com.netscape.cms.policy.constraints
Class ValidityConstraints

java.lang.Object
  extended by com.netscape.cms.policy.APolicyRule
      extended by com.netscape.cms.policy.constraints.ValidityConstraints
All Implemented Interfaces:
IExtendedPluginInfo, IEnrollmentPolicy, IPolicyRule, IPolicy

Deprecated.

public class ValidityConstraints
extends APolicyRule
implements IEnrollmentPolicy, IExtendedPluginInfo

ValidityConstraints is a default rule for Enrollment and Renewal that enforces minimum and maximum validity periods and changes them if not met. Optionally the lead and lag times - i.e how far back into the front or back the notBefore date could go in minutes can also be specified.

 NOTE:  The Policy Framework has been replaced by the Profile Framework.
 

Version:
$Revision: 1226 $, $Date: 2010-08-19 14:16:41 -0700 (Thu, 19 Aug 2010) $

Field Summary
static long DAYS_TO_MS_FACTOR
          Deprecated.  
static int DEF_LAG_TIME
          Deprecated.  
static int DEF_LEAD_TIME
          Deprecated.  
static int DEF_MAX_VALIDITY
          Deprecated.  
static int DEF_MIN_VALIDITY
          Deprecated.  
static int DEF_NOT_BEFORE_SKEW
          Deprecated.  
static long MINS_TO_MS_FACTOR
          Deprecated.  
protected  long mLagTime
          Deprecated.  
protected  long mLeadTime
          Deprecated.  
protected  long mMaxValidity
          Deprecated.  
protected  long mMinValidity
          Deprecated.  
protected  long mNotBeforeSkew
          Deprecated.  
 
Fields inherited from class com.netscape.cms.policy.APolicyRule
DESC, mFilterExp, mInstanceName, mLogger, NAME
 
Fields inherited from interface com.netscape.certsrv.policy.IPolicyRule
PROP_ENABLE, PROP_IMPLNAME, PROP_PREDICATE
 
Fields inherited from interface com.netscape.certsrv.base.IExtendedPluginInfo
HELP_TEXT, HELP_TOKEN
 
Constructor Summary
ValidityConstraints()
          Deprecated.  
 
Method Summary
 PolicyResult apply(IRequest req)
          Deprecated. Applies the policy on the given Request.
 java.util.Vector getDefaultParams()
          Deprecated. Return default parameters for a policy implementation.
 java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
          Deprecated. This method returns an array of strings.
 java.util.Vector getInstanceParams()
          Deprecated. Return configured parameters for a policy rule instance.
 void init(ISubsystem owner, IConfigStore config)
          Deprecated. Initializes this policy rule.
protected  netscape.security.x509.CertificateValidity makeDefaultValidity(IRequest req)
          Deprecated. Create a default validity value for a request This code can be easily overridden in a derived class, if the calculations here aren't accepatble.
protected  long roundTimeToSecond(long input)
          Deprecated. convert a millisecond resolution time into one with 1 second resolution.
 
Methods inherited from class com.netscape.cms.policy.APolicyRule
agentApproved, createKeyIdentifier, deferred, formSHA1KeyId, formSpkiSHA1KeyId, getDescription, getInstanceName, getName, getPredicate, log, setError, setError, setError, setInstanceName, setPolicyException, setPolicyException, setPredicate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.netscape.certsrv.policy.IPolicyRule
getDescription, getInstanceName, getName, getPredicate, setError, setInstanceName, setPolicyException, setPredicate
 

Field Detail

mMinValidity

protected long mMinValidity
Deprecated. 

mMaxValidity

protected long mMaxValidity
Deprecated. 

mLeadTime

protected long mLeadTime
Deprecated. 

mLagTime

protected long mLagTime
Deprecated. 

mNotBeforeSkew

protected long mNotBeforeSkew
Deprecated. 

DEF_MIN_VALIDITY

public static final int DEF_MIN_VALIDITY
Deprecated. 
See Also:
Constant Field Values

DEF_MAX_VALIDITY

public static final int DEF_MAX_VALIDITY
Deprecated. 
See Also:
Constant Field Values

DEF_LEAD_TIME

public static final int DEF_LEAD_TIME
Deprecated. 
See Also:
Constant Field Values

DEF_LAG_TIME

public static final int DEF_LAG_TIME
Deprecated. 
See Also:
Constant Field Values

DEF_NOT_BEFORE_SKEW

public static final int DEF_NOT_BEFORE_SKEW
Deprecated. 
See Also:
Constant Field Values

DAYS_TO_MS_FACTOR

public static final long DAYS_TO_MS_FACTOR
Deprecated. 
See Also:
Constant Field Values

MINS_TO_MS_FACTOR

public static final long MINS_TO_MS_FACTOR
Deprecated. 
See Also:
Constant Field Values
Constructor Detail

ValidityConstraints

public ValidityConstraints()
Deprecated. 
Method Detail

getExtendedPluginInfo

public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)
Deprecated. 
Description copied from interface: IExtendedPluginInfo
This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

Specified by:
getExtendedPluginInfo in interface IExtendedPluginInfo

init

public void init(ISubsystem owner,
                 IConfigStore config)
          throws EPolicyException
Deprecated. 
Initializes this policy rule.

The entries probably are of the form: ra.Policy.rule..implName=ValidityConstraints ra.Policy.rule..enable=true ra.Policy.rule..minValidity=30 ra.Policy.rule..maxValidity=180 ra.Policy.rule..predicate=ou==Sales

Specified by:
init in interface IPolicyRule
Specified by:
init in class APolicyRule
Parameters:
config - The config store reference
Throws:
EPolicyException

apply

public PolicyResult apply(IRequest req)
Deprecated. 
Applies the policy on the given Request.

Specified by:
apply in interface IPolicyRule
Specified by:
apply in interface IPolicy
Specified by:
apply in class APolicyRule
Parameters:
req - The request on which to apply policy.
Returns:
The policy result object.

getInstanceParams

public java.util.Vector getInstanceParams()
Deprecated. 
Return configured parameters for a policy rule instance.

Specified by:
getInstanceParams in interface IPolicyRule
Specified by:
getInstanceParams in class APolicyRule
Returns:
nvPairs A Vector of name/value pairs.

getDefaultParams

public java.util.Vector getDefaultParams()
Deprecated. 
Return default parameters for a policy implementation.

Specified by:
getDefaultParams in interface IPolicyRule
Specified by:
getDefaultParams in class APolicyRule
Returns:
nvPairs A Vector of name/value pairs.

makeDefaultValidity

protected netscape.security.x509.CertificateValidity makeDefaultValidity(IRequest req)
Deprecated. 
Create a default validity value for a request This code can be easily overridden in a derived class, if the calculations here aren't accepatble. TODO: it might be good to base this calculation on the creation time of the request.


roundTimeToSecond

protected long roundTimeToSecond(long input)
Deprecated. 
convert a millisecond resolution time into one with 1 second resolution. Most times in certificates are storage at 1 second resolution, so its better if we deal with things at that level.