com.netscape.cms.profile.constraint
Class UniqueKeyConstraint

java.lang.Object
  extended by com.netscape.cms.profile.constraint.EnrollConstraint
      extended by com.netscape.cms.profile.constraint.UniqueKeyConstraint
All Implemented Interfaces:
IPolicyConstraint, IConfigTemplate

public class UniqueKeyConstraint
extends EnrollConstraint

This constraint is to check for publickey uniqueness. The config param "allowSameKeyRenewal" enables the situation where if the publickey is not unique, and if the subject DN is the same, that is a "renewal". Another "feature" that is quoted out of this code is the "revokeDupKeyCert" option, which enables the revocation of certs that bear the same publickey as the enrolling request. Since this can potentially be abused, it is taken out and preserved in comments to allow future refinement.

Version:
$Revision: 1796 $, $Date: 2011-01-31 09:17:21 -0800 (Mon, 31 Jan 2011) $

Field Summary
static java.lang.String CONFIG_ALLOW_SAME_KEY_RENEWAL
           
 ICertificateAuthority mCA
           
 
Fields inherited from class com.netscape.cms.profile.constraint.EnrollConstraint
CONFIG_NAME, mConfig, mConfigNames
 
Constructor Summary
UniqueKeyConstraint()
           
 
Method Summary
static java.lang.String escapeBinaryData(byte[] data)
           
 IDescriptor getConfigDescriptor(java.util.Locale locale, java.lang.String name)
          Returns the descriptors of configuration parameter.
 java.lang.String getDefaultConfig(java.lang.String name)
           
 java.lang.String getText(java.util.Locale locale)
          make a CRL entry from a serial number and revocation reason.
 void init(IProfile profile, IConfigStore config)
          Initializes this constraint policy.
 boolean isApplicable(IPolicyDefault def)
          Checks if this constraint is applicable to the given default policy.
 void validate(IRequest request, netscape.security.x509.X509CertInfo info)
          Validates the request.
 
Methods inherited from class com.netscape.cms.profile.constraint.EnrollConstraint
addConfigName, getBoolean, getConfig, getConfigBoolean, getConfigInt, getConfigNames, getConfigStore, getExtension, getInt, getLocale, getName, getValueDescriptor, isOptional, setConfig, validate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CONFIG_ALLOW_SAME_KEY_RENEWAL

public static final java.lang.String CONFIG_ALLOW_SAME_KEY_RENEWAL
See Also:
Constant Field Values

mCA

public ICertificateAuthority mCA
Constructor Detail

UniqueKeyConstraint

public UniqueKeyConstraint()
Method Detail

init

public void init(IProfile profile,
                 IConfigStore config)
          throws EProfileException
Description copied from interface: IPolicyConstraint
Initializes this constraint policy.

Specified by:
init in interface IPolicyConstraint
Overrides:
init in class EnrollConstraint
Parameters:
profile - owner of this policy
config - configuration store for this constraint
Throws:
EProfileException - failed to initialize

getConfigDescriptor

public IDescriptor getConfigDescriptor(java.util.Locale locale,
                                       java.lang.String name)
Description copied from interface: IConfigTemplate
Returns the descriptors of configuration parameter.

Specified by:
getConfigDescriptor in interface IConfigTemplate
Overrides:
getConfigDescriptor in class EnrollConstraint
Parameters:
locale - user locale
name - configuration parameter name
Returns:
descriptor

getDefaultConfig

public java.lang.String getDefaultConfig(java.lang.String name)

validate

public void validate(IRequest request,
                     netscape.security.x509.X509CertInfo info)
              throws ERejectException
Validates the request. The request is not modified during the validation.

Specified by:
validate in class EnrollConstraint
Parameters:
request - enrollment request
info - certificate template
Throws:
ERejectException - request is rejected due to violation of constraint

getText

public java.lang.String getText(java.util.Locale locale)
make a CRL entry from a serial number and revocation reason.

Specified by:
getText in interface IPolicyConstraint
Overrides:
getText in class EnrollConstraint
Parameters:
locale - locale of the end-user
Returns:
a RevokedCertImpl that can be entered in a CRL. protected RevokedCertImpl formCRLEntry( BigInteger serialNo, RevocationReason reason) throws EBaseException { CRLReasonExtension reasonExt = new CRLReasonExtension(reason); CRLExtensions crlentryexts = new CRLExtensions(); try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); } catch (IOException e) { CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString()); // throw new ECMSGWException( // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON")); } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts); return crlentry; }

escapeBinaryData

public static java.lang.String escapeBinaryData(byte[] data)

isApplicable

public boolean isApplicable(IPolicyDefault def)
Description copied from interface: IPolicyConstraint
Checks if this constraint is applicable to the given default policy.

Specified by:
isApplicable in interface IPolicyConstraint
Overrides:
isApplicable in class EnrollConstraint
Parameters:
def - default policy to be checked
Returns:
true if this constraint can be applied to the given default policy