From bff36192d399fcee04afea61b74fa280e07af6b2 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 14 Aug 2014 01:50:11 -0400 Subject: [PATCH 12/13] Add IECUserRolesExtDefault profile default --- base/ca/shared/conf/registry.cfg | 5 +- .../cms/profile/def/IECUserRolesExtDefault.java | 94 ++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 base/server/cms/src/com/netscape/cms/profile/def/IECUserRolesExtDefault.java diff --git a/base/ca/shared/conf/registry.cfg b/base/ca/shared/conf/registry.cfg index c4e3ab86b453bec8964d62b3fbdbac14b40f6105..d355d0252651cc538e482aebc9bfec17134f7566 100644 --- a/base/ca/shared/conf/registry.cfg +++ b/base/ca/shared/conf/registry.cfg @@ -42,7 +42,7 @@ constraintPolicy.renewGracePeriodConstraintImpl.name=Renewal Grace Period Constr constraintPolicy.uniqueKeyConstraintImpl.class=com.netscape.cms.profile.constraint.UniqueKeyConstraint constraintPolicy.uniqueKeyConstraintImpl.desc=Unique Public Key Constraint constraintPolicy.uniqueKeyConstraintImpl.name=Unique Public Key Constraint -defaultPolicy.ids=noDefaultImpl,genericExtDefaultImpl,autoAssignDefaultImpl,subjectNameDefaultImpl,validityDefaultImpl,randomizedValidityDefaultImpl,caValidityDefaultImpl,subjectKeyIdentifierExtDefaultImpl,authorityKeyIdentifierExtDefaultImpl,basicConstraintsExtDefaultImpl,keyUsageExtDefaultImpl,nsCertTypeExtDefaultImpl,extendedKeyUsageExtDefaultImpl,ocspNoCheckExtDefaultImpl,issuerAltNameExtDefaultImpl,subjectAltNameExtDefaultImpl,userSubjectNameDefaultImpl,signingAlgDefaultImpl,userKeyDefaultImpl,userValidityDefaultImpl,userExtensionDefaultImpl,userSigningAlgDefaultImpl,authTokenSubjectNameDefaultImpl,subjectInfoAccessExtDefaultImpl,authInfoAccessExtDefaultImpl,nscCommentExtDefaultImpl,freshestCRLExtDefaultImpl,crlDistributionPointsExtDefaultImpl,policyConstraintsExtDefaultImpl,policyMappingsExtDefaultImpl,nameConstraintsExtDefaultImpl,certificateVersionDefaultImpl,certificatePoliciesExtDefaultImpl,subjectDirAttributesExtDefaultImpl,privateKeyPeriodExtDefaultImpl,inhibitAnyPolicyExtDefaultImpl,imageDefaultImpl,nsTokenDeviceKeySubjectNameDefaultImpl,nsTokenUserKeySubjectNameDefaultImpl +defaultPolicy.ids=noDefaultImpl,genericExtDefaultImpl,autoAssignDefaultImpl,subjectNameDefaultImpl,validityDefaultImpl,randomizedValidityDefaultImpl,caValidityDefaultImpl,subjectKeyIdentifierExtDefaultImpl,authorityKeyIdentifierExtDefaultImpl,basicConstraintsExtDefaultImpl,keyUsageExtDefaultImpl,nsCertTypeExtDefaultImpl,extendedKeyUsageExtDefaultImpl,ocspNoCheckExtDefaultImpl,issuerAltNameExtDefaultImpl,subjectAltNameExtDefaultImpl,userSubjectNameDefaultImpl,signingAlgDefaultImpl,userKeyDefaultImpl,userValidityDefaultImpl,userExtensionDefaultImpl,userSigningAlgDefaultImpl,authTokenSubjectNameDefaultImpl,subjectInfoAccessExtDefaultImpl,authInfoAccessExtDefaultImpl,nscCommentExtDefaultImpl,freshestCRLExtDefaultImpl,crlDistributionPointsExtDefaultImpl,policyConstraintsExtDefaultImpl,policyMappingsExtDefaultImpl,nameConstraintsExtDefaultImpl,certificateVersionDefaultImpl,certificatePoliciesExtDefaultImpl,subjectDirAttributesExtDefaultImpl,privateKeyPeriodExtDefaultImpl,inhibitAnyPolicyExtDefaultImpl,imageDefaultImpl,nsTokenDeviceKeySubjectNameDefaultImpl,nsTokenUserKeySubjectNameDefaultImpl,iecUserRolesExtDefaultImpl defaultPolicy.autoAssignDefaultImpl.class=com.netscape.cms.profile.def.AutoAssignDefault defaultPolicy.autoAssignDefaultImpl.desc=Auto Request Assignment Default defaultPolicy.autoAssignDefaultImpl.name=Auto Request Assignment Default @@ -160,6 +160,9 @@ defaultPolicy.subjectDirAttributesExtDefaultImpl.name=Subject Directory Attribut defaultPolicy.inhibitAnyPolicyExtDefaultImpl.class=com.netscape.cms.profile.def.InhibitAnyPolicyExtDefault defaultPolicy.inhibitAnyPolicyExtDefaultImpl.desc=Inhibit Any-Policy Extension Default defaultPolicy.inhibitAnyPolicyExtDefaultImpl.name=Inhibit Any-Policy Extension Default +defaultPolicy.iecUserRolesExtDefaultImpl.class=com.netscape.cms.profile.def.IECUserRolesExtDefault +defaultPolicy.iecUserRolesExtDefaultImpl.desc=IECUserRoles Extension Default +defaultPolicy.iecUserRolesExtDefaultImpl.name=IECUserRoles Extension Default profile.ids=caEnrollImpl,caCACertEnrollImpl,caServerCertEnrollImpl,caUserCertEnrollImpl profile.caEnrollImpl.class=com.netscape.cms.profile.common.CAEnrollProfile profile.caEnrollImpl.desc=Certificate Authority Generic Certificate Enrollment Profile diff --git a/base/server/cms/src/com/netscape/cms/profile/def/IECUserRolesExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/IECUserRolesExtDefault.java new file mode 100644 index 0000000000000000000000000000000000000000..aaf539b3ae8ae71d22cbddac25c63a578a0c1a2b --- /dev/null +++ b/base/server/cms/src/com/netscape/cms/profile/def/IECUserRolesExtDefault.java @@ -0,0 +1,94 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2014 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.def; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.Locale; +import java.util.StringTokenizer; + +import netscape.security.extensions.IECUserRolesExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.X509CertInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.profile.EProfileException; +import com.netscape.certsrv.profile.IProfile; +import com.netscape.certsrv.property.Descriptor; +import com.netscape.certsrv.property.EPropertyException; +import com.netscape.certsrv.property.IDescriptor; +import com.netscape.certsrv.request.IRequest; +import com.netscape.cms.profile.common.EnrollProfile; + +/** + * This class implements an enrollment default policy + * that populates IECUserRoles extension + * into the certificate template. + * + * @version $Revision$, $Date$ + */ +public class IECUserRolesExtDefault extends EnrollExtDefault { + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + return null; + } + + public IDescriptor getValueDescriptor(Locale locale, String name) { + return null; + } + + public void setValue(String name, Locale locale, + X509CertInfo info, String value) + throws EPropertyException { + } + + public String getValue(String name, Locale locale, + X509CertInfo info) + throws EPropertyException { + return null; + } + + public String getText(Locale locale) { + return "IECUserRolesExtDefault"; + //return CMS.getUserMessage(locale, + //"CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params); + } + + /** + * Populates the request with this policy default. + */ + public void populate(IRequest request, X509CertInfo info) + throws EProfileException { + CMS.debug("START IEC DEFAULT POPULATE"); + CertificateExtensions exts = + request.getExtDataInCertExts(EnrollProfile.REQUEST_EXTENSIONS); + if (exts == null) { + throw new EProfileException("extensions not found"); + } + IECUserRolesExtension ext = null; + try { + ext = (IECUserRolesExtension) exts.get(IECUserRolesExtension.NAME); + } catch (IOException e) { + throw new EProfileException("failed to get IECUserRoles extension"); + } + + addExtension(IECUserRolesExtension.OID, ext, info); + CMS.debug("DONE IEC DEFAULT POPULATE"); + } +} -- 1.9.3