// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; import java.util.*; import java.io.*; import java.text.SimpleDateFormat; import java.security.cert.*; import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.certsrv.policy.*; import com.netscape.certsrv.apps.*; import com.netscape.certsrv.base.*; import com.netscape.certsrv.authentication.*; import com.netscape.certsrv.common.*; import com.netscape.certsrv.logging.ILogger; import netscape.security.x509.*; import netscape.ldap.*; import com.netscape.cms.policy.APolicyRule; /** * PrivateKeyUsagePeriod Identifier Extension policy. *
*
* NOTE: The Policy Framework has been replaced by the Profile Framework. **
*
* @deprecated
* @version $Revision$, $Date$
*/
public class PrivateKeyUsagePeriodExt extends APolicyRule
implements IEnrollmentPolicy, IExtendedPluginInfo {
private final static String PROP_NOT_BEFORE = "notBefore";
private final static String PROP_NOT_AFTER = "notAfter";
protected static final String PROP_IS_CRITICAL = "critical";
// 6 months roughly
private final static long defDuration = 60L * 60 * 24 * 180 * 1000;
private static final String DATE_PATTERN = "MM/dd/yyyy";
static SimpleDateFormat formatter = new SimpleDateFormat(DATE_PATTERN);
private static Date now = CMS.getCurrentDate();
private static Date six_months = new Date(now.getTime() + defDuration);
public static final String DEFAULT_NOT_BEFORE = formatter.format(now);
public static final String DEFAULT_NOT_AFTER = formatter.format(six_months);
// PKIX specifies the that the extension SHOULD NOT be critical
public static final boolean DEFAULT_CRITICALITY = false;
protected String mNotBefore;
protected String mNotAfter;
protected boolean mCritical;
private static Vector defaultParams;
static {
formatter.setLenient(false);
defaultParams = new Vector();
defaultParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
defaultParams.addElement(PROP_NOT_BEFORE + "=" + DEFAULT_NOT_BEFORE);
defaultParams.addElement(PROP_NOT_AFTER + "=" + DEFAULT_NOT_AFTER);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " +
"recommends against the use of this extension. CAs " +
"conforming to the profile MUST NOT generate certs with " +
"critical private key usage period extensions.",
PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.",
PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.",
IExtendedPluginInfo.HELP_TOKEN +
";configuration-policyrules-privatekeyusageperiod",
IExtendedPluginInfo.HELP_TEXT +
";Adds (deprecated) Private Key Usage Period Extension. " +
"Defined in RFC 2459 (4.2.1.4)"
};
return params;
}
/**
* Adds the private key usage extension to all certs.
*/
public PrivateKeyUsagePeriodExt() {
NAME = "PrivateKeyUsagePeriodExt";
DESC = "Sets Private Key Usage Extension for a certificate";
}
/**
* Initializes this policy rule.
* ra.Policy.rule.