Class ValidityConstraints

  • All Implemented Interfaces:
    IExtendedPluginInfo, IPolicy, IEnrollmentPolicy, IPolicyRule

    public class ValidityConstraints
    extends APolicyRule
    implements IEnrollmentPolicy, IExtendedPluginInfo
    ValidityConstraints is a default rule for Enrollment and Renewal that enforces minimum and maximum validity periods and changes them if not met. Optionally the lead and lag times - i.e how far back into the front or back the notBefore date could go in minutes can also be specified.

     NOTE:  The Policy Framework has been replaced by the Profile Framework.
     

    Version:
    $Revision$, $Date$
    • Field Detail

      • mMinValidity

        protected long mMinValidity
      • mMaxValidity

        protected long mMaxValidity
      • mLeadTime

        protected long mLeadTime
      • mLagTime

        protected long mLagTime
      • mNotBeforeSkew

        protected long mNotBeforeSkew
    • Constructor Detail

      • ValidityConstraints

        public ValidityConstraints()
    • Method Detail

      • getExtendedPluginInfo

        public java.lang.String[] getExtendedPluginInfo​(java.util.Locale locale)
        Description copied from interface: IExtendedPluginInfo
        This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"
        Specified by:
        getExtendedPluginInfo in interface IExtendedPluginInfo
      • init

        public void init​(ISubsystem owner,
                         IConfigStore config)
                  throws EPolicyException
        Initializes this policy rule.

        The entries probably are of the form: ra.Policy.rule..implName=ValidityConstraints ra.Policy.rule..enable=true ra.Policy.rule..minValidity=30 ra.Policy.rule..maxValidity=180 ra.Policy.rule..predicate=ou==Sales

        Specified by:
        init in interface IPolicyRule
        Specified by:
        init in class APolicyRule
        Parameters:
        config - The config store reference
        Throws:
        EPolicyException
      • getInstanceParams

        public java.util.Vector<java.lang.String> getInstanceParams()
        Return configured parameters for a policy rule instance.
        Specified by:
        getInstanceParams in interface IPolicyRule
        Specified by:
        getInstanceParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • getDefaultParams

        public java.util.Vector<java.lang.String> getDefaultParams()
        Return default parameters for a policy implementation.
        Specified by:
        getDefaultParams in interface IPolicyRule
        Specified by:
        getDefaultParams in class APolicyRule
        Returns:
        nvPairs A Vector of name/value pairs.
      • makeDefaultValidity

        protected CertificateValidity makeDefaultValidity​(IRequest req)
        Create a default validity value for a request This code can be easily overridden in a derived class, if the calculations here aren't accepatble. TODO: it might be good to base this calculation on the creation time of the request.
      • roundTimeToSecond

        protected long roundTimeToSecond​(long input)
        convert a millisecond resolution time into one with 1 second resolution. Most times in certificates are storage at 1 second resolution, so its better if we deal with things at that level.