Class NSCertTypeExt
- java.lang.Object
-
- org.dogtagpki.legacy.server.policy.APolicyRule
-
- org.dogtagpki.legacy.server.policy.extensions.NSCertTypeExt
-
- All Implemented Interfaces:
IExtendedPluginInfo
,com.netscape.certsrv.request.IPolicy
,org.dogtagpki.legacy.policy.IEnrollmentPolicy
,org.dogtagpki.legacy.policy.IPolicyRule
public class NSCertTypeExt extends APolicyRule implements org.dogtagpki.legacy.policy.IEnrollmentPolicy, IExtendedPluginInfo
NS Cert Type policy. Adds the ns cert type extension depending on cert type requested.NOTE: The Policy Framework has been replaced by the Profile Framework.
- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description protected static boolean[]
DEF_BITS
protected static int
DEF_PATHLEN
protected static boolean
DEF_SET_DEFAULT_BITS
protected static java.lang.String
DEF_SET_DEFAULT_BITS_VAL
static org.slf4j.Logger
logger
protected boolean
mAllowAgentOverride
protected boolean
mAllowEEOverride
protected int
mCAPathLen
protected IConfigStore
mConfig
protected boolean
mCritical
protected boolean
mSetDefaultBits
protected static java.lang.String
PROP_AGENT_OVERR
protected static java.lang.String
PROP_CRITICAL
protected static java.lang.String
PROP_EE_OVERR
protected static java.lang.String
PROP_SET_DEFAULT_BITS
-
Fields inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
DESC, mFilterExp, mInstanceName, NAME
-
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
-
Constructor Summary
Constructors Constructor Description NSCertTypeExt()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description com.netscape.certsrv.request.PolicyResult
apply(com.netscape.certsrv.request.IRequest req)
Adds the ns cert type if not set already.com.netscape.certsrv.request.PolicyResult
applyCert(com.netscape.certsrv.request.IRequest req, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
protected boolean
extensionIsGood(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsCertTypeExt, com.netscape.certsrv.request.IRequest req)
check if ns cert type extension is set correctly, correct bits if not.protected boolean[]
getBitsFromRequest(com.netscape.certsrv.request.IRequest req, boolean setDefault)
Gets ns cert type bits from request.protected boolean[]
getCertTypeBits(com.netscape.certsrv.request.IRequest req)
get cert type bits according to cert type.java.util.Vector<java.lang.String>
getDefaultParams()
Return default parameters for a policy implementation.java.lang.String[]
getExtendedPluginInfo(java.util.Locale locale)
This method returns an array of strings.java.util.Vector<java.lang.String>
getInstanceParams()
Return configured parameters for a policy rule instance.protected boolean[]
getNSCertTypeBits(com.netscape.certsrv.request.IRequest req)
get ns cert type bits from actual sets in the requestvoid
init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config)
Initializes this policy rule.void
mergeBits(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsCertTypeExt, boolean[] bits)
merge bits with those set from form.-
Methods inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
agentApproved, createKeyIdentifier, deferred, formSHA1KeyId, formSpkiSHA1KeyId, getDescription, getInstanceName, getName, getPredicate, setError, setError, setError, setInstanceName, setPolicyException, setPolicyException, setPredicate
-
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
PROP_SET_DEFAULT_BITS
protected static final java.lang.String PROP_SET_DEFAULT_BITS
- See Also:
- Constant Field Values
-
DEF_SET_DEFAULT_BITS
protected static final boolean DEF_SET_DEFAULT_BITS
- See Also:
- Constant Field Values
-
DEF_SET_DEFAULT_BITS_VAL
protected static final java.lang.String DEF_SET_DEFAULT_BITS_VAL
-
DEF_PATHLEN
protected static final int DEF_PATHLEN
- See Also:
- Constant Field Values
-
DEF_BITS
protected static final boolean[] DEF_BITS
-
PROP_AGENT_OVERR
protected static final java.lang.String PROP_AGENT_OVERR
- See Also:
- Constant Field Values
-
PROP_EE_OVERR
protected static final java.lang.String PROP_EE_OVERR
- See Also:
- Constant Field Values
-
PROP_CRITICAL
protected static final java.lang.String PROP_CRITICAL
- See Also:
- Constant Field Values
-
mAllowAgentOverride
protected boolean mAllowAgentOverride
-
mAllowEEOverride
protected boolean mAllowEEOverride
-
mCritical
protected boolean mCritical
-
mCAPathLen
protected int mCAPathLen
-
mConfig
protected IConfigStore mConfig
-
mSetDefaultBits
protected boolean mSetDefaultBits
-
-
Method Detail
-
init
public void init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config) throws EBaseException
Initializes this policy rule.The entries may be of the form: ra.Policy.rule.
.implName=nsCertTypeExt ra.Policy.rule. .enable=true - Specified by:
init
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
init
in classAPolicyRule
- Parameters:
config
- The config store reference- Throws:
EBaseException
-
apply
public com.netscape.certsrv.request.PolicyResult apply(com.netscape.certsrv.request.IRequest req)
Adds the ns cert type if not set already. reads ns cert type choices from form. If no choices from form will defaults to all.- Specified by:
apply
in interfacecom.netscape.certsrv.request.IPolicy
- Specified by:
apply
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
apply
in classAPolicyRule
- Parameters:
req
- The request on which to apply policy.- Returns:
- The policy result object.
-
applyCert
public com.netscape.certsrv.request.PolicyResult applyCert(com.netscape.certsrv.request.IRequest req, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
-
extensionIsGood
protected boolean extensionIsGood(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsCertTypeExt, com.netscape.certsrv.request.IRequest req) throws java.io.IOException, java.security.cert.CertificateException
check if ns cert type extension is set correctly, correct bits if not. if not authorized to set extension, bits will be replaced.- Throws:
java.io.IOException
java.security.cert.CertificateException
-
getBitsFromRequest
protected boolean[] getBitsFromRequest(com.netscape.certsrv.request.IRequest req, boolean setDefault)
Gets ns cert type bits from request. If none set, use cert type to determine correct bits. If no cert type, use default.
-
getNSCertTypeBits
protected boolean[] getNSCertTypeBits(com.netscape.certsrv.request.IRequest req)
get ns cert type bits from actual sets in the request
-
getCertTypeBits
protected boolean[] getCertTypeBits(com.netscape.certsrv.request.IRequest req)
get cert type bits according to cert type.
-
mergeBits
public void mergeBits(org.mozilla.jss.netscape.security.extensions.NSCertTypeExtension nsCertTypeExt, boolean[] bits)
merge bits with those set from form. make sure required minimum is set. Agent or auth can set others. XXX form shouldn't set the extension
-
getInstanceParams
public java.util.Vector<java.lang.String> getInstanceParams()
Return configured parameters for a policy rule instance.- Specified by:
getInstanceParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getInstanceParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getExtendedPluginInfo
public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name; [,required]; ;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use" - Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
getDefaultParams
public java.util.Vector<java.lang.String> getDefaultParams()
Return default parameters for a policy implementation.- Specified by:
getDefaultParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getDefaultParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
-