Class SubjAltNameExt

  • All Implemented Interfaces:
    IExtendedPluginInfo, com.netscape.certsrv.request.IPolicy, org.dogtagpki.legacy.policy.IEnrollmentPolicy, org.dogtagpki.legacy.policy.IPolicyRule

    public class SubjAltNameExt
    extends APolicyRule
    implements org.dogtagpki.legacy.policy.IEnrollmentPolicy, IExtendedPluginInfo
    THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. New Policy is com.netscape.certsrv.policy.SubjectAltNameExt.

    Subject Alternative Name extension policy in CMS 4.1. Adds the subject alternative name extension depending on the certificate type requested. Two forms are supported. 1) For S/MIME certificates, email addresses are copied from data stored in the request by the authentication component. Both 'e' and 'altEmail' are supported so that both the primary address and alternative forms may be certified. Only the primary goes in the subjectName position (which should be phased out). e mailAlternateAddress

     NOTE:  The Policy Framework has been replaced by the Profile Framework.
     

    Version:
    $Revision$, $Date$
    • Constructor Summary

      Constructors 
      Constructor Description
      SubjAltNameExt()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void addValues​(com.netscape.certsrv.authentication.IAuthToken tok, java.lang.String attrName, java.util.Vector<java.lang.String> v)
      Add attribute values from an LDAP attribute to a vector
      com.netscape.certsrv.request.PolicyResult apply​(com.netscape.certsrv.request.IRequest req)
      Adds the subject alternative names extension if not set already.
      com.netscape.certsrv.request.PolicyResult applyCert​(com.netscape.certsrv.request.IRequest req, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)  
      protected org.mozilla.jss.netscape.security.x509.CertificateExtensions createCertificateExtensions​(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
      Create a new SET of extensions in the certificate info object.
      protected com.netscape.certsrv.authentication.IAuthToken findAuthToken​(com.netscape.certsrv.request.IRequest req, java.lang.String authMgrName)
      Find a particular authentication token by manager name.
      java.util.Vector<java.lang.String> getDefaultParams()
      Return default parameters for a policy implementation.
      protected java.util.Vector<java.lang.String> getEmailList​(com.netscape.certsrv.authentication.IAuthToken tok)
      Generate a String Vector containing all the email addresses found in this Authentication token
      java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
      This method returns an array of strings.
      java.util.Vector<java.lang.String> getInstanceParams()
      Return configured parameters for a policy rule instance.
      void init​(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config)
      Initializes this policy rule.
      protected org.mozilla.jss.netscape.security.x509.SubjectAlternativeNameExtension mkExt​(java.util.Vector<java.lang.String> emails)
      Make a Subject name extension given a list of email addresses
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
      • Methods inherited from interface org.dogtagpki.legacy.policy.IPolicyRule

        getDescription, getInstanceName, getName, getPredicate, setError, setInstanceName, setPolicyException, setPredicate
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • PROP_AGENT_OVERR

        protected static final java.lang.String PROP_AGENT_OVERR
        See Also:
        Constant Field Values
      • PROP_ENABLE_MANUAL_VALUES

        protected static final java.lang.String PROP_ENABLE_MANUAL_VALUES
        See Also:
        Constant Field Values
      • mAllowAgentOverride

        protected boolean mAllowAgentOverride
      • mAllowEEOverride

        protected boolean mAllowEEOverride
      • mEnableManualValues

        protected boolean mEnableManualValues
      • mCritical

        protected boolean mCritical
    • Constructor Detail

      • SubjAltNameExt

        public SubjAltNameExt()
    • Method Detail

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • init

        public void init​(org.dogtagpki.legacy.policy.IPolicyProcessor owner,
                         IConfigStore config)
                  throws EBaseException
        Initializes this policy rule.

        The entries may be of the form: ra.Policy.rule..implName=SubjAltNameExt ra.Policy.rule..enable=true

        Specified by:
        init in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        init in class APolicyRule
        Parameters:
        config - The config store reference
        Throws:
        EBaseException
      • apply

        public com.netscape.certsrv.request.PolicyResult apply​(com.netscape.certsrv.request.IRequest req)
        Adds the subject alternative names extension if not set already.

        Specified by:
        apply in interface com.netscape.certsrv.request.IPolicy
        Specified by:
        apply in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        apply in class APolicyRule
        Parameters:
        req - The request on which to apply policy.
        Returns:
        The policy result object.
      • applyCert

        public com.netscape.certsrv.request.PolicyResult applyCert​(com.netscape.certsrv.request.IRequest req,
                                                                   org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
      • findAuthToken

        protected com.netscape.certsrv.authentication.IAuthToken findAuthToken​(com.netscape.certsrv.request.IRequest req,
                                                                               java.lang.String authMgrName)
        Find a particular authentication token by manager name. If the token is not present return null
      • getEmailList

        protected java.util.Vector<java.lang.String> getEmailList​(com.netscape.certsrv.authentication.IAuthToken tok)
                                                           throws java.io.IOException
        Generate a String Vector containing all the email addresses found in this Authentication token
        Throws:
        java.io.IOException
      • addValues

        protected void addValues​(com.netscape.certsrv.authentication.IAuthToken tok,
                                 java.lang.String attrName,
                                 java.util.Vector<java.lang.String> v)
                          throws java.io.IOException
        Add attribute values from an LDAP attribute to a vector
        Throws:
        java.io.IOException
      • mkExt

        protected org.mozilla.jss.netscape.security.x509.SubjectAlternativeNameExtension mkExt​(java.util.Vector<java.lang.String> emails)
                                                                                        throws java.io.IOException
        Make a Subject name extension given a list of email addresses
        Throws:
        java.io.IOException
      • createCertificateExtensions

        protected org.mozilla.jss.netscape.security.x509.CertificateExtensions createCertificateExtensions​(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
                                                                                                    throws java.io.IOException,
                                                                                                           java.security.cert.CertificateException
        Create a new SET of extensions in the certificate info object. This should be a method in the X509CertInfo object
        Throws:
        java.io.IOException
        java.security.cert.CertificateException
      • getInstanceParams

        public java.util.Vector<java.lang.String> getInstanceParams()
        Return configured parameters for a policy rule instance.
        Specified by:
        getInstanceParams in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        getInstanceParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • getDefaultParams

        public java.util.Vector<java.lang.String> getDefaultParams()
        Return default parameters for a policy implementation.
        Specified by:
        getDefaultParams in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        getDefaultParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.