Class EnrollProfile


  • public abstract class EnrollProfile
    extends Profile
    This class implements a generic enrollment profile.

    An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and output plugins.

    This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an enrollment request.

    Version:
    $Revision$, $Date$
    Author:
    cfu
    • Field Detail

      • logger

        public static org.slf4j.Logger logger
      • CTX_CERT_REQUEST_TYPE

        public static final java.lang.String CTX_CERT_REQUEST_TYPE
        Name of request attribute that stores the User Supplied Certificate Request Type.
        See Also:
        Constant Field Values
      • REQ_TYPE_PKCS10

        public static final java.lang.String REQ_TYPE_PKCS10
        Possible values for CTX_CERT_REQUEST_TYPE attribute.
        See Also:
        Constant Field Values
      • REQUEST_LOCALE

        public static final java.lang.String REQUEST_LOCALE
        Name of request attribute that stores the End-User Locale.

        The value is of type java.util.Locale.

        See Also:
        Constant Field Values
      • REQUEST_SEQ_NUM

        public static final java.lang.String REQUEST_SEQ_NUM
        Name of request attribute that stores the sequence number. Consider a CRMF request that may contain multiple certificate request. The first sub certificate certificate request has a sequence number of 0, the next one has a sequence of 1, and so on.

        The value is of type java.lang.Integer.

        See Also:
        Constant Field Values
      • CTX_RENEWAL_SEQ_NUM

        public static final java.lang.String CTX_RENEWAL_SEQ_NUM
        Name of the request attribute that stores the sequence number for a renewal request. Only one request at a time is permitted for a renewal. This value corresponds to the sequence number (and hence the appropriate certificate) of the original request
        See Also:
        Constant Field Values
      • CTX_RENEWAL

        public static final java.lang.String CTX_RENEWAL
        Name of request attribute to indicate if this is a renewal
        See Also:
        Constant Field Values
      • REQUEST_VALIDITY

        public static final java.lang.String REQUEST_VALIDITY
        Name of request attribute that stores the End-User Supplied Validity.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateValidity

        See Also:
        Constant Field Values
      • REQUEST_SIGNING_ALGORITHM

        public static final java.lang.String REQUEST_SIGNING_ALGORITHM
        Name of request attribute that stores the End-User Supplied Signing Algorithm.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId

        See Also:
        Constant Field Values
      • REQUEST_EXTENSIONS

        public static final java.lang.String REQUEST_EXTENSIONS
        Name of request attribute that stores the End-User Supplied Extensions.

        The value is of type org.mozilla.jss.netscape.security.x509.CertificateExtensions

        See Also:
        Constant Field Values
      • REQUEST_CERTINFO

        public static final java.lang.String REQUEST_CERTINFO
        Name of request attribute that stores the certificate template that will be signed and then become a certificate.

        The value is of type org.mozilla.jss.netscape.security.x509.X509CertInfo

        See Also:
        Constant Field Values
      • REQUEST_ISSUED_CERT

        public static final java.lang.String REQUEST_ISSUED_CERT
        Name of request attribute that stores the issued certificate.

        The value is of type org.mozilla.jss.netscape.security.x509.X509CertImpl

        See Also:
        Constant Field Values
      • REQUEST_ISSUED_P12

        public static final java.lang.String REQUEST_ISSUED_P12
        Name of request attribute that stores the issued P12 from server-side keygen.

        See Also:
        Constant Field Values
      • REQUEST_AUTHORITY_ID

        public static final java.lang.String REQUEST_AUTHORITY_ID
        ID of requested certificate authority (absense implies host authority)
        See Also:
        Constant Field Values
      • REQUEST_USER_DATA

        public static final java.lang.String REQUEST_USER_DATA
        Arbitrary user-supplied data.
        See Also:
        Constant Field Values
    • Constructor Detail

      • EnrollProfile

        public EnrollProfile()
    • Method Detail

      • getAuthority

        public abstract IAuthority getAuthority()
      • getRequestQueue

        public IRequestQueue getRequestQueue()
        Description copied from class: Profile
        Retrieves the request queue that is associated with this profile. The request queue is for creating new requests.
        Specified by:
        getRequestQueue in class Profile
        Returns:
        request queue
      • createRequests

        public IRequest[] createRequests​(java.util.Map<java.lang.String,​java.lang.String> ctx,
                                         java.util.Locale locale)
                                  throws java.lang.Exception
        Creates request.
        Specified by:
        createRequests in class Profile
        Parameters:
        ctx - profile context
        locale - user locale
        Returns:
        a list of requests
        Throws:
        java.lang.Exception - failed to create requests
      • getIssuerName

        public abstract org.mozilla.jss.netscape.security.x509.X500Name getIssuerName()
      • setDefaultCertInfo

        public void setDefaultCertInfo​(IRequest request)
                                throws EProfileException
        Set Default X509CertInfo in the request.
        Parameters:
        request - profile-based certificate request.
        Throws:
        EProfileException - failed to set the X509CertInfo.
      • getPolicySetId

        public java.lang.String getPolicySetId​(IRequest req)
        Perform simple policy set assignment.
        Specified by:
        getPolicySetId in class Profile
        Parameters:
        req - request
        Returns:
        policy set id
      • getRequestorDN

        public java.lang.String getRequestorDN​(IRequest request)
        Description copied from class: Profile
        Retrieves a localized string that represents requestor's distinguished name. This string displayed in the request listing user interface.
        Overrides:
        getRequestorDN in class Profile
        Parameters:
        request - request
        Returns:
        distringuished name of the request owner
      • setPOPchallenge

        public void setPOPchallenge​(IRequest req)
                             throws EBaseException
        setPOPchallenge generates a POP challenge and sets necessary info in request for composing encryptedPOP later
        Parameters:
        req - the request
        Throws:
        EBaseException
      • getPKIDataFromCMCblob

        public org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob​(java.util.Locale locale,
                                                                      java.lang.String certReqBlob)
                                                               throws EProfileException
        getPKIDataFromCMCblob
        Parameters:
        certReqBlob - cmc b64 encoded blob
        Returns:
        PKIData
        Throws:
        EProfileException
      • getCMCSigningCertSNfromCertSerial

        public static org.mozilla.jss.netscape.security.x509.CertificateSubjectName getCMCSigningCertSNfromCertSerial​(java.lang.String certSerial)
                                                                                                               throws java.lang.Exception
        Throws:
        java.lang.Exception
      • getCMCSigningCertFromCertSerial

        public static org.mozilla.jss.netscape.security.x509.X509CertImpl getCMCSigningCertFromCertSerial​(java.lang.String certSerial)
                                                                                                   throws java.lang.Exception
        getCMCSigningCertFromCertSerial is to be used when authentication was done with CMCUserSignedAuth where the resulting authToken contains IAuthManager.CRED_CMC_SIGNING_CERT, serial number This method takes the serial number and finds the cert from the CA's certdb
        Throws:
        java.lang.Exception
      • parseCMC

        public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC​(java.util.Locale locale,
                                                                 java.lang.String certreq)
                                                          throws EProfileException
        Throws:
        EProfileException
      • parseCMC

        public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC​(java.util.Locale locale,
                                                                 java.lang.String certreq,
                                                                 boolean donePOI)
                                                          throws EProfileException
        Throws:
        EProfileException
      • getPopLinkWitnessV2control

        protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control​(org.mozilla.jss.asn1.ASN1Value value)
        getPopLinkWitnessV2control
      • verifyPopLinkWitnessV2

        protected boolean verifyPopLinkWitnessV2​(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2,
                                                 byte[] randomSeed,
                                                 byte[] sharedSecret,
                                                 java.lang.String ident_string)
        verifyPopLinkWitnessV2
      • getPKIArchiveOptions

        protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions​(org.mozilla.jss.pkix.primitive.AVA ava)
      • toPKIArchiveOptions

        public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions​(byte[] options)
      • toByteArray

        public byte[] toByteArray​(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
      • fillNSNKEY

        public void fillNSNKEY​(java.util.Locale locale,
                               java.lang.String sn,
                               java.lang.String skey,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               IRequest req)
                        throws EProfileException
        Throws:
        EProfileException
      • fillNSHKEY

        public void fillNSHKEY​(java.util.Locale locale,
                               java.lang.String tcuid,
                               java.lang.String skey,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               IRequest req)
                        throws EProfileException
        Throws:
        EProfileException
      • fillKeyGen

        public void fillKeyGen​(java.util.Locale locale,
                               org.mozilla.jss.netscape.security.util.DerInputStream derIn,
                               org.mozilla.jss.netscape.security.x509.X509CertInfo info,
                               IRequest req)
                        throws EProfileException
        Throws:
        EProfileException
      • getLocale

        public java.util.Locale getLocale​(IRequest request)
      • populateInput

        public void populateInput​(java.util.Map<java.lang.String,​java.lang.String> ctx,
                                  IRequest request)
                           throws java.lang.Exception
        Populate input

        (either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)

        • signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a profile cert request is made (before approval process)
        Overrides:
        populateInput in class Profile
        Parameters:
        ctx - profile context
        request - the certificate request
        Throws:
        java.lang.Exception - an error related to this profile has occurred
      • populate

        public void populate​(IRequest request)
                      throws EProfileException
        Description copied from class: Profile
        Passes the request to the set of default policies that populate the profile information against the profile.
        Overrides:
        populate in class Profile
        Parameters:
        request - request
        Throws:
        EProfileException - failed to populate default values
      • validate

        public void validate​(IRequest request)
                      throws ERejectException
        Passes the request to the set of constraint policies that validate the request against the profile.
        Overrides:
        validate in class Profile
        Parameters:
        request - request
        Throws:
        ERejectException - validation violation
      • auditRequesterID

        protected java.lang.String auditRequesterID​(IRequest request)
        Signed Audit Log Requester ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "RequesterID" for a signed audit log message.

        Parameters:
        request - the actual request
        Returns:
        id string containing the signed audit log message RequesterID
      • auditProfileID

        protected java.lang.String auditProfileID()
        Signed Audit Log Profile ID This method is inherited by all extended "EnrollProfile"s, and is called to obtain the "ProfileID" for a signed audit log message.

        Returns:
        id string containing the signed audit log message ProfileID