Class BasicConstraintsExt

    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • PROP_MAXPATHLEN

        protected static final java.lang.String PROP_MAXPATHLEN
        See Also:
        Constant Field Values
      • PROP_IS_CRITICAL

        protected static final java.lang.String PROP_IS_CRITICAL
        See Also:
        Constant Field Values
      • mMaxPathLen

        protected int mMaxPathLen
      • mOrigMaxPathLen

        protected java.lang.String mOrigMaxPathLen
      • mCritical

        protected boolean mCritical
      • mDefaultMaxPathLen

        protected int mDefaultMaxPathLen
      • mCAPathLen

        protected int mCAPathLen
      • mRemoveExt

        protected boolean mRemoveExt
      • mIsCA

        protected boolean mIsCA
    • Constructor Detail

      • BasicConstraintsExt

        public BasicConstraintsExt()
        Adds the basic constraints extension as a critical extension in CA certificates i.e. certype is ca, with either a requested or configured path len. The requested or configured path length cannot be greater than or equal to the CA's basic constraints path length. If the CA path length is 0, all requests for CA certs are rejected.
    • Method Detail

      • init

        public void init​(IPolicyProcessor owner,
                         IConfigStore config)
                  throws EBaseException
        Initializes this policy rule.

        The entries may be of the form: ca.Policy.rule..implName=BasicConstraintsExtImpl ca.Policy.rule..pathLen=, -1 for undefined. ca.Policy.rule..enable=true

        Specified by:
        init in interface IPolicyRule
        Specified by:
        init in class APolicyRule
        Parameters:
        config - The config store reference
        Throws:
        EBaseException
      • apply

        public PolicyResult apply​(IRequest req)
        Checks if the basic contraints extension in certInfo is valid and add the basic constraints extension for CA certs if none exists. Non-CA certs do not get a basic constraints extension.
        Specified by:
        apply in interface IPolicy
        Specified by:
        apply in interface IPolicyRule
        Specified by:
        apply in class APolicyRule
        Parameters:
        req - The request on which to apply policy.
        Returns:
        The policy result object.
      • applyCert

        public PolicyResult applyCert​(IRequest req,
                                      boolean isCA,
                                      org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
      • getInstanceParams

        public java.util.Vector<java.lang.String> getInstanceParams()
        Return configured parameters for a policy rule instance.
        Specified by:
        getInstanceParams in interface IPolicyRule
        Specified by:
        getInstanceParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • getDefaultParams

        public java.util.Vector<java.lang.String> getDefaultParams()
        Return default parameters for a policy implementation.
        Specified by:
        getDefaultParams in interface IPolicyRule
        Specified by:
        getDefaultParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo