Package com.netscape.cms.profile.common
Class EnrollProfile
- java.lang.Object
-
- com.netscape.cms.profile.common.BasicProfile
-
- com.netscape.cms.profile.common.EnrollProfile
-
- All Implemented Interfaces:
IEnrollProfile
,IProfile
- Direct Known Subclasses:
CAEnrollProfile
public abstract class EnrollProfile extends BasicProfile implements IEnrollProfile
This class implements a generic enrollment profile.- Version:
- $Revision$, $Date$
- Author:
- cfu
-
-
Field Summary
-
Fields inherited from class com.netscape.cms.profile.common.BasicProfile
mAuthInstanceId, mAuthzAcl, mConfig, mId, mInputIds, mInputNames, mInputs, mOutputIds, mOutputs, mOwner, mPolicySet, mRegistry, mUpdaterIds, mUpdaters, PROP_CLASS_ID, PROP_CONSTRAINT, PROP_DEFAULT, PROP_DESC, PROP_ENABLE, PROP_ENABLE_BY, PROP_GENERIC_EXT_DEFAULT, PROP_INPUT, PROP_INPUT_LIST, PROP_INSTANCE_ID, PROP_IS_RENEWAL, PROP_NAME, PROP_NO_CONSTRAINT, PROP_NO_DEFAULT, PROP_OUTPUT, PROP_OUTPUT_LIST, PROP_PARAMS, PROP_POLICY_LIST, PROP_UPDATER_LIST, PROP_VISIBLE, PROP_XML_OUTPUT, signedAuditLogger
-
Fields inherited from interface com.netscape.certsrv.profile.IEnrollProfile
CTX_CERT_REQUEST, CTX_CERT_REQUEST_TYPE, CTX_RENEWAL, CTX_RENEWAL_SEQ_NUM, REQ_TYPE_CMC, REQ_TYPE_CRMF, REQ_TYPE_KEYGEN, REQ_TYPE_PKCS10, REQUEST_ALGORITHM_OID, REQUEST_ALGORITHM_PARAMS, REQUEST_ARCHIVE_OPTIONS, REQUEST_AUTHORITY_ID, REQUEST_CERTINFO, REQUEST_EXTENSIONS, REQUEST_ISSUED_CERT, REQUEST_KEY, REQUEST_LOCALE, REQUEST_SECURITY_DATA, REQUEST_SEQ_NUM, REQUEST_SESSION_KEY, REQUEST_SIGNING_ALGORITHM, REQUEST_SUBJECT_NAME, REQUEST_TRANSPORT_CERT, REQUEST_USER_DATA, REQUEST_VALIDITY
-
-
Constructor Summary
Constructors Constructor Description EnrollProfile()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected java.lang.String
auditProfileID()
Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.protected java.lang.String
auditRequesterID(IRequest request)
Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.IProfileContext
createContext()
Retrieves profile context.IRequest
createEnrollmentRequest()
IRequest[]
createRequests(IProfileContext ctx, java.util.Locale locale)
Creates request.abstract void
execute(IRequest request)
Process a request after validation.void
fillCertReqMsg(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg, X509CertInfo info, IRequest req)
void
fillKeyGen(java.util.Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req)
void
fillNSHKEY(java.util.Locale locale, java.lang.String tcuid, java.lang.String skey, X509CertInfo info, IRequest req)
void
fillNSNKEY(java.util.Locale locale, java.lang.String sn, java.lang.String skey, X509CertInfo info, IRequest req)
void
fillPKCS10(java.util.Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
void
fillTaggedRequest(java.util.Locale locale, org.mozilla.jss.pkix.cmc.TaggedRequest tagreq, X509CertInfo info, IRequest req)
abstract IAuthority
getAuthority()
static X509CertImpl
getCMCSigningCertFromCertSerial(java.lang.String certSerial)
getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdbstatic CertificateSubjectName
getCMCSigningCertSNfromCertSerial(java.lang.String certSerial)
abstract X500Name
getIssuerName()
java.util.Locale
getLocale(IRequest request)
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions
getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)
org.mozilla.jss.pkix.cmc.PKIData
getPKIDataFromCMCblob(java.util.Locale locale, java.lang.String certReqBlob)
getPKIDataFromCMCblobjava.lang.String
getPolicySetId(IRequest req)
Perform simple policy set assignment.protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2
getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
getPopLinkWitnessV2controljava.lang.String
getRequestorDN(IRequest request)
Retrieves a localized string that represents requestor's distinguished name.IRequestQueue
getRequestQueue()
Retrieves the request queue that is associated with this profile.java.lang.String
normalizeCertReq(java.lang.String s)
org.mozilla.jss.pkix.cmc.TaggedRequest[]
parseCMC(java.util.Locale locale, java.lang.String certreq)
org.mozilla.jss.pkix.cmc.TaggedRequest[]
parseCMC(java.util.Locale locale, java.lang.String certreq, boolean donePOI)
org.mozilla.jss.pkix.crmf.CertReqMsg[]
parseCRMF(java.util.Locale locale, java.lang.String certreq)
DerInputStream
parseKeyGen(java.util.Locale locale, java.lang.String certreq)
PKCS10
parsePKCS10(java.util.Locale locale, java.lang.String certreq)
void
populate(IRequest request)
Passes the request to the set of default policies that populate the profile information against the profile.void
populateInput(IProfileContext ctx, IRequest request)
Populate inputvoid
setDefaultCertInfo(IRequest req)
Set Default X509CertInfo in the request.void
setPOPchallenge(IRequest req)
setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP latervoid
submit(IAuthToken token, IRequest request)
This method is called after the user submits the request from the end-entity page.byte[]
toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
org.mozilla.jss.pkix.crmf.PKIArchiveOptions
toPKIArchiveOptions(byte[] options)
void
validate(IRequest request)
Passes the request to the set of constraint policies that validate the request against the profile.void
verifyPOP(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg)
protected boolean
verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2, byte[] randomSeed, byte[] sharedSecret, java.lang.String ident_string)
verifyPopLinkWitnessV2-
Methods inherited from class com.netscape.cms.profile.common.BasicProfile
addInputName, auditSubjectID, createProfileInput, createProfileInput, createProfileOutput, createProfileOutput, createProfilePolicy, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getInput, getInputDescriptor, getInputNames, getName, getPolicies, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, getProfileUpdater, getProfileUpdaterIds, init, isEnable, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setInput, setName, setRenewal, setVisible, setXMLOutput
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.netscape.certsrv.profile.IProfile
createProfileInput, createProfileOutput, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getName, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, init, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setName, setRenewal, setVisible, setXMLOutput
-
-
-
-
Method Detail
-
getAuthority
public abstract IAuthority getAuthority()
-
getRequestQueue
public IRequestQueue getRequestQueue()
Description copied from interface:IProfile
Retrieves the request queue that is associated with this profile. The request queue is for creating new requests.- Specified by:
getRequestQueue
in interfaceIProfile
- Returns:
- request queue
-
createContext
public IProfileContext createContext()
Description copied from interface:IProfile
Retrieves profile context. The context stores information about the requestor before the actual request is created.- Specified by:
createContext
in interfaceIProfile
- Specified by:
createContext
in classBasicProfile
- Returns:
- profile context.
-
createRequests
public IRequest[] createRequests(IProfileContext ctx, java.util.Locale locale) throws EProfileException
Creates request.- Specified by:
createRequests
in interfaceIProfile
- Specified by:
createRequests
in classBasicProfile
- Parameters:
ctx
- profile contextlocale
- user locale- Returns:
- a list of requests
- Throws:
EProfileException
- failed to create requests
-
getIssuerName
public abstract X500Name getIssuerName()
-
setDefaultCertInfo
public void setDefaultCertInfo(IRequest req) throws EProfileException
Description copied from interface:IEnrollProfile
Set Default X509CertInfo in the request.- Specified by:
setDefaultCertInfo
in interfaceIEnrollProfile
- Parameters:
req
- profile-based certificate request.- Throws:
EProfileException
- failed to set the X509CertInfo.
-
createEnrollmentRequest
public IRequest createEnrollmentRequest() throws EProfileException
- Throws:
EProfileException
-
execute
public abstract void execute(IRequest request) throws EProfileException
Description copied from interface:IProfile
Process a request after validation.- Specified by:
execute
in interfaceIProfile
- Overrides:
execute
in classBasicProfile
- Parameters:
request
- request to be processed- Throws:
EProfileException
- failed to process
-
getPolicySetId
public java.lang.String getPolicySetId(IRequest req)
Perform simple policy set assignment.- Specified by:
getPolicySetId
in interfaceIProfile
- Parameters:
req
- request- Returns:
- policy set id
-
getRequestorDN
public java.lang.String getRequestorDN(IRequest request)
Description copied from interface:IProfile
Retrieves a localized string that represents requestor's distinguished name. This string displayed in the request listing user interface.- Specified by:
getRequestorDN
in interfaceIProfile
- Overrides:
getRequestorDN
in classBasicProfile
- Parameters:
request
- request- Returns:
- distringuished name of the request owner
-
setPOPchallenge
public void setPOPchallenge(IRequest req) throws EBaseException
setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP later- Parameters:
req
- the request- Throws:
EBaseException
-
submit
public void submit(IAuthToken token, IRequest request) throws EDeferException, EProfileException
This method is called after the user submits the request from the end-entity page.- Specified by:
submit
in interfaceIProfile
- Parameters:
token
- authentication tokenrequest
- request to be processed- Throws:
EDeferException
- defer requestEProfileException
- failed to submit
-
getPKIDataFromCMCblob
public org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob(java.util.Locale locale, java.lang.String certReqBlob) throws EProfileException
getPKIDataFromCMCblob- Parameters:
certReqBlob
- cmc b64 encoded blob- Returns:
- PKIData
- Throws:
EProfileException
-
getCMCSigningCertSNfromCertSerial
public static CertificateSubjectName getCMCSigningCertSNfromCertSerial(java.lang.String certSerial) throws java.lang.Exception
- Throws:
java.lang.Exception
-
getCMCSigningCertFromCertSerial
public static X509CertImpl getCMCSigningCertFromCertSerial(java.lang.String certSerial) throws java.lang.Exception
getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdb- Throws:
java.lang.Exception
-
parseCMC
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq) throws EProfileException
- Throws:
EProfileException
-
parseCMC
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq, boolean donePOI) throws EProfileException
- Throws:
EProfileException
-
getPopLinkWitnessV2control
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
getPopLinkWitnessV2control
-
verifyPopLinkWitnessV2
protected boolean verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2, byte[] randomSeed, byte[] sharedSecret, java.lang.String ident_string)
verifyPopLinkWitnessV2
-
fillTaggedRequest
public void fillTaggedRequest(java.util.Locale locale, org.mozilla.jss.pkix.cmc.TaggedRequest tagreq, X509CertInfo info, IRequest req) throws EProfileException, ECMCPopFailedException, ECMCBadRequestException
-
parseCRMF
public org.mozilla.jss.pkix.crmf.CertReqMsg[] parseCRMF(java.util.Locale locale, java.lang.String certreq) throws EProfileException
- Throws:
EProfileException
-
getPKIArchiveOptions
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)
-
toPKIArchiveOptions
public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions(byte[] options)
-
toByteArray
public byte[] toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
-
fillCertReqMsg
public void fillCertReqMsg(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg, X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
-
parsePKCS10
public PKCS10 parsePKCS10(java.util.Locale locale, java.lang.String certreq) throws EProfileException
- Throws:
EProfileException
-
fillPKCS10
public void fillPKCS10(java.util.Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
-
fillNSNKEY
public void fillNSNKEY(java.util.Locale locale, java.lang.String sn, java.lang.String skey, X509CertInfo info, IRequest req) throws EProfileException
- Throws:
EProfileException
-
fillNSHKEY
public void fillNSHKEY(java.util.Locale locale, java.lang.String tcuid, java.lang.String skey, X509CertInfo info, IRequest req) throws EProfileException
- Throws:
EProfileException
-
parseKeyGen
public DerInputStream parseKeyGen(java.util.Locale locale, java.lang.String certreq) throws EProfileException
- Throws:
EProfileException
-
fillKeyGen
public void fillKeyGen(java.util.Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req) throws EProfileException
- Throws:
EProfileException
-
normalizeCertReq
public java.lang.String normalizeCertReq(java.lang.String s)
-
getLocale
public java.util.Locale getLocale(IRequest request)
-
populateInput
public void populateInput(IProfileContext ctx, IRequest request) throws EProfileException
Populate input(either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)
- signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
- Specified by:
populateInput
in interfaceIProfile
- Overrides:
populateInput
in classBasicProfile
- Parameters:
ctx
- profile contextrequest
- the certificate request- Throws:
EProfileException
- an error related to this profile has occurred
-
populate
public void populate(IRequest request) throws EProfileException
Description copied from class:BasicProfile
Passes the request to the set of default policies that populate the profile information against the profile.- Specified by:
populate
in interfaceIProfile
- Overrides:
populate
in classBasicProfile
- Parameters:
request
- request- Throws:
EProfileException
- failed to populate default values
-
validate
public void validate(IRequest request) throws ERejectException
Passes the request to the set of constraint policies that validate the request against the profile.- Specified by:
validate
in interfaceIProfile
- Overrides:
validate
in classBasicProfile
- Parameters:
request
- request- Throws:
ERejectException
- validation violation
-
auditRequesterID
protected java.lang.String auditRequesterID(IRequest request)
Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.- Parameters:
request
- the actual request- Returns:
- id string containing the signed audit log message RequesterID
-
auditProfileID
protected java.lang.String auditProfileID()
Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.- Returns:
- id string containing the signed audit log message ProfileID
-
verifyPOP
public void verifyPOP(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg) throws EProfileException, ECMCPopFailedException
-
-