Class AuthorityKeyIdentifierExt
- java.lang.Object
-
- org.dogtagpki.legacy.server.policy.APolicyRule
-
- org.dogtagpki.legacy.server.policy.extensions.AuthorityKeyIdentifierExt
-
- All Implemented Interfaces:
IExtendedPluginInfo
,IPolicy
,IEnrollmentPolicy
,IPolicyRule
public class AuthorityKeyIdentifierExt extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo
Authority Public Key Extension Policy Adds the subject public key id extension to certificates.NOTE: The Policy Framework has been replaced by the Profile Framework.
- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
ALT_KEYID_TYPE_EMPTY
protected static java.lang.String
ALT_KEYID_TYPE_NONE
protected static java.lang.String
ALT_KEYID_TYPE_SPKISHA1
protected static java.lang.String
DEF_ALT_KEYID_TYPE
protected static boolean
DEF_CRITICAL
static org.slf4j.Logger
logger
protected java.lang.String
mAltKeyIdType
protected IConfigStore
mConfig
protected boolean
mCritical
protected static java.util.Vector<java.lang.String>
mDefaultParams
protected boolean
mEnabled
protected java.util.Vector<java.lang.String>
mInstanceParams
protected org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension
mTheExtension
protected static java.lang.String
PROP_ALT_KEYID_TYPE
protected static java.lang.String
PROP_CRITICAL
-
Fields inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
DESC, mFilterExp, mInstanceName, NAME
-
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
Fields inherited from interface org.dogtagpki.legacy.policy.IPolicyRule
PROP_ENABLE, PROP_IMPLNAME, PROP_PREDICATE
-
-
Constructor Summary
Constructors Constructor Description AuthorityKeyIdentifierExt()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description PolicyResult
apply(IRequest req)
Adds Authority Key Identifier Extension to a certificate.PolicyResult
applyCert(IRequest req, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
protected org.mozilla.jss.netscape.security.x509.KeyIdentifier
formKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertImpl caCertImpl)
Form the Key Identifier in the Authority Key Identifier extension.java.util.Vector<java.lang.String>
getDefaultParams()
Return default parameters for a policy implementation.java.lang.String[]
getExtendedPluginInfo(java.util.Locale locale)
This method returns an array of strings.java.util.Vector<java.lang.String>
getInstanceParams()
Return configured parameters for a policy rule instance.protected org.mozilla.jss.netscape.security.x509.KeyIdentifier
getKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
Get the Key Identifier in a subject key identifier extension from a CertInfo.void
init(IPolicyProcessor owner, IConfigStore config)
Initializes this policy rule.-
Methods inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
agentApproved, createKeyIdentifier, deferred, formSHA1KeyId, formSpkiSHA1KeyId, getDescription, getInstanceName, getName, getPredicate, setError, setError, setError, setInstanceName, setPolicyException, setPolicyException, setPredicate
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.dogtagpki.legacy.policy.IPolicyRule
getDescription, getInstanceName, getName, getPredicate, setError, setInstanceName, setPolicyException, setPredicate
-
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
PROP_CRITICAL
protected static final java.lang.String PROP_CRITICAL
- See Also:
- Constant Field Values
-
PROP_ALT_KEYID_TYPE
protected static final java.lang.String PROP_ALT_KEYID_TYPE
- See Also:
- Constant Field Values
-
ALT_KEYID_TYPE_SPKISHA1
protected static final java.lang.String ALT_KEYID_TYPE_SPKISHA1
- See Also:
- Constant Field Values
-
ALT_KEYID_TYPE_NONE
protected static final java.lang.String ALT_KEYID_TYPE_NONE
- See Also:
- Constant Field Values
-
ALT_KEYID_TYPE_EMPTY
protected static final java.lang.String ALT_KEYID_TYPE_EMPTY
- See Also:
- Constant Field Values
-
DEF_CRITICAL
protected static final boolean DEF_CRITICAL
- See Also:
- Constant Field Values
-
DEF_ALT_KEYID_TYPE
protected static final java.lang.String DEF_ALT_KEYID_TYPE
- See Also:
- Constant Field Values
-
mEnabled
protected boolean mEnabled
-
mConfig
protected IConfigStore mConfig
-
mCritical
protected boolean mCritical
-
mAltKeyIdType
protected java.lang.String mAltKeyIdType
-
mTheExtension
protected org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension mTheExtension
-
mInstanceParams
protected java.util.Vector<java.lang.String> mInstanceParams
-
mDefaultParams
protected static java.util.Vector<java.lang.String> mDefaultParams
-
-
Method Detail
-
init
public void init(IPolicyProcessor owner, IConfigStore config) throws EBaseException
Initializes this policy rule. Reads configuration file and creates a authority key identifier extension to add. Key identifier inside the extension is constructed as the CA's subject key identifier extension if it exists. If it does not exist this can be configured to use: (1) sha-1 hash of the CA's subject public key info (what communicator expects if the CA does not have a subject key identifier extension) or (2) No extension set (3) Empty sequence in Authority Key Identifier extension.The entries may be of the form: ca.Policy.rule.
.predicate= ca.Policy.rule. .implName= ca.Policy.rule. .enable=true - Specified by:
init
in interfaceIPolicyRule
- Specified by:
init
in classAPolicyRule
- Parameters:
config
- The config store reference- Throws:
EBaseException
-
apply
public PolicyResult apply(IRequest req)
Adds Authority Key Identifier Extension to a certificate. If the extension is already there, accept it if it's from the agent, else replace it.- Specified by:
apply
in interfaceIPolicy
- Specified by:
apply
in interfaceIPolicyRule
- Specified by:
apply
in classAPolicyRule
- Parameters:
req
- The request on which to apply policy.- Returns:
- The policy result object.
-
applyCert
public PolicyResult applyCert(IRequest req, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
-
formKeyIdentifier
protected org.mozilla.jss.netscape.security.x509.KeyIdentifier formKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertImpl caCertImpl) throws EBaseException
Form the Key Identifier in the Authority Key Identifier extension. from the CA's cert.- Parameters:
caCertImpl
- Certificate Info- Returns:
- A Key Identifier.
- Throws:
EBaseException
- on error
-
getKeyIdentifier
protected org.mozilla.jss.netscape.security.x509.KeyIdentifier getKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo) throws EBaseException
Get the Key Identifier in a subject key identifier extension from a CertInfo.- Parameters:
certInfo
- the CertInfo structure.- Returns:
- Key Identifier in a Subject Key Identifier extension if any.
- Throws:
EBaseException
-
getInstanceParams
public java.util.Vector<java.lang.String> getInstanceParams()
Return configured parameters for a policy rule instance.- Specified by:
getInstanceParams
in interfaceIPolicyRule
- Specified by:
getInstanceParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getDefaultParams
public java.util.Vector<java.lang.String> getDefaultParams()
Return default parameters for a policy implementation.- Specified by:
getDefaultParams
in interfaceIPolicyRule
- Specified by:
getDefaultParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getExtendedPluginInfo
public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name; [,required]; ;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use" - Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
-