Class ValidityConstraints
- java.lang.Object
-
- org.dogtagpki.legacy.server.policy.APolicyRule
-
- org.dogtagpki.legacy.server.policy.constraints.ValidityConstraints
-
- All Implemented Interfaces:
IExtendedPluginInfo
,com.netscape.certsrv.request.IPolicy
,org.dogtagpki.legacy.policy.IEnrollmentPolicy
,org.dogtagpki.legacy.policy.IPolicyRule
public class ValidityConstraints extends APolicyRule implements org.dogtagpki.legacy.policy.IEnrollmentPolicy, IExtendedPluginInfo
ValidityConstraints is a default rule for Enrollment and Renewal that enforces minimum and maximum validity periods and changes them if not met. Optionally the lead and lag times - i.e how far back into the front or back the notBefore date could go in minutes can also be specified.NOTE: The Policy Framework has been replaced by the Profile Framework.
- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description static long
DAYS_TO_MS_FACTOR
static int
DEF_LAG_TIME
static int
DEF_LEAD_TIME
static int
DEF_MAX_VALIDITY
static int
DEF_MIN_VALIDITY
static int
DEF_NOT_BEFORE_SKEW
static long
MINS_TO_MS_FACTOR
protected long
mLagTime
protected long
mLeadTime
protected long
mMaxValidity
protected long
mMinValidity
protected long
mNotBeforeSkew
-
Fields inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
DESC, logger, mFilterExp, mInstanceName, NAME
-
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
-
Constructor Summary
Constructors Constructor Description ValidityConstraints()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description com.netscape.certsrv.request.PolicyResult
apply(com.netscape.certsrv.request.IRequest req)
Applies the policy on the given Request.java.util.Vector<java.lang.String>
getDefaultParams()
Return default parameters for a policy implementation.java.lang.String[]
getExtendedPluginInfo(java.util.Locale locale)
This method returns an array of strings.java.util.Vector<java.lang.String>
getInstanceParams()
Return configured parameters for a policy rule instance.void
init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config)
Initializes this policy rule.protected org.mozilla.jss.netscape.security.x509.CertificateValidity
makeDefaultValidity(com.netscape.certsrv.request.IRequest req)
Create a default validity value for a request This code can be easily overridden in a derived class, if the calculations here aren't accepatble.protected long
roundTimeToSecond(long input)
convert a millisecond resolution time into one with 1 second resolution.-
Methods inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
agentApproved, createKeyIdentifier, deferred, formSHA1KeyId, formSpkiSHA1KeyId, getDescription, getInstanceName, getName, getPredicate, setError, setError, setError, setInstanceName, setPolicyException, setPolicyException, setPredicate
-
-
-
-
Field Detail
-
mMinValidity
protected long mMinValidity
-
mMaxValidity
protected long mMaxValidity
-
mLeadTime
protected long mLeadTime
-
mLagTime
protected long mLagTime
-
mNotBeforeSkew
protected long mNotBeforeSkew
-
DEF_MIN_VALIDITY
public static final int DEF_MIN_VALIDITY
- See Also:
- Constant Field Values
-
DEF_MAX_VALIDITY
public static final int DEF_MAX_VALIDITY
- See Also:
- Constant Field Values
-
DEF_LEAD_TIME
public static final int DEF_LEAD_TIME
- See Also:
- Constant Field Values
-
DEF_LAG_TIME
public static final int DEF_LAG_TIME
- See Also:
- Constant Field Values
-
DEF_NOT_BEFORE_SKEW
public static final int DEF_NOT_BEFORE_SKEW
- See Also:
- Constant Field Values
-
DAYS_TO_MS_FACTOR
public static final long DAYS_TO_MS_FACTOR
- See Also:
- Constant Field Values
-
MINS_TO_MS_FACTOR
public static final long MINS_TO_MS_FACTOR
- See Also:
- Constant Field Values
-
-
Method Detail
-
getExtendedPluginInfo
public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name; [,required]; ;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use" - Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
init
public void init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config) throws org.dogtagpki.legacy.policy.EPolicyException
Initializes this policy rule.The entries probably are of the form: ra.Policy.rule.
.implName=ValidityConstraints ra.Policy.rule. .enable=true ra.Policy.rule. .minValidity=30 ra.Policy.rule. .maxValidity=180 ra.Policy.rule. .predicate=ou==Sales - Specified by:
init
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
init
in classAPolicyRule
- Parameters:
config
- The config store reference- Throws:
org.dogtagpki.legacy.policy.EPolicyException
-
apply
public com.netscape.certsrv.request.PolicyResult apply(com.netscape.certsrv.request.IRequest req)
Applies the policy on the given Request.- Specified by:
apply
in interfacecom.netscape.certsrv.request.IPolicy
- Specified by:
apply
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
apply
in classAPolicyRule
- Parameters:
req
- The request on which to apply policy.- Returns:
- The policy result object.
-
getInstanceParams
public java.util.Vector<java.lang.String> getInstanceParams()
Return configured parameters for a policy rule instance.- Specified by:
getInstanceParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getInstanceParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getDefaultParams
public java.util.Vector<java.lang.String> getDefaultParams()
Return default parameters for a policy implementation.- Specified by:
getDefaultParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getDefaultParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
makeDefaultValidity
protected org.mozilla.jss.netscape.security.x509.CertificateValidity makeDefaultValidity(com.netscape.certsrv.request.IRequest req)
Create a default validity value for a request This code can be easily overridden in a derived class, if the calculations here aren't accepatble. TODO: it might be good to base this calculation on the creation time of the request.
-
roundTimeToSecond
protected long roundTimeToSecond(long input)
convert a millisecond resolution time into one with 1 second resolution. Most times in certificates are storage at 1 second resolution, so its better if we deal with things at that level.
-
-