public abstract class EnrollProfile extends BasicProfile implements IEnrollProfile
Modifier and Type | Field and Description |
---|---|
static org.slf4j.Logger |
logger |
mAuthInstanceId, mAuthzAcl, mConfig, mId, mInputIds, mInputNames, mInputs, mOutputIds, mOutputs, mOwner, mPolicySet, mRegistry, mUpdaterIds, mUpdaters, PROP_CLASS_ID, PROP_CONSTRAINT, PROP_DEFAULT, PROP_DESC, PROP_ENABLE, PROP_ENABLE_BY, PROP_GENERIC_EXT_DEFAULT, PROP_INPUT, PROP_INPUT_LIST, PROP_INSTANCE_ID, PROP_IS_RENEWAL, PROP_NAME, PROP_NO_CONSTRAINT, PROP_NO_DEFAULT, PROP_OUTPUT, PROP_OUTPUT_LIST, PROP_PARAMS, PROP_POLICY_LIST, PROP_UPDATER_LIST, PROP_VISIBLE, PROP_XML_OUTPUT, signedAuditLogger
CTX_CERT_REQUEST, CTX_CERT_REQUEST_TYPE, CTX_RENEWAL, CTX_RENEWAL_SEQ_NUM, REQ_TYPE_CMC, REQ_TYPE_CRMF, REQ_TYPE_KEYGEN, REQ_TYPE_PKCS10, REQUEST_ALGORITHM_OID, REQUEST_ALGORITHM_PARAMS, REQUEST_ARCHIVE_OPTIONS, REQUEST_AUTHORITY_ID, REQUEST_CERTINFO, REQUEST_EXTENSIONS, REQUEST_ISSUED_CERT, REQUEST_KEY, REQUEST_LOCALE, REQUEST_SECURITY_DATA, REQUEST_SEQ_NUM, REQUEST_SESSION_KEY, REQUEST_SIGNING_ALGORITHM, REQUEST_SUBJECT_NAME, REQUEST_TRANSPORT_CERT, REQUEST_USER_DATA, REQUEST_VALIDITY
Constructor and Description |
---|
EnrollProfile() |
Modifier and Type | Method and Description |
---|---|
protected java.lang.String |
auditProfileID()
Signed Audit Log Profile ID
This method is inherited by all extended "EnrollProfile"s,
and is called to obtain the "ProfileID" for
a signed audit log message.
|
protected java.lang.String |
auditRequesterID(IRequest request)
Signed Audit Log Requester ID
This method is inherited by all extended "EnrollProfile"s,
and is called to obtain the "RequesterID" for
a signed audit log message.
|
IProfileContext |
createContext()
Retrieves profile context.
|
IRequest |
createEnrollmentRequest() |
IRequest[] |
createRequests(IProfileContext ctx,
java.util.Locale locale)
Creates request.
|
abstract void |
execute(IRequest request)
Process a request after validation.
|
void |
fillCertReqMsg(java.util.Locale locale,
org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillKeyGen(java.util.Locale locale,
org.mozilla.jss.netscape.security.util.DerInputStream derIn,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillNSHKEY(java.util.Locale locale,
java.lang.String tcuid,
java.lang.String skey,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillNSNKEY(java.util.Locale locale,
java.lang.String sn,
java.lang.String skey,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillPKCS10(java.util.Locale locale,
org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillTaggedRequest(java.util.Locale locale,
org.mozilla.jss.pkix.cmc.TaggedRequest tagreq,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
abstract IAuthority |
getAuthority() |
static org.mozilla.jss.netscape.security.x509.X509CertImpl |
getCMCSigningCertFromCertSerial(java.lang.String certSerial)
getCMCSigningCertFromCertSerial is to be used when authentication
was done with CMCUserSignedAuth where the resulting
authToken contains
IAuthManager.CRED_CMC_SIGNING_CERT, serial number
This method takes the serial number
and finds the cert from the CA's certdb
|
static org.mozilla.jss.netscape.security.x509.CertificateSubjectName |
getCMCSigningCertSNfromCertSerial(java.lang.String certSerial) |
abstract org.mozilla.jss.netscape.security.x509.X500Name |
getIssuerName() |
java.util.Locale |
getLocale(IRequest request) |
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions |
getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava) |
org.mozilla.jss.pkix.cmc.PKIData |
getPKIDataFromCMCblob(java.util.Locale locale,
java.lang.String certReqBlob)
getPKIDataFromCMCblob
|
java.lang.String |
getPolicySetId(IRequest req)
Perform simple policy set assignment.
|
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 |
getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
getPopLinkWitnessV2control
|
java.lang.String |
getRequestorDN(IRequest request)
Retrieves a localized string that represents
requestor's distinguished name.
|
IRequestQueue |
getRequestQueue()
Retrieves the request queue that is associated with
this profile.
|
java.lang.String |
normalizeCertReq(java.lang.String s) |
org.mozilla.jss.pkix.cmc.TaggedRequest[] |
parseCMC(java.util.Locale locale,
java.lang.String certreq) |
org.mozilla.jss.pkix.cmc.TaggedRequest[] |
parseCMC(java.util.Locale locale,
java.lang.String certreq,
boolean donePOI) |
org.mozilla.jss.pkix.crmf.CertReqMsg[] |
parseCRMF(java.util.Locale locale,
java.lang.String certreq) |
org.mozilla.jss.netscape.security.util.DerInputStream |
parseKeyGen(java.util.Locale locale,
java.lang.String certreq) |
org.mozilla.jss.netscape.security.pkcs.PKCS10 |
parsePKCS10(java.util.Locale locale,
java.lang.String certreq) |
void |
populate(IRequest request)
Passes the request to the set of default policies that
populate the profile information against the profile.
|
void |
populateInput(IProfileContext ctx,
IRequest request)
Populate input
|
void |
setDefaultCertInfo(IRequest req)
Set Default X509CertInfo in the request.
|
void |
setPOPchallenge(IRequest req)
setPOPchallenge generates a POP challenge and sets necessary info in request
for composing encryptedPOP later
|
void |
submit(IAuthToken token,
IRequest request)
This method is called after the user submits the
request from the end-entity page.
|
byte[] |
toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options) |
org.mozilla.jss.pkix.crmf.PKIArchiveOptions |
toPKIArchiveOptions(byte[] options) |
void |
validate(IRequest request)
Passes the request to the set of constraint policies
that validate the request against the profile.
|
void |
verifyPOP(java.util.Locale locale,
org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg) |
protected boolean |
verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2,
byte[] randomSeed,
byte[] sharedSecret,
java.lang.String ident_string)
verifyPopLinkWitnessV2
|
addInputName, auditSubjectID, createProfileInput, createProfileInput, createProfileOutput, createProfileOutput, createProfilePolicy, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getInput, getInputDescriptor, getInputNames, getName, getPolicies, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, getProfileUpdater, getProfileUpdaterIds, init, isEnable, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setInput, setName, setRenewal, setVisible, setXMLOutput
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createProfileInput, createProfileOutput, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticator, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getName, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, init, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setName, setRenewal, setVisible, setXMLOutput
public abstract IAuthority getAuthority()
public IRequestQueue getRequestQueue()
IProfile
getRequestQueue
in interface IProfile
public IProfileContext createContext()
IProfile
createContext
in interface IProfile
createContext
in class BasicProfile
public IRequest[] createRequests(IProfileContext ctx, java.util.Locale locale) throws EProfileException
createRequests
in interface IProfile
createRequests
in class BasicProfile
ctx
- profile contextlocale
- user localeEProfileException
- failed to create requestspublic abstract org.mozilla.jss.netscape.security.x509.X500Name getIssuerName()
public void setDefaultCertInfo(IRequest req) throws EProfileException
IEnrollProfile
setDefaultCertInfo
in interface IEnrollProfile
req
- profile-based certificate request.EProfileException
- failed to set the X509CertInfo.public IRequest createEnrollmentRequest() throws EProfileException
EProfileException
public abstract void execute(IRequest request) throws EProfileException
IProfile
execute
in interface IProfile
execute
in class BasicProfile
request
- request to be processedEProfileException
- failed to processpublic java.lang.String getPolicySetId(IRequest req)
getPolicySetId
in interface IProfile
req
- requestpublic java.lang.String getRequestorDN(IRequest request)
IProfile
getRequestorDN
in interface IProfile
getRequestorDN
in class BasicProfile
request
- requestpublic void setPOPchallenge(IRequest req) throws EBaseException
req
- the requestEBaseException
public void submit(IAuthToken token, IRequest request) throws EDeferException, EProfileException
submit
in interface IProfile
token
- authentication tokenrequest
- request to be processedEDeferException
- defer requestEProfileException
- failed to submitpublic org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob(java.util.Locale locale, java.lang.String certReqBlob) throws EProfileException
certReqBlob
- cmc b64 encoded blobEProfileException
public static org.mozilla.jss.netscape.security.x509.CertificateSubjectName getCMCSigningCertSNfromCertSerial(java.lang.String certSerial) throws java.lang.Exception
java.lang.Exception
public static org.mozilla.jss.netscape.security.x509.X509CertImpl getCMCSigningCertFromCertSerial(java.lang.String certSerial) throws java.lang.Exception
java.lang.Exception
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq) throws EProfileException
EProfileException
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq, boolean donePOI) throws EProfileException
EProfileException
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
protected boolean verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2, byte[] randomSeed, byte[] sharedSecret, java.lang.String ident_string)
public void fillTaggedRequest(java.util.Locale locale, org.mozilla.jss.pkix.cmc.TaggedRequest tagreq, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCPopFailedException, ECMCBadRequestException
public org.mozilla.jss.pkix.crmf.CertReqMsg[] parseCRMF(java.util.Locale locale, java.lang.String certreq) throws EProfileException
EProfileException
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)
public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions(byte[] options)
public byte[] toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
public void fillCertReqMsg(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
public org.mozilla.jss.netscape.security.pkcs.PKCS10 parsePKCS10(java.util.Locale locale, java.lang.String certreq) throws EProfileException
EProfileException
public void fillPKCS10(java.util.Locale locale, org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
public void fillNSNKEY(java.util.Locale locale, java.lang.String sn, java.lang.String skey, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public void fillNSHKEY(java.util.Locale locale, java.lang.String tcuid, java.lang.String skey, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public org.mozilla.jss.netscape.security.util.DerInputStream parseKeyGen(java.util.Locale locale, java.lang.String certreq) throws EProfileException
EProfileException
public void fillKeyGen(java.util.Locale locale, org.mozilla.jss.netscape.security.util.DerInputStream derIn, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public java.lang.String normalizeCertReq(java.lang.String s)
public java.util.Locale getLocale(IRequest request)
public void populateInput(IProfileContext ctx, IRequest request) throws EProfileException
(either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)
populateInput
in interface IProfile
populateInput
in class BasicProfile
ctx
- profile contextrequest
- the certificate requestEProfileException
- an error related to this profile has
occurredpublic void populate(IRequest request) throws EProfileException
BasicProfile
populate
in interface IProfile
populate
in class BasicProfile
request
- requestEProfileException
- failed to populate default valuespublic void validate(IRequest request) throws ERejectException
validate
in interface IProfile
validate
in class BasicProfile
request
- requestERejectException
- validation violationprotected java.lang.String auditRequesterID(IRequest request)
request
- the actual requestprotected java.lang.String auditProfileID()
public void verifyPOP(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg) throws EProfileException, ECMCPopFailedException