Class BasicConstraintsExt
- java.lang.Object
-
- org.dogtagpki.legacy.server.policy.APolicyRule
-
- org.dogtagpki.legacy.server.policy.extensions.BasicConstraintsExt
-
- All Implemented Interfaces:
IExtendedPluginInfo
,com.netscape.certsrv.request.IPolicy
,org.dogtagpki.legacy.policy.IEnrollmentPolicy
,org.dogtagpki.legacy.policy.IPolicyRule
public class BasicConstraintsExt extends APolicyRule implements org.dogtagpki.legacy.policy.IEnrollmentPolicy, IExtendedPluginInfo
Basic Constraints policy. Adds the Basic constraints extension.NOTE: The Policy Framework has been replaced by the Profile Framework.
- Version:
- $Revision$, $Date$
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
ARG_PATHLEN
static boolean
DEFAULT_CRITICALITY
static org.slf4j.Logger
logger
protected int
mCAPathLen
protected boolean
mCritical
protected int
mDefaultMaxPathLen
protected boolean
mIsCA
protected int
mMaxPathLen
protected java.lang.String
mOrigMaxPathLen
protected boolean
mRemoveExt
protected static java.lang.String
PROP_IS_CA
protected static java.lang.String
PROP_IS_CRITICAL
protected static java.lang.String
PROP_MAXPATHLEN
-
Fields inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
DESC, mFilterExp, mInstanceName, NAME
-
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
-
-
Constructor Summary
Constructors Constructor Description BasicConstraintsExt()
Adds the basic constraints extension as a critical extension in CA certificates i.e.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description com.netscape.certsrv.request.PolicyResult
apply(com.netscape.certsrv.request.IRequest req)
Checks if the basic contraints extension in certInfo is valid and add the basic constraints extension for CA certs if none exists.com.netscape.certsrv.request.PolicyResult
applyCert(com.netscape.certsrv.request.IRequest req, boolean isCA, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
java.util.Vector<java.lang.String>
getDefaultParams()
Return default parameters for a policy implementation.java.lang.String[]
getExtendedPluginInfo(java.util.Locale locale)
This method returns an array of strings.java.util.Vector<java.lang.String>
getInstanceParams()
Return configured parameters for a policy rule instance.void
init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config)
Initializes this policy rule.-
Methods inherited from class org.dogtagpki.legacy.server.policy.APolicyRule
agentApproved, createKeyIdentifier, deferred, formSHA1KeyId, formSpkiSHA1KeyId, getDescription, getInstanceName, getName, getPredicate, setError, setError, setError, setInstanceName, setPolicyException, setPolicyException, setPredicate
-
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
PROP_MAXPATHLEN
protected static final java.lang.String PROP_MAXPATHLEN
- See Also:
- Constant Field Values
-
PROP_IS_CA
protected static final java.lang.String PROP_IS_CA
- See Also:
- Constant Field Values
-
PROP_IS_CRITICAL
protected static final java.lang.String PROP_IS_CRITICAL
- See Also:
- Constant Field Values
-
ARG_PATHLEN
protected static final java.lang.String ARG_PATHLEN
- See Also:
- Constant Field Values
-
mMaxPathLen
protected int mMaxPathLen
-
mOrigMaxPathLen
protected java.lang.String mOrigMaxPathLen
-
mCritical
protected boolean mCritical
-
mDefaultMaxPathLen
protected int mDefaultMaxPathLen
-
mCAPathLen
protected int mCAPathLen
-
mRemoveExt
protected boolean mRemoveExt
-
mIsCA
protected boolean mIsCA
-
DEFAULT_CRITICALITY
public static final boolean DEFAULT_CRITICALITY
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
BasicConstraintsExt
public BasicConstraintsExt()
Adds the basic constraints extension as a critical extension in CA certificates i.e. certype is ca, with either a requested or configured path len. The requested or configured path length cannot be greater than or equal to the CA's basic constraints path length. If the CA path length is 0, all requests for CA certs are rejected.
-
-
Method Detail
-
init
public void init(org.dogtagpki.legacy.policy.IPolicyProcessor owner, IConfigStore config) throws EBaseException
Initializes this policy rule.The entries may be of the form: ca.Policy.rule.
.implName=BasicConstraintsExtImpl ca.Policy.rule. .pathLen= , -1 for undefined. ca.Policy.rule. .enable=true - Specified by:
init
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
init
in classAPolicyRule
- Parameters:
config
- The config store reference- Throws:
EBaseException
-
apply
public com.netscape.certsrv.request.PolicyResult apply(com.netscape.certsrv.request.IRequest req)
Checks if the basic contraints extension in certInfo is valid and add the basic constraints extension for CA certs if none exists. Non-CA certs do not get a basic constraints extension.- Specified by:
apply
in interfacecom.netscape.certsrv.request.IPolicy
- Specified by:
apply
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
apply
in classAPolicyRule
- Parameters:
req
- The request on which to apply policy.- Returns:
- The policy result object.
-
applyCert
public com.netscape.certsrv.request.PolicyResult applyCert(com.netscape.certsrv.request.IRequest req, boolean isCA, org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
-
getInstanceParams
public java.util.Vector<java.lang.String> getInstanceParams()
Return configured parameters for a policy rule instance.- Specified by:
getInstanceParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getInstanceParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getDefaultParams
public java.util.Vector<java.lang.String> getDefaultParams()
Return default parameters for a policy implementation.- Specified by:
getDefaultParams
in interfaceorg.dogtagpki.legacy.policy.IPolicyRule
- Specified by:
getDefaultParams
in classAPolicyRule
- Returns:
- nvPairs A Vector of name/value pairs.
-
getExtendedPluginInfo
public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Description copied from interface:IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name; [,required]; ;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use" - Specified by:
getExtendedPluginInfo
in interfaceIExtendedPluginInfo
-
-