com.netscape.cms.profile.common

Class EnrollProfile

java.lang.Object

com.netscape.cms.profile.common.BasicProfile

com.netscape.cms.profile.common.EnrollProfile

All Implemented Interfaces:

IEnrollProfile, IProfile

Direct Known Subclasses:

CAEnrollProfile

public abstract class EnrollProfile
extends BasicProfile
implements IEnrollProfile

This class implements a generic enrollment profile.

Version:

$Revision$, $Date$

Field Summary

Fields inherited from class com.netscape.cms.profile.common.BasicProfile

mAuthInstanceId, mAuthzAcl, mConfig, mId, mInputIds, mInputNames, mInputs, mOutputIds, mOutputs, mOwner, mPolicySet, mRegistry, mUpdaterIds, mUpdaters, PROP_CLASS_ID, PROP_CONSTRAINT, PROP_DEFAULT, PROP_DESC, PROP_ENABLE, PROP_ENABLE_BY, PROP_GENERIC_EXT_DEFAULT, PROP_INPUT, PROP_INPUT_LIST, PROP_INSTANCE_ID, PROP_IS_RENEWAL, PROP_NAME, PROP_NO_CONSTRAINT, PROP_NO_DEFAULT, PROP_OUTPUT, PROP_OUTPUT_LIST, PROP_PARAMS, PROP_POLICY_LIST, PROP_UPDATER_LIST, PROP_VISIBLE, PROP_XML_OUTPUT

Fields inherited from interface com.netscape.certsrv.profile.IEnrollProfile

CTX_CERT_REQUEST, CTX_CERT_REQUEST_TYPE, CTX_RENEWAL, CTX_RENEWAL_SEQ_NUM, REQ_TYPE_CMC, REQ_TYPE_CRMF, REQ_TYPE_KEYGEN, REQ_TYPE_PKCS10, REQUEST_ALGORITHM_OID, REQUEST_ALGORITHM_PARAMS, REQUEST_ARCHIVE_OPTIONS, REQUEST_AUTHORITY_ID, REQUEST_CERTINFO, REQUEST_EXTENSIONS, REQUEST_ISSUED_CERT, REQUEST_KEY, REQUEST_LOCALE, REQUEST_SECURITY_DATA, REQUEST_SEQ_NUM, REQUEST_SESSION_KEY, REQUEST_SIGNING_ALGORITHM, REQUEST_SUBJECT_NAME, REQUEST_TRANSPORT_CERT, REQUEST_USER_DATA, REQUEST_VALIDITY

Constructor Summary

Constructors

Constructor and Description
EnrollProfile()

Method Summary

Modifier and Type	Method and Description
protected java.lang.String	auditProfileID() Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.
protected java.lang.String	auditRequesterID(IRequest request) Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.
IProfileContext	createContext() Retrieves profile context.
IRequest	createEnrollmentRequest()
IRequest[]	createRequests(IProfileContext ctx, java.util.Locale locale) Creates request.
abstract void	execute(IRequest request) Process a request after validation.
void	fillCertReqMsg(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg, netscape.security.x509.X509CertInfo info, IRequest req)
void	fillKeyGen(java.util.Locale locale, netscape.security.util.DerInputStream derIn, netscape.security.x509.X509CertInfo info, IRequest req)
void	fillNSHKEY(java.util.Locale locale, java.lang.String tcuid, java.lang.String skey, netscape.security.x509.X509CertInfo info, IRequest req)
void	fillNSNKEY(java.util.Locale locale, java.lang.String sn, java.lang.String skey, netscape.security.x509.X509CertInfo info, IRequest req)
void	fillPKCS10(java.util.Locale locale, netscape.security.pkcs.PKCS10 pkcs10, netscape.security.x509.X509CertInfo info, IRequest req)
void	fillTaggedRequest(java.util.Locale locale, org.mozilla.jss.pkix.cmc.TaggedRequest tagreq, netscape.security.x509.X509CertInfo info, IRequest req)
abstract IAuthority	getAuthority()
static netscape.security.x509.X509CertImpl	getCMCSigningCertFromCertSerial(java.lang.String certSerial) getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdb
static netscape.security.x509.CertificateSubjectName	getCMCSigningCertSNfromCertSerial(java.lang.String certSerial)
abstract netscape.security.x509.X500Name	getIssuerName()
java.util.Locale	getLocale(IRequest request)
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions	getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)
org.mozilla.jss.pkix.cmc.PKIData	getPKIDataFromCMCblob(java.util.Locale locale, java.lang.String certReqBlob) getPKIDataFromCMCblob
java.lang.String	getPolicySetId(IRequest req) Perform simple policy set assignment.
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2	getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value) getPopLinkWitnessV2control
java.lang.String	getRequestorDN(IRequest request) Retrieves a localized string that represents requestor's distinguished name.
IRequestQueue	getRequestQueue() Retrieves the request queue that is associated with this profile.
java.lang.String	normalizeCertReq(java.lang.String s)
org.mozilla.jss.pkix.cmc.TaggedRequest[]	parseCMC(java.util.Locale locale, java.lang.String certreq)
org.mozilla.jss.pkix.cmc.TaggedRequest[]	parseCMC(java.util.Locale locale, java.lang.String certreq, boolean donePOI)
org.mozilla.jss.pkix.crmf.CertReqMsg[]	parseCRMF(java.util.Locale locale, java.lang.String certreq)
netscape.security.util.DerInputStream	parseKeyGen(java.util.Locale locale, java.lang.String certreq)
netscape.security.pkcs.PKCS10	parsePKCS10(java.util.Locale locale, java.lang.String certreq)
void	populate(IRequest request) Passes the request to the set of default policies that populate the profile information against the profile.
void	populateInput(IProfileContext ctx, IRequest request) Populate input
void	setDefaultCertInfo(IRequest req) Set Default X509CertInfo in the request.
void	setPOPchallenge(IRequest req) setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP later
void	submit(IAuthToken token, IRequest request) This method is called after the user submits the request from the end-entity page.
byte[]	toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
org.mozilla.jss.pkix.crmf.PKIArchiveOptions	toPKIArchiveOptions(byte[] options)
void	validate(IRequest request) Passes the request to the set of constraint policies that validate the request against the profile.
void	verifyPOP(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg)
protected boolean	verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2, byte[] randomSeed, byte[] sharedSecret, java.lang.String ident_string) verifyPopLinkWitnessV2

Methods inherited from class com.netscape.cms.profile.common.BasicProfile

addInputName, auditSubjectID, createProfileInput, createProfileInput, createProfileOutput, createProfileOutput, createProfilePolicy, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getInput, getInputDescriptor, getInputNames, getName, getPolicies, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, getProfileUpdater, getProfileUpdaterIds, init, isEnable, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setInput, setName, setRenewal, setVisible, setXMLOutput

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.netscape.certsrv.profile.IProfile

createProfileInput, createProfileOutput, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getName, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, init, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setName, setRenewal, setVisible, setXMLOutput

Constructor Detail

EnrollProfile

public EnrollProfile()

Method Detail

getAuthority

public abstract IAuthority getAuthority()

getRequestQueue

public IRequestQueue getRequestQueue()

Description copied from interface: IProfile

Retrieves the request queue that is associated with this profile. The request queue is for creating new requests.

Specified by:

getRequestQueue in interface IProfile

Returns:

request queue

createContext

public IProfileContext createContext()

Description copied from interface: IProfile

Retrieves profile context. The context stores information about the requestor before the actual request is created.

Specified by:

createContext in interface IProfile

Specified by:

createContext in class BasicProfile

Returns:

profile context.

createRequests

public IRequest[] createRequests(IProfileContext ctx,
                                 java.util.Locale locale)
                          throws EProfileException

Creates request.

Specified by:

createRequests in interface IProfile

Specified by:

createRequests in class BasicProfile

Parameters:

ctx - profile context

locale - user locale

Returns:

a list of requests

Throws:

EProfileException - failed to create requests

getIssuerName

public abstract netscape.security.x509.X500Name getIssuerName()

setDefaultCertInfo

public void setDefaultCertInfo(IRequest req)
                        throws EProfileException

Description copied from interface: IEnrollProfile

Set Default X509CertInfo in the request.

Specified by:

setDefaultCertInfo in interface IEnrollProfile

Parameters:

req - profile-based certificate request.

Throws:

EProfileException - failed to set the X509CertInfo.

createEnrollmentRequest

public IRequest createEnrollmentRequest()
                                 throws EProfileException

Throws:

EProfileException

execute

public abstract void execute(IRequest request)
                      throws EProfileException

Description copied from interface: IProfile

Process a request after validation.

Specified by:

execute in interface IProfile

Overrides:

execute in class BasicProfile

Parameters:

request - request to be processed

Throws:

EProfileException - failed to process

getPolicySetId

public java.lang.String getPolicySetId(IRequest req)

Perform simple policy set assignment.

Specified by:

getPolicySetId in interface IProfile

Parameters:

req - request

Returns:

policy set id

getRequestorDN

public java.lang.String getRequestorDN(IRequest request)

Description copied from interface: IProfile

Retrieves a localized string that represents requestor's distinguished name. This string displayed in the request listing user interface.

Specified by:

getRequestorDN in interface IProfile

Overrides:

getRequestorDN in class BasicProfile

Parameters:

request - request

Returns:

distringuished name of the request owner

setPOPchallenge

public void setPOPchallenge(IRequest req)
                     throws EBaseException

setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP later

Parameters:

IRequest - the request

Throws:

EBaseException

submit

public void submit(IAuthToken token,
                   IRequest request)
            throws EDeferException,
                   EProfileException

This method is called after the user submits the request from the end-entity page.

Specified by:

submit in interface IProfile

Parameters:

token - authentication token

request - request to be processed

Throws:

EDeferException - defer request

EProfileException - failed to submit

getPKIDataFromCMCblob

public org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob(java.util.Locale locale,
                                                              java.lang.String certReqBlob)
                                                       throws EProfileException

getPKIDataFromCMCblob

Parameters:

certReqBlob - cmc b64 encoded blob

Returns:

PKIData

Throws:

EProfileException

getCMCSigningCertSNfromCertSerial

public static netscape.security.x509.CertificateSubjectName getCMCSigningCertSNfromCertSerial(java.lang.String certSerial)
                                                                                       throws java.lang.Exception

Throws:

java.lang.Exception

getCMCSigningCertFromCertSerial

public static netscape.security.x509.X509CertImpl getCMCSigningCertFromCertSerial(java.lang.String certSerial)
                                                                           throws java.lang.Exception

getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdb

Throws:

java.lang.Exception

parseCMC

public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale,
                                                         java.lang.String certreq)
                                                  throws EProfileException

Throws:

EProfileException

parseCMC

public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale,
                                                         java.lang.String certreq,
                                                         boolean donePOI)
                                                  throws EProfileException

Throws:

EProfileException

getPopLinkWitnessV2control

protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)

getPopLinkWitnessV2control

verifyPopLinkWitnessV2

protected boolean verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2,
                                         byte[] randomSeed,
                                         byte[] sharedSecret,
                                         java.lang.String ident_string)

verifyPopLinkWitnessV2

fillTaggedRequest

public void fillTaggedRequest(java.util.Locale locale,
                              org.mozilla.jss.pkix.cmc.TaggedRequest tagreq,
                              netscape.security.x509.X509CertInfo info,
                              IRequest req)
                       throws EProfileException,
                              ECMCPopFailedException,
                              ECMCBadRequestException

Throws:

EProfileException

ECMCPopFailedException

ECMCBadRequestException

parseCRMF

public org.mozilla.jss.pkix.crmf.CertReqMsg[] parseCRMF(java.util.Locale locale,
                                                        java.lang.String certreq)
                                                 throws EProfileException

Throws:

EProfileException

getPKIArchiveOptions

protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)

toPKIArchiveOptions

public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions(byte[] options)

toByteArray

public byte[] toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)

fillCertReqMsg

public void fillCertReqMsg(java.util.Locale locale,
                           org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg,
                           netscape.security.x509.X509CertInfo info,
                           IRequest req)
                    throws EProfileException,
                           ECMCUnsupportedExtException

Throws:

EProfileException

ECMCUnsupportedExtException

parsePKCS10

public netscape.security.pkcs.PKCS10 parsePKCS10(java.util.Locale locale,
                                                 java.lang.String certreq)
                                          throws EProfileException

Throws:

EProfileException

fillPKCS10

public void fillPKCS10(java.util.Locale locale,
                       netscape.security.pkcs.PKCS10 pkcs10,
                       netscape.security.x509.X509CertInfo info,
                       IRequest req)
                throws EProfileException,
                       ECMCUnsupportedExtException

Throws:

EProfileException

ECMCUnsupportedExtException

fillNSNKEY

public void fillNSNKEY(java.util.Locale locale,
                       java.lang.String sn,
                       java.lang.String skey,
                       netscape.security.x509.X509CertInfo info,
                       IRequest req)
                throws EProfileException

Throws:

EProfileException

fillNSHKEY

public void fillNSHKEY(java.util.Locale locale,
                       java.lang.String tcuid,
                       java.lang.String skey,
                       netscape.security.x509.X509CertInfo info,
                       IRequest req)
                throws EProfileException

Throws:

EProfileException

parseKeyGen

public netscape.security.util.DerInputStream parseKeyGen(java.util.Locale locale,
                                                         java.lang.String certreq)
                                                  throws EProfileException

Throws:

EProfileException

fillKeyGen

public void fillKeyGen(java.util.Locale locale,
                       netscape.security.util.DerInputStream derIn,
                       netscape.security.x509.X509CertInfo info,
                       IRequest req)
                throws EProfileException

Throws:

EProfileException

normalizeCertReq

public java.lang.String normalizeCertReq(java.lang.String s)

getLocale

public java.util.Locale getLocale(IRequest request)

populateInput

public void populateInput(IProfileContext ctx,
                          IRequest request)
                   throws EProfileException

Populate input

(either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)

• signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)

Specified by:

populateInput in interface IProfile

Overrides:

populateInput in class BasicProfile

Parameters:

ctx - profile context

request - the certificate request

Throws:

EProfileException - an error related to this profile has occurred

populate

public void populate(IRequest request)
              throws EProfileException

Description copied from class: BasicProfile

Passes the request to the set of default policies that populate the profile information against the profile.

Specified by:

populate in interface IProfile

Overrides:

populate in class BasicProfile

Parameters:

request - request

Throws:

EProfileException - failed to populate default values

validate

public void validate(IRequest request)
              throws ERejectException

Passes the request to the set of constraint policies that validate the request against the profile.

Specified by:

validate in interface IProfile

Overrides:

validate in class BasicProfile

Parameters:

request - request

Throws:

ERejectException - validation violation

auditRequesterID

protected java.lang.String auditRequesterID(IRequest request)

Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.

Parameters:

request - the actual request

Returns:

id string containing the signed audit log message RequesterID

auditProfileID

protected java.lang.String auditProfileID()

Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.

Returns:

id string containing the signed audit log message ProfileID

verifyPOP

public void verifyPOP(java.util.Locale locale,
                      org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg)
               throws EProfileException,
                      ECMCPopFailedException

Throws:

EProfileException

ECMCPopFailedException