Field Detail

• logger

  public static org.slf4j.Logger logger

• PROP_CRITICAL

  protected static final java.lang.String PROP_CRITICAL

  See Also:

  Constant Field Values

• PROP_ALT_KEYID_TYPE

  protected static final java.lang.String PROP_ALT_KEYID_TYPE

  See Also:

  Constant Field Values

• ALT_KEYID_TYPE_SPKISHA1

  protected static final java.lang.String ALT_KEYID_TYPE_SPKISHA1

  See Also:

  Constant Field Values

• ALT_KEYID_TYPE_NONE

  protected static final java.lang.String ALT_KEYID_TYPE_NONE

  See Also:

  Constant Field Values

• ALT_KEYID_TYPE_EMPTY

  protected static final java.lang.String ALT_KEYID_TYPE_EMPTY

  See Also:

  Constant Field Values

• DEF_CRITICAL

  protected static final boolean DEF_CRITICAL

  See Also:

  Constant Field Values

• DEF_ALT_KEYID_TYPE

  protected static final java.lang.String DEF_ALT_KEYID_TYPE

  See Also:

  Constant Field Values

• mEnabled

  protected boolean mEnabled

• mConfig

  protected IConfigStore mConfig

• mCritical

  protected boolean mCritical

• mAltKeyIdType

  protected java.lang.String mAltKeyIdType

• mTheExtension

  protected org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension mTheExtension

• mInstanceParams

  protected java.util.Vector<java.lang.String> mInstanceParams

• mDefaultParams

  protected static java.util.Vector<java.lang.String> mDefaultParams

Constructor Detail

• AuthorityKeyIdentifierExt

  public AuthorityKeyIdentifierExt()

Method Detail

• init

  public void init(IPolicyProcessor owner,
                   IConfigStore config)
            throws EBaseException

  Initializes this policy rule. Reads configuration file and creates a authority key identifier extension to add. Key identifier inside the extension is constructed as the CA's subject key identifier extension if it exists. If it does not exist this can be configured to use: (1) sha-1 hash of the CA's subject public key info (what communicator expects if the CA does not have a subject key identifier extension) or (2) No extension set (3) Empty sequence in Authority Key Identifier extension.

  The entries may be of the form: ca.Policy.rule..predicate= ca.Policy.rule..implName= ca.Policy.rule..enable=true

  Specified by:

  init in interface IPolicyRule

  Specified by:

  init in class APolicyRule

  Parameters:

  config - The config store reference

  Throws:

  EBaseException

• apply

  public PolicyResult apply(IRequest req)

  Adds Authority Key Identifier Extension to a certificate. If the extension is already there, accept it if it's from the agent, else replace it.

  Specified by:

  apply in interface IPolicy

  Specified by:

  apply in interface IPolicyRule

  Specified by:

  apply in class APolicyRule

  Parameters:

  req - The request on which to apply policy.

  Returns:

  The policy result object.

• applyCert

  public PolicyResult applyCert(IRequest req,
                                org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)

• formKeyIdentifier

  protected org.mozilla.jss.netscape.security.x509.KeyIdentifier formKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertImpl caCertImpl)
                                                                            throws EBaseException

  Form the Key Identifier in the Authority Key Identifier extension. from the CA's cert.

  Parameters:

  caCertImpl - Certificate Info

  Returns:

  A Key Identifier.

  Throws:

  EBaseException - on error

• getKeyIdentifier

  protected org.mozilla.jss.netscape.security.x509.KeyIdentifier getKeyIdentifier(org.mozilla.jss.netscape.security.x509.X509CertInfo certInfo)
                                                                           throws EBaseException

  Get the Key Identifier in a subject key identifier extension from a CertInfo.

  Parameters:

  certInfo - the CertInfo structure.

  Returns:

  Key Identifier in a Subject Key Identifier extension if any.

  Throws:

  EBaseException

• getInstanceParams

  public java.util.Vector<java.lang.String> getInstanceParams()

  Return configured parameters for a policy rule instance.

  Specified by:

  getInstanceParams in interface IPolicyRule

  Specified by:

  getInstanceParams in class APolicyRule

  Returns:

  nvPairs A Vector of name/value pairs.

• getDefaultParams

  public java.util.Vector<java.lang.String> getDefaultParams()

  Return default parameters for a policy implementation.

  Specified by:

  getDefaultParams in interface IPolicyRule

  Specified by:

  getDefaultParams in class APolicyRule

  Returns:

  nvPairs A Vector of name/value pairs.

• getExtendedPluginInfo

  public java.lang.String[] getExtendedPluginInfo(java.util.Locale locale)

  Description copied from interface: IExtendedPluginInfo
  This method returns an array of strings. Each element of the array represents a configurable parameter, or some other meta-info (such as help-token) there is an entry indexed on that parameter name ;[,required];;... Where: type_info is either 'string', 'number', 'boolean', 'password' or 'choice(ch1,ch2,ch3,...)' If the marker 'required' is included after the type_info, the parameter will has some visually distinctive marking in the UI. 'description' is a short sentence describing the parameter 'choice' is rendered as a drop-down list. The first parameter in the list will be activated by default 'boolean' is rendered as a checkbox. The resulting parameter will be either 'true' or 'false' 'string' allows any characters 'number' allows only numbers 'password' is rendered as a password field (the characters are replaced with *'s when being types. This parameter is not passed through to the plugin. It is instead inserted directly into the password cache keyed on the instance name. The value of the parameter 'bindPWPrompt' (see example below) is set to the key. In addition to the configurable parameters, the following magic parameters may be defined: HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin HELP_TEXT;helptext - a general help string describing the plugin For example: "username;string;The username you wish to login as" "bindPWPrompt;password;Enter password to bind as above user with" "algorithm;choice(RSA,DSA);Which algorithm do you want to use" "enable;boolean;Do you want to run this plugin" "port;number;Which port number do you want to use"

  Specified by:

  getExtendedPluginInfo in interface IExtendedPluginInfo