Class EnrollProfile


  • public abstract class EnrollProfile
    extends Profile
    This class implements a generic enrollment profile.

    An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and output plugins.

    This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an enrollment request.

    Version:
    $Revision$, $Date$
    Author:
    cfu
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • CTX_CERT_REQUEST_TYPE

        public static final java.lang.String CTX_CERT_REQUEST_TYPE
        Name of request attribute that stores the User Supplied Certificate Request Type.
        See Also:
        Constant Field Values
      • REQ_TYPE_PKCS10

        public static final java.lang.String REQ_TYPE_PKCS10
        Possible values for CTX_CERT_REQUEST_TYPE attribute.
        See Also:
        Constant Field Values
      • REQUEST_LOCALE

        public static final java.lang.String REQUEST_LOCALE
        Name of request attribute that stores the End-User Locale.

        The value is of type java.util.Locale.

        See Also:
        Constant Field Values
      • REQUEST_SEQ_NUM

        public static final java.lang.String REQUEST_SEQ_NUM
        Name of request attribute that stores the sequence number. Consider a CRMF request that may contain multiple certificate request. The first sub certificate certificate request has a sequence number of 0, the next one has a sequence of 1, and so on.

        The value is of type java.lang.Integer.

        See Also:
        Constant Field Values
      • CTX_RENEWAL_SEQ_NUM

        public static final java.lang.String CTX_RENEWAL_SEQ_NUM
        Name of the request attribute that stores the sequence number for a renewal request. Only one request at a time is permitted for a renewal. This value corresponds to the sequence number (and hence the appropriate certificate) of the original request
        See Also:
        Constant Field Values
      • CTX_RENEWAL

        public static final java.lang.String CTX_RENEWAL
        Name of request attribute to indicate if this is a renewal
        See Also:
        Constant Field Values
      • REQUEST_VALIDITY

        public static final java.lang.String REQUEST_VALIDITY
        Name of request attribute that stores the End-User Supplied Validity.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateValidity

        See Also:
        Constant Field Values
      • REQUEST_SIGNING_ALGORITHM

        public static final java.lang.String REQUEST_SIGNING_ALGORITHM
        Name of request attribute that stores the End-User Supplied Signing Algorithm.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId

        See Also:
        Constant Field Values
      • REQUEST_EXTENSIONS

        public static final java.lang.String REQUEST_EXTENSIONS
        Name of request attribute that stores the End-User Supplied Extensions.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateExtensions

        See Also:
        Constant Field Values
      • REQUEST_CERTINFO

        public static final java.lang.String REQUEST_CERTINFO
        Name of request attribute that stores the certificate template that will be signed and then become a certificate.

        The value is of type org.mozilla.jss.netscape.security.x509.X509CertInfo

        See Also:
        Constant Field Values
      • REQUEST_ISSUED_CERT

        public static final java.lang.String REQUEST_ISSUED_CERT
        Name of request attribute that stores the issued certificate.

        The value is of type org.mozilla.jss.netscape.security.x509.X509CertImpl

        See Also:
        Constant Field Values
      • REQUEST_ISSUED_P12

        public static final java.lang.String REQUEST_ISSUED_P12
        Name of request attribute that stores the issued P12 from server-side keygen.

        See Also:
        Constant Field Values
      • REQUEST_AUTHORITY_ID

        public static final java.lang.String REQUEST_AUTHORITY_ID
        ID of requested certificate authority (absense implies host authority)
        See Also:
        Constant Field Values
      • REQUEST_USER_DATA

        public static final java.lang.String REQUEST_USER_DATA
        Arbitrary user-supplied data.
        See Also:
        Constant Field Values
    • Constructor Detail

      • EnrollProfile

        public EnrollProfile()
    • Method Detail

      • getAuthority

        public abstract IAuthority getAuthority()
      • getRequestQueue

        public com.netscape.certsrv.request.IRequestQueue getRequestQueue()
        Description copied from class: Profile
        Retrieves the request queue that is associated with this profile. The request queue is for creating new requests.
        Specified by:
        getRequestQueue in class Profile
        Returns:
        request queue
      • createRequests

        public com.netscape.certsrv.request.IRequest[] createRequests​(java.util.Map<java.lang.String,​java.lang.String> ctx,
                                                                      java.util.Locale locale)
                                                               throws java.lang.Exception
        Creates request.
        Specified by:
        createRequests in class Profile
        Parameters:
        ctx - profile context
        locale - user locale
        Returns:
        a list of requests
        Throws:
        java.lang.Exception - failed to create requests
      • getIssuerName

        public abstract org.mozilla.jss.netscape.security.x509.X500Name getIssuerName()
      • setDefaultCertInfo

        public void setDefaultCertInfo​(com.netscape.certsrv.request.IRequest request)
                                throws com.netscape.certsrv.profile.EProfileException
        Set Default X509CertInfo in the request.
        Parameters:
        request - profile-based certificate request.
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to set the X509CertInfo.
      • createEnrollmentRequest

        public com.netscape.certsrv.request.IRequest createEnrollmentRequest()
                                                                      throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • execute

        public abstract void execute​(com.netscape.certsrv.request.IRequest request)
                              throws com.netscape.certsrv.profile.EProfileException
        Description copied from class: Profile
        Process a request after validation.
        Overrides:
        execute in class Profile
        Parameters:
        request - request to be processed
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to process
      • getPolicySetId

        public java.lang.String getPolicySetId​(com.netscape.certsrv.request.IRequest req)
        Perform simple policy set assignment.
        Specified by:
        getPolicySetId in class Profile
        Parameters:
        req - request
        Returns:
        policy set id
      • getRequestorDN

        public java.lang.String getRequestorDN​(com.netscape.certsrv.request.IRequest request)
        Description copied from class: Profile
        Retrieves a localized string that represents requestor's distinguished name. This string displayed in the request listing user interface.
        Overrides:
        getRequestorDN in class Profile
        Parameters:
        request - request
        Returns:
        distringuished name of the request owner
      • setPOPchallenge

        public void setPOPchallenge​(com.netscape.certsrv.request.IRequest req)
                             throws EBaseException
        setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP later
        Parameters:
        req - the request
        Throws:
        EBaseException
      • submit

        public void submit​(com.netscape.certsrv.authentication.IAuthToken token,
                           com.netscape.certsrv.request.IRequest request)
                    throws com.netscape.certsrv.profile.EDeferException,
                           com.netscape.certsrv.profile.EProfileException
        This method is called after the user submits the request from the end-entity page.
        Specified by:
        submit in class Profile
        Parameters:
        token - authentication token
        request - request to be processed
        Throws:
        com.netscape.certsrv.profile.EDeferException - defer request
        com.netscape.certsrv.profile.EProfileException - failed to submit
      • getPKIDataFromCMCblob

        public org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob​(java.util.Locale locale,
                                                                      java.lang.String certReqBlob)
                                                               throws com.netscape.certsrv.profile.EProfileException
        getPKIDataFromCMCblob
        Parameters:
        certReqBlob - cmc b64 encoded blob
        Returns:
        PKIData
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • getCMCSigningCertSNfromCertSerial

        public static org.mozilla.jss.netscape.security.x509.CertificateSubjectName getCMCSigningCertSNfromCertSerial​(java.lang.String certSerial)
                                                                                                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getCMCSigningCertFromCertSerial

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl getCMCSigningCertFromCertSerial​(java.lang.String certSerial)
                                                                                                   throws java.lang.Exception
        getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdb
        Throws:
        java.lang.Exception
      • parseCMC

        public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC​(java.util.Locale locale,
                                                                 java.lang.String certreq)
                                                          throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • parseCMC

        public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC​(java.util.Locale locale,
                                                                 java.lang.String certreq,
                                                                 boolean donePOI)
                                                          throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • getPopLinkWitnessV2control

        protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control​(org.mozilla.jss.asn1.ASN1Value value)
        getPopLinkWitnessV2control
      • verifyPopLinkWitnessV2

        protected boolean verifyPopLinkWitnessV2​(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2,
                                                 byte[] randomSeed,
                                                 byte[] sharedSecret,
                                                 java.lang.String ident_string)
        verifyPopLinkWitnessV2
      • fillTaggedRequest

        public void fillTaggedRequest​(java.util.Locale locale,
                                      org.mozilla.jss.pkix.cmc.TaggedRequest tagreq,
                                      org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                                      com.netscape.certsrv.request.IRequest req)
                               throws com.netscape.certsrv.profile.EProfileException,
                                      com.netscape.certsrv.profile.ECMCPopFailedException,
                                      com.netscape.certsrv.profile.ECMCBadRequestException
        Throws:
        com.netscape.certsrv.profile.EProfileException
        com.netscape.certsrv.profile.ECMCPopFailedException
        com.netscape.certsrv.profile.ECMCBadRequestException
      • getPKIArchiveOptions

        protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions​(org.mozilla.jss.pkix.primitive.AVA ava)
      • toPKIArchiveOptions

        public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions​(byte[] options)
      • toByteArray

        public byte[] toByteArray​(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
      • fillCertReqMsg

        public void fillCertReqMsg​(java.util.Locale locale,
                                   org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg,
                                   org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                                   com.netscape.certsrv.request.IRequest req)
                            throws com.netscape.certsrv.profile.EProfileException,
                                   com.netscape.certsrv.profile.ECMCUnsupportedExtException
        Throws:
        com.netscape.certsrv.profile.EProfileException
        com.netscape.certsrv.profile.ECMCUnsupportedExtException
      • fillPKCS10

        public void fillPKCS10​(java.util.Locale locale,
                               org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               com.netscape.certsrv.request.IRequest req)
                        throws com.netscape.certsrv.profile.EProfileException,
                               com.netscape.certsrv.profile.ECMCUnsupportedExtException
        Throws:
        com.netscape.certsrv.profile.EProfileException
        com.netscape.certsrv.profile.ECMCUnsupportedExtException
      • fillNSNKEY

        public void fillNSNKEY​(java.util.Locale locale,
                               java.lang.String sn,
                               java.lang.String skey,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               com.netscape.certsrv.request.IRequest req)
                        throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • fillNSHKEY

        public void fillNSHKEY​(java.util.Locale locale,
                               java.lang.String tcuid,
                               java.lang.String skey,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               com.netscape.certsrv.request.IRequest req)
                        throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • fillKeyGen

        public void fillKeyGen​(java.util.Locale locale,
                               org.mozilla.jss.netscape.security.util.DerInputStream derIn,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               com.netscape.certsrv.request.IRequest req)
                        throws com.netscape.certsrv.profile.EProfileException
        Throws:
        com.netscape.certsrv.profile.EProfileException
      • getLocale

        public java.util.Locale getLocale​(com.netscape.certsrv.request.IRequest request)
      • populateInput

        public void populateInput​(java.util.Map<java.lang.String,​java.lang.String> ctx,
                                  com.netscape.certsrv.request.IRequest request)
                           throws java.lang.Exception
        Populate input

        (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)

        • signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
        Overrides:
        populateInput in class Profile
        Parameters:
        ctx - profile context
        request - the certificate request
        Throws:
        java.lang.Exception - an error related to this profile has occurred
      • populate

        public void populate​(com.netscape.certsrv.request.IRequest request)
                      throws com.netscape.certsrv.profile.EProfileException
        Description copied from class: Profile
        Passes the request to the set of default policies that populate the profile information against the profile.
        Overrides:
        populate in class Profile
        Parameters:
        request - request
        Throws:
        com.netscape.certsrv.profile.EProfileException - failed to populate default values
      • validate

        public void validate​(com.netscape.certsrv.request.IRequest request)
                      throws com.netscape.certsrv.profile.ERejectException
        Passes the request to the set of constraint policies that validate the request against the profile.
        Overrides:
        validate in class Profile
        Parameters:
        request - request
        Throws:
        com.netscape.certsrv.profile.ERejectException - validation violation
      • auditRequesterID

        protected java.lang.String auditRequesterID​(com.netscape.certsrv.request.IRequest request)
        Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.

        Parameters:
        request - the actual request
        Returns:
        id string containing the signed audit log message RequesterID
      • auditProfileID

        protected java.lang.String auditProfileID()
        Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.

        Returns:
        id string containing the signed audit log message ProfileID
      • verifyPOP

        public void verifyPOP​(java.util.Locale locale,
                              org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg)
                       throws com.netscape.certsrv.profile.EProfileException,
                              com.netscape.certsrv.profile.ECMCPopFailedException
        Throws:
        com.netscape.certsrv.profile.EProfileException
        com.netscape.certsrv.profile.ECMCPopFailedException