Class KeyUsageExt

  • All Implemented Interfaces:
    IExtendedPluginInfo, com.netscape.certsrv.request.IPolicy, org.dogtagpki.legacy.policy.IEnrollmentPolicy, org.dogtagpki.legacy.policy.IPolicyRule

    public class KeyUsageExt
    extends APolicyRule
    implements org.dogtagpki.legacy.policy.IEnrollmentPolicy, IExtendedPluginInfo
    Policy to add Key Usage Extension. Adds the key usage extension based on what's requested.

     NOTE:  The Policy Framework has been replaced by the Profile Framework.
     

    Version:
    $Revision$, $Date$
    • Field Detail

      • DEF_BITS

        protected static final boolean[] DEF_BITS
      • mCAPathLen

        protected int mCAPathLen
      • PROP_DIGITAL_SIGNATURE

        protected static final java.lang.String PROP_DIGITAL_SIGNATURE
        See Also:
        Constant Field Values
      • PROP_NON_REPUDIATION

        protected static final java.lang.String PROP_NON_REPUDIATION
        See Also:
        Constant Field Values
      • PROP_KEY_ENCIPHERMENT

        protected static final java.lang.String PROP_KEY_ENCIPHERMENT
        See Also:
        Constant Field Values
      • PROP_DATA_ENCIPHERMENT

        protected static final java.lang.String PROP_DATA_ENCIPHERMENT
        See Also:
        Constant Field Values
      • PROP_KEY_AGREEMENT

        protected static final java.lang.String PROP_KEY_AGREEMENT
        See Also:
        Constant Field Values
      • PROP_KEY_CERTSIGN

        protected static final java.lang.String PROP_KEY_CERTSIGN
        See Also:
        Constant Field Values
      • PROP_ENCIPHER_ONLY

        protected static final java.lang.String PROP_ENCIPHER_ONLY
        See Also:
        Constant Field Values
      • PROP_DECIPHER_ONLY

        protected static final java.lang.String PROP_DECIPHER_ONLY
        See Also:
        Constant Field Values
      • mCritical

        protected boolean mCritical
      • mDigitalSignature

        protected java.lang.String mDigitalSignature
      • mNonRepudiation

        protected java.lang.String mNonRepudiation
      • mKeyEncipherment

        protected java.lang.String mKeyEncipherment
      • mDataEncipherment

        protected java.lang.String mDataEncipherment
      • mKeyAgreement

        protected java.lang.String mKeyAgreement
      • mKeyCertsign

        protected java.lang.String mKeyCertsign
      • mCrlSign

        protected java.lang.String mCrlSign
      • mEncipherOnly

        protected java.lang.String mEncipherOnly
      • mDecipherOnly

        protected java.lang.String mDecipherOnly
      • mKeyUsage

        protected org.mozilla.jss.netscape.security.x509.KeyUsageExtension mKeyUsage
    • Constructor Detail

      • KeyUsageExt

        public KeyUsageExt()
    • Method Detail

      • init

        public void init​(org.dogtagpki.legacy.policy.IPolicyProcessor owner,
                         IConfigStore config)
                  throws EBaseException
        Initializes this policy rule.

        The entries may be of the form: ca.Policy.rule..implName=KeyUsageExt ca.Policy.rule..enable=true ca.Policy.rule..

        Specified by:
        init in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        init in class APolicyRule
        Parameters:
        config - The config store reference
        Throws:
        EBaseException
      • apply

        public com.netscape.certsrv.request.PolicyResult apply​(com.netscape.certsrv.request.IRequest req)
        Adds the key usage extension if not set already. (CRMF, agent, authentication (currently) or PKCS#10 (future) or RA could have set the extension.) If not set, set from http input parameters or use default if no http input parameters are set. Note: this allows any bits requested - does not check if user authenticated is allowed to have a Key Usage Extension with those bits. Unless the CA's certificate path length is 0, then we do not allow CA sign or CRL sign bits in any request.

        Specified by:
        apply in interface com.netscape.certsrv.request.IPolicy
        Specified by:
        apply in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        apply in class APolicyRule
        Parameters:
        req - The request on which to apply policy.
        Returns:
        The policy result object.
      • applyCert

        public com.netscape.certsrv.request.PolicyResult applyCert​(com.netscape.certsrv.request.IRequest req,
                                                                   org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
      • getInstanceParams

        public java.util.Vector<java.lang.String> getInstanceParams()
        Return configured parameters for a policy rule instance.
        Specified by:
        getInstanceParams in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        getInstanceParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • getDefaultParams

        public java.util.Vector<java.lang.String> getDefaultParams()
        Return default parameters for a policy implementation.
        Specified by:
        getDefaultParams in interface org.dogtagpki.legacy.policy.IPolicyRule
        Specified by:
        getDefaultParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.