAfter.after(mDefNotAfter)) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_NOT_AFTER")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER")); } CMS.debug("CAValidtyConstraint: validate end"); } public String getText(Locale locale) { - String params[] = { mDefNotBefore.toString(), mDefNotAfter.toString() }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params); + String params[] = { + mDefNotBefore.toString(), + mDefNotAfter.toString() + }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", + params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java index a4d1e4d9..0723a72c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -38,9 +39,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** * This class implements the generic enrollment constraint. - * + * * @version $Revision$, $Date$ */ public abstract class EnrollConstraint implements IPolicyConstraint { @@ -70,15 +72,16 @@ public abstract class EnrollConstraint implements IPolicyConstraint { public Locale getLocale(IRequest request) { Locale locale = null; - String language = request - .getExtDataInString(EnrollProfile.REQUEST_LOCALE); + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } return locale; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -102,42 +105,46 @@ public abstract class EnrollConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } public IConfigStore getConfigStore() { return mConfig; - } + } /** - * Validates the request. The request is not modified during the validation. - * + * Validates the request. The request is not modified + * during the validation. + * * @param request enrollment request * @param info certificate template - * @exception ERejectException request is rejected due to violation of - * constraint + * @exception ERejectException request is rejected due + * to violation of constraint */ public abstract void validate(IRequest request, X509CertInfo info) - throws ERejectException; + throws ERejectException; /** - * Validates the request. The request is not modified during the validation. - * - * The current implementation of this method calls into the subclass's - * validate(request, info) method for validation checking. - * + * Validates the request. The request is not modified + * during the validation. + * + * The current implementation of this method calls + * into the subclass's validate(request, info) + * method for validation checking. + * * @param request request - * @exception ERejectException request is rejected due to violation of - * constraint + * @exception ERejectException request is rejected due + * to violation of constraint */ - public void validate(IRequest request) throws ERejectException { + public void validate(IRequest request) + throws ERejectException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": validate start"); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); validate(request, info); @@ -161,7 +168,8 @@ public abstract class EnrollConstraint implements IPolicyConstraint { CertificateExtensions exts = null; try { - exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollConstraint: getExtension " + e.toString()); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java index 88cfb542..539f4890 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -39,17 +40,19 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; + /** - * This class implements the extended key usage extension constraint. It checks - * if the extended key usage extension in the certificate template satisfies the - * criteria. - * + * This class implements the extended key usage extension constraint. + * It checks if the extended key usage extension in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; - public static final String CONFIG_OIDS = "exKeyUsageOIDs"; + public static final String CONFIG_OIDS = + "exKeyUsageOIDs"; public ExtendedKeyUsageExtConstraint() { super(); @@ -58,33 +61,38 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); - } + } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); + throws ERejectException { + ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - ExtendedKeyUsageExtension.OID)); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); } // check criticality @@ -94,10 +102,12 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { boolean critical = getBoolean(value); if (critical != ext.isCritical()) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } // Build local cache of configured OIDs Vector mCache = new Vector(); @@ -112,22 +122,28 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { // check OIDs Enumeration e = ext.getOIDs(); - while (e.hasMoreElements()) { + while (e.hasMoreElements()) { ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); if (!mCache.contains(oid.toString())) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_OID_NOT_MATCHED", - oid.toString())); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); } } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; - - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params); + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_OIDS) + }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", + params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java index 5680648c..cda51a07 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Locale; import netscape.security.x509.Extension; @@ -36,10 +37,12 @@ import com.netscape.cms.profile.def.EnrollExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; + /** - * This class implements the general extension constraint. It checks if the - * extension in the certificate template satisfies the criteria. - * + * This class implements the general extension constraint. + * It checks if the extension in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ExtensionConstraint extends EnrollConstraint { @@ -54,71 +57,83 @@ public class ExtensionConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("ExtensionConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("ExtensionConstraint: setConfig name=" + name + " value=" - + value); - - if (name.equals(CONFIG_OID)) { - try { - CMS.checkOID("", value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_PROPERTY_ERROR", value)); - } + CMS.debug("ExtensionConstraint: setConfig name=" + name + + " value=" + value); + + if(name.equals(CONFIG_OID)) + { + try { + CMS.checkOID("", value); + } catch (Exception e) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value)); + } } mConfig.getSubStore("params").putString(name, value); } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { - Extension ext = getExtension(getConfig(CONFIG_OID), info); + Extension ext = getExtension(getConfig(CONFIG_OID), info); if (ext == null) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", getConfig(CONFIG_OID))); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + getConfig(CONFIG_OID))); } - // check criticality + // check criticality String value = getConfig(CONFIG_CRITICAL); if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } - } + } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_OID) + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 1952ba16..56ec0adf 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.math.BigInteger; import java.security.interfaces.DSAParams; import java.util.HashMap; @@ -43,9 +44,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserKeyDefault; + /** - * This constraint is to check the key type and key length. - * + * This constraint is to check the key type and + * key length. + * * @version $Revision$, $Date$ */ @SuppressWarnings("serial") @@ -54,306 +57,72 @@ public class KeyConstraint extends EnrollConstraint { public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA) public static final String CONFIG_KEY_PARAMETERS = "keyParameters"; - private static final String[] ecCurves = { "nistp256", "nistp384", - "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2", - "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", - "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283", - "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", - "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571", - "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", - "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1", - "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", - "prime192v3", "prime239v1", "prime239v2", "prime239v3", - "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", - "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", - "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2pnb272w1", - "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", - "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", - "sect113r2", "sect131r1", "sect131r2" }; - - private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>(); - static { - ecOIDs.put("1.2.840.10045.3.1.7", new Vector() { - { - add("nistp256"); - add("secp256r1"); - } - }); - ecOIDs.put("1.3.132.0.34", new Vector() { - { - add("nistp384"); - add("secp384r1"); - } - }); - ecOIDs.put("1.3.132.0.35", new Vector() { - { - add("nistp521"); - add("secp521r1"); - } - }); - ecOIDs.put("1.3.132.0.1", new Vector() { - { - add("sect163k1"); - add("nistk163"); - } - }); - ecOIDs.put("1.3.132.0.2", new Vector() { - { - add("sect163r1"); - } - }); - ecOIDs.put("1.3.132.0.15", new Vector() { - { - add("sect163r2"); - add("nistb163"); - } - }); - ecOIDs.put("1.3.132.0.24", new Vector() { - { - add("sect193r1"); - } - }); - ecOIDs.put("1.3.132.0.25", new Vector() { - { - add("sect193r2"); - } - }); - ecOIDs.put("1.3.132.0.26", new Vector() { - { - add("sect233k1"); - add("nistk233"); - } - }); - ecOIDs.put("1.3.132.0.27", new Vector() { - { - add("sect233r1"); - add("nistb233"); - } - }); - ecOIDs.put("1.3.132.0.3", new Vector() { - { - add("sect239k1"); - } - }); - ecOIDs.put("1.3.132.0.16", new Vector() { - { - add("sect283k1"); - add("nistk283"); - } - }); - ecOIDs.put("1.3.132.0.17", new Vector() { - { - add("sect283r1"); - add("nistb283"); - } - }); - ecOIDs.put("1.3.132.0.36", new Vector() { - { - add("sect409k1"); - add("nistk409"); - } - }); - ecOIDs.put("1.3.132.0.37", new Vector() { - { - add("sect409r1"); - add("nistb409"); - } - }); - ecOIDs.put("1.3.132.0.38", new Vector() { - { - add("sect571k1"); - add("nistk571"); - } - }); - ecOIDs.put("1.3.132.0.39", new Vector() { - { - add("sect571r1"); - add("nistb571"); - } - }); - ecOIDs.put("1.3.132.0.9", new Vector() { - { - add("secp160k1"); - } - }); - ecOIDs.put("1.3.132.0.8", new Vector() { - { - add("secp160r1"); - } - }); - ecOIDs.put("1.3.132.0.30", new Vector() { - { - add("secp160r2"); - } - }); - ecOIDs.put("1.3.132.0.31", new Vector() { - { - add("secp192k1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.1", new Vector() { - { - add("secp192r1"); - add("nistp192"); - add("prime192v1"); - } - }); - ecOIDs.put("1.3.132.0.32", new Vector() { - { - add("secp224k1"); - } - }); - ecOIDs.put("1.3.132.0.33", new Vector() { - { - add("secp224r1"); - add("nistp224"); - } - }); - ecOIDs.put("1.3.132.0.10", new Vector() { - { - add("secp256k1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.2", new Vector() { - { - add("prime192v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.3", new Vector() { - { - add("prime192v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.4", new Vector() { - { - add("prime239v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.5", new Vector() { - { - add("prime239v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.1.6", new Vector() { - { - add("prime239v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.1", new Vector() { - { - add("c2pnb163v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.2", new Vector() { - { - add("c2pnb163v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.3", new Vector() { - { - add("c2pnb163v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.4", new Vector() { - { - add("c2pnb176v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.5", new Vector() { - { - add("c2tnb191v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.6", new Vector() { - { - add("c2tnb191v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.7", new Vector() { - { - add("c2tnb191v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.10", new Vector() { - { - add("c2pnb208w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.11", new Vector() { - { - add("c2tnb239v1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.12", new Vector() { - { - add("c2tnb239v2"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.13", new Vector() { - { - add("c2tnb239v3"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.16", new Vector() { - { - add("c2pnb272w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.17", new Vector() { - { - add("c2pnb304w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.19", new Vector() { - { - add("c2pnb368w1"); - } - }); - ecOIDs.put("1.2.840.10045.3.0.20", new Vector() { - { - add("c2tnb431r1"); - } - }); - ecOIDs.put("1.3.132.0.6", new Vector() { - { - add("secp112r1"); - } - }); - ecOIDs.put("1.3.132.0.7", new Vector() { - { - add("secp112r2"); - } - }); - ecOIDs.put("1.3.132.0.28", new Vector() { - { - add("secp128r1"); - } - }); - ecOIDs.put("1.3.132.0.29", new Vector() { - { - add("secp128r2"); - } - }); - ecOIDs.put("1.3.132.0.4", new Vector() { - { - add("sect113r1"); - } - }); - ecOIDs.put("1.3.132.0.5", new Vector() { - { - add("sect113r2"); - } - }); - ecOIDs.put("1.3.132.0.22", new Vector() { - { - add("sect131r1"); - } - }); - ecOIDs.put("1.3.132.0.23", new Vector() { - { - add("sect131r2"); - } - }); + private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2", + "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283", + "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571", + "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1", + "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1", + "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3", + "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2", + "sect131r1","sect131r2" + }; + + private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>(); + static + { + ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}}); + ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}}); + ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}}); + ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}}); + ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}}); + ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}}); + ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}}); + ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}}); + ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}}); + ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}}); + ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}}); + ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}}); + ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}}); + ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}}); + ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}}); + ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}}); + ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}}); + ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}}); + ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}}); + ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}}); + ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}}); + ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}}); + ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}}); + ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}}); + ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}}); + ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}}); + ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}}); + ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}}); + ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}}); + ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}}); + ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}}); + ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}}); + ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}}); + ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}}); + ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}}); + ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}}); + ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}}); + ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}}); + ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}}); + ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}}); + ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}}); + ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}}); + ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}}); + ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}}); + ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}}); + ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}}); + ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}}); + ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}}); + ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}}); + ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}}); + ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}}); + ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}}); + ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}}); } private static String[] cfgECCurves = null; @@ -367,7 +136,7 @@ public class KeyConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); String ecNames = ""; @@ -379,30 +148,32 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("KeyConstraint.init ecNames: " + ecNames); if (ecNames != null && ecNames.length() != 0) { cfgECCurves = ecNames.split(","); - } + } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", + return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", + "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); - } else if (name.equals(CONFIG_KEY_PARAMETERS)) { - return new Descriptor(IDescriptor.STRING, null, "", - CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS")); + } else if (name.equals(CONFIG_KEY_PARAMETERS)) { + return new Descriptor(IDescriptor.STRING,null,"", + CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { try { - CertificateX509Key infokey = (CertificateX509Key) info - .get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); String alg = key.getAlgorithmId().getName().toUpperCase(); String value = getConfig(CONFIG_KEY_TYPE); @@ -410,25 +181,29 @@ public class KeyConstraint extends EnrollConstraint { if (!isOptional(value)) { if (!alg.equals(value)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", + value)); } } int keySize = 0; String ecCurve = ""; - if (alg.equals("RSA")) { + if (alg.equals("RSA")) { keySize = getRSAKeyLen(key); - } else if (alg.equals("DSA")) { + } else if (alg.equals("DSA")) { keySize = getDSAKeyLen(key); - } else if (alg.equals("EC")) { - // EC key case. + } else if (alg.equals("EC")) { + //EC key case. } else { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_KEY_TYPE", alg)); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_INVALID_KEY_TYPE", + alg)); } value = getConfig(CONFIG_KEY_PARAMETERS); @@ -437,26 +212,28 @@ public class KeyConstraint extends EnrollConstraint { if (alg.equals("EC")) { if (!alg.equals(keyType) && !isOptional(keyType)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } AlgorithmId algid = key.getAlgorithmId(); CMS.debug("algId: " + algid); - // Get raw string representation of alg parameters, will give - // us the curve OID. + //Get raw string representation of alg parameters, will give + //us the curve OID. - String params = null; + String params = null; if (algid != null) { params = algid.getParametersString(); } if (params.startsWith("OID.")) { params = params.substring(4); - } + } CMS.debug("EC key OID: " + params); Vector vect = ecOIDs.get(params); @@ -467,12 +244,10 @@ public class KeyConstraint extends EnrollConstraint { CMS.debug("vect: " + vect.toString()); if (!isOptional(keyType)) { - // Check the curve parameters only if explicit ECC or - // not optional - for (int i = 0; i < keyParams.length; i++) { - String ecParam = keyParams[i]; - CMS.debug("keyParams[i]: " + i + " param: " - + ecParam); + //Check the curve parameters only if explicit ECC or not optional + for (int i = 0 ; i < keyParams.length ; i ++) { + String ecParam = keyParams[i]; + CMS.debug("keyParams[i]: " + i + " param: " + ecParam); if (vect.contains(ecParam)) { curveFound = true; CMS.debug("KeyConstraint.validate: EC key constrainst passed."); @@ -485,17 +260,21 @@ public class KeyConstraint extends EnrollConstraint { } if (!curveFound) { - CMS.debug("KeyConstraint.validate: EC key constrainst failed."); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); + CMS.debug("KeyConstraint.validate: EC key constrainst failed."); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } - } else { - if (!arrayContainsString(keyParams, Integer.toString(keySize))) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value)); + } else { + if ( !arrayContainsString(keyParams,Integer.toString(keySize))) { + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", + value)); } CMS.debug("KeyConstraint.validate: RSA key contraints passed."); } @@ -504,8 +283,8 @@ public class KeyConstraint extends EnrollConstraint { throw (ERejectException) e; } CMS.debug("KeyConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_KEY_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_KEY_NOT_FOUND")); } } @@ -513,7 +292,8 @@ public class KeyConstraint extends EnrollConstraint { X509Key newkey = null; try { - newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); + newkey = new X509Key(AlgorithmId.get("RSA"), + key.getKey()); } catch (Exception e) { CMS.debug("KeyConstraint: getRSAKey Len " + e.toString()); return -1; @@ -535,11 +315,13 @@ public class KeyConstraint extends EnrollConstraint { } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_KEY_TYPE), - getConfig(CONFIG_KEY_PARAMETERS) }; + String params[] = { + getConfig(CONFIG_KEY_TYPE), + getConfig(CONFIG_KEY_PARAMETERS) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT", - params); + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { @@ -550,27 +332,28 @@ public class KeyConstraint extends EnrollConstraint { return false; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value); - // establish keyType, we don't know which order these params will arrive + //establish keyType, we don't know which order these params will arrive if (name.equals(CONFIG_KEY_TYPE)) { keyType = value; - if (keyParams.equals("")) - return; + if(keyParams.equals("")) + return; } - - // establish keyParams + + //establish keyParams if (name.equals(CONFIG_KEY_PARAMETERS)) { CMS.debug("establish keyParams: " + value); keyParams = value; - if (keyType.equals("")) + if(keyType.equals("")) return; } - // All the params we need for validation have been collected, + // All the params we need for validation have been collected, // we don't know which order they will show up - if (keyType.length() > 0 && keyParams.length() > 0) { + if (keyType.length() > 0 && keyParams.length() > 0) { String[] params = keyParams.split(","); boolean isECCurve = false; int keySize = 0; @@ -578,50 +361,48 @@ public class KeyConstraint extends EnrollConstraint { for (int i = 0; i < params.length; i++) { if (keyType.equals("EC")) { if (cfgECCurves == null) { - // Use the static array as a backup if the config values - // are not present. - isECCurve = arrayContainsString(ecCurves, params[i]); + //Use the static array as a backup if the config values are not present. + isECCurve = arrayContainsString(ecCurves,params[i]); } else { - isECCurve = arrayContainsString(cfgECCurves, params[i]); + isECCurve = arrayContainsString(cfgECCurves,params[i]); } - if (isECCurve == false) { // Not a valid EC curve throw - // exception. + if (isECCurve == false) { //Not a valid EC curve throw exception. keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } - } else { + } else { try { keySize = Integer.parseInt(params[i]); } catch (Exception e) { keySize = 0; } - if (keySize <= 0) { + if (keySize <= 0) { keyType = ""; keyParams = ""; throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } } - } - // Actually set the configuration in the profile - super.setConfig(CONFIG_KEY_TYPE, keyType); - super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); + } + //Actually set the configuration in the profile + super.setConfig(CONFIG_KEY_TYPE, keyType); + super.setConfig(CONFIG_KEY_PARAMETERS, keyParams); - // Reset the vars for next round. - keyType = ""; - keyParams = ""; + //Reset the vars for next round. + keyType = ""; + keyParams = ""; } private boolean arrayContainsString(String[] array, String value) { if (array == null || value == null) { - return false; - } + return false; + } - for (int i = 0; i < array.length; i++) { + for (int i = 0 ; i < array.length; i++) { if (array[i].equals(value)) { return true; } @@ -630,3 +411,4 @@ public class KeyConstraint extends EnrollConstraint { return false; } } + diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java index 41622281..4a483b43 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Locale; import netscape.security.x509.KeyUsageExtension; @@ -36,19 +37,25 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; + /** - * This class implements the key usage extension constraint. It checks if the - * key usage constraint in the certificate template satisfies the criteria. - * + * This class implements the key usage extension constraint. + * It checks if the key usage constraint in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class KeyUsageExtConstraint extends EnrollConstraint { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -70,41 +77,51 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } return null; @@ -117,17 +134,20 @@ public class KeyUsageExtConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - KeyUsageExtension ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + throws ERejectException { + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - PKIXExtensions.KeyUsage_Id.toString())); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + PKIXExtensions.KeyUsage_Id.toString())); } boolean[] bits = ext.getBits(); @@ -136,9 +156,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_DIGITAL_SIGNATURE); @@ -146,105 +167,117 @@ public class KeyUsageExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != isSet(bits, 0)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_NON_REPUDIATION); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 1)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 2)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DATA_ENCIPHERMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 3)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_AGREEMENT); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 4)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_KEY_CERTSIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 5)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_CRL_SIGN); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 6)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", - value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRL_SIGN_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_ENCIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 7)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", + value)); + } } value = getConfig(CONFIG_DECIPHER_ONLY); if (!isOptional(value)) { boolean bit = getBoolean(value); if (bit != isSet(bits, 8)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", value)); - } + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", + value)); + } } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), + String params[] = { + getConfig(CONFIG_CRITICAL), getConfig(CONFIG_DIGITAL_SIGNATURE), getConfig(CONFIG_NON_REPUDIATION), getConfig(CONFIG_KEY_ENCIPHERMENT), getConfig(CONFIG_DATA_ENCIPHERMENT), getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) }; + getConfig(CONFIG_DECIPHER_ONLY) + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java index bd288547..fe20b766 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Locale; import netscape.security.extensions.NSCertTypeExtension; @@ -35,11 +36,12 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault; import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserExtensionDefault; + /** - * This class implements the Netscape certificate type extension constraint. It - * checks if the Netscape certificate type extension in the certificate template - * satisfies the criteria. - * + * This class implements the Netscape certificate type extension constraint. + * It checks if the Netscape certificate type extension in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtConstraint extends EnrollConstraint { @@ -66,51 +68,63 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-", - CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", + CMS.getUserMessage(locale, + "CMS_PROFILE_OBJECT_SIGNING_CA")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - NSCertTypeExtension ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + throws ERejectException { + NSCertTypeExtension ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_EXTENSION_NOT_FOUND", - NSCertTypeExtension.CertType_Id.toString())); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + NSCertTypeExtension.CertType_Id.toString())); } String value = getConfig(CONFIG_CRITICAL); @@ -118,9 +132,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { if (!isOptional(value)) { boolean critical = getBoolean(value); - if (critical != ext.isCritical()) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); } } value = getConfig(CONFIG_SSL_CLIENT); @@ -128,9 +143,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(0)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_SERVER); @@ -138,9 +154,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(1)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL); @@ -148,9 +165,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(2)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_EMAIL_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING); @@ -158,9 +176,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(3)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_SSL_CA); @@ -168,9 +187,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(4)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_SSL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SSL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_EMAIL_CA); @@ -178,9 +198,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(5)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", - value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_EMAIL_CA_NOT_MATCHED", + value)); } } value = getConfig(CONFIG_OBJECT_SIGNING_CA); @@ -188,21 +209,27 @@ public class NSCertTypeExtConstraint extends EnrollConstraint { boolean bit = getBoolean(value); if (bit != ext.isSet(6)) { - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", value)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", + value)); } } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) }; - - return CMS.getUserMessage(locale, + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), + getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), + getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), + getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_OBJECT_SIGNING_CA) + }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java index 47de8e3f..108c32b1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -33,16 +34,17 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * This class implements no constraint. - * + * * @version $Revision$, $Date$ */ public class NoConstraint implements IPolicyConstraint { public static final String CONFIG_NAME = "name"; - private IConfigStore mConfig = null; + private IConfigStore mConfig = null; private Vector mNames = new Vector(); public Enumeration getConfigNames() { @@ -53,7 +55,8 @@ public class NoConstraint implements IPolicyConstraint { return null; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { } public String getConfig(String name) { @@ -65,7 +68,7 @@ public class NoConstraint implements IPolicyConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -74,13 +77,15 @@ public class NoConstraint implements IPolicyConstraint { } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ - public void validate(IRequest request) throws ERejectException { + public void validate(IRequest request) + throws ERejectException { } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT"); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java index d09fd779..91d5a46a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.math.BigInteger; import java.util.Date; import java.util.Locale; @@ -35,16 +36,17 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; + /** - * This class supports renewal grace period, which has two parameters: - * graceBefore and graceAfter - * + * This class supports renewal grace period, which has two + * parameters: graceBefore and graceAfter + * * @author Christina Fu * @version $Revision$, $Date$ */ public class RenewGracePeriodConstraint extends EnrollConstraint { - // for renewal: # of days before the orig cert expiration date + // for renewal: # of days before the orig cert expiration date public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore"; // for renewal: # of days after the orig cert expiration date public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter"; @@ -56,30 +58,27 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) throws EPropertyException { - if (name.equals(CONFIG_RENEW_GRACE_BEFORE) - || name.equals(CONFIG_RENEW_GRACE_AFTER)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + public void setConfig(String name, String value) + throws EPropertyException { + if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) || + name.equals(CONFIG_RENEW_GRACE_AFTER)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE - + " or " + CONFIG_RENEW_GRACE_AFTER)); - } + "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RENEW_GRACE_BEFORE)) { - return new Descriptor( - IDescriptor.INTEGER, - null, - "30", + return new Descriptor(IDescriptor.INTEGER, null, "30", CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_BEFORE")); } else if (name.equals(CONFIG_RENEW_GRACE_AFTER)) { return new Descriptor(IDescriptor.INTEGER, null, "30", @@ -89,82 +88,75 @@ public class RenewGracePeriodConstraint extends EnrollConstraint { } public void validate(IRequest req, X509CertInfo info) - throws ERejectException { - String origExpDate_s = req.getExtDataInString("origNotAfter"); - // probably not for renewal - if (origExpDate_s == null) { - return; - } else { - CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); - } - CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); - BigInteger origExpDate_BI = new BigInteger(origExpDate_s); - Date origExpDate = new Date(origExpDate_BI.longValue()); - String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - int renew_grace_before = 0; - int renew_grace_after = 0; - BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); - BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s); - - // -1 means no limit - if (renew_grace_before_s == "") - renew_grace_before = -1; - else - renew_grace_before = Integer.parseInt(renew_grace_before_s); - - if (renew_grace_after_s == "") - renew_grace_after = -1; - else - renew_grace_after = Integer.parseInt(renew_grace_after_s); - - if (renew_grace_before > 0) - renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger - .valueOf(1000 * 86400)); - if (renew_grace_after > 0) - renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger - .valueOf(1000 * 86400)); - - Date current = CMS.getCurrentDate(); - long millisDiff = origExpDate.getTime() - current.getTime(); - CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff - + " origExpDate=" + origExpDate.getTime() + " current=" - + current.getTime()); - - /* - * "days", if positive, has to be less than renew_grace_before "days", - * if negative, means already past expiration date, (abs value) has to - * be less than renew_grace_after if renew_grace_before or - * renew_grace_after are negative the one with negative value is ignored - */ - if (millisDiff >= 0) { - if ((renew_grace_before > 0) - && (millisDiff > renew_grace_before_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before + " days before and " - + renew_grace_after - + " days after original cert expiration date")); - } - } else { - if ((renew_grace_after > 0) - && ((0 - millisDiff) > renew_grace_after_BI.longValue())) { - throw new ERejectException(CMS.getUserMessage(getLocale(req), - "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", - renew_grace_before + " days before and " - + renew_grace_after - + " days after original cert expiration date")); - } - } + throws ERejectException { + String origExpDate_s = req.getExtDataInString("origNotAfter"); + // probably not for renewal + if (origExpDate_s == null) { + return; + } else { + CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing"); + } + CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins"); + BigInteger origExpDate_BI = new BigInteger(origExpDate_s); + Date origExpDate = new Date(origExpDate_BI.longValue()); + String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); + String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); + int renew_grace_before = 0; + int renew_grace_after = 0; + BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s); + BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s); + + // -1 means no limit + if (renew_grace_before_s == "") + renew_grace_before = -1; + else + renew_grace_before = Integer.parseInt(renew_grace_before_s); + + if (renew_grace_after_s == "") + renew_grace_after = -1; + else + renew_grace_after = Integer.parseInt(renew_grace_after_s); + + if (renew_grace_before > 0) + renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400)); + if (renew_grace_after > 0) + renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400)); + + Date current = CMS.getCurrentDate(); + long millisDiff = origExpDate.getTime() - current.getTime(); + CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime()); + + /* + * "days", if positive, has to be less than renew_grace_before + * "days", if negative, means already past expiration date, + * (abs value) has to be less than renew_grace_after + * if renew_grace_before or renew_grace_after are negative + * the one with negative value is ignored + */ + if (millisDiff >= 0) { + if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before+" days before and "+ + renew_grace_after+" days after original cert expiration date")); + } + } else { + if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) { + throw new ERejectException(CMS.getUserMessage(getLocale(req), + "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", + renew_grace_before+" days before and "+ + renew_grace_after+" days after original cert expiration date")); + } + } } + public String getText(Locale locale) { String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE); - String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER); - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", renew_grace_before_s - + " days before and " + renew_grace_after_s - + " days after original cert expiration date"); + String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", + renew_grace_before_s+" days before and "+ + renew_grace_after_s+" days after original cert expiration date"); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java index 40a34c0b..f570c26e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Locale; import java.util.StringTokenizer; import java.util.Vector; @@ -39,10 +40,12 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SigningAlgDefault; import com.netscape.cms.profile.def.UserSigningAlgDefault; + /** - * This class implements the signing algorithm constraint. It checks if the - * signing algorithm in the certificate template satisfies the criteria. - * + * This class implements the signing algorithm constraint. + * It checks if the signing algorithm in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SigningAlgConstraint extends EnrollConstraint { @@ -66,27 +69,29 @@ public class SigningAlgConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null"); } else { - CMS.debug("SigningAlgConstraint: setConfig name=" + name - + " value=" + value); - - if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { - StringTokenizer st = new StringTokenizer(value, ","); - while (st.hasMoreTokens()) { - String v = st.nextToken(); - if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_PROPERTY_ERROR", v)); - } - } + CMS.debug("SigningAlgConstraint: setConfig name=" + name + + " value=" + value); + + if(name.equals(CONFIG_ALGORITHMS_ALLOWED)) + { + StringTokenizer st = new StringTokenizer(value, ","); + while (st.hasMoreTokens()) { + String v = st.nextToken(); + if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) { + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v)); + } + } } mConfig.getSubStore("params").putString(name, value); } @@ -95,24 +100,25 @@ public class SigningAlgConstraint extends EnrollConstraint { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) { return new Descriptor(IDescriptor.STRING, null, - DEF_CONFIG_ALGORITHMS, CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); + DEF_CONFIG_ALGORITHMS, + CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateAlgorithmId algId = null; try { - algId = (CertificateAlgorithmId) info - .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) algId - .get(CertificateAlgorithmId.ALGORITHM); + algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) + algId.get(CertificateAlgorithmId.ALGORITHM); Vector mCache = new Vector(); StringTokenizer st = new StringTokenizer( @@ -126,25 +132,22 @@ public class SigningAlgConstraint extends EnrollConstraint { if (!mCache.contains(id.toString())) { throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", - id.toString())); + getLocale(request), + "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString())); } } catch (Exception e) { if (e instanceof ERejectException) { throw (ERejectException) e; } CMS.debug("SigningAlgConstraint: " + e.toString()); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND")); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", - getConfig(CONFIG_ALGORITHMS_ALLOWED)); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", getConfig(CONFIG_ALGORITHMS_ALLOWED)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java index 547ce433..7ce32f00 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.io.IOException; import java.util.Locale; @@ -37,10 +38,12 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; + /** - * This class implements the subject name constraint. It checks if the subject - * name in the certificate template satisfies the criteria. - * + * This class implements the subject name constraint. + * It checks if the subject name in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class SubjectNameConstraint extends EnrollConstraint { @@ -53,15 +56,15 @@ public class SubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_NAME_PATTERN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_PATTERN)) { + return new Descriptor(IDescriptor.STRING, + null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN")); } else { return null; } @@ -72,48 +75,54 @@ public class SubjectNameConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("SubjectNameConstraint: validate start"); CertificateSubjectName sn = null; try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("SubjectNameConstraint: validate cert subject =" - + sn.toString()); + CMS.debug("SubjectNameConstraint: validate cert subject ="+ + sn.toString()); } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name sn500 = null; try { sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME); } catch (IOException e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } if (sn500 == null) { CMS.debug("SubjectNameConstraint: validate() - sn500 is null"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } else { - CMS.debug("SubjectNameConstraint: validate() - sn500 " - + CertificateSubjectName.DN_NAME + " = " + sn500.toString()); + CMS.debug("SubjectNameConstraint: validate() - sn500 "+ + CertificateSubjectName.DN_NAME + " = "+ + sn500.toString()); } if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) { - CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " - + getConfig(CONFIG_PATTERN)); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", sn500.toString())); + CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", + sn500.toString())); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", getConfig(CONFIG_PATTERN)); } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java index f02a5c7c..b47e2230 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.util.Enumeration; import java.util.Locale; @@ -42,52 +43,57 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.def.NoDefault; /** - * This constraint is to check for publickey uniqueness. The config param - * "allowSameKeyRenewal" enables the situation where if the publickey is not - * unique, and if the subject DN is the same, that is a "renewal". - * - * Another "feature" that is quoted out of this code is the "revokeDupKeyCert" - * option, which enables the revocation of certs that bear the same publickey as - * the enrolling request. Since this can potentially be abused, it is taken out - * and preserved in comments to allow future refinement. - * + * This constraint is to check for publickey uniqueness. + * The config param "allowSameKeyRenewal" enables the + * situation where if the publickey is not unique, and if + * the subject DN is the same, that is a "renewal". + * + * Another "feature" that is quoted out of this code is the + * "revokeDupKeyCert" option, which enables the revocation + * of certs that bear the same publickey as the enrolling + * request. Since this can potentially be abused, it is taken + * out and preserved in comments to allow future refinement. + * * @version $Revision$, $Date$ */ public class UniqueKeyConstraint extends EnrollConstraint { - /* - * public static final String CONFIG_REVOKE_DUPKEY_CERT = - * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false; - */ - public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = "allowSameKeyRenewal"; - boolean mAllowSameKeyRenewal = false; + /* + public static final String CONFIG_REVOKE_DUPKEY_CERT = + "revokeDupKeyCert"; + boolean mRevokeDupKeyCert = false; + */ + public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = + "allowSameKeyRenewal"; + boolean mAllowSameKeyRenewal = false; public ICertificateAuthority mCA = null; - public UniqueKeyConstraint() { - super(); - /* - * addConfigName(CONFIG_REVOKE_DUPKEY_CERT); - */ - addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); - } + public UniqueKeyConstraint() { + super(); + /* + addConfigName(CONFIG_REVOKE_DUPKEY_CERT); + */ + addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL); + } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { super.init(profile, config); - mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + mCA = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - /* - * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new - * Descriptor(IDescriptor.BOOLEAN, null, "false", - * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); - * } - */ - if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); - } + public IDescriptor getConfigDescriptor(Locale locale, String name) + { + /* + if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT")); + } + */ + if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL")); + } return null; } @@ -96,156 +102,173 @@ public class UniqueKeyConstraint extends EnrollConstraint { } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { - boolean rejected = false; - int size = 0; - ICertRecordList list; + throws ERejectException { + boolean rejected = false; + int size = 0; + ICertRecordList list; - /* - * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); - */ - mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); + /* + mRevokeDupKeyCert = + getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT); + */ + mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL); try { - CertificateX509Key infokey = (CertificateX509Key) info - .get(X509CertInfo.KEY); - X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); - - // check for key uniqueness - byte pub[] = key.getEncoded(); - String pub_s = escapeBinaryData(pub); - String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA - + "=" + pub_s + ")"; - list = (ICertRecordList) mCA.getCertificateRepository() - .findCertRecordsInList(filter, null, 10); - size = list.getSize(); + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); + X509Key key = (X509Key) + infokey.get(CertificateX509Key.KEY); + + // check for key uniqueness + byte pub[] = key.getEncoded(); + String pub_s = escapeBinaryData(pub); + String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")"; + list = + (ICertRecordList) + mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10); + size = list.getSize(); } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INTERNAL_ERROR", e.toString())); - } + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_INTERNAL_ERROR",e.toString())); + } - /* - * It does not matter if the corresponding cert's status is valid or - * not, we don't want a key that was once generated before - */ - if (size > 0) { - CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); - - /* - * The following code revokes the existing certs that have the same - * public key as the one submitted for enrollment request. However, - * it is not a good idea due to possible abuse. It is therefore - * commented out. It is still however still maintained for possible - * utilization at later time - * - * // if configured to revoke duplicated key // revoke cert if - * (mRevokeDupKeyCert) { try { Enumeration e = - * list.getCertRecords(0, size-1); while (e != null && - * e.hasMoreElements()) { ICertRecord rec = (ICertRecord) - * e.nextElement(); X509CertImpl cert = rec.getCertificate(); - * - * // revoke the cert BigInteger serialNum = cert.getSerialNumber(); - * ICAService service = (ICAService) mCA.getCAService(); - * - * RevokedCertImpl crlEntry = formCRLEntry(serialNum, - * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry); - * CMS.debug( - * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully" - * ); } } catch (Exception ex) { - * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); } - * } // revoke dupkey cert turned on - */ - - if (mAllowSameKeyRenewal == true) { - X500Name sjname_in_db = null; - X500Name sjname_in_req = null; - - try { - // get subject of request - CertificateSubjectName subName = (CertificateSubjectName) info - .get(X509CertInfo.SUBJECT); - - if (subName != null) { - - sjname_in_req = (X500Name) subName - .get(CertificateSubjectName.DN_NAME); - CMS.debug("UniqueKeyConstraint: cert request subject DN =" - + sjname_in_req.toString()); - Enumeration e = list.getCertRecords(0, size - 1); - while (e != null && e.hasMoreElements()) { - ICertRecord rec = (ICertRecord) e.nextElement(); - X509CertImpl cert = rec.getCertificate(); - String certDN = cert.getSubjectDN().toString(); - CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" - + certDN); - - sjname_in_db = new X500Name(certDN); - - if (sjname_in_db.equals(sjname_in_req) == false) { - rejected = true; - break; - } else { - rejected = false; - } - } // while - } else { // subName is null - rejected = true; - } - } catch (Exception ex1) { - CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " - + ex1.toString()); - rejected = true; - } // try - - } else { - rejected = true; - }// allowSameKeyRenewal - } // (size > 0) - - if (rejected == true) { - CMS.debug("UniqueKeyConstraint: rejected"); - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_DUPLICATE_KEY")); - } else { - CMS.debug("UniqueKeyConstraint: approved"); - } + /* + * It does not matter if the corresponding cert's status + * is valid or not, we don't want a key that was once + * generated before + */ + if (size > 0) { + CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key."); + + /* + The following code revokes the existing certs that have + the same public key as the one submitted for enrollment + request. However, it is not a good idea due to possible + abuse. It is therefore commented out. It is still + however still maintained for possible utilization at later + time + + // if configured to revoke duplicated key + // revoke cert + if (mRevokeDupKeyCert) { + try { + Enumeration e = list.getCertRecords(0, size-1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + + // revoke the cert + BigInteger serialNum = cert.getSerialNumber(); + ICAService service = (ICAService) mCA.getCAService(); + + RevokedCertImpl crlEntry = + formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE); + service.revokeCert(crlEntry); + CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"); + } + } catch (Exception ex) { + CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); + } + } // revoke dupkey cert turned on + */ + + if (mAllowSameKeyRenewal == true) { + X500Name sjname_in_db = null; + X500Name sjname_in_req = null; + + try { + // get subject of request + CertificateSubjectName subName = + (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + + if (subName != null) { + + sjname_in_req = + (X500Name) subName.get(CertificateSubjectName.DN_NAME); + CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString()); + Enumeration e = list.getCertRecords(0, size-1); + while (e != null && e.hasMoreElements()) { + ICertRecord rec = (ICertRecord) e.nextElement(); + X509CertImpl cert = rec.getCertificate(); + String certDN = + cert.getSubjectDN().toString(); + CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN); + + sjname_in_db = new X500Name(certDN); + + if (sjname_in_db.equals(sjname_in_req) == false) { + rejected = true; + break; + } else { + rejected = false; + } + } // while + } else { //subName is null + rejected = true; + } + } catch (Exception ex1) { + CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString()); + rejected = true; + } // try + + } else { + rejected = true; + }// allowSameKeyRenewal + } // (size > 0) + + if (rejected == true) { + CMS.debug("UniqueKeyConstraint: rejected"); + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_DUPLICATE_KEY")); + } else { + CMS.debug("UniqueKeyConstraint: approved"); + } } - /** + /** * make a CRL entry from a serial number and revocation reason. - * * @return a RevokedCertImpl that can be entered in a CRL. - * - * protected RevokedCertImpl formCRLEntry( BigInteger serialNo, - * RevocationReason reason) throws EBaseException { - * CRLReasonExtension reasonExt = new CRLReasonExtension(reason); - * CRLExtensions crlentryexts = new CRLExtensions(); - * - * try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } - * catch (IOException e) { - * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); - * - * // throw new ECMSGWException( // - * CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); - * - * } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, - * CMS.getCurrentDate(), crlentryexts); - * - * return crlentry; } - */ + + protected RevokedCertImpl formCRLEntry( + BigInteger serialNo, RevocationReason reason) + throws EBaseException { + CRLReasonExtension reasonExt = new CRLReasonExtension(reason); + CRLExtensions crlentryexts = new CRLExtensions(); + + try { + crlentryexts.set(CRLReasonExtension.NAME, reasonExt); + } catch (IOException e) { + CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); + + // throw new ECMSGWException( + // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); + + } + RevokedCertImpl crlentry = + new RevokedCertImpl(serialNo, CMS.getCurrentDate(), + crlentryexts); + + return crlentry; + } + */ public String getText(Locale locale) { String params[] = { - /* - * getConfig(CONFIG_REVOKE_DUPKEY_CERT), - */ - }; +/* + getConfig(CONFIG_REVOKE_DUPKEY_CERT), +*/ + }; - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params); } @@ -262,12 +285,12 @@ public class UniqueKeyConstraint extends EnrollConstraint { } public boolean isApplicable(IPolicyDefault def) { - if (def instanceof NoDefault) - return true; + if (def instanceof NoDefault) + return true; if (def instanceof UniqueKeyConstraint) return true; - return false; + return false; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 2d5db341..89b8d460 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -51,15 +51,17 @@ import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; /** - * This class implements the unique subject name constraint. It checks if the - * subject name in the certificate is unique in the internal database, ie, no - * two certificates have the same subject name. - * + * This class implements the unique subject name constraint. + * It checks if the subject name in the certificate is + * unique in the internal database, ie, no two certificates + * have the same subject name. + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { - public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = "enableKeyUsageExtensionChecking"; + public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = + "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -67,15 +69,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, - "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -84,19 +85,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate is the same as the - * one in the certificate template. - */ - private boolean sameKeyUsageExtension(ICertRecord rec, X509CertInfo certInfo) { + /** + * Checks if the key extension in the issued certificate + * is the same as the one in the certificate template. + */ + private boolean sameKeyUsageExtension(ICertRecord rec, + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -107,10 +109,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } else { try { - ext = (KeyUsageExtension) extensions - .get(KeyUsageExtension.NAME); + ext = (KeyUsageExtension) extensions.get( + KeyUsageExtension.NAME); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -133,44 +135,48 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } + /** - * Validates the request. The request is not modified during the validation. - * - * Rules are as follows: If the subject name is not unique, then the request - * will be rejected unless: 1. the certificate is expired or expired_revoked + * Validates the request. The request is not modified + * during the validation. + * + * Rules are as follows: + * If the subject name is not unique, then the request will be rejected unless: + * 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" - * 3. the keyUsageExtension bits are different and - * enableKeyUsageExtensionChecking=true (default) + * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority) authority; + ICertificateAuthority ca = (ICertificateAuthority)authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) - throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -178,8 +184,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: " - + e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement(); @@ -189,8 +194,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { RevocationReason reason = null; if (revocationInfo != null) { - CRLExtensions crlExts = revocationInfo - .getCRLEntryExtensions(); + CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions(); if (crlExts != null) { Enumeration enumx = crlExts.getElements(); @@ -205,33 +209,35 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } } - if (status.equals(ICertRecord.STATUS_EXPIRED) - || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null - && (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && + (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } - if (mKeyUsageExtensionChecking - && !sameKeyUsageExtension(rec, info)) { + if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) { continue; } - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", certsubjectname)); + throw new ERejectException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", + certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); + String params[] = { + getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) + }; + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", + params); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java index 33b1cb0d..95c32221 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.constraint; + import java.io.IOException; import java.util.Date; import java.util.Locale; @@ -39,10 +40,12 @@ import com.netscape.cms.profile.def.NoDefault; import com.netscape.cms.profile.def.UserValidityDefault; import com.netscape.cms.profile.def.ValidityDefault; + /** - * This class implements the validity constraint. It checks if the validity in - * the certificate template satisfies the criteria. - * + * This class implements the validity constraint. + * It checks if the validity in the certificate + * template satisfies the criteria. + * * @version $Revision$, $Date$ */ public class ValidityConstraint extends EnrollConstraint { @@ -65,19 +68,20 @@ public class ValidityConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) throws EPropertyException { - if (name.equals(CONFIG_RANGE) - || name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + public void setConfig(String name, String value) + throws EPropertyException { + if (name.equals(CONFIG_RANGE) || + name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", name)); - } + "CMS_INVALID_PROPERTY", name)); + } } super.setConfig(name, value); } @@ -88,32 +92,30 @@ public class ValidityConstraint extends EnrollConstraint { CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD")); + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD")); } else if (name.equals(CONFIG_CHECK_NOT_BEFORE)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE")); + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE")); } else if (name.equals(CONFIG_CHECK_NOT_AFTER)) { return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER")); + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER")); } return null; } /** - * Validates the request. The request is not modified during the validation. + * Validates the request. The request is not modified + * during the validation. */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CertificateValidity v = null; try { v = (CertificateValidity) info.get(X509CertInfo.VALIDITY); } catch (Exception e) { throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notBefore = null; @@ -122,7 +124,7 @@ public class ValidityConstraint extends EnrollConstraint { } catch (IOException e) { CMS.debug("ValidityConstraint: not before not found"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } Date notAfter = null; @@ -131,36 +133,33 @@ public class ValidityConstraint extends EnrollConstraint { } catch (IOException e) { CMS.debug("ValidityConstraint: not after not found"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_NOT_FOUND")); + "CMS_PROFILE_VALIDITY_NOT_FOUND")); } if (notAfter.getTime() < notBefore.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter - + ") < notBefore (" + notBefore + ")"); + CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < notBefore (" + notBefore + ")"); throw new ERejectException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE")); + "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE")); } long millisDiff = notAfter.getTime() - notBefore.getTime(); - CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" - + notAfter.getTime() + " notBefore=" + notBefore.getTime()); - long long_days = (millisDiff / 1000) / 86400; - CMS.debug("ValidityConstraint: long_days: " + long_days); - int days = (int) long_days; - CMS.debug("ValidityConstraint: days: " + days); + CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime()); + long long_days = (millisDiff / 1000 ) / 86400; + CMS.debug("ValidityConstraint: long_days: "+long_days); + int days = (int)long_days; + CMS.debug("ValidityConstraint: days: "+days); if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", - Integer.toString(days))); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", + Integer.toString(days))); } - // 613828 - // The validity field shall specify a notBefore value - // that does not precede the current time and a notAfter - // value that does not precede the value specified in - // notBefore (test can be automated; try entering violating + // 613828 + // The validity field shall specify a notBefore value + // that does not precede the current time and a notAfter + // value that does not precede the value specified in + // notBefore (test can be automated; try entering violating // time values and check result). String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE); boolean notBeforeCheck; @@ -168,7 +167,7 @@ public class ValidityConstraint extends EnrollConstraint { if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) { notBeforeCheckStr = "false"; } - notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); + notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER); boolean notAfterCheck; @@ -176,43 +175,34 @@ public class ValidityConstraint extends EnrollConstraint { if (notAfterCheckStr == null || notAfterCheckStr.equals("")) { notAfterCheckStr = "false"; } - notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); + notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD); - if (notBeforeGracePeriodStr == null - || notBeforeGracePeriodStr.equals("")) { + if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) { notBeforeGracePeriodStr = "0"; } - long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) - * SECS_IN_MS; + long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) * SECS_IN_MS; Date current = CMS.getCurrentDate(); if (notBeforeCheck) { if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) { - CMS.debug("ValidityConstraint: notBefore (" + notBefore - + ") > current + " + "gracePeriod (" - + new Date(current.getTime() + notBeforeGracePeriod) - + ")"); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); + CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+ + "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")"); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT")); } } if (notAfterCheck) { if (notAfter.getTime() < current.getTime()) { - CMS.debug("ValidityConstraint: notAfter (" + notAfter - + ") < current + (" + current + ")"); - throw new ERejectException(CMS.getUserMessage( - getLocale(request), - "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT")); + CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < current + (" + current + ")"); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT")); } } } public String getText(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", - getConfig(CONFIG_RANGE)); + return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", getConfig(CONFIG_RANGE)); } public boolean isApplicable(IPolicyDefault def) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java index 5f248197..6f73cd52 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,10 +40,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Authuority - * Info Access extension. - * + * This class implements an enrollment default policy + * that populates Authuority Info Access extension. + * * @version $Revision$, $Date$ */ public class AuthInfoAccessExtDefault extends EnrollExtDefault { @@ -87,29 +89,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } - - } catch (Exception e) { + if (num >= MAX_NUM_AD || num < 0) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); + "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); } - } + + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); + } + } super.setConfig(name, value); } @@ -119,7 +122,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } protected void refreshConfigAndValueNames() { - // refesh our config name list + //refesh our config name list super.refreshConfigAndValueNames(); mConfigNames.removeAllElements(); @@ -139,79 +142,89 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor( - IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", CMS.getUserMessage(locale, - "CMS_PROFILE_AD_LOCATIONTYPE")); + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "URIName", + CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", + return new Descriptor(IDescriptor.INTEGER, null, + "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); - } + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } + AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) + { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { return; } boolean critical = ext.isCritical(); @@ -247,76 +260,73 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { GeneralName gn = null; if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType - + ":" + location); + GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) - throw new EPropertyException( - CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", - locationType)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier( - method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("AuthInfoAccessExtDefault: " - + ee.toString()); - throw new EPropertyException( - CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_AIA_OID", - method)); + CMS.debug("AuthInfoAccessExtDefault: "+ee.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_DEF_AIA_OID", method)); } } } } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); } catch (IOException e) { CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { AuthInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } AuthInfoAccessExtension a = new AuthInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); if (ext == null) { return null; @@ -326,19 +336,20 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info); + ext = (AuthInfoAccessExtension) + getExtension(oid.toString(), info); if (ext == null) return ""; int num = getNumAds(); - + CMS.debug("AuthInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -352,7 +363,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -364,8 +375,8 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -391,7 +402,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -399,14 +410,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public AuthInfoAccessExtension createExtension() { - AuthInfoAccessExtension ext = null; + AuthInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -428,24 +439,22 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - // location = - // "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; - location = "http://" + hostname + ":" + port - + "/ca/ocsp"; + // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp"; + location = "http://"+hostname+":"+port+"/ca/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("AuthInfoAccessExtDefault: createExtension " - + e.toString()); + CMS.debug("AuthInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java index f95b9d23..a308e2eb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -34,10 +35,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates subject - * name based on the attribute values in the authentication token (AuthToken) - * object. + * This class implements an enrollment default policy that + * populates subject name based on the attribute values + * in the authentication token (AuthToken) object. * * @version $Revision$, $Date$ */ @@ -51,7 +53,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -64,66 +66,67 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { CMS.debug("AuthTokenSubjectNameDefault: begins"); if (name == null) { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; try { x500name = new X500Name(value); - CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" - + x500name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString()); } catch (IOException e) { - CMS.debug("AuthTokenSubjectNameDefault: setValue " - + e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); // failed to build x500 name } - CMS.debug("AuthTokenSubjectNameDefault: setValue name=" - + x500name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("AuthTokenSubjectNameDefault: setValue " - + e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: setValue " + + e.toString()); } } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("AuthTokenSubjectNameDefault: getValue " - + e.toString()); + CMS.debug("AuthTokenSubjectNameDefault: getValue " + + e.toString()); } throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME"); } @@ -131,7 +134,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo @@ -139,14 +142,13 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault { X500Name name = new X500Name( request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME)); - CMS.debug("AuthTokenSubjectNameDefault: X500Name=" - + name.toString()); + CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString()); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("AuthTokenSubjectNameDefault: " + e.toString()); throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java index 3115ba19..869deed2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -34,10 +35,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Authority - * Key Identifier extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates Authority Key Identifier extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { @@ -53,62 +56,69 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, + "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, CMS.getUserMessage(locale, + "CMS_PROFILE_KEY_ID")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { // do nothing for read only value } else if (name.equals(VAL_KEY_ID)) { // do nothing for read only value } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension( - PKIXExtensions.AuthorityKey_Id.toString(), info); - if (ext == null) { + AuthorityKeyIdentifierExtension ext = + (AuthorityKeyIdentifierExtension) getExtension( + PKIXExtensions.AuthorityKey_Id.toString(), info); + + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (AuthorityKeyIdentifierExtension) getExtension( + ext = + (AuthorityKeyIdentifierExtension) getExtension( PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { @@ -120,7 +130,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = (AuthorityKeyIdentifierExtension) getExtension( + ext = + (AuthorityKeyIdentifierExtension) getExtension( PKIXExtensions.AuthorityKey_Id.toString(), info); if (ext == null) { @@ -130,18 +141,18 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; try { - kid = (KeyIdentifier) ext - .get(AuthorityKeyIdentifierExtension.KEY_ID); + kid = (KeyIdentifier) + ext.get(AuthorityKeyIdentifierExtension.KEY_ID); } catch (IOException e) { // CMS.debug(e.toString()); } - if (kid == null) + if (kid == null) return ""; return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -153,7 +164,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { AuthorityKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info); @@ -163,9 +174,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { KeyIdentifier kid = null; String localKey = getConfig("localKey"); if (localKey != null && localKey.equals("true")) { - kid = getKeyIdentifier(info); + kid = getKeyIdentifier(info); } else { - kid = getCAKeyIdentifier(); + kid = getCAKeyIdentifier(); } if (kid == null) @@ -175,8 +186,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault { try { ext = new AuthorityKeyIdentifierExtension(false, kid, null, null); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " - + e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java index d6867225..7ab05d75 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -30,10 +31,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that automatically assign - * request to agent. - * + * This class implements an enrollment default policy + * that automatically assign request to agent. + * * @version $Revision$, $Date$ */ public class AutoAssignDefault extends EnrollDefault { @@ -46,14 +48,15 @@ public class AutoAssignDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_ASSIGN_TO)) { - return new Descriptor(IDescriptor.STRING, null, "admin", - CMS.getUserMessage(locale, "CMS_PROFILE_AUTO_ASSIGN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_ASSIGN_TO)) { + return new Descriptor(IDescriptor.STRING, + null, "admin", CMS.getUserMessage(locale, + "CMS_PROFILE_AUTO_ASSIGN")); } else { return null; } @@ -63,28 +66,30 @@ public class AutoAssignDefault extends EnrollDefault { return null; } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN", - getConfig(CONFIG_ASSIGN_TO)); + getConfig(CONFIG_ASSIGN_TO)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - request.setRequestOwner(mapPattern(request, - getConfig(CONFIG_ASSIGN_TO))); + request.setRequestOwner( + mapPattern(request, getConfig(CONFIG_ASSIGN_TO))); } catch (Exception e) { // failed to insert subject name CMS.debug("AutoAssignDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java index bde77c7b..8c5d8094 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Basic - * Constraint extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates Basic Constraint extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class BasicConstraintsExtDefault extends EnrollExtDefault { @@ -61,19 +64,22 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(CONFIG_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, "-1", + return new Descriptor(IDescriptor.INTEGER, null, + "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } return null; @@ -81,60 +87,66 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_IS_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA")); } else if (name.equals(VAL_PATH_LEN)) { - return new Descriptor(IDescriptor.INTEGER, null, "-1", + return new Descriptor(IDescriptor.INTEGER, null, + "-1", CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { BasicConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) + { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + + if(ext == null) { return; } ext.setCritical(val); } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); + if(ext == null) { return; } Boolean isCA = Boolean.valueOf(value); ext.set(BasicConstraintsExtension.IS_CA, isCA); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) { return; } Integer pathLen = Integer.valueOf(value); @@ -144,47 +156,48 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { throw new EPropertyException("Invalid name " + name); } replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(), - ext, info); - } catch (IOException e) { + ext, info); + } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) + { CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one "); - - try { - populate(null, info); + + try { + populate(null,info); } catch (EProfileException e) { - CMS.debug("BasicConstraintsExtDefault: getValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; @@ -195,85 +208,87 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_IS_CA)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } - Boolean isCA = (Boolean) ext - .get(BasicConstraintsExtension.IS_CA); + Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); return isCA.toString(); } else if (name.equals(VAL_PATH_LEN)) { - ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); if (ext == null) { return null; } - Integer pathLen = (Integer) ext - .get(BasicConstraintsExtension.PATH_LEN); + Integer pathLen = (Integer) + ext.get(BasicConstraintsExtension.PATH_LEN); + String pLen = null; pLen = pathLen.toString(); - if (pLen.equals("-2")) { - // This is done for bug 621700. Profile constraints actually - // checks for -1 - // The low level security class for some reason sets this to - // -2 - // This will allow the request to be approved successfuly by - // the agent. + if(pLen.equals("-2")) + { + //This is done for bug 621700. Profile constraints actually checks for -1 + //The low level security class for some reason sets this to -2 + //This will allow the request to be approved successfuly by the agent. - pLen = "-1"; + pLen = "-1"; } - + CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen); - + return pLen; - } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + + } else { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_IS_CA), getConfig(CONFIG_PATH_LEN) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_IS_CA), + getConfig(CONFIG_PATH_LEN) + }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { BasicConstraintsExtension ext = createExtension(); - addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, info); + addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, + info); } public BasicConstraintsExtension createExtension() { BasicConstraintsExtension ext = null; - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) - .booleanValue(); + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue(); String pathLenStr = getConfig(CONFIG_PATH_LEN); int pathLen = -2; - if (!pathLenStr.equals("")) { + + if(!pathLenStr.equals("") ) { pathLen = Integer.valueOf(pathLenStr).intValue(); } @@ -281,8 +296,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault { try { ext = new BasicConstraintsExtension(isCA, critical, pathLen); } catch (Exception e) { - CMS.debug("BasicConstraintsExtDefault: createExtension " - + e.toString()); + CMS.debug("BasicConstraintsExtDefault: createExtension " + + e.toString()); return null; } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java index b9376c82..4b883f7f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -33,10 +34,12 @@ import netscape.security.x509.X509Key; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.ca.ICertificateAuthority; + /** - * This class implements an abstract CA specific Enrollment default. This policy - * can only be used with CA subsystem. - * + * This class implements an abstract CA specific + * Enrollment default. This policy can only be + * used with CA subsystem. + * * @version $Revision$, $Date$ */ public abstract class CAEnrollDefault extends EnrollDefault { @@ -45,8 +48,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { public KeyIdentifier getKeyIdentifier(X509CertInfo info) { try { - CertificateX509Key ckey = (CertificateX509Key) info - .get(X509CertInfo.KEY); + CertificateX509Key ckey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); @@ -55,35 +58,36 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (IOException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " - + e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } catch (CertificateException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " - + e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " - + e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } return null; } public KeyIdentifier getCAKeyIdentifier() { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); X509CertImpl caCert = ca.getCACert(); if (caCert == null) { - // during configuration, we dont have the CA certificate - return null; + // during configuration, we dont have the CA certificate + return null; } X509Key key = (X509Key) caCert.getPublicKey(); - SubjectKeyIdentifierExtension subjKeyIdExt = (SubjectKeyIdentifierExtension) caCert - .getExtension(PKIXExtensions.SubjectKey_Id.toString()); + SubjectKeyIdentifierExtension subjKeyIdExt = + (SubjectKeyIdentifierExtension) + caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString()); if (subjKeyIdExt != null) { try { - KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt - .get(SubjectKeyIdentifierExtension.KEY_ID); - return keyId; + KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get( + SubjectKeyIdentifierExtension.KEY_ID); + return keyId; } catch (IOException e) { } } @@ -96,8 +100,8 @@ public abstract class CAEnrollDefault extends EnrollDefault { return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " - + e.toString()); + CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java index 94bc7ca9..8bf4c75f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -38,19 +39,21 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements a CA signing cert enrollment default policy that - * populates a server-side configurable validity into the certificate template. + * This class implements a CA signing cert enrollment default policy + * that populates a server-side configurable validity + * into the certificate template. * It allows an agent to bypass the CA's signing cert's expiration constraint */ public class CAValidityDefault extends EnrollDefault { public static final String CONFIG_RANGE = "range"; public static final String CONFIG_START_TIME = "startTime"; - public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; + public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; public static final String VAL_NOT_BEFORE = "notBefore"; public static final String VAL_NOT_AFTER = "notAfter"; - public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter"; + public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter"; public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; @@ -69,41 +72,47 @@ public class CAValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); - mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + mCA = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, null, "2922", /* 8 years */ - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); + return new Descriptor(IDescriptor.STRING, + null, + "2922", /* 8 years */ + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */ - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, + null, + "60", /* 1 minute */ + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) { - return new Descriptor( - IDescriptor.BOOLEAN, - null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); @@ -120,9 +129,7 @@ public class CAValidityDefault extends EnrollDefault { return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { - return new Descriptor( - IDescriptor.BOOLEAN, - null, + return new Descriptor(IDescriptor.BOOLEAN, null, "false", CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER")); } else { @@ -130,87 +137,90 @@ public class CAValidityDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (value == null || value.equals("")) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - CMS.debug("CAValidityDefault: setValue name= " + name); + CMS.debug("CAValidityDefault: setValue name= "+ name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, date); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_BEFORE, + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, date); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_AFTER, + date); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue(); - CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" - + bypassCAvalidity); + CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity); - BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension( - PKIXExtensions.BasicConstraints_Id.toString(), info); + BasicConstraintsExtension ext = (BasicConstraintsExtension) + getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) { CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert."); return; } try { - Boolean isCA = (Boolean) ext - .get(BasicConstraintsExtension.IS_CA); - if (isCA.booleanValue() != true) { + Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA); + if(isCA.booleanValue() != true) { CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."); return; } } catch (Exception e) { - CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." - + e.toString()); + CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString()); return; } CertificateValidity validity = null; Date notAfter = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } // not to exceed CA's expiration - Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter(); + Date caNotAfter = + mCA.getSigningUnit().getCertImpl().getNotAfter(); if (notAfter.after(caNotAfter)) { if (bypassCAvalidity == false) { @@ -221,80 +231,86 @@ public class CAValidityDefault extends EnrollDefault { } } try { - validity.set(CertificateValidity.NOT_AFTER, notAfter); + validity.set(CertificateValidity.NOT_AFTER, + notAfter); } catch (Exception e) { CMS.debug("CAValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); - CMS.debug("CAValidityDefault: getValue: name= " + name); + CMS.debug("CAValidityDefault: getValue: name= "+ name); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - return formatter.format((Date) validity - .get(CertificateValidity.NOT_BEFORE)); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + return formatter.format((Date) + validity.get(CertificateValidity.NOT_BEFORE)); } catch (Exception e) { CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - return formatter.format((Date) validity - .get(CertificateValidity.NOT_AFTER)); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + return formatter.format((Date) + validity.get(CertificateValidity.NOT_AFTER)); } catch (Exception e) { CMS.debug("CAValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) { return "false"; } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_RANGE), - getConfig(CONFIG_BYPASS_CA_NOTAFTER) }; + String params[] = { + getConfig(CONFIG_RANGE), + getConfig(CONFIG_BYPASS_CA_NOTAFTER) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("CAValidityDefault: populate " + e.toString()); } @@ -303,33 +319,32 @@ public class CAValidityDefault extends EnrollDefault { startTimeStr = "60"; } int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() - + (1000 * startTime)); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); long notAfterVal = 0; try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() - + (mDefault * Integer.parseInt(rangeStr)); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = new CertificateValidity(notBefore, - notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); } catch (Exception e) { // failed to insert subject name CMS.debug("CAValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java index 796c9760..6dfb24c1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -44,10 +45,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a CRL - * Distribution points extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a CRL Distribution points extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { @@ -81,30 +84,32 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); + } } super.setConfig(name, value); } + public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -142,36 +147,44 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } - if (num >= MAX_NUM_POINTS) + if (num >= MAX_NUM_POINTS) num = DEF_NUM_POINTS; return num; } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_REASONS)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_REASONS")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, null, + return new Descriptor(IDescriptor.BOOLEAN, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", + return new Descriptor(IDescriptor.INTEGER, null, + "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { @@ -180,56 +193,61 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); + return new Descriptor(IDescriptor.STRING_LIST, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { CRLDistributionPointsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), info); + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); - if (ext == null) { - populate(locale, info); + if(ext == null) { + populate(locale,info); } if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) + { return; } - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), - info); - - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); + + if(ext == null) + { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -247,8 +265,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { String name1 = (String) names.nextElement(); if (name1.equals(REASONS)) { - addReasons(locale, cdp, REASONS, - nvps.getValue(name1)); + addReasons(locale, cdp, REASONS, nvps.getValue(name1)); } else if (name1.equals(POINT_TYPE)) { pointType = nvps.getValue(name1); } else if (name1.equals(POINT_NAME)) { @@ -268,7 +285,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); ext.setCritical(critical); @@ -278,52 +295,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - replaceExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, - info); + replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } catch (EProfileException e) { - CMS.debug("CRLDistributionPointsExtDefault: setValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("CRLDistributionPointsExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, - String type, String value) throws EPropertyException { + private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (type.equals(RELATIVETOISSUER)) { cdp.setRelativeName(new RDN(value)); } else if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type, value)); + gen.addElement(parseGeneralName(type,value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } - private void addIssuer(Locale locale, CRLDistributionPoint cdp, - String type, String value) throws EPropertyException { + private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { @@ -333,20 +349,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { gen.addElement(parseGeneralName(type, value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " - + e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("CRLDistributionPointsExtDefault: addIssuer " - + e.toString()); + CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + + e.toString()); } } - private void addReasons(Locale locale, CRLDistributionPoint cdp, - String type, String value) throws EPropertyException { + private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; if (type.equals(REASONS)) { @@ -359,52 +375,56 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { Reason r = Reason.fromString(s); if (r == null) { - CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " - + s); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", s)); + CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", s)); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] { reasonBits }); + BitArray ba = new BitArray(8, new byte[] {reasonBits} + ); cdp.setReasons(ba); } } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { CRLDistributionPointsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), info); + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); - if (ext == null) { + if(ext == null) + { try { - populate(locale, info); + populate(locale,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), info); + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) { return null; @@ -414,9 +434,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (CRLDistributionPointsExtension) getExtension( - PKIXExtensions.CRLDistributionPoints_Id.toString(), info); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (CRLDistributionPointsExtension) + getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + info); if (ext == null) return ""; @@ -430,7 +451,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -440,11 +461,11 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -460,8 +481,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { return pairs; } - protected NameValuePairs buildGeneralNames(GeneralNames gns, - CRLDistributionPoint p) throws EPropertyException { + protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -530,14 +551,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (reasons != null) { byte[] b = reasons.toByteArray(); Reason[] reasonArray = Reason.bitArrayToReasonArray(b); - + for (int i = 0; i < reasonArray.length; i++) { if (sb.length() > 0) sb.append(","); sb.append(reasonArray[i].getName()); } } - + return sb.toString(); } @@ -568,39 +589,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", + getConfig(CONFIG_CRITICAL), + sb.toString()); } /** * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(locale); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, - info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } - /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CRLDistributionPointsExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext, - info); + addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), + ext, info); } public CRLDistributionPointsExtension createExtension(IRequest request) { - CRLDistributionPointsExtension ext = null; + CRLDistributionPointsExtension ext = null; int num = 0; try { @@ -610,8 +631,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String reasons = getConfig(CONFIG_REASONS + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); @@ -619,13 +640,11 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { if (enable != null && enable.equals("true")) { if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, - pointName); + addCRLPoint(getLocale(request), cdp, pointType, pointName); if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, - issuerName); + addIssuer(getLocale(request), cdp, issuerType, issuerName); if (reasons != null) - addReasons(getLocale(request), cdp, REASONS, reasons); + addReasons(getLocale(request), cdp, REASONS, reasons); if (i == 0) { ext = new CRLDistributionPointsExtension(cdp); @@ -636,8 +655,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " - + e.toString()); + CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + + e.toString()); CMS.debug(e); } @@ -678,8 +697,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("CRLDistribtionPointsExtDefault: createExtension " - + e.toString()); + CMS.debug("CRLDistribtionPointsExtDefault: createExtension " + + e.toString()); CMS.debug(e); } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java index f707c152..14eec785 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java @@ -1,3 +1,4 @@ + // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -17,6 +18,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Hashtable; @@ -47,9 +49,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates a policy - * mappings extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a policy mappings extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificatePoliciesExtDefault extends EnrollExtDefault { @@ -119,31 +122,33 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_POLICY_NUM)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POLICIES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POLICIES || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); - } + "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM)); + } } super.setConfig(name, value); } + public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -161,69 +166,67 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int numQualifiers = getNumQualifiers(); addConfigName(CONFIG_POLICY_NUM); - + for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); - for (int j = 0; j < numQualifiers; j++) { - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_CPSURI_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_CPSURI_VALUE); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_ORG); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); - addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); + for (int j=0; j<numQualifiers; j++) { + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); } } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID")); } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE")); } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE")); } else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_QUALIFIER_NUM")); + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM")); } else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG")); } else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS")); } else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT")); } else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI")); } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) { - return new Descriptor(IDescriptor.INTEGER, null, "5", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); + return new Descriptor(IDescriptor.INTEGER, null, + "5", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES")); } return null; } @@ -231,10 +234,12 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS")); } return null; @@ -248,143 +253,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { int index = token.indexOf(":"); if (index <= 0) throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", token)); + "CMS_INVALID_PROPERTY", token)); String name = token.substring(0, index); String val = ""; - if ((token.length() - 1) > index) { - val = token.substring(index + 1); + if ((token.length()-1) > index) { + val = token.substring(index+1); } table.put(name, val); - } - + } + return table; } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) getExtension( - PKIXExtensions.CertificatePolicies_Id.toString(), info); + ext = (CertificatePoliciesExtension) + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) getExtension( - PKIXExtensions.CertificatePolicies_Id.toString(), info); - + ext.setCritical(val); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext = (CertificatePoliciesExtension) + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); + Hashtable h = buildRecords(value); - String numStr = (String) h.get(CONFIG_POLICY_NUM); + String numStr = (String)h.get(CONFIG_POLICY_NUM); int size = Integer.parseInt(numStr); Vector certificatePolicies = new Vector(); for (int i = 0; i < size; i++) { - String enable = (String) h.get(CONFIG_PREFIX + i - + SEPARATOR + CONFIG_POLICY_ENABLE); + String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); CertificatePolicyInfo cinfo = null; if (enable != null && enable.equals("true")) { - String policyId = (String) h.get(CONFIG_PREFIX + i - + SEPARATOR + CONFIG_POLICY_ID); + String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); - if (policyId == null || policyId.length() == 0) - throw new EPropertyException( - CMS.getUserMessage(locale, - "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + if (policyId == null || policyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = getPolicyId(policyId); - String qualifersNum = (String) h.get(CONFIG_PREFIX + i - + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM); + String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); int num = 0; if (qualifersNum != null && qualifersNum.length() > 0) num = Integer.parseInt(qualifersNum); - for (int j = 0; j < num; j++) { - String cpsuriEnable = (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j - + SEPARATOR + CONFIG_CPSURI_ENABLE); - String usernoticeEnable = (String) h - .get(CONFIG_PREFIX + i + SEPARATOR - + CONFIG_PREFIX1 + j + SEPARATOR - + CONFIG_USERNOTICE_ENABLE); - if (cpsuriEnable != null - && cpsuriEnable.equals("true")) { - String cpsuri = (String) h.get(CONFIG_PREFIX - + i + SEPARATOR + CONFIG_PREFIX1 + j - + SEPARATOR + CONFIG_CPSURI_VALUE); + for (int j=0; j<num; j++) { + String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); + String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); + if (cpsuriEnable != null && cpsuriEnable.equals("true")) { + String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null - && enable.equals("true")) { - String org = (String) h.get(CONFIG_PREFIX + i - + SEPARATOR + CONFIG_PREFIX1 + j - + SEPARATOR + CONFIG_USERNOTICE_ORG); - String noticenumbers = (String) h - .get(CONFIG_PREFIX + i + SEPARATOR - + CONFIG_PREFIX1 + j - + SEPARATOR - + CONFIG_USERNOTICE_NUMBERS); - String explicitText = (String) h - .get(CONFIG_PREFIX + i + SEPARATOR - + CONFIG_PREFIX1 + j - + SEPARATOR - + CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice( - org, noticenumbers, explicitText); + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null && enable.equals("true")) { + String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); + String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); + String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, + noticenumbers, explicitText); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); + policyQualifiers.add(qualifierInfo); } } if (policyQualifiers.size() <= 0) { - cinfo = new CertificatePolicyInfo(cpolicyId); + cinfo = + new CertificatePolicyInfo(cpolicyId); } else { - cinfo = new CertificatePolicyInfo(cpolicyId, - policyQualifiers); + cinfo = + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } if (cinfo != null) - certificatePolicies.addElement(cinfo); + certificatePolicies.addElement(cinfo); } } ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { CertificatePoliciesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (CertificatePoliciesExtension) getExtension( - PKIXExtensions.CertificatePolicies_Id.toString(), info); + ext = (CertificatePoliciesExtension) + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) { return null; @@ -394,9 +382,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_POLICY_QUALIFIERS)) { - ext = (CertificatePoliciesExtension) getExtension( - PKIXExtensions.CertificatePolicies_Id.toString(), info); + } else if (name.equals(VAL_POLICY_QUALIFIERS)) { + ext = (CertificatePoliciesExtension) + getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + info); if (ext == null) return ""; @@ -410,7 +399,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("\n"); Vector infos = null; try { - infos = (Vector) (ext.get(CertificatePoliciesExtension.INFOS)); + infos = (Vector)(ext.get(CertificatePoliciesExtension.INFOS)); } catch (IOException ee) { } Enumeration policies = ext.getElements(); @@ -420,79 +409,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { String policyId = ""; String policyEnable = "false"; PolicyQualifiers qualifiers = null; - if (infos.size() > 0) { - CertificatePolicyInfo cinfo = (CertificatePolicyInfo) infos - .elementAt(0); - - CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); + if (infos.size() > 0) { + CertificatePolicyInfo cinfo = + (CertificatePolicyInfo) infos.elementAt(0); + + CertificatePolicyId id1 = cinfo.getPolicyIdentifier(); policyId = id1.getIdentifier().toString(); policyEnable = "true"; qualifiers = cinfo.getPolicyQualifiers(); if (qualifiers != null) - qSize = qualifiers.size(); + qSize = qualifiers.size(); infos.removeElementAt(0); } - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE); sb.append(":"); sb.append(policyEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID); sb.append(":"); sb.append(policyId); sb.append("\n"); - + if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR - + CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(DEF_NUM_QUALIFIERS); sb.append("\n"); } else { - sb.append(CONFIG_PREFIX + i + SEPARATOR - + CONFIG_POLICY_QUALIFIERS_NUM); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM); sb.append(":"); sb.append(qSize); sb.append("\n"); } if (qSize == 0) { - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append("false"); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(""); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(""); sb.append("\n"); } - for (int j = 0; j < qSize; j++) { - netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers - .getInfoAt(j); + for (int j=0; j<qSize; j++) { + netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j); ObjectIdentifier oid = qinfo.getId(); Qualifier qualifier = qinfo.getQualifier(); - + String cpsuriEnable = "false"; String usernoticeEnable = "false"; String cpsuri = ""; @@ -500,23 +480,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { StringBuffer noticeNum = new StringBuffer(); String explicitText = ""; - if (oid.toString().equals( - netscape.security.x509.PolicyQualifierInfo.QT_CPS - .toString())) { + if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) { cpsuriEnable = "true"; - CPSuri content = (CPSuri) qualifier; - cpsuri = content.getURI(); - } else if (oid - .toString() - .equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE - .toString())) { + CPSuri content = (CPSuri)qualifier; + cpsuri = content.getURI(); + } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) { usernoticeEnable = "true"; - UserNotice content = (UserNotice) qualifier; + UserNotice content = (UserNotice)qualifier; NoticeReference ref = content.getNoticeReference(); if (ref != null) { org = ref.getOrganization().getText(); int[] nums = ref.getNumbers(); - for (int k = 0; k < nums.length; k++) { + for (int k=0; k<nums.length; k++) { if (k != 0) { noticeNum.append(","); noticeNum.append(nums[k]); @@ -529,33 +504,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { explicitText = displayText.getText(); } - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_CPSURI_ENABLE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE); sb.append(":"); sb.append(cpsuriEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_CPSURI_VALUE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE); sb.append(":"); sb.append(cpsuri); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE); sb.append(":"); sb.append(usernoticeEnable); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_ORG); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG); sb.append(":"); sb.append(org); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS); sb.append(":"); sb.append(noticeNum.toString()); sb.append("\n"); - sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 - + j + SEPARATOR + CONFIG_USERNOTICE_TEXT); + sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT); sb.append(":"); sb.append(explicitText); sb.append("\n"); @@ -563,8 +532,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { } // end of for loop return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -582,8 +551,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(","); for (int i = 0; i < num; i++) { sb.append("{"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX - + i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); String enable = substore.getString(CONFIG_POLICY_ENABLE, ""); sb.append(POLICY_ID_ENABLE + ":"); sb.append(enable); @@ -592,41 +560,34 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append(POLICY_ID + ":"); sb.append(policyId); sb.append(","); - String qualifiersNum = substore.getString( - CONFIG_POLICY_QUALIFIERS_NUM, ""); - sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":"); + String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, ""); + sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":"); sb.append(qualifiersNum); sb.append(","); - for (int j = 0; j < num1; j++) { - IConfigStore substore1 = substore - .getSubStore(CONFIG_PREFIX1 + j); + for (int j=0; j<num1; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); sb.append("{"); - String cpsuriEnable = substore1.getString( - CONFIG_CPSURI_ENABLE, ""); + String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, ""); sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":"); sb.append(cpsuriEnable); sb.append(","); - String usernoticeEnable = substore1.getString( - CONFIG_USERNOTICE_ENABLE, ""); - sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":"); + String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, ""); + sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":"); sb.append(usernoticeEnable); sb.append(","); String org = substore1.getString(CONFIG_USERNOTICE_ORG, ""); sb.append(USERNOTICE_REF_ORG + ":"); sb.append(org); sb.append(","); - String refNums = substore1.getString( - CONFIG_USERNOTICE_NUMBERS, ""); + String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, ""); sb.append(USERNOTICE_REF_NUMBERS + ":"); sb.append(refNums); sb.append(","); - String explicitText = substore1.getString( - CONFIG_USERNOTICE_TEXT, ""); + String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, ""); sb.append(USERNOTICE_EXPLICIT_TEXT + ":"); sb.append(explicitText); sb.append(","); - String cpsuri = substore1 - .getString(CONFIG_CPSURI_VALUE, ""); + String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); sb.append(CPSURI + ":"); sb.append(cpsuri); sb.append("}"); @@ -634,9 +595,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { sb.append("}"); } sb.append("}"); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } catch (Exception e) { return ""; } @@ -646,144 +607,127 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificatePoliciesExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), ext, - info); + addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), + ext, info); } - public CertificatePoliciesExtension createExtension() - throws EProfileException { - CertificatePoliciesExtension ext = null; + public CertificatePoliciesExtension createExtension() + throws EProfileException { + CertificatePoliciesExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector certificatePolicies = new Vector(); int num = getNumPolicies(); - CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" - + num); + CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num); IConfigStore config = getConfigStore(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { IConfigStore basesubstore = config.getSubStore("params"); - IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX - + i); + IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i); String enable = substore.getString(CONFIG_POLICY_ENABLE); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " - + i + " enable=" + enable); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable); if (enable != null && enable.equals("true")) { String policyId = substore.getString(CONFIG_POLICY_ID); CertificatePolicyId cpolicyId = getPolicyId(policyId); - CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " - + i + " policyId=" + policyId); + CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId); int qualifierNum = getNumQualifiers(); PolicyQualifiers policyQualifiers = new PolicyQualifiers(); - for (int j = 0; j < qualifierNum; j++) { - IConfigStore substore1 = substore - .getSubStore(CONFIG_PREFIX1 + j); - String cpsuriEnable = substore1 - .getString(CONFIG_CPSURI_ENABLE); - String usernoticeEnable = substore1 - .getString(CONFIG_USERNOTICE_ENABLE); + for (int j=0; j<qualifierNum; j++) { + IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j); + String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE); + String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE); if (cpsuriEnable != null && cpsuriEnable.equals("true")) { - String cpsuri = substore1.getString( - CONFIG_CPSURI_VALUE, ""); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); + String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, ""); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); if (qualifierInfo != null) - policyQualifiers.add(qualifierInfo); - } else if (usernoticeEnable != null - && usernoticeEnable.equals("true")) { - - String org = substore1 - .getString(CONFIG_USERNOTICE_ORG); - String noticenumbers = substore1 - .getString(CONFIG_USERNOTICE_NUMBERS); - String explicitText = substore1 - .getString(CONFIG_USERNOTICE_TEXT); - netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice( - org, noticenumbers, explicitText); + policyQualifiers.add(qualifierInfo); + } else if (usernoticeEnable != null && + usernoticeEnable.equals("true")) { + + String org = substore1.getString(CONFIG_USERNOTICE_ORG); + String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS); + String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT); + netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org, + noticenumbers, explicitText); if (qualifierInfo != null) policyQualifiers.add(qualifierInfo); } } - + CertificatePolicyInfo info = null; if (policyQualifiers.size() <= 0) { - info = new CertificatePolicyInfo(cpolicyId); + info = + new CertificatePolicyInfo(cpolicyId); } else { - info = new CertificatePolicyInfo(cpolicyId, - policyQualifiers); + info = + new CertificatePolicyInfo(cpolicyId, policyQualifiers); } - + if (info != null) - certificatePolicies.addElement(info); + certificatePolicies.addElement(info); } } - ext = new CertificatePoliciesExtension(critical, - certificatePolicies); + ext = new CertificatePoliciesExtension(critical, certificatePolicies); } catch (EPropertyException e) { throw new EProfileException(e.toString()); } catch (EProfileException e) { throw e; } catch (Exception e) { - CMS.debug("CertificatePoliciesExtDefault: createExtension " - + e.toString()); + CMS.debug("CertificatePoliciesExtDefault: createExtension " + + e.toString()); } return ext; } - private CertificatePolicyId getPolicyId(String policyId) - throws EPropertyException { + private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException { if (policyId == null || policyId.length() == 0) - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID")); CertificatePolicyId cpolicyId = null; try { cpolicyId = new CertificatePolicyId( - ObjectIdentifier.getObjectIdentifier(policyId)); + ObjectIdentifier.getObjectIdentifier(policyId)); return cpolicyId; } catch (Exception e) { - throw new EPropertyException( - CMS.getUserMessage( - "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", - policyId)); + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId)); } } - private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) - throws EPropertyException { - if (uri == null || uri.length() == 0) - throw new EPropertyException( - CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); - - CPSuri cpsURI = new CPSuri(uri); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = new netscape.security.x509.PolicyQualifierInfo( - netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException { + if (uri == null || uri.length() == 0) + throw new EPropertyException(CMS.getUserMessage( + "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI")); + CPSuri cpsURI = new CPSuri(uri); + netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI); + return policyQualifierInfo2; } - private netscape.security.x509.PolicyQualifierInfo createUserNotice( - String organization, String noticeText, String noticeNums) - throws EPropertyException { - - if ((organization == null || organization.length() == 0) - && (noticeNums == null || noticeNums.length() == 0) - && (noticeText == null || noticeText.length() == 0)) + private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, + String noticeText, String noticeNums) throws EPropertyException { + + if ((organization == null || organization.length() == 0) && + (noticeNums == null || noticeNums.length() == 0) && + (noticeText == null || noticeText.length() == 0)) return null; DisplayText explicitText = null; - if (noticeText != null && noticeText.length() > 0) - explicitText = new DisplayText(DisplayText.tag_VisibleString, - noticeText); + if (noticeText != null && noticeText.length() > 0) + explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText); int nums[] = null; if (noticeNums != null && noticeNums.length() > 0) { @@ -807,8 +751,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { DisplayText orgName = null; if (organization != null && organization.length() > 0) { - orgName = new DisplayText(DisplayText.tag_VisibleString, - organization); + orgName = + new DisplayText(DisplayText.tag_VisibleString, organization); } NoticeReference noticeReference = null; @@ -818,11 +762,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault { UserNotice userNotice = null; if (explicitText != null || noticeReference != null) { - userNotice = new UserNotice(noticeReference, explicitText); + userNotice = new UserNotice (noticeReference, explicitText); - netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = new netscape.security.x509.PolicyQualifierInfo( - netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, - userNotice); + netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = + new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice); return policyQualifierInfo1; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java index bd3e3f2e..f3b68594 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java @@ -34,9 +34,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates a Netscape - * comment extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Netscape comment extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class CertificateVersionDefault extends EnrollExtDefault { @@ -53,67 +54,71 @@ public class CertificateVersionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, "3", + return new Descriptor(IDescriptor.INTEGER, null, + "3", CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); } else { return null; } } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (name.equals(CONFIG_VERSION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_VERSION)); - } + "CMS_INVALID_PROPERTY", CONFIG_VERSION)); + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_VERSION)) { - return new Descriptor(IDescriptor.INTEGER, null, "3", + return new Descriptor(IDescriptor.INTEGER, null, + "3", CMS.getUserMessage(locale, "CMS_PROFILE_VERSION")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { if (value == null || value.equals("")) - throw new EPropertyException(name + " cannot be empty"); + throw new EPropertyException(name+" cannot be empty"); else { - int version = Integer.valueOf(value).intValue() - 1; - + int version = Integer.valueOf(value).intValue()-1; + if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V1)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V2)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("CertificateVersionDefault: setValue " + e.toString()); @@ -122,65 +127,67 @@ public class CertificateVersionDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - if (name.equals(VAL_VERSION)) { + if (name.equals(VAL_VERSION)) { CertificateVersion v = null; - try { - v = (CertificateVersion) info.get(X509CertInfo.VERSION); + try { + v = (CertificateVersion)info.get( + X509CertInfo.VERSION); } catch (Exception e) { } if (v == null) - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); int version = v.compare(0); - - return "" + (version + 1); + + return ""+(version+1); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_VERSION) }; + String params[] = { + getConfig(CONFIG_VERSION) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", - params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { String v = getConfig(CONFIG_VERSION); - int version = Integer.valueOf(v).intValue() - 1; - + int version = Integer.valueOf(v).intValue()-1; + try { if (version == CertificateVersion.V1) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V1)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V1)); else if (version == CertificateVersion.V2) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V2)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V2)); else if (version == CertificateVersion.V3) - info.set(X509CertInfo.VERSION, new CertificateVersion( - CertificateVersion.V3)); + info.set(X509CertInfo.VERSION, + new CertificateVersion(CertificateVersion.V3)); else { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_INVALID_PROPERTY", - CONFIG_VERSION)); + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION)); } } catch (IOException e) { } catch (CertificateException e) { - } + } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java index 8538266b..b5afc1c7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java @@ -60,13 +60,13 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** * This class implements an enrollment default policy. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollDefault implements IPolicyDefault, - ICertInfoPolicyDefault { +public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault { public static final String PROP_NAME = "name"; @@ -98,7 +98,8 @@ public abstract class EnrollDefault implements IPolicyDefault, mConfigNames.addElement(name); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -119,18 +120,19 @@ public abstract class EnrollDefault implements IPolicyDefault, } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } /** * Retrieves the localizable description of this policy. - * + * * @param locale locale of the end user * @return localized description of this default policy */ public abstract String getText(Locale locale); + public IConfigStore getConfigStore() { return mConfig; } @@ -145,54 +147,60 @@ public abstract class EnrollDefault implements IPolicyDefault, /** * Populates attributes into the certificate template. - * + * * @param request enrollment request * @param info certificate template - * @exception EProfileException failed to populate attributes into request + * @exception EProfileException failed to populate attributes + * into request */ public abstract void populate(IRequest request, X509CertInfo info) - throws EProfileException; + throws EProfileException; /** * Sets values from the approval page into certificate template. - * + * * @param name name of the attribute * @param locale user locale * @param info certificate template * @param value attribute value - * @exception EProfileException failed to set attributes into request + * @exception EProfileException failed to set attributes + * into request */ - public abstract void setValue(String name, Locale locale, - X509CertInfo info, String value) throws EPropertyException; + public abstract void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException; /** - * Retrieves certificate template values and returns them to the approval - * page. - * + * Retrieves certificate template values and returns them to + * the approval page. + * * @param name name of the attribute * @param locale user locale * @param info certificate template - * @exception EProfileException failed to get attributes from request + * @exception EProfileException failed to get attributes + * from request */ - public abstract String getValue(String name, Locale locale, - X509CertInfo info) throws EPropertyException; + public abstract String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException; /** * Populates the request with this policy default. - * - * The current implementation extracts enrollment specific attributes and - * calls the populate() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes + * and calls the populate() method of the subclass. + * * @param request request to be populated * @exception EProfileException failed to populate */ - public void populate(IRequest request) throws EProfileException { + public void populate(IRequest request) + throws EProfileException { String name = getClass().getName(); name = name.substring(name.lastIndexOf('.') + 1); CMS.debug(name + ": populate start"); - X509CertInfo info = request - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); populate(request, info); @@ -214,20 +222,21 @@ public abstract class EnrollDefault implements IPolicyDefault, /** * Sets the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes and - * calls the setValue() method of the subclass. - * + * + * The current implementation extracts enrollment specific attributes + * and calls the setValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @param value value to be set in the given request * @exception EPropertyException failed to set property */ - public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { - X509CertInfo info = request - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { + X509CertInfo info = + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); setValue(name, locale, info, value); @@ -235,20 +244,21 @@ public abstract class EnrollDefault implements IPolicyDefault, } /** - * Retrieves the value of the given value property by name. - * - * The current implementation extracts enrollment specific attributes and - * calls the getValue() method of the subclass. - * + * Retrieves the value of the given value + * property by name. + * + * The current implementation extracts enrollment specific attributes + * and calls the getValue() method of the subclass. + * * @param name name of property * @param locale locale of the end user * @param request request * @exception EPropertyException failed to get property */ public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { - X509CertInfo info = request - .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); + throws EPropertyException { + X509CertInfo info = + request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO); String value = getValue(name, locale, info); request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info); @@ -269,15 +279,16 @@ public abstract class EnrollDefault implements IPolicyDefault, } protected void refreshConfigAndValueNames() { - mConfigNames.removeAllElements(); - mValueNames.removeAllElements(); + mConfigNames.removeAllElements(); + mValueNames.removeAllElements(); } protected void deleteExtension(String name, X509CertInfo info) { CertificateExtensions exts = null; try { - exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); if (exts == null) return; Enumeration e = exts.getNames(); @@ -299,7 +310,8 @@ public abstract class EnrollDefault implements IPolicyDefault, CertificateExtensions exts = null; try { - exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollDefault: getExtension " + e.toString()); } @@ -324,24 +336,23 @@ public abstract class EnrollDefault implements IPolicyDefault, } protected void addExtension(String name, Extension ext, X509CertInfo info) - throws EProfileException { + throws EProfileException { if (ext == null) { throw new EProfileException("extension not found"); } CertificateExtensions exts = null; - Extension alreadyPresentExtension = getExtension(name, info); + Extension alreadyPresentExtension = getExtension(name,info); if (alreadyPresentExtension != null) { String eName = ext.toString(); - CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " - + eName); - throw new EProfileException(CMS.getUserMessage( - "CMS_PROFILE_DUPLICATE_EXTENSION", eName)); + CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName); + throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName)); } try { - exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); + exts = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); } catch (Exception e) { CMS.debug("EnrollDefault: " + e.toString()); } @@ -355,8 +366,8 @@ public abstract class EnrollDefault implements IPolicyDefault, } } - protected void replaceExtension(String name, Extension ext, - X509CertInfo info) throws EProfileException { + protected void replaceExtension(String name, Extension ext, X509CertInfo info) + throws EProfileException { deleteExtension(name, info); addExtension(name, ext, info); } @@ -381,62 +392,65 @@ public abstract class EnrollDefault implements IPolicyDefault, return getInt(getConfig(value)); } - protected boolean isGeneralNameValid(String name) { + protected boolean isGeneralNameValid(String name) + { if (name == null) - return false; + return false; int pos = name.indexOf(':'); if (pos == -1) - return false; + return false; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); if (nameValue.equals("")) - return false; + return false; return true; } protected GeneralNameInterface parseGeneralName(String name) - throws IOException { + throws IOException { int pos = name.indexOf(':'); if (pos == -1) - return null; + return null; String nameType = name.substring(0, pos).trim(); String nameValue = name.substring(pos + 1).trim(); return parseGeneralName(nameType, nameValue); } - protected boolean isGeneralNameType(String nameType) { + protected boolean isGeneralNameType(String nameType) + { if (nameType.equalsIgnoreCase("RFC822Name")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DNSName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("x400")) { - return true; + return true; } if (nameType.equalsIgnoreCase("DirectoryName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("EDIPartyName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("URIName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("IPAddress")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OIDName")) { - return true; + return true; } if (nameType.equalsIgnoreCase("OtherName")) { - return true; + return true; } return false; } - protected GeneralNameInterface parseGeneralName(String nameType, - String nameValue) throws IOException { + protected GeneralNameInterface parseGeneralName(String nameType, String nameValue) + throws IOException + { if (nameType.equalsIgnoreCase("RFC822Name")) { return new RFC822Name(nameValue); } @@ -444,7 +458,7 @@ public abstract class EnrollDefault implements IPolicyDefault, return new DNSName(nameValue); } if (nameType.equalsIgnoreCase("x400")) { - // XXX + // XXX } if (nameType.equalsIgnoreCase("DirectoryName")) { return new X500Name(nameValue); @@ -462,158 +476,153 @@ public abstract class EnrollDefault implements IPolicyDefault, StringTokenizer st = new StringTokenizer(nameValue, "/"); String addr = st.nextToken(); String netmask = st.nextToken(); - CMS.debug("addr:" + addr + " netmask: " + netmask); + CMS.debug("addr:" + addr +" netmask: "+netmask); return new IPAddressName(addr, netmask); - } else { + } else { return new IPAddressName(nameValue); - } + } } if (nameType.equalsIgnoreCase("OIDName")) { try { - // check if OID - ObjectIdentifier oid = new ObjectIdentifier(nameValue); + // check if OID + ObjectIdentifier oid = new ObjectIdentifier(nameValue); } catch (Exception e) { - return null; + return null; } return new OIDName(nameValue); - } + } if (nameType.equals("OtherName")) { if (nameValue == null || nameValue.length() == 0) nameValue = " "; if (nameValue.startsWith("(PrintableString)")) { - // format: OtherName: (PrintableString)oid,value - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), - DerValue.tag_PrintableString, on_value); - } else { - return null; - } + // format: OtherName: (PrintableString)oid,value + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(KerberosName)")) { // Syntax: (KerberosName)Realm|NameType|NameString(s) - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf('|'); - int pos2 = nameValue.lastIndexOf('|'); - String realm = nameValue.substring(pos0 + 1, pos1).trim(); - String name_type = nameValue.substring(pos1 + 1, pos2).trim(); - String name_strings = nameValue.substring(pos2 + 1).trim(); - Vector strings = new Vector(); - StringTokenizer st = new StringTokenizer(name_strings, ","); - while (st.hasMoreTokens()) { - strings.addElement(st.nextToken()); - } - KerberosName name = new KerberosName(realm, - Integer.parseInt(name_type), strings); - // krb5 OBJECT IDENTIFIER ::= { iso (1) - // org (3) - // dod (6) - // internet (1) - // security (5) - // kerberosv5 (2) } - // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } - return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, - name.toByteArray()); + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf('|'); + int pos2 = nameValue.lastIndexOf('|'); + String realm = nameValue.substring(pos0 + 1, pos1).trim(); + String name_type = nameValue.substring(pos1 + 1, pos2).trim(); + String name_strings = nameValue.substring(pos2 + 1).trim(); + Vector strings = new Vector(); + StringTokenizer st = new StringTokenizer(name_strings, ","); + while (st.hasMoreTokens()) { + strings.addElement(st.nextToken()); + } + KerberosName name = new KerberosName(realm, + Integer.parseInt(name_type), strings); + // krb5 OBJECT IDENTIFIER ::= { iso (1) + // org (3) + // dod (6) + // internet (1) + // security (5) + // kerberosv5 (2) } + // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME, + name.toByteArray()); } else if (nameValue.startsWith("(IA5String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), - DerValue.tag_IA5String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(UTF8String)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), - DerValue.tag_UTF8String, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(BMPString)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - return new OtherName(new ObjectIdentifier(on_oid), - DerValue.tag_BMPString, on_value); - } else { - return null; - } + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value); + } else { + return null; + } } else if (nameValue.startsWith("(Any)")) { - int pos0 = nameValue.indexOf(')'); - int pos1 = nameValue.indexOf(','); - if (pos1 == -1) - return null; - String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); - String on_value = nameValue.substring(pos1 + 1).trim(); - if (isValidOID(on_oid)) { - CMS.debug("OID: " + on_oid + " Value:" + on_value); - return new OtherName(new ObjectIdentifier(on_oid), - getBytes(on_value)); - } else { - CMS.debug("Invalid OID " + on_oid); - return null; - } - } else { + int pos0 = nameValue.indexOf(')'); + int pos1 = nameValue.indexOf(','); + if (pos1 == -1) + return null; + String on_oid = nameValue.substring(pos0 + 1, pos1).trim(); + String on_value = nameValue.substring(pos1 + 1).trim(); + if (isValidOID(on_oid)) { + CMS.debug("OID: " + on_oid + " Value:" + on_value); + return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value)); + } else { + CMS.debug("Invalid OID " + on_oid); return null; + } + } else { + return null; } } return null; } - /** - * Converts string containing pairs of characters in the range of '0' to - * '9', 'a' to 'f' to an array of bytes such that each pair of characters in - * the string represents an individual byte - */ +/** + * Converts string containing pairs of characters in the range of '0' + * to '9', 'a' to 'f' to an array of bytes such that each pair of + * characters in the string represents an individual byte + */ public byte[] getBytes(String string) { - if (string == null) - return null; - int stringLength = string.length(); - if ((stringLength == 0) || ((stringLength % 2) != 0)) - return null; - byte[] bytes = new byte[(stringLength / 2)]; - for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { - String nextByte = string.substring(i, (i + 2)); - bytes[b] = (byte) Integer.parseInt(nextByte, 0x10); - } - return bytes; + if (string == null) + return null; + int stringLength = string.length(); + if ((stringLength == 0) || ((stringLength % 2) != 0)) + return null; + byte[] bytes = new byte[ (stringLength / 2) ]; + for (int i = 0, b = 0; i < stringLength; i += 2, ++b) { + String nextByte = string.substring(i, (i + 2)); + bytes[b] = (byte)Integer.parseInt(nextByte, 0x10); + } + return bytes; } /** - * Check if a object identifier in string form is valid, that is a string in - * the form n.n.n.n and der encode and decode-able. - * + * Check if a object identifier in string form is valid, + * that is a string in the form n.n.n.n and der encode and decode-able. * @param oid object identifier string. * @return true if the oid is valid */ - public boolean isValidOID(String oid) { - ObjectIdentifier v = null; + public boolean isValidOID(String oid) + { + ObjectIdentifier v = null; try { v = ObjectIdentifier.getObjectIdentifier(oid); } catch (Exception e) { - return false; + return false; } if (v == null) - return false; + return false; // if the OID isn't valid (ex. n.n) the error isn't caught til // encoding time leaving a bad request in the request queue. @@ -623,7 +632,7 @@ public abstract class EnrollDefault implements IPolicyDefault, derOut.putOID(v); new ObjectIdentifier(new DerInputStream(derOut.toByteArray())); } catch (Exception e) { - return false; + return false; } return true; } @@ -649,7 +658,7 @@ public abstract class EnrollDefault implements IPolicyDefault, sb.append("\r\n"); } sb.append("\r\n"); - + } return sb.toString(); } @@ -669,7 +678,7 @@ public abstract class EnrollDefault implements IPolicyDefault, v.addElement(nvps); try { token = (String) st.nextToken(); - } catch (NoSuchElementException e) { + } catch (NoSuchElementException e) { v.removeElementAt(num); CMS.debug(e.toString()); return v; @@ -679,7 +688,7 @@ public abstract class EnrollDefault implements IPolicyDefault, if (nvps == null) throw new EPropertyException("Bad Input Format"); - + int pos = token.indexOf(":"); if (pos <= 0) { @@ -697,8 +706,8 @@ public abstract class EnrollDefault implements IPolicyDefault, return v; } - protected String getGeneralNameType(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameType(GeneralName gn) + throws EPropertyException { int type = gn.getType(); if (type == GeneralNameInterface.NAME_RFC822) @@ -721,8 +730,7 @@ public abstract class EnrollDefault implements IPolicyDefault, throw new EPropertyException("Unsupported type: " + type); } - protected String getGeneralNameValue(GeneralName gn) - throws EPropertyException { + protected String getGeneralNameValue(GeneralName gn) throws EPropertyException { String s = gn.toString(); int type = gn.getType(); @@ -732,8 +740,7 @@ public abstract class EnrollDefault implements IPolicyDefault, int pos = s.indexOf(":"); if (pos <= 0) - throw new EPropertyException("Badly formatted general name: " - + s); + throw new EPropertyException("Badly formatted general name: " + s); else { return s.substring(pos + 1).trim(); } @@ -746,8 +753,8 @@ public abstract class EnrollDefault implements IPolicyDefault, if (request == null) return null; - String language = request - .getExtDataInString(EnrollProfile.REQUEST_LOCALE); + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -755,17 +762,17 @@ public abstract class EnrollDefault implements IPolicyDefault, } public String toGeneralNameString(GeneralName gn) { - int type = gn.getType(); + int type = gn.getType(); // Sun's General Name is not consistent, so we need // to do a special case for directory string if (type == GeneralNameInterface.NAME_DIRECTORY) { - return "DirectoryName: " + gn.toString(); + return "DirectoryName: " + gn.toString(); } return gn.toString(); } protected String mapPattern(IRequest request, String pattern) - throws IOException { + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -774,34 +781,30 @@ public abstract class EnrollDefault implements IPolicyDefault, return p.substitute2("request", attrSet); } - protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) { + protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) + { StringBuffer result = new StringBuffer(); // Do we need to escape any characters for (int i = 0; i < v.length(); i++) { int c = v.charAt(i); - if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>' - || c == '#' || c == ';' || c == '\r' || c == '\n' - || c == '\\' || c == '"') { - if ((c == 0x5c) && ((i + 1) < v.length())) { - int nextC = v.charAt(i + 1); - if ((c == 0x5c) - && (nextC == ',' || nextC == '=' || nextC == '+' - || nextC == '<' || nextC == '>' - || nextC == '#' || nextC == ';' - || nextC == '\r' || nextC == '\n' - || nextC == '\\' || nextC == '"')) { - if (doubleEscape) - result.append('\\'); + if (c == ',' || c == '=' || c == '+' || c == '<' || + c == '>' || c == '#' || c == ';' || c == '\r' || + c == '\n' || c == '\\' || c == '"') { + if ((c == 0x5c) && ((i+1) < v.length())) { + int nextC = v.charAt(i+1); + if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' || + nextC == '<' || nextC == '>' || nextC == '#' || + nextC == ';' || nextC == '\r' || nextC == '\n' || + nextC == '\\' || nextC == '"')) { + if (doubleEscape) result.append('\\'); } else { result.append('\\'); - if (doubleEscape) - result.append('\\'); + if (doubleEscape) result.append('\\'); } } else { result.append('\\'); - if (doubleEscape) - result.append('\\'); + if (doubleEscape) result.append('\\'); } } if (c == '\r') { @@ -809,10 +812,10 @@ public abstract class EnrollDefault implements IPolicyDefault, } else if (c == '\n') { result.append("0A"); } else { - result.append((char) c); + result.append((char)c); } } return result; } - + } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java index acdf98b4..7cf2a359 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java @@ -17,10 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + + + /** - * This class implements an enrollment extension default policy that extension - * into the certificate template. - * + * This class implements an enrollment extension + * default policy that extension into the certificate + * template. + * * @version $Revision$, $Date$ */ public abstract class EnrollExtDefault extends EnrollDefault { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java index 141718cd..62d21cc8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Enumeration; import java.util.Locale; import java.util.StringTokenizer; @@ -34,10 +35,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Extended - * Key Usage extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates Extended Key Usage extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { @@ -57,16 +60,18 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OIDS)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); } return null; @@ -74,7 +79,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_OIDS)) { return new Descriptor(IDescriptor.STRING_LIST, null, null, @@ -84,87 +90,93 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { ExtendedKeyUsageExtension ext = null; - ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); - if (ext == null) { + ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); + + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - } - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + } + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); + boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) { return; } - ext.setCritical(val); + ext.setCritical(val); } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); - // ext.deleteAllOIDs(); + ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); + // ext.deleteAllOIDs(); StringTokenizer st = new StringTokenizer(value, ","); - if (ext == null) { + if(ext == null) { return; } while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } try { replaceExtension(ExtendedKeyUsageExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); + ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); + - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); + ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); if (ext == null) { return null; @@ -175,54 +187,58 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_OIDS)) { - ext = (ExtendedKeyUsageExtension) getExtension( - ExtendedKeyUsageExtension.OID, info); + ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); StringBuffer sb = new StringBuffer(); - if (ext == null) { + if(ext == null) { return ""; } Enumeration e = ext.getOIDs(); while (e.hasMoreElements()) { - ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); + ObjectIdentifier oid = (ObjectIdentifier) + e.nextElement(); if (!sb.toString().equals("")) { sb.append(","); - } + } sb.append(oid.toString()); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_OIDS) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", - params); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { ExtendedKeyUsageExtension ext = createExtension(); addExtension(ExtendedKeyUsageExtension.OID, ext, info); } public ExtendedKeyUsageExtension createExtension() { - ExtendedKeyUsageExtension ext = null; + ExtendedKeyUsageExtension ext = null; try { ext = new ExtendedKeyUsageExtension(); } catch (Exception e) { - CMS.debug("ExtendedKeyUsageExtDefault: createExtension " - + e.toString()); + CMS.debug("ExtendedKeyUsageExtDefault: createExtension " + + e.toString()); } if (ext == null) return null; @@ -234,7 +250,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault { while (st.hasMoreTokens()) { String oid = st.nextToken(); - ext.addOID(new ObjectIdentifier(oid)); + ext.addOID(new ObjectIdentifier(oid)); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java index a2de8447..7b9bcd52 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -41,10 +42,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Freshest - * CRL extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates Freshest CRL extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class FreshestCRLExtDefault extends EnrollExtDefault { @@ -58,7 +61,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { public static final String CONFIG_ENABLE = "freshestCRLPointEnable_"; public static final String VAL_CRITICAL = "freshestCRLCritical"; - public static final String VAL_CRL_DISTRIBUTION_POINTS = "freshestCRLPointsValue"; + public static final String VAL_CRL_DISTRIBUTION_POINTS = + "freshestCRLPointsValue"; private static final String POINT_TYPE = "Point Type"; private static final String POINT_NAME = "Point Name"; @@ -74,11 +78,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } + protected int getNumPoints() { int num = DEF_NUM_POINTS; String val = getConfig(CONFIG_NUM_POINTS); @@ -97,32 +102,34 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POINTS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_POINTS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_POINTS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS)); + } } super.setConfig(name, value); } + public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - // refesh our config name list + //refesh our config name list super.refreshConfigAndValueNames(); addValueName(VAL_CRITICAL); @@ -142,76 +149,88 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_POINT_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE")); } else if (name.startsWith(CONFIG_POINT_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME")); } else if (name.startsWith(CONFIG_ISSUER_TYPE)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE")); } else if (name.startsWith(CONFIG_ISSUER_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, null, + return new Descriptor(IDescriptor.BOOLEAN, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POINTS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); + return new Descriptor(IDescriptor.STRING_LIST, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { FreshestCRLExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); - if (ext == null) { - populate(locale, info); + if(ext == null) { + populate(locale,info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) getExtension( - FreshestCRLExtension.OID, info); + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) getExtension( - FreshestCRLExtension.OID, info); + ext.setCritical(val); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); int i = 0; @@ -247,7 +266,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { if (issuerType != null) addIssuer(locale, cdp, issuerType, issuerValue); - // this is the first distribution point + // this is the first distribution point if (i == 0) { ext = new FreshestCRLExtension(cdp); ext.setCritical(critical); @@ -257,91 +276,100 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), ext, - info); + replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), + ext, info); } catch (EProfileException e) { - CMS.debug("FreshestCRLExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("FreshestCRLExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, - String type, String value) throws EPropertyException { + private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { try { if (value == null || value.length() == 0) return; - + if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type, value)); + gen.addElement(parseGeneralName(type,value)); cdp.setFullName(gen); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + CMS.debug("FreshestCRLExtDefault: addCRLPoint " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } - private void addIssuer(Locale locale, CRLDistributionPoint cdp, - String type, String value) throws EPropertyException { + private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type, + String value) throws EPropertyException { if (value == null || value.length() == 0) return; try { if (isGeneralNameType(type)) { GeneralNames gen = new GeneralNames(); - gen.addElement(parseGeneralName(type, value)); + gen.addElement(parseGeneralName(type,value)); cdp.setCRLIssuer(gen); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", type)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", type)); } } catch (IOException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } catch (GeneralNamesException e) { - CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString()); + CMS.debug("FreshestCRLExtDefault: addIssuer " + + e.toString()); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { FreshestCRLExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); - if (ext == null) { + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); + if(ext == null) + { try { - populate(locale, info); + populate(locale,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) { return null; @@ -351,9 +379,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { - ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID, - info); + } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { + ext = (FreshestCRLExtension) + getExtension(FreshestCRLExtension.OID, + info); if (ext == null) return ""; @@ -366,7 +395,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { NameValuePairs pairs = null; if (i < ext.getNumPoints()) { - CRLDistributionPoint p = ext.getPointAt(i); + CRLDistributionPoint p = ext.getPointAt(i); GeneralNames gns = p.getFullName(); pairs = buildGeneralNames(gns, p); @@ -375,11 +404,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } recs.addElement(pairs); } - + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -394,8 +423,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { return pairs; } - protected NameValuePairs buildGeneralNames(GeneralNames gns, - CRLDistributionPoint p) throws EPropertyException { + protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p) + throws EPropertyException { NameValuePairs pairs = new NameValuePairs(); @@ -466,15 +495,17 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", + getConfig(CONFIG_CRITICAL), + sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(request); if (ext == null) @@ -488,31 +519,30 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - ext.setCritical(critical); + ext.setCritical(critical); num = getNumPoints(); for (int i = 0; i < num; i++) { CRLDistributionPoint cdp = new CRLDistributionPoint(); - String enable = getConfig(CONFIG_ENABLE + i); - String pointType = getConfig(CONFIG_POINT_TYPE + i); + String enable = getConfig(CONFIG_ENABLE + i); + String pointType = getConfig(CONFIG_POINT_TYPE + i); String pointName = getConfig(CONFIG_POINT_NAME + i); String issuerType = getConfig(CONFIG_ISSUER_TYPE + i); String issuerName = getConfig(CONFIG_ISSUER_NAME + i); if (enable != null && enable.equals("true")) { if (pointType != null) - addCRLPoint(getLocale(request), cdp, pointType, - pointName); + addCRLPoint(getLocale(request), cdp, pointType, pointName); if (issuerType != null) - addIssuer(getLocale(request), cdp, issuerType, - issuerName); + addIssuer(getLocale(request), cdp, issuerType, issuerName); - ext.addPoint(cdp); + ext.addPoint(cdp); } } } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString()); + CMS.debug("FreshestCRLExtDefault: createExtension " + + e.toString()); } return ext; @@ -522,7 +552,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ private void populate(Locale locale, X509CertInfo info) - throws EProfileException { + throws EProfileException { FreshestCRLExtension ext = createExtension(locale); if (ext == null) @@ -558,7 +588,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault { } } } catch (Exception e) { - CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString()); + CMS.debug("FreshestCRLExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java index eb18d5ea..4051f31a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.util.DerOutputStream; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a Netscape - * comment extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Netscape comment extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class GenericExtDefault extends EnrollExtDefault { @@ -59,19 +62,22 @@ public class GenericExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, + "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else if (name.equals(CONFIG_DATA)) { - return new Descriptor(IDescriptor.STRING, null, "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, + "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); } else { return null; @@ -80,51 +86,57 @@ public class GenericExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DATA)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - ext = (Extension) getExtension(oid.toString(), info); + ext = (Extension) + getExtension(oid.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + ext = (Extension) + getExtension(oid.toString(), info); + if (ext == null) { return; } boolean val = Boolean.valueOf(value).booleanValue(); - ext.setCritical(val); - } else if (name.equals(VAL_DATA)) { - ext = (Extension) getExtension(oid.toString(), info); - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_DATA)) { + ext = (Extension) + getExtension(oid.toString(), info); + if (ext == null) { return; } byte data[] = getBytes(value); - ext.setExtensionValue(data); + ext.setExtensionValue(data); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -133,33 +145,37 @@ public class GenericExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { Extension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID)); - ext = (Extension) getExtension(oid.toString(), info); + ext = (Extension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (Extension) getExtension(oid.toString(), info); + ext = (Extension) + getExtension(oid.toString(), info); if (ext == null) { return null; @@ -169,9 +185,10 @@ public class GenericExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DATA)) { + } else if (name.equals(VAL_DATA)) { - ext = (Extension) getExtension(oid.toString(), info); + ext = (Extension) + getExtension(oid.toString(), info); if (ext == null) return ""; @@ -180,29 +197,31 @@ public class GenericExtDefault extends EnrollExtDefault { if (data == null) return ""; - + return toStr(data); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID), - getConfig(CONFIG_DATA) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_OID), + getConfig(CONFIG_DATA) + }; - return CMS - .getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params); } public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); } return b.toString(); } @@ -211,14 +230,14 @@ public class GenericExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { Extension ext = createExtension(request); addExtension(ext.getExtensionId().toString(), ext, info); } public Extension createExtension(IRequest request) { - Extension ext = null; + Extension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -231,12 +250,13 @@ public class GenericExtDefault extends EnrollExtDefault { data = getBytes(mapPattern(request, getConfig(CONFIG_DATA))); } - DerOutputStream out = new DerOutputStream(); + DerOutputStream out = new DerOutputStream(); out.putOctetString(data); ext = new Extension(oid, critical, out.toByteArray()); } catch (Exception e) { - CMS.debug("GenericExtDefault: createExtension " + e.toString()); + CMS.debug("GenericExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java index f2863b4d..5bb8abd4 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -30,10 +31,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that shows an image in the - * approval page. - * + * This class implements an enrollment default policy + * that shows an image in the approval page. + * * @version $Revision$, $Date$ */ public class ImageDefault extends EnrollDefault { @@ -48,7 +50,7 @@ public class ImageDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -65,39 +67,41 @@ public class ImageDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) - throws EPropertyException { + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_IMAGE_URL)) { return request.getExtDataInString(INPUT_IMAGE_URL); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { return null; } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE"); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" ); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index 4aee226c..c6bbc7f7 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.math.BigInteger; import java.util.Locale; @@ -33,9 +34,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * This class implements an inhibit Any-Policy extension - * + * * @version $Revision$, $Date$ */ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { @@ -59,30 +61,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (name.equals(CONFIG_SKIP_CERTS)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); - } + "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS)); + } } super.setConfig(name, value); } @@ -90,35 +93,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SKIP_CERTS)) { return new Descriptor(IDescriptor.INTEGER, null, "0", - CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); + CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { InhibitAnyPolicyExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); - if (ext == null) { - populate(null, info); - } + if(ext == null) { + populate(null,info); + } if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -128,8 +132,8 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -146,44 +150,48 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { BigInteger l = new BigInteger(value); num = new BigInt(l); } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = new InhibitAnyPolicyExtension(critical, num); + ext = new InhibitAnyPolicyExtension(critical, + num); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); } catch (EProfileException e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - InhibitAnyPolicyExtension ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + InhibitAnyPolicyExtension ext = + (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; @@ -194,38 +202,39 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_SKIP_CERTS)) { - ext = (InhibitAnyPolicyExtension) getExtension( - InhibitAnyPolicyExtension.OID, info); + ext = (InhibitAnyPolicyExtension) + getExtension(InhibitAnyPolicyExtension.OID, info); if (ext == null) { return null; } BigInt n = ext.getSkipCerts(); - return "" + n.toInt(); + return ""+n.toInt(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); - } + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); + } } /* - * returns text that goes into description for this extension on a profile + * returns text that goes into description for this extension on + * a profile */ public String getText(Locale locale) { - StringBuffer sb = new StringBuffer(); + StringBuffer sb = new StringBuffer(); sb.append(SKIP_CERTS + ":"); sb.append(getConfig(CONFIG_SKIP_CERTS)); - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", + getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; ext = createExtension(request); @@ -233,11 +242,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { } public InhibitAnyPolicyExtension createExtension(IRequest request) - throws EProfileException { + throws EProfileException { InhibitAnyPolicyExtension ext = null; - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) - .booleanValue(); + boolean critical = Boolean.valueOf( + getConfig(CONFIG_CRITICAL)).booleanValue(); String str = getConfig(CONFIG_SKIP_CERTS); if (str == null || str.equals("")) { @@ -250,7 +259,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { val = new BigInt(b); } catch (NumberFormatException e) { throw new EProfileException( - CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); + CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS")); } try { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java index ae3f382b..8f8837eb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -38,10 +39,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a issuer - * alternative name extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a issuer alternative name extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class IssuerAltNameExtDefault extends EnrollExtDefault { @@ -64,24 +67,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_TYPE)) { - return new Descriptor( - IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "RFC822Name", CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "RFC822Name", + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_TYPE")); } else if (name.equals(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN")); } else { return null; } @@ -89,44 +93,49 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { IssuerAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - + if (name.equals(VAL_CRITICAL)) { - ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -136,9 +145,9 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -146,9 +155,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } if (value.equals("")) { // if value is empty, do not add this extension - deleteExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - info); + deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); return; } GeneralNames gn = new GeneralNames(); @@ -159,55 +166,58 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), ext, - info); + PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - IssuerAlternativeNameExtension ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + IssuerAlternativeNameExtension ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - info); + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -218,15 +228,16 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (IssuerAlternativeNameExtension) getExtension( - PKIXExtensions.IssuerAlternativeName_Id.toString(), - info); - if (ext == null) { + ext = + (IssuerAlternativeNameExtension) + getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info); + if(ext == null) + { return ""; } - GeneralNames names = (GeneralNames) ext - .get(IssuerAlternativeNameExtension.ISSUER_NAME); + GeneralNames names = (GeneralNames) + ext.get(IssuerAlternativeNameExtension.ISSUER_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); @@ -235,33 +246,36 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { if (!sb.toString().equals("")) { sb.append("\r\n"); - } + } sb.append(toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("IssuerAltNameExtDefault: getValue " + e.toString()); + CMS.debug("IssuerAltNameExtDefault: getValue " + + e.toString()); } return null; } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_PATTERN), getConfig(CONFIG_TYPE) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_PATTERN), + getConfig(CONFIG_TYPE) + }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { IssuerAlternativeNameExtension ext = null; try { @@ -270,34 +284,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault { } catch (IOException e) { CMS.debug("IssuerAltNameExtDefault: populate " + e.toString()); } - addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), ext, - info); + addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), + ext, info); } - public IssuerAlternativeNameExtension createExtension(IRequest request) - throws IOException { - IssuerAlternativeNameExtension ext = null; + public IssuerAlternativeNameExtension createExtension(IRequest request) + throws IOException { + IssuerAlternativeNameExtension ext = null; try { ext = new IssuerAlternativeNameExtension(); } catch (Exception e) { CMS.debug(e.toString()); - throw new IOException(e.toString()); + throw new IOException( e.toString() ); } - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) - .booleanValue(); + boolean critical = Boolean.valueOf( + getConfig(CONFIG_CRITICAL)).booleanValue(); String pattern = getConfig(CONFIG_PATTERN); if (!pattern.equals("")) { - GeneralNames gn = new GeneralNames(); + GeneralNames gn = new GeneralNames(); String gname = ""; - if (request != null) { + if(request != null) { gname = mapPattern(request, pattern); } - gn.addElement(parseGeneralName(getConfig(CONFIG_TYPE) + ":" + gname)); + gn.addElement(parseGeneralName( + getConfig(CONFIG_TYPE) + ":" + gname)); ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn); } ext.setCritical(critical); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java index f3c0fc24..c8ed9281 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -33,19 +34,25 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a Key Usage - * extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Key Usage extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "keyUsageCritical"; - public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; - public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation"; - public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; - public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; + public static final String CONFIG_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String CONFIG_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String CONFIG_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String CONFIG_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign"; @@ -53,10 +60,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly"; public static final String VAL_CRITICAL = "keyUsageCritical"; - public static final String VAL_DIGITAL_SIGNATURE = "keyUsageDigitalSignature"; - public static final String VAL_NON_REPUDIATION = "keyUsageNonRepudiation"; - public static final String VAL_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment"; - public static final String VAL_DATA_ENCIPHERMENT = "keyUsageDataEncipherment"; + public static final String VAL_DIGITAL_SIGNATURE = + "keyUsageDigitalSignature"; + public static final String VAL_NON_REPUDIATION = + "keyUsageNonRepudiation"; + public static final String VAL_KEY_ENCIPHERMENT = + "keyUsageKeyEncipherment"; + public static final String VAL_DATA_ENCIPHERMENT = + "keyUsageDataEncipherment"; public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement"; public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign"; public static final String VAL_CRL_SIGN = "keyUsageCrlSign"; @@ -89,40 +100,50 @@ public class KeyUsageExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(CONFIG_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(CONFIG_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(CONFIG_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(CONFIG_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(CONFIG_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(CONFIG_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } else { return null; @@ -131,190 +152,203 @@ public class KeyUsageExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE")); } else if (name.equals(VAL_NON_REPUDIATION)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION")); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT")); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT")); } else if (name.equals(VAL_KEY_AGREEMENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT")); } else if (name.equals(VAL_KEY_CERTSIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN")); } else if (name.equals(VAL_CRL_SIGN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN")); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY")); } else if (name.equals(VAL_DECIPHER_ONLY)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { KeyUsageExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - boolean val = Boolean.valueOf(value).booleanValue(); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) { return; } ext.setCritical(val); - } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val); } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.NON_REPUDIATION, val); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val); } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_AGREEMENT, val); } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.KEY_CERTSIGN, val); } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.CRL_SIGN, val); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.ENCIPHER_ONLY, val); } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); + if(ext == null) { return; } - Boolean val = Boolean.valueOf(value); + Boolean val = Boolean.valueOf(value); ext.set(KeyUsageExtension.DECIPHER_ONLY, val); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("KeyUsageExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - KeyUsageExtension ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + KeyUsageExtension ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; @@ -325,118 +359,122 @@ public class KeyUsageExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.DIGITAL_SIGNATURE); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DIGITAL_SIGNATURE); return val.toString(); } else if (name.equals(VAL_NON_REPUDIATION)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.NON_REPUDIATION); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.NON_REPUDIATION); return val.toString(); } else if (name.equals(VAL_KEY_ENCIPHERMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.KEY_ENCIPHERMENT); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_DATA_ENCIPHERMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.DATA_ENCIPHERMENT); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DATA_ENCIPHERMENT); return val.toString(); } else if (name.equals(VAL_KEY_AGREEMENT)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.KEY_AGREEMENT); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_AGREEMENT); return val.toString(); } else if (name.equals(VAL_KEY_CERTSIGN)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext.get(KeyUsageExtension.KEY_CERTSIGN); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.KEY_CERTSIGN); return val.toString(); } else if (name.equals(VAL_CRL_SIGN)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext.get(KeyUsageExtension.CRL_SIGN); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.CRL_SIGN); return val.toString(); } else if (name.equals(VAL_ENCIPHER_ONLY)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.ENCIPHER_ONLY); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.ENCIPHER_ONLY); return val.toString(); } else if (name.equals(VAL_DECIPHER_ONLY)) { - ext = (KeyUsageExtension) getExtension( - PKIXExtensions.KeyUsage_Id.toString(), info); + ext = (KeyUsageExtension) + getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(KeyUsageExtension.DECIPHER_ONLY); + Boolean val = (Boolean) + ext.get(KeyUsageExtension.DECIPHER_ONLY); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { CMS.debug("KeyUsageExtDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_DIGITAL_SIGNATURE), - getConfig(CONFIG_NON_REPUDIATION), - getConfig(CONFIG_KEY_ENCIPHERMENT), - getConfig(CONFIG_DATA_ENCIPHERMENT), - getConfig(CONFIG_KEY_AGREEMENT), - getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN), - getConfig(CONFIG_ENCIPHER_ONLY), - getConfig(CONFIG_DECIPHER_ONLY) }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", - params); + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_DIGITAL_SIGNATURE), + getConfig(CONFIG_NON_REPUDIATION), + getConfig(CONFIG_KEY_ENCIPHERMENT), + getConfig(CONFIG_DATA_ENCIPHERMENT), + getConfig(CONFIG_KEY_AGREEMENT), + getConfig(CONFIG_KEY_CERTSIGN), + getConfig(CONFIG_CRL_SIGN), + getConfig(CONFIG_ENCIPHER_ONLY), + getConfig(CONFIG_DECIPHER_ONLY) + }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params); } @@ -444,14 +482,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { KeyUsageExtension ext = createKeyUsageExtension(); addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info); } public KeyUsageExtension createKeyUsageExtension() { - KeyUsageExtension ext = null; + KeyUsageExtension ext = null; boolean[] bits = new boolean[KeyUsageExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -468,8 +506,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault { try { ext = new KeyUsageExtension(critical, bits); } catch (Exception e) { - CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " - + e.toString()); + CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java index 39f8e8c4..01e92d6a 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a Netscape - * comment extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Netscape comment extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCCommentExtDefault extends EnrollExtDefault { @@ -57,16 +60,18 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_COMMENT)) { - return new Descriptor(IDescriptor.STRING, null, "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, + "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); } else { return null; @@ -75,60 +80,66 @@ public class NSCCommentExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_COMMENT)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = NSCCommentExtension.OID; - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_COMMENT)) { + ext.setCritical(val); + } else if (name.equals(VAL_COMMENT)) { - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } boolean critical = ext.isCritical(); if (value == null || value.equals("")) ext = new NSCCommentExtension(critical, ""); - // throw new EPropertyException(name+" cannot be empty"); + // throw new EPropertyException(name+" cannot be empty"); else ext = new NSCCommentExtension(critical, value); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -139,33 +150,37 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { NSCCommentExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = NSCCommentExtension.OID; - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); if (ext == null) { return null; @@ -175,9 +190,10 @@ public class NSCCommentExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_COMMENT)) { + } else if (name.equals(VAL_COMMENT)) { - ext = (NSCCommentExtension) getExtension(oid.toString(), info); + ext = (NSCCommentExtension) + getExtension(oid.toString(), info); if (ext == null) return ""; @@ -186,34 +202,35 @@ public class NSCCommentExtDefault extends EnrollExtDefault { if (comment == null) comment = ""; - + return comment; } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_COMMENT) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_COMMENT) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", - params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCCommentExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public NSCCommentExtension createExtension() { - NSCCommentExtension ext = null; + NSCCommentExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -224,7 +241,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault { else ext = new NSCCommentExtension(critical, comment); } catch (Exception e) { - CMS.debug("NSCCommentExtension: createExtension " + e.toString()); + CMS.debug("NSCCommentExtension: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java index 960fa0eb..e3438ccf 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.security.cert.CertificateException; import java.util.Locale; @@ -32,10 +33,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a Netscape - * Certificate Type extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Netscape Certificate Type extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class NSCertTypeExtDefault extends EnrollExtDefault { @@ -80,34 +83,42 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(CONFIG_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(CONFIG_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(CONFIG_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(CONFIG_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { return null; @@ -116,119 +127,129 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_SSL_CLIENT)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT")); } else if (name.equals(VAL_SSL_SERVER)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER")); } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL")); } else if (name.equals(VAL_OBJECT_SIGNING)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING")); } else if (name.equals(VAL_SSL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA")); } else if (name.equals(VAL_EMAIL_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA")); } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { NSCertTypeExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - populate(null, info); + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { - return; + if(ext == null) { + return ; } - ext.setCritical(val); - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + ext.setCritical(val); + } else if (name.equals(VAL_SSL_CLIENT)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CLIENT, val); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_SSL_SERVER)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_SERVER, val); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_EMAIL)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL, val); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_OBJECT_SIGNING)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.OBJECT_SIGNING, val); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_SSL_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.SSL_CA, val); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_EMAIL_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); ext.set(NSCertTypeExtension.EMAIL_CA, val); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { - return; + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); + if(ext == null) { + return ; } Boolean val = Boolean.valueOf(value); @@ -236,8 +257,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { throw new EPropertyException("Invalid name " + name); } - replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, - info); + replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } catch (CertificateException e) { CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); } catch (EProfileException e) { @@ -245,30 +265,32 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { try { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - NSCertTypeExtension ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + NSCertTypeExtension ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; @@ -278,74 +300,72 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_SSL_CLIENT)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_CLIENT)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT); return val.toString(); - } else if (name.equals(VAL_SSL_SERVER)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_SERVER)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER); return val.toString(); - } else if (name.equals(VAL_EMAIL)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_EMAIL)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_OBJECT_SIGNING)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(NSCertTypeExtension.OBJECT_SIGNING); + Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING); return val.toString(); - } else if (name.equals(VAL_SSL_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_SSL_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA); return val.toString(); - } else if (name.equals(VAL_EMAIL_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_EMAIL_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA); return val.toString(); - } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { - ext = (NSCertTypeExtension) getExtension( - NSCertTypeExtension.CertType_Id.toString(), info); + } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { + ext = (NSCertTypeExtension) + getExtension(NSCertTypeExtension.CertType_Id.toString(), info); if (ext == null) { return null; } - Boolean val = (Boolean) ext - .get(NSCertTypeExtension.OBJECT_SIGNING_CA); + Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA); return val.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (CertificateException e) { CMS.debug("NSCertTypeExtDefault: setValue " + e.toString()); @@ -354,14 +374,18 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER), - getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING), - getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA), - getConfig(CONFIG_OBJECT_SIGNING_CA) }; - - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", - params); + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_SSL_CLIENT), + getConfig(CONFIG_SSL_SERVER), + getConfig(CONFIG_EMAIL), + getConfig(CONFIG_OBJECT_SIGNING), + getConfig(CONFIG_SSL_CA), + getConfig(CONFIG_EMAIL_CA), + getConfig(CONFIG_OBJECT_SIGNING_CA) + }; + + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params); } @@ -369,14 +393,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NSCertTypeExtension ext = createExtension(); addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info); } public NSCertTypeExtension createExtension() { - NSCertTypeExtension ext = null; + NSCertTypeExtension ext = null; boolean[] bits = new boolean[NSCertTypeExtension.NBITS]; boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -391,7 +415,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault { try { ext = new NSCertTypeExtension(critical, bits); } catch (Exception e) { - CMS.debug("NSCertTypeExtDefault: createExtension " + e.toString()); + CMS.debug("NSCertTypeExtDefault: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java index 367e83c2..f6ddd915 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -40,22 +41,25 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a name - * constraint extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a name constraint extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class NameConstraintsExtDefault extends EnrollExtDefault { public static final String CONFIG_CRITICAL = "nameConstraintsCritical"; - public static final String CONFIG_NUM_PERMITTED_SUBTREES = "nameConstraintsNumPermittedSubtrees"; + public static final String CONFIG_NUM_PERMITTED_SUBTREES = + "nameConstraintsNumPermittedSubtrees"; public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_"; public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_"; public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_"; public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_"; public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_"; - + public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees"; public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_"; public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_"; @@ -83,7 +87,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); @@ -124,48 +128,48 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", - CONFIG_NUM_PERMITTED_SUBTREES)); - } - - } catch (Exception e) { + if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); + "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); } - } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { - try { - num = Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES)); + } + } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) { - if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", - CONFIG_NUM_EXCLUDED_SUBTREES)); - } + try { + num = Integer.parseInt(value); - } catch (Exception e) { + if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); + "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); } + + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES)); + } } super.setConfig(name, value); } + public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); } protected void refreshConfigAndValueNames() { - // refesh our config name list + //refesh our config name list super.refreshConfigAndValueNames(); @@ -199,112 +203,119 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_PERMITTED_NAME_CHOICE")); - } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { - return new Descriptor( - IDescriptor.STRING, + return new Descriptor(IDescriptor.STRING, null, null, + CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE")); + } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) { + return new Descriptor(IDescriptor.STRING, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL")); } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE")); } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL")); } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, - "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES")); } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, - "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - return new Descriptor( - IDescriptor.STRING_LIST, - null, + return new Descriptor(IDescriptor.STRING_LIST, null, null, CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES")); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { NameConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext.setCritical(val); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) { return; } - if ((value == null) || (value.equals("null")) - || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " - + "blank value for permitted subtrees ... returning"); + if ((value == null) || (value.equals("null")) || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for permitted subtrees ... returning"); return; } @@ -312,47 +323,44 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { Vector permittedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, - new GeneralSubtrees(permittedSubtrees)); + ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, + new GeneralSubtrees(permittedSubtrees)); } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) { return; } - if ((value == null) || (value.equals("null")) - || (value.equals(""))) { - CMS.debug("NameConstraintsExtDefault:setValue : " - + "blank value for excluded subtrees ... returning"); + if ((value == null) || (value.equals("null")) || (value.equals(""))) { + CMS.debug("NameConstraintsExtDefault:setValue : " + + "blank value for excluded subtrees ... returning"); return; } Vector v = parseRecords(value); Vector excludedSubtrees = createSubtrees(locale, v); - ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, - new GeneralSubtrees(excludedSubtrees)); + ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, + new GeneralSubtrees(excludedSubtrees)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, - info); + replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } catch (IOException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("NameConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - private Vector createSubtrees(Locale locale, Vector v) - throws EPropertyException { + private Vector createSubtrees(Locale locale, Vector v) throws EPropertyException { int size = v.size(); String choice = null; String val = ""; @@ -377,16 +385,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else if (name1.equals(MAX_VALUE)) { maxS = nvps.getValue(name1); } - } + } if (choice == null || choice.length() == 0) { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); + "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - + if (val == null) val = ""; - + int min = 0; int max = -1; @@ -401,50 +409,53 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { try { gnI = parseGeneralName(choice + ":" + val); } catch (IOException e) { - CMS.debug("NameConstraintsExtDefault: createSubtress " - + e.toString()); + CMS.debug("NameConstraintsExtDefault: createSubtress " + + e.toString()); } if (gnI != null) { gn = new GeneralName(gnI); } else { throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); + "CMS_PROFILE_GENERAL_NAME_NOT_FOUND")); } - GeneralSubtree subtree = new GeneralSubtree(gn, min, max); + GeneralSubtree subtree = new GeneralSubtree( + gn, min, max); subtrees.addElement(subtree); - } + } return subtrees; } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { NameConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) { return null; @@ -454,9 +465,9 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_PERMITTED_SUBTREES)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + } else if (name.equals(VAL_PERMITTED_SUBTREES)) { + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) return ""; @@ -464,21 +475,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) ext - .get(NameConstraintsExtension.PERMITTED_SUBTREES); + subtrees = (GeneralSubtrees) + ext.get(NameConstraintsExtension.PERMITTED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); + if( subtrees == null ) { + CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" ); + throw new EPropertyException( "subtrees is null" ); } return getSubtreesInfo(ext, subtrees); - } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { - ext = (NameConstraintsExtension) getExtension( - PKIXExtensions.NameConstraints_Id.toString(), info); + } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { + ext = (NameConstraintsExtension) + getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); if (ext == null) return ""; @@ -486,26 +497,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtrees subtrees = null; try { - subtrees = (GeneralSubtrees) ext - .get(NameConstraintsExtension.EXCLUDED_SUBTREES); + subtrees = (GeneralSubtrees) + ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES); } catch (IOException e) { CMS.debug("NameConstraintExtDefault: getValue " + e.toString()); } - if (subtrees == null) { - CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!"); - throw new EPropertyException("subtrees is null"); + if( subtrees == null ) { + CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" ); + throw new EPropertyException( "subtrees is null" ); } return getSubtreesInfo(ext, subtrees); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - private String getSubtreesInfo(NameConstraintsExtension ext, - GeneralSubtrees subtrees) throws EPropertyException { + private String getSubtreesInfo(NameConstraintsExtension ext, + GeneralSubtrees subtrees) throws EPropertyException { Vector trees = subtrees.getSubtrees(); int size = trees.size(); @@ -515,8 +526,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i); GeneralName gn = tree.getGeneralName(); - String type = getGeneralNameType(gn); - int max = tree.getMaxValue(); + String type = getGeneralNameType(gn); + int max = tree.getMaxValue(); int min = tree.getMinValue(); NameValuePairs pairs = new NameValuePairs(); @@ -529,7 +540,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { recs.addElement(pairs); } - + return buildRecords(recs); } @@ -572,8 +583,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -581,14 +592,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { NameConstraintsExtension ext = createExtension(); addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info); } public NameConstraintsExtension createExtension() { - NameConstraintsExtension ext = null; + NameConstraintsExtension ext = null; try { int num = getNumPermitted(); @@ -626,18 +637,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { } } - ext = new NameConstraintsExtension(critical, - new GeneralSubtrees(v), new GeneralSubtrees(v1)); + ext = new NameConstraintsExtension(critical, + new GeneralSubtrees(v), new GeneralSubtrees(v1)); } catch (Exception e) { - CMS.debug("NameConstraintsExtDefault: createExtension " - + e.toString()); + CMS.debug("NameConstraintsExtDefault: createExtension " + + e.toString()); } return ext; } - private GeneralSubtree createSubtree(String choice, String value, - String minS, String maxS) { + private GeneralSubtree createSubtree(String choice, String value, + String minS, String maxS) { GeneralName gn = null; GeneralNameInterface gnI = null; @@ -649,7 +660,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault { if (gnI != null) gn = new GeneralName(gnI); else - // throw new EPropertyException("GeneralName must not be null"); + //throw new EPropertyException("GeneralName must not be null"); return null; int min = 0; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java index 030c8a34..283f5083 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,12 +32,13 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * This class implements no default policy. - * + * * @version $Revision$, $Date$ */ -public class NoDefault implements IPolicyDefault { +public class NoDefault implements IPolicyDefault { public static final String PROP_NAME = "name"; @@ -52,7 +54,8 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { } public String getDefaultConfig(String name) { @@ -64,7 +67,7 @@ public class NoDefault implements IPolicyDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -75,7 +78,8 @@ public class NoDefault implements IPolicyDefault { /** * Populates the request with this policy default. */ - public void populate(IRequest request) throws EProfileException { + public void populate(IRequest request) + throws EProfileException { } public Enumeration getValueNames() { @@ -86,8 +90,9 @@ public class NoDefault implements IPolicyDefault { return null; } - public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, IRequest request, + String value) + throws EPropertyException { } public String getValue(String name, Locale locale, IRequest request) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java index 1fefefa6..28a25a6e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.extensions.OCSPNoCheckExtension; @@ -31,10 +32,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates an OCSP No - * Check extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates an OCSP No Check extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class OCSPNoCheckExtDefault extends EnrollExtDefault { @@ -50,13 +53,14 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { return null; @@ -65,73 +69,79 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension( - OCSPNoCheckExtension.OID, info); + OCSPNoCheckExtension ext = (OCSPNoCheckExtension) + getExtension(OCSPNoCheckExtension.OID, info); - if (ext == null) { + + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, - info); + ext = (OCSPNoCheckExtension) + getExtension(OCSPNoCheckExtension.OID, info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { - return; + if(ext == null) { + return; } ext.setCritical(val); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension( - OCSPNoCheckExtension.OID, info); + OCSPNoCheckExtension ext = (OCSPNoCheckExtension) + getExtension(OCSPNoCheckExtension.OID, info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID, - info); + ext = (OCSPNoCheckExtension) + getExtension(OCSPNoCheckExtension.OID, info); if (ext == null) { return null; @@ -142,8 +152,8 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { return "false"; } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -156,19 +166,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { OCSPNoCheckExtension ext = createExtension(); addExtension(OCSPNoCheckExtension.OID, ext, info); } public OCSPNoCheckExtension createExtension() { - OCSPNoCheckExtension ext = null; + OCSPNoCheckExtension ext = null; try { ext = new OCSPNoCheckExtension(); } catch (Exception e) { - CMS.debug("OCSPNoCheckExtDefault: createExtension " + e.toString()); + CMS.debug("OCSPNoCheckExtDefault: createExtension " + + e.toString()); return null; } boolean critical = getConfigBoolean(CONFIG_CRITICAL); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java index 9a60063b..9a36f0cd 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a policy - * constraints extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a policy constraints extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyConstraintsExtDefault extends EnrollExtDefault { @@ -61,132 +64,143 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); + return new Descriptor(IDescriptor.INTEGER, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); + return new Descriptor(IDescriptor.INTEGER, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - return new Descriptor(IDescriptor.INTEGER, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); + return new Descriptor(IDescriptor.INTEGER, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY")); } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - return new Descriptor(IDescriptor.INTEGER, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); + return new Descriptor(IDescriptor.INTEGER, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING")); } return null; } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { PolicyConstraintsExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); - - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); + + if(ext == null) { return; - } + } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.REQUIRE, num); - } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); - if (ext == null) { + if(ext == null) { return; } Integer num = new Integer(value); ext.set(PolicyConstraintsExtension.INHIBIT, num); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(), - ext, info); + ext, info); } catch (EProfileException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { PolicyConstraintsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); - if (ext == null) { + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) { return null; @@ -196,9 +210,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -207,8 +222,9 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { - ext = (PolicyConstraintsExtension) getExtension( - PKIXExtensions.PolicyConstraints_Id.toString(), info); + ext = (PolicyConstraintsExtension) + getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + info); if (ext == null) return ""; @@ -217,34 +233,36 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { return "" + num; } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_REQ_EXPLICIT_POLICY), - getConfig(CONFIG_INHIBIT_POLICY_MAPPING) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_REQ_EXPLICIT_POLICY), + getConfig(CONFIG_INHIBIT_POLICY_MAPPING) + }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyConstraintsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), ext, info); + addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), + ext, info); } public PolicyConstraintsExtension createExtension() { - PolicyConstraintsExtension ext = null; + PolicyConstraintsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); @@ -263,8 +281,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault { } ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum); } catch (Exception e) { - CMS.debug("PolicyConstraintsExtDefault: createExtension " - + e.toString()); + CMS.debug("PolicyConstraintsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java index 533fb4a4..19bfb361 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,10 +40,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a policy - * mappings extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a policy mappings extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class PolicyMappingsExtDefault extends EnrollExtDefault { @@ -82,26 +85,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_MAPPINGS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_MAPPINGS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS)); + } } super.setConfig(name, value); } @@ -128,25 +132,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY")); } else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, - "CMS_PROFILE_NUM_POLICY_MAPPINGS")); + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS")); } return null; @@ -154,49 +160,55 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_DOMAINS)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS")); } return null; } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); - - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_DOMAINS)) { + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); + + if(ext == null) { return; - } + } Vector v = parseRecords(value); int size = v.size(); @@ -220,67 +232,68 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { enable = nvps.getValue(name1); } } - + if (enable != null && enable.equals("true")) { - if (issuerPolicyId == null - || issuerPolicyId.length() == 0 - || subjectPolicyId == null - || subjectPolicyId.length() == 0) - throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); + if (issuerPolicyId == null || + issuerPolicyId.length() == 0 || subjectPolicyId == null || + subjectPolicyId.length() == 0) + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND")); CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier( - issuerPolicyId)), - new CertificatePolicyId(new ObjectIdentifier( - subjectPolicyId))); + new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)), + new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId))); policyMaps.addElement(map); } } ext.set(PolicyMappingsExtension.MAP, policyMaps); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext, - info); + replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), + ext, info); } catch (EProfileException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { PolicyMappingsExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); - if (ext == null) { + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) { return null; @@ -290,9 +303,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_DOMAINS)) { - ext = (PolicyMappingsExtension) getExtension( - PKIXExtensions.PolicyMappings_Id.toString(), info); + } else if (name.equals(VAL_DOMAINS)) { + ext = (PolicyMappingsExtension) + getExtension(PKIXExtensions.PolicyMappings_Id.toString(), + info); if (ext == null) return ""; @@ -300,7 +314,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { int num_mappings = getNumMappings(); Enumeration maps = ext.getMappings(); - + int num = 0; StringBuffer sb = new StringBuffer(); @@ -309,12 +323,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { for (int i = 0; i < num_mappings; i++) { NameValuePairs pairs = new NameValuePairs(); - if (maps.hasMoreElements()) { - CertificatePolicyMap map = (CertificatePolicyMap) maps - .nextElement(); - + if (maps.hasMoreElements()) { + CertificatePolicyMap map = + (CertificatePolicyMap) maps.nextElement(); + CertificatePolicyId i1 = map.getIssuerIdentifier(); - CertificatePolicyId s1 = map.getSubjectIdentifier(); + CertificatePolicyId s1 = map.getSubjectIdentifier(); pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString()); pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString()); @@ -323,15 +337,15 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { pairs.add(ISSUER_POLICY_ID, ""); pairs.add(SUBJECT_POLICY_ID, ""); pairs.add(POLICY_ID_ENABLE, "false"); - + } recs.addElement(pairs); - } - + } + return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -354,8 +368,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } @@ -363,23 +377,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PolicyMappingsExtension ext = createExtension(); if (ext == null) return; - addExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext, info); + addExtension(PKIXExtensions.PolicyMappings_Id.toString(), + ext, info); } public PolicyMappingsExtension createExtension() { - PolicyMappingsExtension ext = null; + PolicyMappingsExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); Vector policyMaps = new Vector(); int num = getNumMappings(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { @@ -389,17 +404,15 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { return null; } - String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY - + i); + String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i); if (subjectID == null || subjectID.length() == 0) { return null; } CertificatePolicyMap map = new CertificatePolicyMap( - new CertificatePolicyId(new ObjectIdentifier( - issuerID)), new CertificatePolicyId( - new ObjectIdentifier(subjectID))); + new CertificatePolicyId(new ObjectIdentifier(issuerID)), + new CertificatePolicyId(new ObjectIdentifier(subjectID))); policyMaps.addElement(map); } @@ -407,8 +420,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault { ext = new PolicyMappingsExtension(critical, policyMaps); } catch (Exception e) { - CMS.debug("PolicyMappingsExtDefault: createExtension " - + e.toString()); + CMS.debug("PolicyMappingsExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index dd522f30..f1a71ff9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; @@ -36,10 +37,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a Private - * Key Usage Period extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a Private Key Usage Period extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { @@ -67,115 +70,125 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, "0", - CMS.getUserMessage(locale, - "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, null, + "0", + CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); } else if (name.equals(CONFIG_DURATION)) { - return new Descriptor(IDescriptor.STRING, null, "365", + return new Descriptor(IDescriptor.STRING, null, + "365", CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); } else { return null; } } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } else if (name.equals(CONFIG_DURATION)) { - try { - Integer.parseInt(value); - } catch (Exception e) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_DURATION)); - } + try { + Integer.parseInt(value); + } catch (Exception e) { + throw new EPropertyException(CMS.getUserMessage( + "CMS_INVALID_PROPERTY", CONFIG_DURATION)); + } } super.setConfig(name, value); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, null, "0", + return new Descriptor(IDescriptor.STRING, null, + "0", CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, null, "30", + return new Descriptor(IDescriptor.STRING, null, + "30", CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } if (name.equals(VAL_CRITICAL)) { - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), - info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if (ext == null) { return; } - ext.setCritical(val); - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + ext.setCritical(val); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), - info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); - ParsePosition pos = new ParsePosition(0); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); + ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), - info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if (ext == null) { return; } ext.set(PrivateKeyUsageExtension.NOT_AFTER, date); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); @@ -186,33 +199,37 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { PrivateKeyUsageExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id; - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); if (ext == null) { return null; @@ -222,74 +239,80 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_BEFORE)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); if (ext == null) return ""; return formatter.format(ext.getNotBefore()); - } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + } else if (name.equals(VAL_NOT_AFTER)) { + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); - ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info); + ext = (PrivateKeyUsageExtension) + getExtension(oid.toString(), info); if (ext == null) return ""; return formatter.format(ext.getNotAfter()); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - String params[] = { getConfig(CONFIG_CRITICAL), - getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) }; + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_START_TIME), + getConfig(CONFIG_DURATION) + }; - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", - params); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { PrivateKeyUsageExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public PrivateKeyUsageExtension createExtension() { - PrivateKeyUsageExtension ext = null; + PrivateKeyUsageExtension ext = null; try { boolean critical = getConfigBoolean(CONFIG_CRITICAL); - // always + 60 seconds + // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); - if (startTimeStr == null || startTimeStr.equals("")) { - startTimeStr = "60"; - } - int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() - + (1000 * startTime)); + if (startTimeStr == null || startTimeStr.equals("")) { + startTimeStr = "60"; + } + int startTime = Integer.parseInt(startTimeStr); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + + (1000 * startTime)); long notAfterVal = 0; - notAfterVal = notBefore.getTime() - + (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); - ext.setCritical(critical); + ext.setCritical(critical); } catch (Exception e) { - CMS.debug("PrivateKeyUsagePeriodExt: createExtension " - + e.toString()); + CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + + e.toString()); } return ext; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java index 0be29373..4bca9350 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.x509.AlgorithmId; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a signing - * algorithm into the certificate template. - * + * This class implements an enrollment default policy + * that populates a signing algorithm + * into the certificate template. + * * @version $Revision$, $Date$ */ public class SigningAlgDefault extends EnrollDefault { @@ -44,7 +47,8 @@ public class SigningAlgDefault extends EnrollDefault { public static final String CONFIG_ALGORITHM = "signingAlg"; public static final String VAL_ALGORITHM = "signingAlg"; - public static final String DEF_CONFIG_ALGORITHMS = "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; + public static final String DEF_CONFIG_ALGORITHMS = + "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA"; public SigningAlgDefault() { super(); @@ -53,83 +57,89 @@ public class SigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_ALGORITHM)) { return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS, - "SHA256withRSA", CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + "SHA256withRSA", + CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; - } + } } - public String getSigningAlg() { - String signingAlg = getConfig(CONFIG_ALGORITHM); - // if specified, use the specified one. Otherwise, pick - // the best selection for the user - if (signingAlg == null || signingAlg.equals("") - || signingAlg.equals("-")) { - // best pick for the user - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); - return ca.getDefaultAlgorithm(); - } else { - return signingAlg; - } + public String getSigningAlg() + { + String signingAlg = getConfig(CONFIG_ALGORITHM); + // if specified, use the specified one. Otherwise, pick + // the best selection for the user + if (signingAlg == null || signingAlg.equals("") || + signingAlg.equals("-")) { + // best pick for the user + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + return ca.getDefaultAlgorithm(); + } else { + return signingAlg; + } } - public String getDefSigningAlgorithms() { - StringBuffer allowed = new StringBuffer(); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); - String algos[] = ca.getCASigningAlgorithms(); - for (int i = 0; i < algos.length; i++) { - if (allowed.length() == 0) { - allowed.append(algos[i]); - } else { - allowed.append(","); - allowed.append(algos[i]); - } + public String getDefSigningAlgorithms() + { + StringBuffer allowed = new StringBuffer(); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + String algos[] = ca.getCASigningAlgorithms(); + for (int i = 0; i < algos.length; i++) { + if (allowed.length()== 0) { + allowed.append(algos[i]); + } else { + allowed.append(","); + allowed.append(algos[i]); } - return allowed.toString(); - } + } + return allowed.toString(); + } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALGORITHM)) { String allowed = getDefSigningAlgorithms(); - return new Descriptor(IDescriptor.CHOICE, allowed, null, + return new Descriptor(IDescriptor.CHOICE, + allowed, null, CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM")); } return null; } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALGORITHM)) { try { - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( AlgorithmId.getAlgorithmId(value))); } catch (Exception e) { CMS.debug("SigningAlgDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) throw new EPropertyException("Invalid name " + name); @@ -138,26 +148,26 @@ public class SigningAlgDefault extends EnrollDefault { CertificateAlgorithmId algId = null; try { - algId = (CertificateAlgorithmId) info - .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) algId - .get(CertificateAlgorithmId.ALGORITHM); + algId = (CertificateAlgorithmId) + info.get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) + algId.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("SigningAlgDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", getSigningAlg()); } @@ -165,9 +175,10 @@ public class SigningAlgDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { try { - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId( + info.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId( AlgorithmId.getAlgorithmId(getSigningAlg()))); } catch (Exception e) { CMS.debug("SigningAlgDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java index e652f033..64d822e8 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -42,10 +43,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a subject - * alternative name extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a subject alternative name extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectAltNameExtDefault extends EnrollExtDefault { @@ -88,67 +91,70 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (num >= MAX_NUM_GN) - num = DEF_NUM_GN; + num = DEF_NUM_GN; return num; } + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { - super.init(profile, config); - refreshConfigAndValueNames(); + super.init(profile,config); + refreshConfigAndValueNames(); // migrate old parameters to new parameters String old_type = null; String old_pattern = null; IConfigStore paramConfig = config.getSubStore("params"); try { - if (paramConfig != null) { - old_type = paramConfig.getString(CONFIG_OLD_TYPE); - } + if (paramConfig != null) { + old_type = paramConfig.getString(CONFIG_OLD_TYPE); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type); + CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + + old_type); try { - if (paramConfig != null) { - old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); - } + if (paramConfig != null) { + old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN); + } } catch (EBaseException e) { - // nothing to do here + // nothing to do here } - CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" - + old_pattern); - if (old_type != null && old_pattern != null) { - CMS.debug("SubjectAltNameExtDefault: Upgrading"); - try { - paramConfig.putString(CONFIG_NUM_GNS, "1"); - paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); - paramConfig.putString(CONFIG_TYPE + "0", old_type); - paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); - paramConfig.remove(CONFIG_OLD_TYPE); - paramConfig.remove(CONFIG_OLD_PATTERN); - profile.getConfigStore().commit(true); - } catch (Exception e) { - CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); - } + CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" + + old_pattern); + if (old_type != null && old_pattern != null) { + CMS.debug("SubjectAltNameExtDefault: Upgrading"); + try { + paramConfig.putString(CONFIG_NUM_GNS, "1"); + paramConfig.putString(CONFIG_GN_ENABLE + "0", "true"); + paramConfig.putString(CONFIG_TYPE + "0", old_type); + paramConfig.putString(CONFIG_PATTERN + "0", old_pattern); + paramConfig.remove(CONFIG_OLD_TYPE); + paramConfig.remove(CONFIG_OLD_PATTERN); + profile.getConfigStore().commit(true); + } catch (Exception e) { + CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e); + } } } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_GNS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_GN || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_GN || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS)); + } } super.setConfig(name, value); } @@ -168,31 +174,34 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { int num = getNumGNs(); addConfigName(CONFIG_NUM_GNS); for (int i = 0; i < num; i++) { - addConfigName(CONFIG_TYPE + i); - addConfigName(CONFIG_PATTERN + i); - addConfigName(CONFIG_GN_ENABLE + i); + addConfigName(CONFIG_TYPE + i); + addConfigName(CONFIG_PATTERN + i); + addConfigName(CONFIG_GN_ENABLE + i); } } - - public IDescriptor getConfigDescriptor(Locale locale, String name) { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_TYPE)) { - return new Descriptor( - IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", - "RFC822Name", CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName", + "RFC822Name", + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN")); } else if (name.startsWith(CONFIG_GN_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE")); } else if (name.startsWith(CONFIG_NUM_GNS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", + return new Descriptor(IDescriptor.INTEGER, null, + "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS")); } @@ -201,37 +210,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { SubjectAlternativeNameExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if (ext == null) { - populate(null, info); - } + if(ext == null) { + populate(null,info); + } if (name.equals(VAL_CRITICAL)) { - ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -241,9 +254,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { ext.setCritical(critical); } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { // it is ok, the extension is never populated or delted @@ -251,9 +264,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } if (value.equals("")) { // if value is empty, do not add this extension - deleteExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); return; } GeneralNames gn = new GeneralNames(); @@ -268,63 +279,64 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } GeneralNameInterface n = parseGeneralName(gname); if (n != null) { - gn.addElement(n); + gn.addElement(n); } } if (gn.size() == 0) { - CMS.debug("GN size is zero"); - deleteExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + CMS.debug("GN size is zero"); + deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); return; } else { - CMS.debug("GN size is non zero (" + gn.size() + ")"); - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + CMS.debug("GN size is non zero (" + gn.size() + ")"); + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), ext, - info); + PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { try { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - SubjectAlternativeNameExtension ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), info); + SubjectAlternativeNameExtension ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; @@ -335,108 +347,106 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectAlternativeNameExtension) getExtension( - PKIXExtensions.SubjectAlternativeName_Id.toString(), - info); + ext = + (SubjectAlternativeNameExtension) + getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info); if (ext == null) { return null; } - GeneralNames names = (GeneralNames) ext - .get(SubjectAlternativeNameExtension.SUBJECT_NAME); + GeneralNames names = (GeneralNames) + ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME); StringBuffer sb = new StringBuffer(); Enumeration e = names.elements(); while (e.hasMoreElements()) { Object o = (Object) e.nextElement(); if (!(o instanceof GeneralName)) - continue; + continue; GeneralName gn = (GeneralName) o; if (!sb.toString().equals("")) { sb.append("\r\n"); } sb.append(toGeneralNameString(gn)); - CMS.debug("SubjectAltNameExtDefault: getValue append GN:" - + toGeneralNameString(gn)); + CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn)); } return sb.toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } catch (IOException e) { - CMS.debug("SubjectAltNameExtDefault: getValue " + e.toString()); + CMS.debug("SubjectAltNameExtDefault: getValue " + + e.toString()); } return null; } /* - * returns text that goes into description for this extension on a profile + * returns text that goes into description for this extension on + * a profile */ public String getText(Locale locale) { StringBuffer sb = new StringBuffer(); String numGNs = getConfig(CONFIG_NUM_GNS); int num = getNumGNs(); - for (int i = 0; i < num; i++) { + for (int i= 0; i< num; i++) { sb.append("Record #"); sb.append(i); sb.append("{"); sb.append(GN_PATTERN + ":"); sb.append(getConfig(CONFIG_PATTERN + i)); sb.append(","); - sb.append(GN_TYPE + ":"); - sb.append(getConfig(CONFIG_TYPE + i)); + sb.append(GN_TYPE +":"); + sb.append(getConfig(CONFIG_TYPE +i)); sb.append(","); sb.append(GN_ENABLE + ":"); sb.append(getConfig(CONFIG_GN_ENABLE + i)); sb.append("}"); - } - ; + }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectAlternativeNameExtension ext = null; try { - /* read from config file */ + /* read from config file*/ ext = createExtension(request); } catch (IOException e) { CMS.debug("SubjectAltNameExtDefault: populate " + e.toString()); } if (ext != null) { - addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), + ext, info); } else { CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out"); } } public SubjectAlternativeNameExtension createExtension(IRequest request) - throws IOException { + throws IOException { SubjectAlternativeNameExtension ext = null; int num = getNumGNs(); - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) - .booleanValue(); + boolean critical = Boolean.valueOf( + getConfig(CONFIG_CRITICAL)).booleanValue(); GeneralNames gn = new GeneralNames(); int count = 0; // # of actual gnames - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_GN_ENABLE + i); + for (int i=0; i< num; i++) { + String enable = getConfig(CONFIG_GN_ENABLE +i); if (enable != null && enable.equals("true")) { - CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i); - + CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) { pattern = " "; @@ -447,31 +457,28 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { // cfu - see if this is server-generated (e.g. UUID4) // to use this feature, use $server.source$ in pattern - String source = getConfig(CONFIG_SOURCE + i); + String source = getConfig(CONFIG_SOURCE +i); String type = getConfig(CONFIG_TYPE + i); if ((source != null) && (!source.equals(""))) { if (type.equalsIgnoreCase("OtherName")) { - CMS.debug("SubjectAlternativeNameExtension: using " - + source + " as gn"); + CMS.debug("SubjectAlternativeNameExtension: using "+ + source+ " as gn"); if (source.equals(CONFIG_SOURCE_UUID4)) { - UUID randUUID = UUID.randomUUID(); - // call the mapPattern that does server-side gen - // request is not used, but needed for the - // substitute - // function - gname = mapPattern(randUUID.toString(), - request, pattern); - } else { // expand more server-gen types here - CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " - + source + ". Supported: UUID4"); - continue; + UUID randUUID = UUID.randomUUID(); + // call the mapPattern that does server-side gen + // request is not used, but needed for the substitute + // function + gname = mapPattern(randUUID.toString(), request, pattern); + } else { //expand more server-gen types here + CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4"); + continue; } } else { - CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); - continue; + CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName"); + continue; } } else { - if (request != null) { + if (request != null) { gname = mapPattern(request, pattern); } } @@ -480,13 +487,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("gname is empty, not added"); continue; } - CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" - + gname); + CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname); - GeneralNameInterface n = parseGeneralName(type + ":" - + gname); + GeneralNameInterface n = parseGeneralName(type + ":" + gname); - CMS.debug("adding gname: " + gname); + CMS.debug("adding gname: "+gname); if (n != null) { CMS.debug("SubjectAlternativeNameExtension: n not null"); gn.addElement(n); @@ -495,26 +500,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { CMS.debug("SubjectAlternativeNameExtension: n null"); } } - } - } // for + } + } //for if (count != 0) { - try { - ext = new SubjectAlternativeNameExtension(); - } catch (Exception e) { - CMS.debug(e.toString()); - throw new IOException(e.toString()); - } - ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); - ext.setCritical(critical); + try { + ext = new SubjectAlternativeNameExtension(); + } catch (Exception e) { + CMS.debug(e.toString()); + throw new IOException( e.toString() ); + } + ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn); + ext.setCritical(critical); } else { - CMS.debug("count is 0"); - } + CMS.debug("count is 0"); + } return ext; } - public String mapPattern(IRequest request, String pattern) - throws IOException { + public String mapPattern(IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -524,8 +529,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { } // for server-side generated values - public String mapPattern(String val, IRequest request, String pattern) - throws IOException { + public String mapPattern(String val, IRequest request, String pattern) + throws IOException { Pattern p = new Pattern(pattern); IAttrSet attrSet = null; if (request != null) { @@ -534,8 +539,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault { try { attrSet.set("source", val); } catch (Exception e) { - CMS.debug("SubjectAlternativeNameExtension: mapPattern source " - + e.toString()); + CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString()); } return p.substitute("server", attrSet); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java index aecbdc8c..0259fb36 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java @@ -43,9 +43,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates a subject - * directory attributes extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a subject directory attributes extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { @@ -70,7 +71,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } @@ -93,25 +94,27 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return num; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(DEF_NUM_ATTRS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_ATTRS || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_ATTRS || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS)); + } } super.setConfig(name, value); } + public Enumeration getConfigNames() { refreshConfigAndValueNames(); return super.getConfigNames(); @@ -133,82 +136,93 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); } else if (name.startsWith(CONFIG_ATTR_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME")); } else if (name.startsWith(CONFIG_PATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE")); } else if (name.startsWith(CONFIG_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, null, + return new Descriptor(IDescriptor.BOOLEAN, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE")); } else if (name.startsWith(CONFIG_NUM_ATTRS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", - CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); - } + return new Descriptor(IDescriptor.INTEGER, null, + "1", + CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); + } return null; } public IDescriptor getValueDescriptor(Locale locale, String name) { - if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + if (name.equals(VAL_CRITICAL)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_ATTR)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { SubjectDirAttributesExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) + { return; } - ext.setCritical(val); - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); - - if (ext == null) { + ext.setCritical(val); + } else if (name.equals(VAL_ATTR)) { + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); + + if(ext == null) + { return; } Vector v = parseRecords(value); int size = v.size(); - + boolean critical = ext.isCritical(); X500NameAttrMap map = X500NameAttrMap.getDefault(); Vector attrV = new Vector(); - for (int i = 0; i < size; i++) { + for (int i=0; i < size; i++) { NameValuePairs nvps = (NameValuePairs) v.elementAt(i); Enumeration names = nvps.getNames(); String attrName = null; @@ -227,8 +241,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } if (enable.equals("true")) { - AttributeConfig attributeConfig = new AttributeConfig( - attrName, attrValue); + AttributeConfig attributeConfig = + new AttributeConfig(attrName, attrValue); Attribute attr = attributeConfig.mAttribute; if (attr != null) attrV.addElement(attr); @@ -242,42 +256,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else return; } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - replaceExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } catch (EProfileException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (IOException e) { - CMS.debug("SubjectDirAttributesExtDefault: setValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectDirAttributesExtDefault: setValue " + + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { SubjectDirAttributesExtension ext = null; if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), info); + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (name.equals(VAL_CRITICAL)) { - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) { return null; @@ -287,10 +302,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_ATTR)) { - ext = (SubjectDirAttributesExtension) getExtension( - PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - info); + } else if (name.equals(VAL_ATTR)) { + ext = (SubjectDirAttributesExtension) + getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + info); if (ext == null) return ""; @@ -300,45 +315,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Vector recs = new Vector(); int num = getNumAttrs(); Enumeration e = ext.getAttributesList(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" - + e); - int i = 0; + CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e); + int i=0; while (e.hasMoreElements()) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "true"); - Attribute attr = (Attribute) (e.nextElement()); - CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" - + attr); + Attribute attr = (Attribute)(e.nextElement()); + CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr); ObjectIdentifier oid = attr.getOid(); - CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" - + oid); - + CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid); + String vv = map.getName(oid); - if (vv != null) + if (vv != null) pairs.add(ATTR_NAME, vv); else pairs.add(ATTR_NAME, oid.toString()); Enumeration v = attr.getValues(); - + // just support single value for now StringBuffer ss = new StringBuffer(); while (v.hasMoreElements()) { if (ss.length() == 0) - ss.append((String) (v.nextElement())); + ss.append((String)(v.nextElement())); else { ss.append(","); - ss.append((String) (v.nextElement())); + ss.append((String)(v.nextElement())); } } - pairs.add(ATTR_VALUE, ss.toString()); + pairs .add(ATTR_VALUE, ss.toString()); recs.addElement(pairs); i++; } - - for (; i < num; i++) { + + for (;i < num; i++) { NameValuePairs pairs = new NameValuePairs(); pairs.add(ENABLE, "false"); pairs.add(ATTR_NAME, "GENERATIONQUALIFIER"); @@ -348,8 +360,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -371,50 +383,52 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { sb.append(getConfig(CONFIG_ENABLE + i)); sb.append("}"); } - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", - getConfig(CONFIG_CRITICAL), sb.toString()); + return CMS.getUserMessage(locale, + "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", + getConfig(CONFIG_CRITICAL), + sb.toString()); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectDirAttributesExtension ext = createExtension(request); if (ext == null) return; - addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), - ext, info); + addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), + ext, info); } public SubjectDirAttributesExtension createExtension(IRequest request) - throws EProfileException { - SubjectDirAttributesExtension ext = null; + throws EProfileException { + SubjectDirAttributesExtension ext = null; int num = 0; boolean critical = getConfigBoolean(CONFIG_CRITICAL); num = getNumAttrs(); - + AttributeConfig attributeConfig = null; Vector attrs = new Vector(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); + String enable = getConfig(CONFIG_ENABLE + i); if (enable != null && enable.equals("true")) { String attrName = getConfig(CONFIG_ATTR_NAME + i); - String pattern = getConfig(CONFIG_PATTERN + i); + String pattern = getConfig(CONFIG_PATTERN + i); if (pattern == null || pattern.equals("")) pattern = " "; - // check pattern syntax + //check pattern syntax int startpos = pattern.indexOf("$"); int lastpos = pattern.lastIndexOf("$"); String attrValue = pattern; - if (!pattern.equals("") && startpos != -1 && startpos == 0 - && lastpos != -1 && lastpos == (pattern.length() - 1)) { + if (!pattern.equals("") && startpos != -1 && + startpos == 0 && lastpos != -1 && + lastpos == (pattern.length()-1)) { if (request != null) { try { attrValue = mapPattern(request, pattern); @@ -422,7 +436,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { throw new EProfileException(e.toString()); } } - } + } try { attributeConfig = new AttributeConfig(attrName, attrValue); } catch (EPropertyException e) { @@ -439,7 +453,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault { Attribute[] attrList = new Attribute[attrs.size()]; attrs.copyInto(attrList); try { - ext = new SubjectDirAttributesExtension(attrList, critical); + ext = + new SubjectDirAttributesExtension(attrList, critical); } catch (IOException e) { throw new EProfileException(e.toString()); } @@ -455,52 +470,51 @@ class AttributeConfig { protected Attribute mAttribute = null; public AttributeConfig(String attrName, String attrValue) - throws EPropertyException { + throws EPropertyException { X500NameAttrMap map = X500NameAttrMap.getDefault(); - + if (attrName == null || attrName.length() == 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName)); } - + if (attrValue == null || attrValue.length() == 0) { - throw new EPropertyException(CMS.getUserMessage( - "CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); + throw new EPropertyException( + CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue)); } try { mAttributeOID = new ObjectIdentifier(attrName); } catch (Exception e) { - CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " - + attrName); + CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName); } if (mAttributeOID == null) { mAttributeOID = map.getOid(attrName); if (mAttributeOID == null) - throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTRIBUTE", attrName)); + throw new EPropertyException( + CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName)); try { checkValue(mAttributeOID, attrValue); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } + try { - mAttribute = new Attribute(mAttributeOID, - str2MultiValues(attrValue)); + mAttribute = new Attribute(mAttributeOID, + str2MultiValues(attrValue)); } catch (IOException e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); + "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage())); } } - private static void checkValue(ObjectIdentifier oid, String val) - throws IOException { - AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter( - oid); + private static void checkValue(ObjectIdentifier oid, String val) + throws IOException { + AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid); DerValue derval; derval = c.getValue(val); // errs encountered will get thrown. @@ -513,7 +527,7 @@ class AttributeConfig { while (tokenizer.hasMoreTokens()) { v.addElement(tokenizer.nextToken()); } - + return v; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java index 115d3f62..8a3f2afc 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Enumeration; import java.util.Locale; @@ -39,10 +40,11 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates Subject - * Info Access extension. - * + * This class implements an enrollment default policy + * that populates Subject Info Access extension. + * * @version $Revision$, $Date$ */ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { @@ -85,28 +87,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return num; } - + public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); refreshConfigAndValueNames(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { int num = 0; if (name.equals(CONFIG_NUM_ADS)) { - try { - num = Integer.parseInt(value); + try { + num = Integer.parseInt(value); - if (num >= MAX_NUM_AD || num < 0) { - throw new EPropertyException(CMS.getUserMessage( + if (num >= MAX_NUM_AD || num < 0) { + throw new EPropertyException(CMS.getUserMessage( "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + } - } catch (Exception e) { + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); - } + "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS)); + } } super.setConfig(name, value); } @@ -134,27 +137,30 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.startsWith(CONFIG_AD_METHOD)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD")); } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) { - return new Descriptor( - IDescriptor.CHOICE, - "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", - "URIName", CMS.getUserMessage(locale, - "CMS_PROFILE_AD_LOCATIONTYPE")); + return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", + "URIName", + CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE")); } else if (name.startsWith(CONFIG_AD_LOCATION)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION")); } else if (name.startsWith(CONFIG_AD_ENABLE)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE")); - } else if (name.startsWith(CONFIG_NUM_ADS)) { - return new Descriptor(IDescriptor.INTEGER, null, "1", + } else if (name.startsWith(CONFIG_NUM_ADS)) { + return new Descriptor(IDescriptor.INTEGER, null, + "1", CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS")); } return null; @@ -162,52 +168,58 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_GENERAL_NAMES)) { - return new Descriptor(IDescriptor.STRING_LIST, null, null, + return new Descriptor(IDescriptor.STRING_LIST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { try { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } + SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); ObjectIdentifier oid = a.getExtensionId(); - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { - populate(null, info); + if(ext == null) { + populate(null,info); } - + if (name.equals(VAL_CRITICAL)) { - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); boolean val = Boolean.valueOf(value).booleanValue(); - if (ext == null) { + if(ext == null) + { return; } - ext.setCritical(val); - } else if (name.equals(VAL_GENERAL_NAMES)) { + ext.setCritical(val); + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { return; } boolean critical = ext.isCritical(); @@ -243,78 +255,73 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { GeneralName gn = null; if (locationType != null || location != null) { - GeneralNameInterface interface1 = parseGeneralName(locationType - + ":" + location); + GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location); if (interface1 == null) - throw new EPropertyException( - CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", - locationType)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", locationType)); gn = new GeneralName(interface1); } - + if (method != null) { try { - ext.addAccessDescription(new ObjectIdentifier( - method), gn); + ext.addAccessDescription(new ObjectIdentifier(method), gn); } catch (NumberFormatException ee) { - CMS.debug("SubjectInfoAccessExtDefault: " - + ee.toString()); - throw new EPropertyException( - CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_SIA_OID", - method)); + CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_DEF_SIA_OID", method)); } } } } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(ext.getExtensionId().toString(), ext, info); } catch (IOException e) { CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } catch (EProfileException e) { CMS.debug("SubjectInfoAccessExtDefault: " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { SubjectInfoAccessExtension ext = null; - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false); - ObjectIdentifier oid = a.getExtensionId(); + ObjectIdentifier oid = a.getExtensionId(); - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - CMS.debug("SubjectInfoAccessExtDefault: getValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); if (ext == null) { return null; @@ -324,20 +331,20 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { } else { return "false"; } - } else if (name.equals(VAL_GENERAL_NAMES)) { + } else if (name.equals(VAL_GENERAL_NAMES)) { - ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), - info); + ext = (SubjectInfoAccessExtension) + getExtension(oid.toString(), info); if (ext == null) return ""; int num = getNumAds(); - + CMS.debug("SubjectInfoAccess num=" + num); Vector recs = new Vector(); - for (int i = 0; i < num; i++) { + for (int i = 0; i < num; i++) { NameValuePairs np = new NameValuePairs(); AccessDescription des = null; @@ -351,7 +358,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { np.add(AD_ENABLE, "false"); } else { ObjectIdentifier methodOid = des.getMethod(); - GeneralName gn = des.getLocation(); + GeneralName gn = des.getLocation(); np.add(AD_METHOD, methodOid.toString()); np.add(AD_LOCATION_TYPE, getGeneralNameType(gn)); @@ -363,8 +370,8 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { return buildRecords(recs); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -390,7 +397,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { ads.append(getConfig(CONFIG_AD_ENABLE + i)); ads.append("}"); } - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", getConfig(CONFIG_CRITICAL), ads.toString()); } @@ -398,14 +405,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectInfoAccessExtension ext = createExtension(); addExtension(ext.getExtensionId().toString(), ext, info); } public SubjectInfoAccessExtension createExtension() { - SubjectInfoAccessExtension ext = null; + SubjectInfoAccessExtension ext = null; int num = getNumAds(); try { @@ -427,22 +434,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault { String hostname = CMS.getEENonSSLHost(); String port = CMS.getEENonSSLPort(); if (hostname != null && port != null) - location = "http://" + hostname + ":" + port - + "/ocsp"; + location = "http://"+hostname+":"+port+"/ocsp"; } } String s = locationType + ":" + location; GeneralNameInterface gn = parseGeneralName(s); if (gn != null) { - ext.addAccessDescription(new ObjectIdentifier(method), - new GeneralName(gn)); + ext.addAccessDescription(new ObjectIdentifier(method), + new GeneralName(gn)); } } } } catch (Exception e) { - CMS.debug("SubjectInfoAccessExtDefault: createExtension " - + e.toString()); + CMS.debug("SubjectInfoAccessExtDefault: createExtension " + + e.toString()); } return ext; diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java index 729d279d..d8b09f5d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -38,10 +39,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a subject - * key identifier extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a subject key identifier extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { @@ -58,61 +61,70 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CRITICAL)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); } else if (name.equals(VAL_KEY_ID)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_CRITICAL)) { // read-only; do nothing } else if (name.equals(VAL_KEY_ID)) { // read-only; do nothing } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension( - PKIXExtensions.SubjectKey_Id.toString(), info); + SubjectKeyIdentifierExtension ext = + (SubjectKeyIdentifierExtension) getExtension( + PKIXExtensions.SubjectKey_Id.toString(), info); - if (ext == null) { + if(ext == null) + { try { - populate(null, info); + populate(null,info); } catch (EProfileException e) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } if (name.equals(VAL_CRITICAL)) { - ext = (SubjectKeyIdentifierExtension) getExtension( + ext = + (SubjectKeyIdentifierExtension) getExtension( PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { @@ -124,7 +136,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return "false"; } } else if (name.equals(VAL_KEY_ID)) { - ext = (SubjectKeyIdentifierExtension) getExtension( + ext = + (SubjectKeyIdentifierExtension) getExtension( PKIXExtensions.SubjectKey_Id.toString(), info); if (ext == null) { @@ -133,18 +146,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { KeyIdentifier kid = null; try { - kid = (KeyIdentifier) ext - .get(SubjectKeyIdentifierExtension.KEY_ID); + kid = (KeyIdentifier) + ext.get(SubjectKeyIdentifierExtension.KEY_ID); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " - + "kid is null!"); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " + + "kid is null!" ); + throw new EPropertyException( CMS.getUserMessage( locale, + "CMS_INVALID_PROPERTY", + name ) ); } return toHexString(kid.getIdentifier()); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -156,7 +170,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { SubjectKeyIdentifierExtension ext = createExtension(info); addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info); @@ -170,38 +184,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault { return null; } SubjectKeyIdentifierExtension ext = null; - - boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)) - .booleanValue(); + + boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue(); try { - ext = new SubjectKeyIdentifierExtension(critical, - kid.getIdentifier()); + ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier()); } catch (IOException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " - + e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + + e.toString()); // } return ext; } - public KeyIdentifier getKeyIdentifier(X509CertInfo info) { - try { - CertificateX509Key infokey = (CertificateX509Key) info - .get(X509CertInfo.KEY); + public KeyIdentifier getKeyIdentifier(X509CertInfo info) { + try { + CertificateX509Key infokey = (CertificateX509Key) + info.get(X509CertInfo.KEY); X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); MessageDigest md = MessageDigest.getInstance("SHA-1"); - md.update(key.getKey()); + md.update(key.getKey()); byte[] hash = md.digest(); return new KeyIdentifier(hash); } catch (NoSuchAlgorithmException e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " - + e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } catch (Exception e) { - CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " - + e.toString()); + CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + + e.toString()); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java index 09da34be..9f404e89 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates server-side - * configurable subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates server-side configurable subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class SubjectNameDefault extends EnrollDefault { @@ -52,14 +55,15 @@ public class SubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - if (name.equals(CONFIG_NAME)) { - return new Descriptor(IDescriptor.STRING, null, "CN=TEST", - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_NAME)) { + return new Descriptor(IDescriptor.STRING, + null, "CN=TEST", CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } @@ -68,17 +72,19 @@ public class SubjectNameDefault extends EnrollDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NAME)) { return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -86,59 +92,59 @@ public class SubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); if (x500name != null) { - CMS.debug("SubjectNameDefault: setValue x500name=" - + x500name.toString()); + CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString()); } } catch (IOException e) { CMS.debug("SubjectNameDefault: setValue " + e.toString()); // failed to build x500 name } - CMS.debug("SubjectNameDefault: setValue name=" - + x500name.toString()); + CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString()); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("SubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); CMS.debug("SubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("SubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", getConfig(CONFIG_NAME)); } @@ -146,13 +152,13 @@ public class SubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; String subjectName = null; try { - subjectName = mapPattern(request, getConfig(CONFIG_NAME)); + subjectName = mapPattern(request, getConfig(CONFIG_NAME)); } catch (IOException e) { CMS.debug("SubjectNameDefault: mapPattern " + e.toString()); } @@ -170,7 +176,8 @@ public class SubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("SubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java index 01322bc2..c834eee1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.util.Locale; import netscape.security.x509.CertificateExtensions; @@ -33,10 +34,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a - * user-supplied extension into the certificate template. - * + * This class implements an enrollment default policy + * that populates a user-supplied extension + * into the certificate template. + * * @version $Revision$, $Date$ */ public class UserExtensionDefault extends EnrollExtDefault { @@ -54,13 +57,14 @@ public class UserExtensionDefault extends EnrollExtDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_OID)) { - return new Descriptor(IDescriptor.STRING, null, "Comment Here...", + return new Descriptor(IDescriptor.STRING, null, + "Comment Here...", CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else { return null; @@ -69,23 +73,27 @@ public class UserExtensionDefault extends EnrollExtDefault { public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_OID)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_OID")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_OID")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { // Nothing to do for read-only values } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_OID)) { Extension ext = getExtension(getConfig(CONFIG_OID), info); @@ -96,37 +104,35 @@ public class UserExtensionDefault extends EnrollExtDefault { } return ext.getExtensionId().toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", - getConfig(CONFIG_OID)); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID)); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateExtensions inExts = null; String oid = getConfig(CONFIG_OID); - inExts = request - .getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); + inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS); if (inExts == null) - return; + return; Extension ext = getExtension(getConfig(CONFIG_OID), inExts); if (ext == null) { - CMS.debug("UserExtensionDefault: no user ext supplied for " + oid); - return; + CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid); + return; } // user supplied the ext that's allowed, replace the def set by system deleteExtension(oid, info); - CMS.debug("UserExtensionDefault: using user supplied ext for " + oid); + CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid); addExtension(oid, ext, info); } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java index 34009e14..1cff57df 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.interfaces.DSAParams; @@ -39,10 +40,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a user - * supplied key into the certificate template. - * + * This class implements an enrollment default policy + * that populates a user supplied key + * into the certificate template. + * * @version $Revision$, $Date$ */ public class UserKeyDefault extends EnrollDefault { @@ -59,74 +62,86 @@ public class UserKeyDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEY)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_KEY")); } else if (name.equals(VAL_LEN)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN")); } else if (name.equals(VAL_TYPE)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_KEY)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) + info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) ck.get(CertificateX509Key.KEY); + k = (X509Key) + ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing - } + } if (k == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_NOT_FOUND")); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_KEY_NOT_FOUND")); } return toHexString(k.getKey()); } else if (name.equals(VAL_LEN)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) + info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) ck.get(CertificateX509Key.KEY); + k = (X509Key) + ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_NOT_FOUND")); + if (k == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_KEY_NOT_FOUND")); } try { if (k.getAlgorithm().equals("RSA")) { @@ -136,33 +151,35 @@ public class UserKeyDefault extends EnrollDefault { } } catch (Exception e) { CMS.debug("UserKeyDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_TYPE)) { CertificateX509Key ck = null; try { - ck = (CertificateX509Key) info.get(X509CertInfo.KEY); + ck = (CertificateX509Key) + info.get(X509CertInfo.KEY); } catch (Exception e) { // nothing } X509Key k = null; try { - k = (X509Key) ck.get(CertificateX509Key.KEY); + k = (X509Key) + ck.get(CertificateX509Key.KEY); } catch (Exception e) { // nothing } - if (k == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_PROFILE_KEY_NOT_FOUND")); + if (k == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_PROFILE_KEY_NOT_FOUND")); } - return k.getAlgorithm() + " - " - + k.getAlgorithmId().getOID().toString(); + return k.getAlgorithm() + " - " + + k.getAlgorithmId().getOID().toString(); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -174,7 +191,8 @@ public class UserKeyDefault extends EnrollDefault { X509Key newkey = null; try { - newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey()); + newkey = new X509Key(AlgorithmId.get("RSA"), + key.getKey()); } catch (Exception e) { CMS.debug("UserKeyDefault: getRSAKey " + e.toString()); throw e; @@ -199,16 +217,15 @@ public class UserKeyDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateX509Key certKey = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certKeyData = request - .getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); + byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY); if (certKeyData != null) { - certKey = new CertificateX509Key(new ByteArrayInputStream( - certKeyData)); + certKey = new CertificateX509Key( + new ByteArrayInputStream(certKeyData)); } info.set(X509CertInfo.KEY, certKey); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java index 8db15732..07e6c77e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.ByteArrayInputStream; import java.util.Locale; @@ -34,10 +35,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a - * user-supplied signing algorithm into the certificate template. - * + * This class implements an enrollment default policy + * that populates a user-supplied signing algorithm + * into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSigningAlgDefault extends EnrollDefault { @@ -50,70 +53,72 @@ public class UserSigningAlgDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_ALG_ID)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, - "CMS_PROFILE_SIGNING_ALGORITHM")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SIGNING_ALGORITHM")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_ALG_ID)) { CertificateAlgorithmId algID = null; try { - algID = (CertificateAlgorithmId) info - .get(X509CertInfo.ALGORITHM_ID); - AlgorithmId id = (AlgorithmId) algID - .get(CertificateAlgorithmId.ALGORITHM); + algID = (CertificateAlgorithmId) + info.get(X509CertInfo.ALGORITHM_ID); + AlgorithmId id = (AlgorithmId) + algID.get(CertificateAlgorithmId.ALGORITHM); return id.toString(); } catch (Exception e) { CMS.debug("UserSigningAlgDefault: setValue " + e.toString()); - return ""; // XXX + return ""; //XXX } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM"); } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateAlgorithmId certAlg = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certAlgData = request - .getExtDataInByteArray(IEnrollProfile.REQUEST_SIGNING_ALGORITHM); + byte[] certAlgData = request.getExtDataInByteArray( + IEnrollProfile.REQUEST_SIGNING_ALGORITHM); if (certAlgData != null) { - certAlg = new CertificateAlgorithmId(new ByteArrayInputStream( - certAlgData)); + certAlg = new CertificateAlgorithmId( + new ByteArrayInputStream(certAlgData)); } info.set(X509CertInfo.ALGORITHM_ID, certAlg); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java index 6017213f..f589b654 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.util.Locale; @@ -34,10 +35,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a - * user-supplied subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates a user-supplied subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class UserSubjectNameDefault extends EnrollDefault { @@ -50,7 +53,7 @@ public class UserSubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -63,11 +66,12 @@ public class UserSubjectNameDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -80,40 +84,42 @@ public class UserSubjectNameDefault extends EnrollDefault { } CMS.debug("SubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); return sn.toString(); } catch (Exception e) { // nothing } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -125,13 +131,12 @@ public class UserSubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // authenticate the subject name and populate it // to the certinfo try { - info.set( - X509CertInfo.SUBJECT, - request.getExtDataInCertSubjectName(IEnrollProfile.REQUEST_SUBJECT_NAME)); + info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName( + IEnrollProfile.REQUEST_SUBJECT_NAME)); } catch (Exception e) { // failed to insert subject name CMS.debug("UserSubjectNameDefault: populate " + e.toString()); diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java index ec7cdedd..2d79b192 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.ByteArrayInputStream; import java.util.Date; import java.util.Locale; @@ -34,10 +35,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a - * user-supplied validity into the certificate template. - * + * This class implements an enrollment default policy + * that populates a user-supplied validity + * into the certificate template. + * * @version $Revision$, $Date$ */ public class UserValidityDefault extends EnrollDefault { @@ -52,65 +55,71 @@ public class UserValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_NOT_BEFORE)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE")); } else if (name.equals(VAL_NOT_AFTER)) { - return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY, - null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); + return new Descriptor(IDescriptor.STRING, + IDescriptor.READONLY, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { // this default rule is readonly } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - Date notBefore = (Date) validity - .get(CertificateValidity.NOT_BEFORE); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + Date notBefore = (Date) + validity.get(CertificateValidity.NOT_BEFORE); return notBefore.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { try { CertificateValidity validity = null; - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - Date notAfter = (Date) validity - .get(CertificateValidity.NOT_AFTER); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + Date notAfter = (Date) + validity.get(CertificateValidity.NOT_AFTER); return notAfter.toString(); } catch (Exception e) { CMS.debug("UserValidityDefault: getValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } @@ -122,16 +131,17 @@ public class UserValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { CertificateValidity certValidity = null; // authenticate the certificate key, and move // the key from request into x509 certinfo try { - byte[] certValidityData = request - .getExtDataInByteArray(IEnrollProfile.REQUEST_VALIDITY); + byte[] certValidityData = request.getExtDataInByteArray( + IEnrollProfile.REQUEST_VALIDITY); if (certValidityData != null) { certValidity = new CertificateValidity(); - certValidity.decode(new ByteArrayInputStream(certValidityData)); + certValidity.decode( + new ByteArrayInputStream(certValidityData)); } info.set(X509CertInfo.VALIDITY, certValidity); } catch (Exception e) { diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java index fd046e1f..6e9b08ab 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; + import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; @@ -35,10 +36,12 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements an enrollment default policy that populates a - * server-side configurable validity into the certificate template. - * + * This class implements an enrollment default policy + * that populates a server-side configurable validity + * into the certificate template. + * * @version $Revision$, $Date$ */ public class ValidityDefault extends EnrollDefault { @@ -61,36 +64,43 @@ public class ValidityDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (name.equals(CONFIG_RANGE)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); - } + "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + } } else if (name.equals(CONFIG_START_TIME)) { - try { - Integer.parseInt(value); - } catch (Exception e) { + try { + Integer.parseInt(value); + } catch (Exception e) { throw new EPropertyException(CMS.getUserMessage( - "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); - } + "CMS_INVALID_PROPERTY", CONFIG_START_TIME)); + } } super.setConfig(name, value); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_RANGE)) { - return new Descriptor(IDescriptor.STRING, null, "2922", - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE")); + return new Descriptor(IDescriptor.STRING, + null, + "2922", + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_RANGE")); } else if (name.equals(CONFIG_START_TIME)) { - return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */ - CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME")); + return new Descriptor(IDescriptor.STRING, + null, + "60", /* 1 minute */ + CMS.getUserMessage(locale, + "CMS_PROFILE_VALIDITY_START_TIME")); } else { return null; } @@ -108,95 +118,103 @@ public class ValidityDefault extends EnrollDefault { } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { - if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + if (name == null) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } - if (value == null || value.equals("")) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + if (value == null || value.equals("")) { + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_BEFORE, date); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_BEFORE, + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); ParsePosition pos = new ParsePosition(0); Date date = formatter.parse(value, pos); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - validity.set(CertificateValidity.NOT_AFTER, date); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + validity.set(CertificateValidity.NOT_AFTER, + date); } catch (Exception e) { CMS.debug("ValidityDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { if (name == null) - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); if (name.equals(VAL_NOT_BEFORE)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - return formatter.format((Date) validity - .get(CertificateValidity.NOT_BEFORE)); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + return formatter.format((Date) + validity.get(CertificateValidity.NOT_BEFORE)); } catch (Exception e) { CMS.debug("ValidityDefault: getValue " + e.toString()); } throw new EPropertyException("Invalid valie"); } else if (name.equals(VAL_NOT_AFTER)) { - SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT); + SimpleDateFormat formatter = + new SimpleDateFormat(DATE_FORMAT); CertificateValidity validity = null; try { - validity = (CertificateValidity) info - .get(X509CertInfo.VALIDITY); - return formatter.format((Date) validity - .get(CertificateValidity.NOT_AFTER)); + validity = (CertificateValidity) + info.get(X509CertInfo.VALIDITY); + return formatter.format((Date) + validity.get(CertificateValidity.NOT_AFTER)); } catch (Exception e) { CMS.debug("ValidityDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", + return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", getConfig(CONFIG_RANGE)); } @@ -204,11 +222,11 @@ public class ValidityDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { // always + 60 seconds String startTimeStr = getConfig(CONFIG_START_TIME); try { - startTimeStr = mapPattern(request, startTimeStr); + startTimeStr = mapPattern(request, startTimeStr); } catch (IOException e) { CMS.debug("ValidityDefault: populate " + e.toString()); } @@ -217,32 +235,31 @@ public class ValidityDefault extends EnrollDefault { startTimeStr = "60"; } int startTime = Integer.parseInt(startTimeStr); - Date notBefore = new Date(CMS.getCurrentDate().getTime() - + (1000 * startTime)); + Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); long notAfterVal = 0; try { String rangeStr = getConfig(CONFIG_RANGE); rangeStr = mapPattern(request, rangeStr); - notAfterVal = notBefore.getTime() - + (mDefault * Integer.parseInt(rangeStr)); + notAfterVal = notBefore.getTime() + + (mDefault * Integer.parseInt(rangeStr)); } catch (Exception e) { // configured value is not correct CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_INVALID_PROPERTY", CONFIG_RANGE)); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE)); } Date notAfter = new Date(notAfterVal); - CertificateValidity validity = new CertificateValidity(notBefore, - notAfter); + CertificateValidity validity = + new CertificateValidity(notBefore, notAfter); try { info.set(X509CertInfo.VALIDITY, validity); } catch (Exception e) { // failed to insert subject name CMS.debug("ValidityDefault: populate " + e.toString()); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY)); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java index 4bd5ce37..c8beca2f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java @@ -34,20 +34,22 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates server-side - * configurable subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates server-side configurable subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class nsHKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_PARAMS = "params"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; + protected static String DEFAULT_DNPATTERN = + "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US"; protected IConfigStore mParamsConfig; @@ -59,41 +61,44 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" - + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, + null, null, CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" - + name); + CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value); + CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -106,51 +111,53 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsHKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsHKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -158,15 +165,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsHKeySubjectNameDefault: in populate"); + CMS.debug("nsHKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -177,31 +184,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) throws EProfileException, - IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); + CMS.debug("nsHKeySubjectNameDefault: in getSubjectName"); - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + String sbjname = ""; - String sbjname = ""; + if (request != null) { + CMS.debug("pattern = "+pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } - - return sbjname; - } + return sbjname; + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java index fde2e7fb..3a1d1c6e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java @@ -42,15 +42,16 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates server-side - * configurable subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates server-side configurable subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class nsNKeySubjectNameDefault extends EnrollDefault { - public static final String PROP_LDAP = "ldap"; - public static final String PROP_PARAMS = "params"; + public static final String PROP_LDAP = "ldap"; + public static final String PROP_PARAMS = "params"; public static final String CONFIG_DNPATTERN = "dnpattern"; public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes"; public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host"; @@ -63,123 +64,131 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = "CN=$request.aoluid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.aoluid$, E=$request.mail$"; /* ldap configuration sub-store */ - boolean mInitialized = false; + boolean mInitialized = false; protected IConfigStore mInstConfig; protected IConfigStore mLdapConfig; protected IConfigStore mParamsConfig; - /* ldap base dn */ + /* ldap base dn */ protected String mBaseDN = null; /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* - * the list of LDAP attributes with string values to retrieve to form the - * subject dn. - */ + /* the list of LDAP attributes with string values to retrieve to + * form the subject dn. */ protected String[] mLdapStringAttrs = null; public nsNKeySubjectNameDefault() { super(); addConfigName(CONFIG_DNPATTERN); - addConfigName(CONFIG_LDAP_STRING_ATTRS); + addConfigName(CONFIG_LDAP_STRING_ATTRS); addConfigName(CONFIG_LDAP_HOST); addConfigName(CONFIG_LDAP_PORT); addConfigName(CONFIG_LDAP_SEC_CONN); addConfigName(CONFIG_LDAP_VER); addConfigName(CONFIG_LDAP_BASEDN); - addConfigName(CONFIG_LDAP_MIN_CONN); - addConfigName(CONFIG_LDAP_MAX_CONN); + addConfigName(CONFIG_LDAP_MIN_CONN); + addConfigName(CONFIG_LDAP_MAX_CONN); addValueName(CONFIG_DNPATTERN); - addValueName(CONFIG_LDAP_STRING_ATTRS); + addValueName(CONFIG_LDAP_STRING_ATTRS); addValueName(CONFIG_LDAP_HOST); addValueName(CONFIG_LDAP_PORT); addValueName(CONFIG_LDAP_SEC_CONN); addValueName(CONFIG_LDAP_VER); addValueName(CONFIG_LDAP_BASEDN); - addValueName(CONFIG_LDAP_MIN_CONN); - addValueName(CONFIG_LDAP_MAX_CONN); + addValueName(CONFIG_LDAP_MIN_CONN); + addValueName(CONFIG_LDAP_MAX_CONN); } public void init(IProfile profile, IConfigStore config) - throws EProfileException { - mInstConfig = config; + throws EProfileException { + mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" - + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); - } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); - } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME")); - } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor( - IDescriptor.STRING, - null, - null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER")); - } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor( - IDescriptor.BOOLEAN, - null, - "false", - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); - } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", - CMS.getUserMessage(locale, - "CMS_PROFILE_NSNKEY_LDAP_VERSION")); - } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN")); - } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); - } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, + null, null, CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); + } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS")); + } else if (name.equals(CONFIG_LDAP_HOST)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME")); + } else if (name.equals(CONFIG_LDAP_PORT)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER")); + } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { + return new Descriptor(IDescriptor.BOOLEAN, + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN")); + } else if (name.equals(CONFIG_LDAP_VER)) { + return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, + "3", + CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION")); + } else if (name.equals(CONFIG_LDAP_BASEDN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN")); + } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN")); + } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" - + name); + CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value); + CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -192,113 +201,113 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { } CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info); - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString()); - + } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsNKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsNKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() throws EProfileException { - if (mInitialized == true) - return; - - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); - - try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); - - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; - - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString( - CONFIG_LDAP_STRING_ATTRS, null); - - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, - ",", false); - - mLdapStringAttrs = new String[pAttrs.countTokens()]; - - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()) - .trim(); - } - } - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); - mInitialized = true; - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); - } - } + public void ldapInit() + throws EProfileException { + if (mInitialized == true) return; + + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin"); + + try { + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); + + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; + + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); + + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); + + mLdapStringAttrs = new String[pAttrs.countTokens()]; + + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); + } + } + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done"); + mInitialized = true; + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: "+e.toString()); + } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsNKeySubjectNameDefault: in populate"); - ldapInit(); + CMS.debug("nsNKeySubjectNameDefault: in populate"); + ldapInit(); try { - // cfu - this goes to ldap - String subjectName = getSubjectName(request); - CMS.debug("subjectName=" + subjectName); - if (subjectName == null || subjectName.equals("")) - return; + // cfu - this goes to ldap + String subjectName = getSubjectName(request); + CMS.debug("subjectName=" + subjectName); + if (subjectName == null || subjectName.equals("")) + return; name = new X500Name(subjectName); } catch (IOException e) { @@ -309,58 +318,57 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) throws EProfileException, - IOException { - - CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } + CMS.debug("nsNKeySubjectNameDefault: in getSubjectName"); - LDAPConnection conn = null; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + LDAPConnection conn = null; String userdn = null; - String sbjname = ""; - // get DN from ldap to fill request - try { - if (mConnFactory == null) { + String sbjname = ""; + // get DN from ldap to fill request + try { + if (mConnFactory == null) { conn = null; CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection"); throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " - + "no LDAP connection"); - throw new EProfileException("no LDAP connection"); + if( conn == null ) { + CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection" ); + throw new EProfileException( "no LDAP connection" ); } CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } else { - CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " - + "request is null!"); - throw new EProfileException("request is null"); - } - // retrieve the attributes + if (request != null) { + CMS.debug("pattern = "+pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } else { + CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " + + "request is null!" ); + throw new EProfileException( "request is null" ); + } + // retrieve the attributes // get user dn. - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " - + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, - "(aoluid=" + request.getExtDataInString("aoluid") + ")", - null, false); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + LDAPSearchResults res = conn.search(mBaseDN, + LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); @@ -370,47 +378,42 @@ public class nsNKeySubjectNameDefault extends EnrollDefault { CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist"); throw new EProfileException("screenname does not exist"); } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " - + request.getExtDataInString("aoluid")); - ; - - LDAPEntry entry = null; - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, - "objectclass=*", mLdapStringAttrs, false); - - if (!results.hasMoreElements()) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); - throw new EProfileException("no ldap attributes found"); - } - entry = results.next(); - // set attrs into request + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));; + + LDAPEntry entry = null; + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); + + if (!results.hasMoreElements()) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes"); + throw new EProfileException("no ldap attributes found"); + } + entry = results.next(); + // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " - + sla[0]); - request.setExtData(mLdapStringAttrs[i], sla[0]); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]); + request.setExtData(mLdapStringAttrs[i], sla[0]); + } } - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); - } catch (Exception e) { - CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " - + e.toString()); - throw new EProfileException("getSubjectName() failure: " - + e.toString()); - } finally { - try { - if (conn != null) - mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException( - "nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); - } - } - return sbjname; - - } + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request"); + } catch (Exception e) { + CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString()); + throw new EProfileException("getSubjectName() failure: "+e.toString()); + } finally { + try { + if (conn != null) + mConnFactory.returnConn(conn); + } catch (Exception e) { + throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure"); + } + } + return sbjname; + + } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java index a367b638..030470b3 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java @@ -34,9 +34,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates server-side - * configurable subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates server-side configurable subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { @@ -47,7 +48,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = "Token Key Device - $request.tokencuid$"; + protected static String DEFAULT_DNPATTERN = + "Token Key Device - $request.tokencuid$"; protected IConfigStore mParamsConfig; @@ -59,42 +61,44 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" - + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, + null, null, CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" - + name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" - + value); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -102,63 +106,59 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); } catch (IOException e) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " - + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); // failed to build x500 name } - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" - + x500name); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" - + name); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException + { + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" - + info); - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" - + sn); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " - + e.toString()); - + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString()); + } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText"); + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } @@ -166,52 +166,51 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault { * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate"); try { - String subjectName = getSubjectName(request); + String subjectName = getSubjectName(request); CMS.debug("subjectName=" + subjectName); if (subjectName == null || subjectName.equals("")) - return; + return; name = new X500Name(subjectName); } catch (IOException e) { // failed to build x500 name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " - + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); } if (name == null) { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " - + e.toString()); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) throws EProfileException, - IOException { - - CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); + private String getSubjectName(IRequest request) + throws EProfileException, IOException { - String pattern = getConfig(CONFIG_DNPATTERN); - if (pattern == null || pattern.equals("")) { - pattern = " "; - } + CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName"); - String sbjname = ""; + String pattern = getConfig(CONFIG_DNPATTERN); + if (pattern == null || pattern.equals("")) { + pattern = " "; + } + + String sbjname = ""; - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); - } + if (request != null) { + CMS.debug("pattern = "+pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + } - return sbjname; + return sbjname; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java index f842952f..ac98a0cb 100644 --- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java +++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java @@ -42,9 +42,10 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; /** - * This class implements an enrollment default policy that populates server-side - * configurable subject name into the certificate template. - * + * This class implements an enrollment default policy + * that populates server-side configurable subject name + * into the certificate template. + * * @version $Revision$, $Date$ */ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { @@ -65,10 +66,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { public static final String VAL_NAME = "name"; - public static final String CONFIG_LDAP_VERS = "2,3"; + public static final String CONFIG_LDAP_VERS = + "2,3"; /* default dn pattern if left blank or not set in the config */ - protected static String DEFAULT_DNPATTERN = "CN=$request.uid$, E=$request.mail$"; + protected static String DEFAULT_DNPATTERN = + "CN=$request.uid$, E=$request.mail$"; /* ldap configuration sub-store */ boolean mldapInitialized = false; @@ -83,10 +86,8 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { /* factory of anonymous ldap connections */ protected ILdapConnFactory mConnFactory = null; - /* - * the list of LDAP attributes with string values to retrieve to form the - * subject dn. - */ + /* the list of LDAP attributes with string values to retrieve to + * form the subject dn. */ protected String[] mLdapStringAttrs = null; public nsTokenUserKeySubjectNameDefault() { @@ -117,83 +118,94 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mInstConfig = config; super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" - + name); - if (name.equals(CONFIG_DNPATTERN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + public IDescriptor getConfigDescriptor(Locale locale, String name) { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name); + if (name.equals(CONFIG_DNPATTERN)) { + return new Descriptor(IDescriptor.STRING, + null, null, CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS")); } else if (name.equals(CONFIG_LDAP_ENABLE)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE")); } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME")); } else if (name.equals(CONFIG_LDAP_HOST)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME")); } else if (name.equals(CONFIG_LDAP_PORT)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER")); } else if (name.equals(CONFIG_LDAP_SEC_CONN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); + return new Descriptor(IDescriptor.BOOLEAN, + null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN")); } else if (name.equals(CONFIG_LDAP_VER)) { - return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3", - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); + return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, + "3", + CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION")); } else if (name.equals(CONFIG_LDAP_BASEDN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN")); } else if (name.equals(CONFIG_LDAP_MIN_CONN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN")); } else if (name.equals(CONFIG_LDAP_MAX_CONN)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN")); } else { return null; } } public IDescriptor getValueDescriptor(Locale locale, String name) { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" - + name); + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name); if (name.equals(VAL_NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); + return new Descriptor(IDescriptor.STRING, + null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_SUBJECT_NAME")); } else { return null; } } - public void setValue(String name, Locale locale, X509CertInfo info, - String value) throws EPropertyException { + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" - + value); + CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { X500Name x500name = null; @@ -201,123 +213,117 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { try { x500name = new X500Name(value); } catch (IOException e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " - + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); // failed to build x500 name } - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" - + x500name); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name); try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName( - x500name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(x500name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " - + e.toString()); - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString()); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } - public String getValue(String name, Locale locale, X509CertInfo info) - throws EPropertyException { - CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name); + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name); if (name == null) { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } if (name.equals(VAL_NAME)) { CertificateSubjectName sn = null; try { - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" - + info); - sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" - + sn); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info); + sn = (CertificateSubjectName) + info.get(X509CertInfo.SUBJECT); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn); return sn.toString(); } catch (Exception e) { // nothing - CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " - + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString()); } - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } else { - throw new EPropertyException(CMS.getUserMessage(locale, - "CMS_INVALID_PROPERTY", name)); + throw new EPropertyException(CMS.getUserMessage( + locale, "CMS_INVALID_PROPERTY", name)); } } public String getText(Locale locale) { CMS.debug("nsTokenUserKeySubjectNameDefault: in getText"); - return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", + return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", getConfig(CONFIG_DNPATTERN)); } - public void ldapInit() throws EProfileException { - if (mldapInitialized == true) - return; + public void ldapInit() + throws EProfileException { + if (mldapInitialized == true) return; CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin"); try { - // cfu - XXX do more error handling here later - /* initialize ldap server configuration */ - mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); - mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); - mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, false); - if (mldapEnabled == false) - return; + // cfu - XXX do more error handling here later + /* initialize ldap server configuration */ + mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS); + mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP); + mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, + false); + if (mldapEnabled == false) + return; - mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); - mConnFactory = CMS.getLdapAnonConnFactory(); - mConnFactory.init(mLdapConfig); + mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null); + mConnFactory = CMS.getLdapAnonConnFactory(); + mConnFactory.init(mLdapConfig); - /* initialize dn pattern */ - String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); + /* initialize dn pattern */ + String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null); - if (pattern == null || pattern.length() == 0) - pattern = DEFAULT_DNPATTERN; + if (pattern == null || pattern.length() == 0) + pattern = DEFAULT_DNPATTERN; - /* initialize ldap string attribute list */ - String ldapStringAttrs = mParamsConfig.getString( - CONFIG_LDAP_STRING_ATTRS, null); + /* initialize ldap string attribute list */ + String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null); - if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { - StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, - ",", false); + if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) { + StringTokenizer pAttrs = + new StringTokenizer(ldapStringAttrs, ",", false); - mLdapStringAttrs = new String[pAttrs.countTokens()]; + mLdapStringAttrs = new String[pAttrs.countTokens()]; - for (int i = 0; i < mLdapStringAttrs.length; i++) { - mLdapStringAttrs[i] = ((String) pAttrs.nextElement()) - .trim(); - } + for (int i = 0; i < mLdapStringAttrs.length; i++) { + mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim(); } - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); - mldapInitialized = true; + } + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done"); + mldapInitialized = true; } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " - + e.toString()); - // throw EProfileException... - throw new EProfileException("ldap init failure: " + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString()); + // throw EProfileException... + throw new EProfileException("ldap init failure: "+e.toString()); } - } + } /** * Populates the request with this policy default. */ public void populate(IRequest request, X509CertInfo info) - throws EProfileException { + throws EProfileException { X500Name name = null; CMS.debug("nsTokenUserKeySubjectNameDefault: in populate"); - ldapInit(); +ldapInit(); try { // cfu - this goes to ldap String subjectName = getSubjectName(request); @@ -328,23 +334,22 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { name = new X500Name(subjectName); } catch (IOException e) { // failed to build x500 name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " - + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); } if (name == null) { // failed to build x500 name } try { - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name)); + info.set(X509CertInfo.SUBJECT, + new CertificateSubjectName(name)); } catch (Exception e) { // failed to insert subject name - CMS.debug("nsTokenUserKeySubjectNameDefault: populate " - + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString()); } } - private String getSubjectName(IRequest request) throws EProfileException, - IOException { + private String getSubjectName(IRequest request) + throws EProfileException, IOException { CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName"); @@ -355,10 +360,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { String sbjname = ""; if (mldapInitialized == false) { - if (request != null) { - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + if (request != null) { + CMS.debug("pattern = "+pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); } return sbjname; } @@ -379,38 +384,34 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { throw new EProfileException("no LDAP connection"); } else { conn = mConnFactory.getConn(); - if (conn == null) { - CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " - + "no LDAP connection"); - throw new EProfileException("no LDAP connection"); + if( conn == null ) { + CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " + + "no LDAP connection" ); + throw new EProfileException( "no LDAP connection" ); } CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection"); } // retrieve the attributes // get user dn. - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " - + mBaseDN); - LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "(" - + searchName + "=" + request.getExtDataInString("uid") - + ")", null, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN); + LDAPSearchResults res = conn.search(mBaseDN, + LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false); if (res.hasMoreElements()) { LDAPEntry entry = res.next(); userdn = entry.getDN(); } else {// put into property file later - cfu - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " - + searchName + " does not exist"); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist"); throw new EProfileException("id does not exist"); } - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " - + searchName + " = " + request.getExtDataInString("uid")); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid")); LDAPEntry entry = null; - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " - + mLdapStringAttrs.length + " attributes"); - LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE, - "objectclass=*", mLdapStringAttrs, false); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes"); + LDAPSearchResults results = + conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", + mLdapStringAttrs, false); if (!results.hasMoreElements()) { CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes"); @@ -419,34 +420,29 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault { entry = results.next(); // set attrs into request for (int i = 0; i < mLdapStringAttrs.length; i++) { - LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]); - if (la != null) { - String[] sla = la.getStringValueArray(); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " - + mLdapStringAttrs[i] - + "=" - + escapeValueRfc1779(sla[0], false).toString()); - request.setExtData(mLdapStringAttrs[i], - escapeValueRfc1779(sla[0], false).toString()); - } + LDAPAttribute la = + entry.getAttribute(mLdapStringAttrs[i]); + if (la != null) { + String[] sla = la.getStringValueArray(); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+ + "=" + escapeValueRfc1779(sla[0], false).toString()); + request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString()); + } } - CMS.debug("pattern = " + pattern); - sbjname = mapPattern(request, pattern); - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); + CMS.debug("pattern = "+pattern); + sbjname = mapPattern(request, pattern); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done"); CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request"); } catch (Exception e) { - CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " - + e.toString()); - throw new EProfileException("getSubjectName() failure: " - + e.toString()); + CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString()); + throw new EProfileException("getSubjectName() failure: "+e.toString()); } finally { try { if (conn != null) mConnFactory.returnConn(conn); - } catch (Exception e) { - throw new EProfileException( - "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); + } catch (Exception e) { + throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure"); } } return sbjname; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java index 88255c3e..d067f1e6 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -34,19 +35,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the certificate request input. This input populates 2 - * main fields to the enrollment page: 1/ Certificate Request Type, 2/ - * Certificate Request + * This class implements the certificate request input. + * This input populates 2 main fields to the enrollment page: + * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for certificate requests. - * + * This input usually is used by an enrollment profile for + * certificate requests. + * * @version $Revision$, $Date$ */ -public class CMCCertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST; +public class CMCCertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -58,7 +63,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -82,38 +87,39 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), - cert_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); if (msgs == null) { - return; + return; } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); if (seqNum == null) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ")); - } + return new Descriptor(IDescriptor.CERT_REQUEST, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_CERT_REQ")); + } return null; } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java index 241d6c01..12a4f549 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,19 +38,23 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the certificate request input. This input populates 2 - * main fields to the enrollment page: 1/ Certificate Request Type, 2/ - * Certificate Request + * This class implements the certificate request input. + * This input populates 2 main fields to the enrollment page: + * 1/ Certificate Request Type, 2/ Certificate Request * <p> * - * This input usually is used by an enrollment profile for certificate requests. - * + * This input usually is used by an enrollment profile for + * certificate requests. + * * @version $Revision$, $Date$ */ -public class CertReqInput extends EnrollInput implements IProfileInput { - public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST; +public class CertReqInput extends EnrollInput implements IProfileInput { + public static final String VAL_CERT_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_CERT_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -62,7 +67,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -86,97 +91,97 @@ public class CertReqInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE); String cert_request = ctx.get(VAL_CERT_REQUEST); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (cert_request_type == null) { - CMS.debug("CertReqInput: populate - invalid cert request type " - + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); + CMS.debug("CertReqInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), - cert_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request); if (pkcs10 == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile - .fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen( - getLocale(request), cert_request); + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request); if (keygen == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile - .fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), - cert_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - mEnrollProfile.fillCertReqMsg(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request + ); } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), - cert_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("CertReqInput: populate - invalid cert request type " - + cert_request_type); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", cert_request_type)); + CMS.debug("CertReqInput: populate - invalid cert request type " + + cert_request_type); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + cert_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_CERT_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null, + return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, + null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); + "CMS_PROFILE_INPUT_CERT_REQ_TYPE")); } else if (name.equals(VAL_CERT_REQUEST)) { - return new Descriptor(IDescriptor.CERT_REQUEST, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ")); + return new Descriptor(IDescriptor.CERT_REQUEST, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_INPUT_CERT_REQ")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java index 227dbc79..b887807c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -36,21 +37,26 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the dual key generation input. This input populates - * parameters to the enrollment pages so that a CRMF request containing 2 - * certificate requests will be generated. + * This class implements the dual key generation input. + * This input populates parameters to the enrollment + * pages so that a CRMF request containing 2 certificate + * requests will be generated. * <p> - * - * This input can only be used with Netscape 7.x or later clients. + * + * This input can only be used with Netscape 7.x or later + * clients. * <p> - * + * * @version $Revision$, $Date$ */ -public class DualKeyGenInput extends EnrollInput implements IProfileInput { +public class DualKeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -63,7 +69,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -86,73 +92,73 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { - CMS.debug("DualKeyGenInput: populate - invalid cert request type " - + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); + CMS.debug("DualKeyGenInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith("pkcs10")) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), - keygen_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); - mEnrollProfile - .fillPKCS10(getLocale(request), pkcs10, info, request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); } else if (keygen_request_type.startsWith("keygen")) { - DerInputStream keygen = mEnrollProfile.parseKeyGen( - getLocale(request), keygen_request); + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); - mEnrollProfile - .fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith("crmf")) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), - keygen_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillCertReqMsg(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " - + "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null, - null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, null, + return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java index 71b7a97c..1eaf476b 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -40,14 +41,16 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** * This class implements the base enrollment input. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollInput implements IProfileInput { +public abstract class EnrollInput implements IProfileInput { - private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; + private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = + "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2"; protected IConfigStore mConfig = null; protected Vector mValueNames = new Vector(); @@ -55,12 +58,12 @@ public abstract class EnrollInput implements IProfileInput { protected IProfile mProfile = null; protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; mProfile = profile; } @@ -71,17 +74,17 @@ public abstract class EnrollInput implements IProfileInput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return localized input name */ @@ -89,21 +92,23 @@ public abstract class EnrollInput implements IProfileInput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return localized input description */ public abstract String getText(Locale locale); /** - * Retrieves the descriptor of the given value property by name. - * + * Retrieves the descriptor of the given value + * property by name. + * * @param locale user locale * @param name property name * @return descriptor of the property */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); + public void addValueName(String name) { mValueNames.addElement(name); } @@ -123,7 +128,8 @@ public abstract class EnrollInput implements IProfileInput { return mConfigNames.elements(); } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -135,7 +141,7 @@ public abstract class EnrollInput implements IProfileInput { try { if (mConfig == null) { return null; - } + } if (mConfig.getSubStore("params") != null) { return mConfig.getSubStore("params").getString(name); } @@ -149,7 +155,7 @@ public abstract class EnrollInput implements IProfileInput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -157,14 +163,14 @@ public abstract class EnrollInput implements IProfileInput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } public Locale getLocale(IRequest request) { Locale locale = null; - String language = request - .getExtDataInString(EnrollProfile.REQUEST_LOCALE); + String language = request.getExtDataInString( + EnrollProfile.REQUEST_LOCALE); if (language != null) { locale = new Locale(language); } @@ -175,16 +181,16 @@ public abstract class EnrollInput implements IProfileInput { return null; } - public void verifyPOP(Locale locale, CertReqMsg certReqMsg) - throws EProfileException { - CMS.debug("EnrollInput ::in verifyPOP"); + public void verifyPOP(Locale locale, CertReqMsg certReqMsg) + throws EProfileException { + CMS.debug("EnrollInput ::in verifyPOP"); String auditMessage = null; String auditSubjectID = auditSubjectID(); - if (!certReqMsg.hasPop()) { + if (!certReqMsg.hasPop()) { CMS.debug("CertReqMsg has not POP, return"); - return; + return; } ProofOfPossession pop = certReqMsg.getPop(); ProofOfPossession.Type popType = pop.getType(); @@ -196,53 +202,54 @@ public abstract class EnrollInput implements IProfileInput { try { if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) { - CMS.debug("skipPOPVerify on, return"); - return; + CMS.debug("skipPOPVerify on, return"); + return; } CMS.debug("POP verification begins:"); CryptoManager cm = CryptoManager.getInstance(); CryptoToken verifyToken = null; - String tokenName = CMS.getConfigStore().getString( - "ca.requestVerify.token", "internal"); + String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal"); if (tokenName.equals("internal")) { CMS.debug("POP verification using internal token"); certReqMsg.verify(); } else { - CMS.debug("POP verification using token:" + tokenName); + CMS.debug("POP verification using token:"+ tokenName); verifyToken = cm.getTokenByName(tokenName); certReqMsg.verify(verifyToken); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.SUCCESS); - audit(auditMessage); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.SUCCESS ); + audit( auditMessage ); } catch (Exception e) { - CMS.debug("Failed POP verify! " + e.toString()); + CMS.debug("Failed POP verify! "+e.toString()); CMS.debug(e); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, + auditSubjectID, + ILogger.FAILURE ); - audit(auditMessage); + audit( auditMessage ); - throw new EProfileException(CMS.getUserMessage(locale, - "CMS_POP_VERIFICATION_ERROR")); + throw new EProfileException(CMS.getUserMessage(locale, + "CMS_POP_VERIFICATION_ERROR")); } } /** * Signed Audit Log - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * store messages to the signed audit log. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to store messages to the signed audit log. * <P> - * + * * @param msg signed audit log message */ protected void audit(String msg) { @@ -253,17 +260,21 @@ public abstract class EnrollInput implements IProfileInput { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } /** * Signed Audit Log Subject ID - * - * This method is inherited by all extended "CMSServlet"s, and is called to - * obtain the "SubjectID" for a signed audit log message. + * + * This method is inherited by all extended "CMSServlet"s, + * and is called to obtain the "SubjectID" for + * a signed audit log message. * <P> - * + * * @return id string containing the signed audit log message SubjectID */ protected String auditSubjectID() { @@ -278,7 +289,8 @@ public abstract class EnrollInput implements IProfileInput { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java index fd1c56a1..70ede1e2 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.io.BufferedInputStream; import java.net.URL; import java.net.URLConnection; @@ -33,13 +34,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements the image input that collects a picture. + * This class implements the image + * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class FileSigningInput extends EnrollInput implements IProfileInput { +public class FileSigningInput extends EnrollInput implements IProfileInput { public static final String URL = "file_signing_url"; public static final String TEXT = "file_signing_text"; @@ -56,7 +59,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -64,24 +67,23 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"); } - public String toHexString(byte data[]) { + public String toHexString(byte data[]) + { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { int v = data[i] & 0xff; if (v <= 9) { - sb.append("0"); + sb.append("0"); } sb.append(Integer.toHexString(v)); } @@ -92,50 +94,52 @@ public class FileSigningInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(TEXT, ctx.get(TEXT)); request.setExtData(URL, ctx.get(URL)); request.setExtData(DIGEST_TYPE, "SHA256"); - + try { - // retrieve file and calculate the hash - URL url = new URL(ctx.get(URL)); - URLConnection c = url.openConnection(); - c.setAllowUserInteraction(false); - c.setDoInput(true); - c.setDoOutput(false); - c.setUseCaches(false); - c.connect(); - int len = c.getContentLength(); - request.setExtData(SIZE, Integer.toString(len)); - BufferedInputStream is = new BufferedInputStream(c.getInputStream()); - byte data[] = new byte[len]; - is.read(data, 0, len); - is.close(); + // retrieve file and calculate the hash + URL url = new URL(ctx.get(URL)); + URLConnection c = url.openConnection(); + c.setAllowUserInteraction(false); + c.setDoInput(true); + c.setDoOutput(false); + c.setUseCaches(false); + c.connect(); + int len = c.getContentLength(); + request.setExtData(SIZE, Integer.toString(len)); + BufferedInputStream is = new BufferedInputStream(c.getInputStream()); + byte data[] = new byte[len]; + is.read(data, 0, len); + is.close(); - // calculate digest - MessageDigest digester = MessageDigest.getInstance("SHA256"); - byte digest[] = digester.digest(data); - request.setExtData(DIGEST, toHexString(digest)); - } catch (Exception e) { - CMS.debug("FileSigningInput populate failure " + e); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_FILE_NOT_FOUND")); + // calculate digest + MessageDigest digester = MessageDigest.getInstance("SHA256"); + byte digest[] = digester.digest(data); + request.setExtData(DIGEST, toHexString(digest)); + } catch (Exception e) { + CMS.debug("FileSigningInput populate failure " + e); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_FILE_NOT_FOUND")); } } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(URL)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL")); } else if (name.equals(TEXT)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java index a000da17..5aa85e0e 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -31,13 +32,14 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * This class implements a generic input. * <p> - * + * * @version $Revision$, $Date$ */ -public class GenericInput extends EnrollInput implements IProfileInput { +public class GenericInput extends EnrollInput implements IProfileInput { public static final String CONFIG_NUM = "gi_num"; public static final String CONFIG_DISPLAY_NAME = "gi_display_name"; @@ -47,12 +49,12 @@ public class GenericInput extends EnrollInput implements IProfileInput { public static final int DEF_NUM = 5; public GenericInput() { - int num = getNum(); - for (int i = 0; i < num; i++) { - addConfigName(CONFIG_PARAM_NAME + i); - addConfigName(CONFIG_DISPLAY_NAME + i); - addConfigName(CONFIG_ENABLE + i); - } + int num = getNum(); + for (int i = 0; i < num; i++) { + addConfigName(CONFIG_PARAM_NAME + i); + addConfigName(CONFIG_DISPLAY_NAME + i); + addConfigName(CONFIG_ENABLE + i); + } } protected int getNum() { @@ -73,7 +75,7 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -81,78 +83,79 @@ public class GenericInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT"); } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - int num = getNum(); - for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { - v.addElement(getConfig(CONFIG_PARAM_NAME + i)); - } - } - return v.elements(); + Vector v = new Vector(); + int num = getNum(); + for (int i = 0; i < num; i++) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { + v.addElement(getConfig(CONFIG_PARAM_NAME + i)); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { int num = getNum(); for (int i = 0; i < num; i++) { - String enable = getConfig(CONFIG_ENABLE + i); - if (enable != null && enable.equals("true")) { + String enable = getConfig(CONFIG_ENABLE + i); + if (enable != null && enable.equals("true")) { String param = getConfig(CONFIG_PARAM_NAME + i); request.setExtData(param, ctx.get(param)); - } + } } } public IDescriptor getConfigDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - if (name.equals(CONFIG_PARAM_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") - + i); - } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_GI_DISPLAY_NAME") + i); - } else if (name.equals(CONFIG_ENABLE + i)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "false", - CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); - } + if (name.equals(CONFIG_PARAM_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i); + } else if (name.equals(CONFIG_DISPLAY_NAME + i)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i); + } else if (name.equals(CONFIG_ENABLE + i)) { + return new Descriptor(IDescriptor.BOOLEAN, null, + "false", + CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i); + } } // for return null; } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { int num = getNum(); for (int i = 0; i < num; i++) { - String param = getConfig(CONFIG_PARAM_NAME + i); - if (param != null && param.equals(name)) { - return new Descriptor(IDescriptor.STRING, null, null, - getConfig(CONFIG_DISPLAY_NAME + i)); - } + String param = getConfig(CONFIG_PARAM_NAME + i); + if (param != null && param.equals(name)) { + return new Descriptor(IDescriptor.STRING, null, + null, + getConfig(CONFIG_DISPLAY_NAME + i)); + } } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java index 01d60475..265b958d 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -29,13 +30,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements the image input that collects a picture. + * This class implements the image + * input that collects a picture. * <p> - * + * * @version $Revision$, $Date$ */ -public class ImageInput extends EnrollInput implements IProfileInput { +public class ImageInput extends EnrollInput implements IProfileInput { public static final String IMAGE_URL = "image_url"; @@ -47,7 +50,7 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -69,16 +72,18 @@ public class ImageInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL)); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(IMAGE_URL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java index 37093008..00c0ffcf 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.pkcs.PKCS10; @@ -37,21 +38,25 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the key generation input that populates parameters to - * the enrollment page for key generation. + * This class implements the key generation input that + * populates parameters to the enrollment page for + * key generation. * <p> - * - * This input normally is used with user-based or non certificate request - * profile. + * + * This input normally is used with user-based or + * non certificate request profile. * <p> - * + * * @version $Revision$, $Date$ */ -public class KeyGenInput extends EnrollInput implements IProfileInput { +public class KeyGenInput extends EnrollInput implements IProfileInput { - public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE; - public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST; + public static final String VAL_KEYGEN_REQUEST_TYPE = + EnrollProfile.CTX_CERT_REQUEST_TYPE; + public static final String VAL_KEYGEN_REQUEST = + EnrollProfile.CTX_CERT_REQUEST; public EnrollProfile mEnrollProfile = null; @@ -64,7 +69,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; } @@ -87,97 +92,94 @@ public class KeyGenInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE); String keygen_request = ctx.get(VAL_KEYGEN_REQUEST); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (keygen_request_type == null) { - CMS.debug("KeyGenInput: populate - invalid cert request type " + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", "")); + CMS.debug("KeyGenInput: populate - invalid cert request type " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + "")); } if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) { - PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), - keygen_request); + PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request); if (pkcs10 == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile - .fillPKCS10(getLocale(request), pkcs10, info, request); - } else if (keygen_request_type - .startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { - DerInputStream keygen = mEnrollProfile.parseKeyGen( - getLocale(request), keygen_request); + mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request); + } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) { + DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request); if (keygen == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } - mEnrollProfile - .fillKeyGen(getLocale(request), keygen, info, request); + mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) { - CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), - keygen_request); + CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } for (int x = 0; x < msgs.length; x++) { verifyPOP(getLocale(request), msgs[x]); } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - mEnrollProfile.fillCertReqMsg(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request); } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) { - TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), - keygen_request); + TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request); if (msgs == null) { throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); + getLocale(request), "CMS_PROFILE_NO_CERT_REQ")); } // This profile only handle the first request in CRMF - Integer seqNum = request - .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); + Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM); - if (seqNum == null) { - throw new EProfileException(CMS.getUserMessage( - getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM")); + if (seqNum == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_UNKNOWN_SEQ_NUM")); } - mEnrollProfile.fillTaggedRequest(getLocale(request), - msgs[seqNum.intValue()], info, request); + mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request); } else { // error - CMS.debug("DualKeyGenInput: populate - " - + "invalid cert request type " + keygen_request_type); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type)); + CMS.debug("DualKeyGenInput: populate - " + + "invalid cert request type " + keygen_request_type); + throw new EProfileException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", + keygen_request_type)); } request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); + return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE")); } else if (name.equals(VAL_KEYGEN_REQUEST)) { - return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, null, + return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java index b464cdf8..dce75c15 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -29,13 +30,15 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements the serial number input for renewal + * This class implements the serial number input + * for renewal * <p> - * - * @author Christina Fu + * + * @author Christina Fu */ -public class SerialNumRenewInput extends EnrollInput implements IProfileInput { +public class SerialNumRenewInput extends EnrollInput implements IProfileInput { public static final String SERIAL_NUM = "serial_num"; @@ -47,7 +50,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -69,18 +72,19 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(SERIAL_NUM)) { - return new Descriptor(IDescriptor.STRING, null, null, - CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java index d868fefd..8691b45c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -36,10 +37,11 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** * This plugin accepts subject DN from end user. */ -public class SubjectDNInput extends EnrollInput implements IProfileInput { +public class SubjectDNInput extends EnrollInput implements IProfileInput { public static final String VAL_SUBJECT = "subject"; @@ -50,7 +52,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -58,57 +60,58 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } + public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - v.addElement(VAL_SUBJECT); - return v.elements(); + Vector v = new Vector(); + v.addElement(VAL_SUBJECT); + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + throws EProfileException { + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; subjectName = ctx.get(VAL_SUBJECT); if (subjectName.equals("")) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; try { name = new X500Name(subjectName); } catch (Exception e) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } @@ -117,23 +120,26 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SUBJECT)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME")); } return null; } - protected void parseSubjectName(X500Name subj, X509CertInfo info, - IRequest req) throws EProfileException { + protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java index 5288a9c3..15f906f9 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -36,18 +37,20 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the subject name input that populates text fields to - * the enrollment page so that distinguished name parameters can be collected - * from the user. + * This class implements the subject name input + * that populates text fields to the enrollment + * page so that distinguished name parameters + * can be collected from the user. * <p> - * The collected parameters could be used for fomulating the subject name in the - * certificate. + * The collected parameters could be used for + * fomulating the subject name in the certificate. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubjectNameInput extends EnrollInput implements IProfileInput { +public class SubjectNameInput extends EnrollInput implements IProfileInput { public static final String CONFIG_UID = "sn_uid"; public static final String CONFIG_EMAIL = "sn_e"; @@ -85,7 +88,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -93,112 +96,111 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS - .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT"); } + public String getConfig(String name) { - String config = super.getConfig(name); - if (config == null || config.equals("")) - return "true"; - return config; + String config = super.getConfig(name); + if (config == null || config.equals("")) + return "true"; + return config; } /** * Returns selected value names based on the configuration. */ public Enumeration getValueNames() { - Vector v = new Vector(); - String c_uid = getConfig(CONFIG_UID); - if (c_uid == null || c_uid.equals("")) { - v.addElement(VAL_UID); // default case - } else { - if (c_uid.equals("true")) { - v.addElement(VAL_UID); - } - } - String c_email = getConfig(CONFIG_EMAIL); - if (c_email == null || c_email.equals("")) { - v.addElement(VAL_EMAIL); - } else { - if (c_email.equals("true")) { - v.addElement(VAL_EMAIL); - } - } - String c_cn = getConfig(CONFIG_CN); - if (c_cn == null || c_cn.equals("")) { - v.addElement(VAL_CN); - } else { - if (c_cn.equals("true")) { - v.addElement(VAL_CN); - } - } - String c_ou3 = getConfig(CONFIG_OU3); - if (c_ou3 == null || c_ou3.equals("")) { - v.addElement(VAL_OU3); - } else { - if (c_ou3.equals("true")) { - v.addElement(VAL_OU3); - } - } - String c_ou2 = getConfig(CONFIG_OU2); - if (c_ou2 == null || c_ou2.equals("")) { - v.addElement(VAL_OU2); - } else { - if (c_ou2.equals("true")) { - v.addElement(VAL_OU2); - } - } - String c_ou1 = getConfig(CONFIG_OU1); - if (c_ou1 == null || c_ou1.equals("")) { - v.addElement(VAL_OU1); - } else { - if (c_ou1.equals("true")) { - v.addElement(VAL_OU1); - } - } - String c_ou = getConfig(CONFIG_OU); - if (c_ou == null || c_ou.equals("")) { - v.addElement(VAL_OU); - } else { - if (c_ou.equals("true")) { - v.addElement(VAL_OU); - } - } - String c_o = getConfig(CONFIG_O); - if (c_o == null || c_o.equals("")) { - v.addElement(VAL_O); - } else { - if (c_o.equals("true")) { - v.addElement(VAL_O); - } - } - String c_c = getConfig(CONFIG_C); - if (c_c == null || c_c.equals("")) { - v.addElement(VAL_C); - } else { - if (c_c.equals("true")) { - v.addElement(VAL_C); - } - } - return v.elements(); + Vector v = new Vector(); + String c_uid = getConfig(CONFIG_UID); + if (c_uid == null || c_uid.equals("")) { + v.addElement(VAL_UID); // default case + } else { + if (c_uid.equals("true")) { + v.addElement(VAL_UID); + } + } + String c_email = getConfig(CONFIG_EMAIL); + if (c_email == null || c_email.equals("")) { + v.addElement(VAL_EMAIL); + } else { + if (c_email.equals("true")) { + v.addElement(VAL_EMAIL); + } + } + String c_cn = getConfig(CONFIG_CN); + if (c_cn == null || c_cn.equals("")) { + v.addElement(VAL_CN); + } else { + if (c_cn.equals("true")) { + v.addElement(VAL_CN); + } + } + String c_ou3 = getConfig(CONFIG_OU3); + if (c_ou3 == null || c_ou3.equals("")) { + v.addElement(VAL_OU3); + } else { + if (c_ou3.equals("true")) { + v.addElement(VAL_OU3); + } + } + String c_ou2 = getConfig(CONFIG_OU2); + if (c_ou2 == null || c_ou2.equals("")) { + v.addElement(VAL_OU2); + } else { + if (c_ou2.equals("true")) { + v.addElement(VAL_OU2); + } + } + String c_ou1 = getConfig(CONFIG_OU1); + if (c_ou1 == null || c_ou1.equals("")) { + v.addElement(VAL_OU1); + } else { + if (c_ou1.equals("true")) { + v.addElement(VAL_OU1); + } + } + String c_ou = getConfig(CONFIG_OU); + if (c_ou == null || c_ou.equals("")) { + v.addElement(VAL_OU); + } else { + if (c_ou.equals("true")) { + v.addElement(VAL_OU); + } + } + String c_o = getConfig(CONFIG_O); + if (c_o == null || c_o.equals("")) { + v.addElement(VAL_O); + } else { + if (c_o.equals("true")) { + v.addElement(VAL_O); + } + } + String c_c = getConfig(CONFIG_C); + if (c_c == null || c_c.equals("")) { + v.addElement(VAL_C); + } else { + if (c_c.equals("true")) { + v.addElement(VAL_C); + } + } + return v.elements(); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + throws EProfileException { + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); String subjectName = ""; String uid = ctx.get(VAL_UID); @@ -267,48 +269,59 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { subjectName += "C=" + c; } if (subjectName.equals("")) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } X500Name name = null; try { name = new X500Name(subjectName); } catch (Exception e) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName)); } - parseSubjectName(name, info, request); + parseSubjectName(name, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_UID)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(CONFIG_EMAIL)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(CONFIG_CN)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); } else if (name.equals(CONFIG_OU3)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU2)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU1)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_OU)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(CONFIG_O)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); } else if (name.equals(CONFIG_C)) { - return new Descriptor(IDescriptor.BOOLEAN, null, "true", + return new Descriptor(IDescriptor.BOOLEAN, null, + "true", CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); } else { return null; @@ -316,47 +329,58 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_UID)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID")); } else if (name.equals(VAL_EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL")); } else if (name.equals(VAL_CN)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN")); } else if (name.equals(VAL_OU3)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3"); } else if (name.equals(VAL_OU2)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2"); } else if (name.equals(VAL_OU1)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1"); } else if (name.equals(VAL_OU)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU")); } else if (name.equals(VAL_O)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_O")); } else if (name.equals(VAL_C)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_SN_C")); } return null; } - protected void parseSubjectName(X500Name subj, X509CertInfo info, - IRequest req) throws EProfileException { + protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req) + throws EProfileException { try { req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME, new CertificateSubjectName(subj)); } catch (Exception e) { - CMS.debug("SubjectNameInput: parseSubject Name " + e.toString()); + CMS.debug("SubjectNameInput: parseSubject Name " + + e.toString()); } } } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java index f45a0c38..52df2d41 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import com.netscape.certsrv.apps.CMS; @@ -29,14 +30,16 @@ import com.netscape.certsrv.property.Descriptor; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** - * This class implements the submitter information input that collects - * certificate requestor's information such as name, email and phone. + * This class implements the submitter information + * input that collects certificate requestor's + * information such as name, email and phone. * <p> - * + * * @version $Revision$, $Date$ */ -public class SubmitterInfoInput extends EnrollInput implements IProfileInput { +public class SubmitterInfoInput extends EnrollInput implements IProfileInput { public static final String NAME = "requestor_name"; public static final String EMAIL = "requestor_email"; @@ -52,7 +55,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -74,22 +77,26 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { // } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(NAME)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME")); } else if (name.equals(EMAIL)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL")); } else if (name.equals(PHONE)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE")); } return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java index 4b46f3c6..64988fed 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -32,17 +33,19 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the certificate request input from TPS. This input - * populates 2 main fields to the enrollment "page": 1/ token cuid, 2/ publickey + * This class implements the certificate request input from TPS. + * This input populates 2 main fields to the enrollment "page": + * 1/ token cuid, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for certificate requests - * coming from TPS. - * + * This input usually is used by an enrollment profile for + * certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_TOKEN_CUID = "tokencuid"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -57,7 +60,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -67,86 +70,94 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } - /* - * Pretty print token cuid - */ - public String toPrettyPrint(String cuid) { - if (cuid == null) - return null; - - if (cuid.length() != 20) - return null; - - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < cuid.length(); i++) { - if (i == 4 || i == 8 || i == 12 || i == 16) { - sb.append("-"); - } - sb.append(cuid.charAt(i)); - } - return sb.toString(); - } + /* + * Pretty print token cuid + */ + public String toPrettyPrint(String cuid) + { + if (cuid == null) + return null; + + if (cuid.length() != 20) + return null; + + StringBuffer sb = new StringBuffer(); + for (int i=0; i < cuid.length(); i++) { + if (i == 4 || i == 8 || i == 12 || i == 16) { + sb.append("-"); + } + sb.append(cuid.charAt(i)); + } + return sb.toString(); + } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String tcuid = ctx.get(VAL_TOKEN_CUID); - // pretty print tcuid - String prettyPrintCuid = toPrettyPrint(tcuid); - if (prettyPrintCuid == null) { - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", "")); - } + // pretty print tcuid + String prettyPrintCuid = toPrettyPrint(tcuid); + if (prettyPrintCuid == null) { + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); + } - request.setExtData("pretty_print_tokencuid", prettyPrintCuid); + request.setExtData("pretty_print_tokencuid", prettyPrintCuid); String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (tcuid == null) { - CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " - + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", "")); + CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", + "")); } if (pk == null) { - CMS.debug("nsHKeyCertReqInput: populate - public key not found " - + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", "")); + CMS.debug("nsHKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); + mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_TOKEN_CUID)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID")); } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java index 3c80835c..58984c6c 100644 --- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java +++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.input; + import java.util.Locale; import netscape.security.x509.X509CertInfo; @@ -32,17 +33,19 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the certificate request input from TPS. This input - * populates 2 main fields to the enrollment "page": 1/ id, 2/ publickey + * This class implements the certificate request input from TPS. + * This input populates 2 main fields to the enrollment "page": + * 1/ id, 2/ publickey * <p> * - * This input usually is used by an enrollment profile for certificate requests - * coming from TPS. - * + * This input usually is used by an enrollment profile for + * certificate requests coming from TPS. + * * @version $Revision$, $Date$ */ -public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { +public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { public static final String VAL_SN = "screenname"; public static final String VAL_PUBLIC_KEY = "publickey"; @@ -57,7 +60,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); mEnrollProfile = (EnrollProfile) profile; @@ -67,56 +70,62 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT"); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { String sn = ctx.get(VAL_SN); String pk = ctx.get(VAL_PUBLIC_KEY); - X509CertInfo info = request - .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); + X509CertInfo info = + request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO); if (sn == null) { - CMS.debug("nsNKeyCertReqInput: populate - id not found " + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_ID", "")); + CMS.debug("nsNKeyCertReqInput: populate - id not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_ID", + "")); } if (pk == null) { - CMS.debug("nsNKeyCertReqInput: populate - public key not found " - + ""); - throw new EProfileException(CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", "")); + CMS.debug("nsNKeyCertReqInput: populate - public key not found " + + ""); + throw new EProfileException( + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", + "")); } - mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); + mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request); request.setExtData(EnrollProfile.REQUEST_CERTINFO, info); } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_SN)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID")); } else if (name.equals(VAL_PUBLIC_KEY)) { - return new Descriptor(IDescriptor.STRING, null, null, + return new Descriptor(IDescriptor.STRING, null, + null, CMS.getUserMessage(locale, - "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); + "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK")); } return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java index 66d34c6e..999bdc67 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; + import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -44,13 +45,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the output plugin that outputs CMMF response for the - * issued certificate. - * + * This class implements the output plugin that outputs + * CMMF response for the issued certificate. + * * @version $Revision$, $Date$ */ -public class CMMFOutput extends EnrollOutput implements IProfileOutput { +public class CMMFOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_CMMF_RESPONSE = "cmmf_response"; @@ -64,7 +66,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -86,66 +88,72 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_CMMF_RESPONSE)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CMMF_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CMMF_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_CMMF_RESPONSE)) { try { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - byte[][] caPubs = new byte[cacerts.length][]; - - for (int j = 0; j < cacerts.length; j++) { - caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); - } - - CertRepContent certRepContent = null; - certRepContent = new CertRepContent(caPubs); - - PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); - CertifiedKeyPair certifiedKP = new CertifiedKeyPair( - new CertOrEncCert(cert.getEncoded())); - CertResponse resp = new CertResponse(new INTEGER(request - .getRequestId().toString()), status, certifiedKP); - certRepContent.addCertResponse(resp); - - ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); - certRepContent.encode(certRepOut); - byte[] certRepBytes = certRepOut.toByteArray(); - - return CMS.BtoA(certRepBytes); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + byte[][] caPubs = new byte[cacerts.length][]; + + for (int j = 0; j < cacerts.length; j++) { + caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded(); + } + + CertRepContent certRepContent = null; + certRepContent = new CertRepContent(caPubs); + + PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); + CertifiedKeyPair certifiedKP = + new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); + CertResponse resp = + new CertResponse(new INTEGER(request.getRequestId().toString()), + status, certifiedKP); + certRepContent.addCertResponse(resp); + + ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); + certRepContent.encode(certRepOut); + byte[] certRepBytes = certRepOut.toByteArray(); + + return CMS.BtoA(certRepBytes); } catch (Exception e) { - return null; + return null; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java index ae71532d..7a2631da 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; + import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -33,13 +34,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the pretty print certificate output that displays the - * issued certificate in a pretty print format. - * + * This class implements the pretty print certificate output + * that displays the issued certificate in a pretty print format. + * * @version $Revision$, $Date$ */ -public class CertOutput extends EnrollOutput implements IProfileOutput { +public class CertOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_B64_CERT = "b64_cert"; @@ -52,7 +54,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -74,39 +76,44 @@ public class CertOutput extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_B64_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_B64_CERT)) { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return null; - return CMS.getEncodedCert(cert); + return CMS.getEncodedCert(cert); } else { return null; } diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java index 64c61f43..3013e881 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; + import java.util.Enumeration; import java.util.Locale; import java.util.Vector; @@ -30,21 +31,22 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; + /** * This class implements the basic enrollment output. - * + * * @version $Revision$, $Date$ */ -public abstract class EnrollOutput implements IProfileOutput { +public abstract class EnrollOutput implements IProfileOutput { private IConfigStore mConfig = null; private Vector mValueNames = new Vector(); protected Vector mConfigNames = new Vector(); - + /** * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { mConfig = config; } @@ -58,26 +60,28 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Populates the request with this policy default. - * + * * @param ctx profile context * @param request request * @exception EProfileException failed to populate */ public abstract void populate(IProfileContext ctx, IRequest request) - throws EProfileException; + throws EProfileException; /** - * Retrieves the descriptor of the given value parameter by name. - * + * Retrieves the descriptor of the given value + * parameter by name. + * * @param locale user locale * @param name property name * @return property descriptor */ public abstract IDescriptor getValueDescriptor(Locale locale, String name); + /** * Retrieves the localizable name of this policy. - * + * * @param locale user locale * @return output policy name */ @@ -85,7 +89,7 @@ public abstract class EnrollOutput implements IProfileOutput { /** * Retrieves the localizable description of this policy. - * + * * @param locale user locale * @return output policy description */ @@ -99,7 +103,7 @@ public abstract class EnrollOutput implements IProfileOutput { } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { return request.getExtDataInString(name); } @@ -107,7 +111,7 @@ public abstract class EnrollOutput implements IProfileOutput { * Sets the value of the given value parameter by name. */ public void setValue(String name, Locale locale, IRequest request, - String value) throws EPropertyException { + String value) throws EPropertyException { request.setExtData(name, value); } @@ -119,7 +123,8 @@ public abstract class EnrollOutput implements IProfileOutput { return null; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { } public String getConfig(String name) { diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java index 01550c1a..65718481 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; + import java.io.ByteArrayOutputStream; import java.security.cert.X509Certificate; import java.util.Locale; @@ -41,13 +42,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the output plugin that outputs PKCS7 for the issued - * certificate. - * + * This class implements the output plugin that outputs + * PKCS7 for the issued certificate. + * * @version $Revision$, $Date$ */ -public class PKCS7Output extends EnrollOutput implements IProfileOutput { +public class PKCS7Output extends EnrollOutput implements IProfileOutput { public static final String VAL_PRETTY_CERT = "pretty_cert"; public static final String VAL_PKCS7 = "pkcs7"; @@ -61,7 +63,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -83,65 +85,72 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput { * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_PRETTY_CERT)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_CERT_PP")); } else if (name.equals(VAL_PKCS7)) { - return new Descriptor(IDescriptor.PRETTY_PRINT, null, null, - CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_PKCS7_B64")); + return new Descriptor(IDescriptor.PRETTY_PRINT, null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_PKCS7_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_PRETTY_CERT)) { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) - return null; - ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); + return null; + ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); return prettyCert.toString(locale); } else if (name.equals(VAL_PKCS7)) { try { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem("ca"); - CertificateChain cachain = ca.getCACertChain(); - X509Certificate[] cacerts = cachain.getChain(); - - X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; - int m = 1, n = 0; - - for (; n < cacerts.length; m++, n++) { - userChain[m] = (X509CertImpl) cacerts[n]; - } - - userChain[0] = cert; - PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo( - new byte[0]), userChain, new SignerInfo[0]); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - p7.encodeSignedData(bos); - byte[] p7Bytes = bos.toByteArray(); - String p7Str = CMS.BtoA(p7Bytes); - - return p7Str; + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem("ca"); + CertificateChain cachain = ca.getCACertChain(); + X509Certificate[] cacerts = cachain.getChain(); + + X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; + int m = 1, n = 0; + + for (; n < cacerts.length; m++, n++) { + userChain[m] = (X509CertImpl) cacerts[n]; + } + + userChain[0] = cert; + PKCS7 p7 = new PKCS7(new AlgorithmId[0], + new ContentInfo(new byte[0]), + userChain, + new SignerInfo[0]); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + + p7.encodeSignedData(bos); + byte[] p7Bytes = bos.toByteArray(); + String p7Str = CMS.BtoA(p7Bytes); + + return p7Str; } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java index 31a1ddba..90aa40a1 100644 --- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java +++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.output; + import java.util.Locale; import netscape.security.x509.X509CertImpl; @@ -32,13 +33,14 @@ import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; import com.netscape.cms.profile.common.EnrollProfile; + /** - * This class implements the output plugin that outputs DER for the issued - * certificate for token keys - * + * This class implements the output plugin that outputs + * DER for the issued certificate for token keys + * * @version $Revision$, $Date$ */ -public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { +public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { public static final String VAL_DER = "der"; @@ -50,7 +52,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Initializes this default policy. */ public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } @@ -58,48 +60,49 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { * Retrieves the localizable name of this policy. */ public String getName(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME"); + return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME"); } /** * Retrieves the localizable description of this policy. */ public String getText(Locale locale) { - return CMS.getUserMessage(locale, - "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT"); + return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT"); } /** * Populates the request with this policy default. */ public void populate(IProfileContext ctx, IRequest request) - throws EProfileException { + throws EProfileException { } /** - * Retrieves the descriptor of the given value parameter by name. + * Retrieves the descriptor of the given value + * parameter by name. */ public IDescriptor getValueDescriptor(Locale locale, String name) { if (name.equals(VAL_DER)) { - return new Descriptor("der_b64", null, null, CMS.getUserMessage( - locale, "CMS_PROFILE_OUTPUT_DER_B64")); + return new Descriptor("der_b64", null, + null, + CMS.getUserMessage(locale, + "CMS_PROFILE_OUTPUT_DER_B64")); } return null; } public String getValue(String name, Locale locale, IRequest request) - throws EProfileException { + throws EProfileException { if (name.equals(VAL_DER)) { try { - X509CertImpl cert = request - .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT); - if (cert == null) - return null; - return CMS.BtoA(cert.getEncoded()); + X509CertImpl cert = request.getExtDataInCert( + EnrollProfile.REQUEST_ISSUED_CERT); + if (cert == null) + return null; + return CMS.BtoA(cert.getEncoded()); } catch (Exception e) { - return ""; + return ""; } } else { return null; diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java index e48b85a3..69803421 100644 --- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java +++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java @@ -43,8 +43,8 @@ import com.netscape.certsrv.usrgrp.IUser; import com.netscape.cms.profile.common.EnrollProfile; /** - * This updater class will create the new user to the subsystem group and then - * add the subsystem certificate to the user. + * This updater class will create the new user to the subsystem group and + * then add the subsystem certificate to the user. * * @version $Revision$, $Date$ */ @@ -57,7 +57,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { private Vector mConfigNames = new Vector(); private Vector mValueNames = new Vector(); - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********"; private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown"; private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;"; @@ -66,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { public SubsystemGroupUpdater() { } - public void init(IProfile profile, IConfigStore config) - throws EProfileException { + public void init(IProfile profile, IConfigStore config) + throws EProfileException { mConfig = config; mProfile = profile; mEnrollProfile = (EnrollProfile) profile; @@ -81,7 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return null; } - public void setConfig(String name, String value) throws EPropertyException { + public void setConfig(String name, String value) + throws EPropertyException { if (mConfig.getSubStore("params") == null) { // } else { @@ -106,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return mConfig; } - public void update(IRequest req, RequestStatus status) - throws EProfileException { + public void update(IRequest req, RequestStatus status) + throws EProfileException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -117,45 +119,41 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; } - X509CertImpl cert = req - .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); + X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT); if (cert == null) return; IConfigStore mainConfig = CMS.getConfigStore(); - - int num = 0; + + int num=0; try { num = mainConfig.getInteger("subsystem.count", 0); - } catch (Exception e) { - } + } catch (Exception e) {} IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID)); String requestor_name = "subsystem"; try { - requestor_name = req.getExtDataInString("requestor_name"); + requestor_name = req.getExtDataInString("requestor_name"); } catch (Exception e1) { - // ignore + // ignore } // i.e. tps-1.2.3.4-4 String id = requestor_name; - + num++; mainConfig.putInteger("subsystem.count", num); - + try { mainConfig.commit(false); } catch (Exception e) { } - String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" - + "+Resource;;" - + id - + "+fullname;;" - + id - + "+state;;1" - + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;"+ id + + "+fullname;;" + id + + "+state;;1" + + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>"; IUser user = null; CMS.debug("SubsystemGroupUpdater adduser"); @@ -173,8 +171,11 @@ public class SubsystemGroupUpdater implements IProfileUpdater { system.addUser(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user"); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -191,49 +192,57 @@ public class SubsystemGroupUpdater implements IProfileUpdater { } b64 = sb.toString(); } catch (Exception ence) { - CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " - + ence); + CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence); } - auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" - + "+Resource;;" + id + "+cert;;" + b64; + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" + + "+Resource;;"+ id + + "+cert;;"+ b64; system.addUserCert(user); CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate"); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.SUCCESS, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); } catch (LDAPException e) { CMS.debug("UpdateSubsystemGroup: update " + e.toString()); if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.FAILURE, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); - throw new EProfileException(e.toString()); + throw new EProfileException(e.toString()); } } catch (Exception e) { CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString()); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); throw new EProfileException(e.toString()); } IGroup group = null; String groupName = "Subsystem Group"; - auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" - + "+Resource;;" + groupName; + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" + + "+Resource;;"+ groupName; try { group = system.getGroupFromName(groupName); - + auditParams += "+user;;"; Enumeration members = group.getMemberNames(); while (members.hasMoreElements()) { auditParams += (String) members.nextElement(); if (members.hasMoreElements()) { - auditParams += ","; + auditParams +=","; } } @@ -243,8 +252,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater { system.modifyGroup(group); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID, - ILogger.SUCCESS, auditParams); + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); audit(auditMessage); CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group."); @@ -252,10 +263,12 @@ public class SubsystemGroupUpdater implements IProfileUpdater { CMS.debug("UpdateSubsystemGroup: update: user already a member of the group"); } } catch (Exception e) { - CMS.debug("UpdateSubsystemGroup update: modifyGroup " - + e.toString()); - auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE, - auditSubjectID, ILogger.FAILURE, auditParams); + CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); audit(auditMessage); } } @@ -273,8 +286,11 @@ public class SubsystemGroupUpdater implements IProfileUpdater { return; } - mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null, - ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg); + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + msg); } private String auditSubjectID() { @@ -288,7 +304,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater { SessionContext auditContext = SessionContext.getExistingContext(); if (auditContext != null) { - subjectID = (String) auditContext.get(SessionContext.USER_ID); + subjectID = (String) + auditContext.get(SessionContext.USER_ID); if (subjectID != null) { subjectID = subjectID.trim(); |