public abstract class EnrollProfile extends Profile
An enrollment profile contains a list of enrollment specific input plugins, default policies, constriant policies and output plugins.
This interface also defines a set of enrollment specific attribute names that can be used to retrieve values from an enrollment request.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CTX_CERT_REQUEST_TYPE
Name of request attribute that stores the User
Supplied Certificate Request Type.
|
static java.lang.String |
CTX_RENEWAL
Name of request attribute to indicate if this is a renewal
|
static java.lang.String |
CTX_RENEWAL_SEQ_NUM
Name of the request attribute that stores the sequence number for a
renewal request.
|
static org.slf4j.Logger |
logger |
static java.lang.String |
REQ_TYPE_CMC |
static java.lang.String |
REQ_TYPE_CRMF |
static java.lang.String |
REQ_TYPE_KEYGEN |
static java.lang.String |
REQ_TYPE_PKCS10
Possible values for CTX_CERT_REQUEST_TYPE attribute.
|
static java.lang.String |
REQUEST_AUTHORITY_ID
ID of requested certificate authority (absense implies host authority)
|
static java.lang.String |
REQUEST_CERTINFO
Name of request attribute that stores the certificate template
that will be signed and then become a certificate.
|
static java.lang.String |
REQUEST_EXTENSIONS
Name of request attribute that stores the End-User Supplied
Extensions.
|
static java.lang.String |
REQUEST_ISSUED_CERT
Name of request attribute that stores the issued certificate.
|
static java.lang.String |
REQUEST_ISSUED_P12
Name of request attribute that stores the issued P12 from server-side keygen.
|
static java.lang.String |
REQUEST_LOCALE
Name of request attribute that stores the End-User Locale.
|
static java.lang.String |
REQUEST_SEQ_NUM
Name of request attribute that stores the sequence number.
|
static java.lang.String |
REQUEST_SIGNING_ALGORITHM
Name of request attribute that stores the End-User Supplied
Signing Algorithm.
|
static java.lang.String |
REQUEST_USER_DATA
Arbitrary user-supplied data.
|
static java.lang.String |
REQUEST_VALIDITY
Name of request attribute that stores the End-User Supplied
Validity.
|
mAuthInstanceId, mAuthzAcl, mConfig, mId, mInputIds, mInputNames, mInputs, mOutputIds, mOutputs, mPolicySet, mUpdaterIds, mUpdaters, PROP_CLASS_ID, PROP_CONSTRAINT, PROP_DEFAULT, PROP_DESC, PROP_ENABLE, PROP_ENABLE_BY, PROP_GENERIC_EXT_DEFAULT, PROP_INPUT, PROP_INPUT_LIST, PROP_INSTANCE_ID, PROP_IS_RENEWAL, PROP_NAME, PROP_NO_CONSTRAINT, PROP_NO_DEFAULT, PROP_OUTPUT, PROP_OUTPUT_LIST, PROP_PARAMS, PROP_POLICY_LIST, PROP_UPDATER_LIST, PROP_VISIBLE, PROP_XML_OUTPUT, registry, signedAuditLogger
Constructor and Description |
---|
EnrollProfile() |
Modifier and Type | Method and Description |
---|---|
protected java.lang.String |
auditProfileID()
Signed Audit Log Profile ID
This method is inherited by all extended "EnrollProfile"s,
and is called to obtain the "ProfileID" for
a signed audit log message.
|
protected java.lang.String |
auditRequesterID(IRequest request)
Signed Audit Log Requester ID
This method is inherited by all extended "EnrollProfile"s,
and is called to obtain the "RequesterID" for
a signed audit log message.
|
IRequest |
createEnrollmentRequest() |
IRequest[] |
createRequests(java.util.Map<java.lang.String,java.lang.String> ctx,
java.util.Locale locale)
Creates request.
|
abstract void |
execute(IRequest request)
Process a request after validation.
|
void |
fillCertReqMsg(java.util.Locale locale,
org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillKeyGen(java.util.Locale locale,
org.mozilla.jss.netscape.security.util.DerInputStream derIn,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillNSHKEY(java.util.Locale locale,
java.lang.String tcuid,
java.lang.String skey,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillNSNKEY(java.util.Locale locale,
java.lang.String sn,
java.lang.String skey,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillPKCS10(java.util.Locale locale,
org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
void |
fillTaggedRequest(java.util.Locale locale,
org.mozilla.jss.pkix.cmc.TaggedRequest tagreq,
org.mozilla.jss.netscape.security.x509.X509CertInfo info,
IRequest req) |
abstract IAuthority |
getAuthority() |
static org.mozilla.jss.netscape.security.x509.X509CertImpl |
getCMCSigningCertFromCertSerial(java.lang.String certSerial)
getCMCSigningCertFromCertSerial is to be used when authentication
was done with CMCUserSignedAuth where the resulting
authToken contains
IAuthManager.CRED_CMC_SIGNING_CERT, serial number
This method takes the serial number
and finds the cert from the CA's certdb
|
static org.mozilla.jss.netscape.security.x509.CertificateSubjectName |
getCMCSigningCertSNfromCertSerial(java.lang.String certSerial) |
abstract org.mozilla.jss.netscape.security.x509.X500Name |
getIssuerName() |
java.util.Locale |
getLocale(IRequest request) |
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions |
getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava) |
org.mozilla.jss.pkix.cmc.PKIData |
getPKIDataFromCMCblob(java.util.Locale locale,
java.lang.String certReqBlob)
getPKIDataFromCMCblob
|
java.lang.String |
getPolicySetId(IRequest req)
Perform simple policy set assignment.
|
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 |
getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
getPopLinkWitnessV2control
|
java.lang.String |
getRequestorDN(IRequest request)
Retrieves a localized string that represents
requestor's distinguished name.
|
IRequestQueue |
getRequestQueue()
Retrieves the request queue that is associated with
this profile.
|
org.mozilla.jss.pkix.cmc.TaggedRequest[] |
parseCMC(java.util.Locale locale,
java.lang.String certreq) |
org.mozilla.jss.pkix.cmc.TaggedRequest[] |
parseCMC(java.util.Locale locale,
java.lang.String certreq,
boolean donePOI) |
void |
populate(IRequest request)
Passes the request to the set of default policies that
populate the profile information against the profile.
|
void |
populateInput(java.util.Map<java.lang.String,java.lang.String> ctx,
IRequest request)
Populate input
|
void |
setDefaultCertInfo(IRequest request)
Set Default X509CertInfo in the request.
|
void |
setPOPchallenge(IRequest req)
setPOPchallenge generates a POP challenge and sets necessary info in request
for composing encryptedPOP later
|
void |
submit(IAuthToken token,
IRequest request)
This method is called after the user submits the
request from the end-entity page.
|
byte[] |
toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options) |
org.mozilla.jss.pkix.crmf.PKIArchiveOptions |
toPKIArchiveOptions(byte[] options) |
void |
validate(IRequest request)
Passes the request to the set of constraint policies
that validate the request against the profile.
|
void |
verifyPOP(java.util.Locale locale,
org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg) |
protected boolean |
verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2,
byte[] randomSeed,
byte[] sharedSecret,
java.lang.String ident_string)
verifyPopLinkWitnessV2
|
addInputName, auditSubjectID, createProfileInput, createProfileInput, createProfileOutput, createProfileOutput, createProfilePolicy, createProfilePolicy, deleteAllProfileInputs, deleteAllProfileOutputs, deleteAllProfilePolicies, deleteProfileInput, deleteProfileOutput, deleteProfilePolicy, getApprovedBy, getAuthenticatorId, getAuthzAcl, getConfigStore, getDescription, getId, getInput, getInputDescriptor, getInputNames, getName, getPolicies, getProfileInput, getProfileInputIds, getProfileOutput, getProfileOutputIds, getProfilePolicies, getProfilePolicy, getProfilePolicyIds, getProfilePolicySetIds, getProfileUpdater, getProfileUpdaterIds, init, isEnable, isRenewal, isVisible, isXmlOutput, setAuthenticatorId, setAuthzAcl, setDescription, setId, setInput, setName, setRenewal, setVisible, setXMLOutput
public static org.slf4j.Logger logger
public static final java.lang.String CTX_CERT_REQUEST_TYPE
public static final java.lang.String REQ_TYPE_PKCS10
public static final java.lang.String REQ_TYPE_CRMF
public static final java.lang.String REQ_TYPE_CMC
public static final java.lang.String REQ_TYPE_KEYGEN
public static final java.lang.String REQUEST_LOCALE
The value is of type java.util.Locale.
public static final java.lang.String REQUEST_SEQ_NUM
The value is of type java.lang.Integer.
public static final java.lang.String CTX_RENEWAL_SEQ_NUM
public static final java.lang.String CTX_RENEWAL
public static final java.lang.String REQUEST_VALIDITY
The value is of type org.mozilla.jss.netscape.security.x509.CertificateValidity
public static final java.lang.String REQUEST_SIGNING_ALGORITHM
The value is of type org.mozilla.jss.netscape.security.x509.CertificateAlgorithmId
public static final java.lang.String REQUEST_EXTENSIONS
The value is of type org.mozilla.jss.netscape.security.x509.CertificateExtensions
public static final java.lang.String REQUEST_CERTINFO
The value is of type org.mozilla.jss.netscape.security.x509.X509CertInfo
public static final java.lang.String REQUEST_ISSUED_CERT
The value is of type org.mozilla.jss.netscape.security.x509.X509CertImpl
public static final java.lang.String REQUEST_ISSUED_P12
public static final java.lang.String REQUEST_AUTHORITY_ID
public static final java.lang.String REQUEST_USER_DATA
public abstract IAuthority getAuthority()
public IRequestQueue getRequestQueue()
Profile
getRequestQueue
in class Profile
public IRequest[] createRequests(java.util.Map<java.lang.String,java.lang.String> ctx, java.util.Locale locale) throws java.lang.Exception
createRequests
in class Profile
ctx
- profile contextlocale
- user localejava.lang.Exception
- failed to create requestspublic abstract org.mozilla.jss.netscape.security.x509.X500Name getIssuerName()
public void setDefaultCertInfo(IRequest request) throws EProfileException
request
- profile-based certificate request.EProfileException
- failed to set the X509CertInfo.public IRequest createEnrollmentRequest() throws EProfileException
EProfileException
public abstract void execute(IRequest request) throws EProfileException
Profile
execute
in class Profile
request
- request to be processedEProfileException
- failed to processpublic java.lang.String getPolicySetId(IRequest req)
getPolicySetId
in class Profile
req
- requestpublic java.lang.String getRequestorDN(IRequest request)
Profile
getRequestorDN
in class Profile
request
- requestpublic void setPOPchallenge(IRequest req) throws EBaseException
req
- the requestEBaseException
public void submit(IAuthToken token, IRequest request) throws EDeferException, EProfileException
submit
in class Profile
token
- authentication tokenrequest
- request to be processedEDeferException
- defer requestEProfileException
- failed to submitpublic org.mozilla.jss.pkix.cmc.PKIData getPKIDataFromCMCblob(java.util.Locale locale, java.lang.String certReqBlob) throws EProfileException
certReqBlob
- cmc b64 encoded blobEProfileException
public static org.mozilla.jss.netscape.security.x509.CertificateSubjectName getCMCSigningCertSNfromCertSerial(java.lang.String certSerial) throws java.lang.Exception
java.lang.Exception
public static org.mozilla.jss.netscape.security.x509.X509CertImpl getCMCSigningCertFromCertSerial(java.lang.String certSerial) throws java.lang.Exception
java.lang.Exception
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq) throws EProfileException
EProfileException
public org.mozilla.jss.pkix.cmc.TaggedRequest[] parseCMC(java.util.Locale locale, java.lang.String certreq, boolean donePOI) throws EProfileException
EProfileException
protected org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 getPopLinkWitnessV2control(org.mozilla.jss.asn1.ASN1Value value)
protected boolean verifyPopLinkWitnessV2(org.mozilla.jss.pkix.cmc.PopLinkWitnessV2 popLinkWitnessV2, byte[] randomSeed, byte[] sharedSecret, java.lang.String ident_string)
public void fillTaggedRequest(java.util.Locale locale, org.mozilla.jss.pkix.cmc.TaggedRequest tagreq, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCPopFailedException, ECMCBadRequestException
protected org.mozilla.jss.pkix.crmf.PKIArchiveOptions getPKIArchiveOptions(org.mozilla.jss.pkix.primitive.AVA ava)
public org.mozilla.jss.pkix.crmf.PKIArchiveOptions toPKIArchiveOptions(byte[] options)
public byte[] toByteArray(org.mozilla.jss.pkix.crmf.PKIArchiveOptions options)
public void fillCertReqMsg(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
public void fillPKCS10(java.util.Locale locale, org.mozilla.jss.netscape.security.pkcs.PKCS10 pkcs10, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException, ECMCUnsupportedExtException
public void fillNSNKEY(java.util.Locale locale, java.lang.String sn, java.lang.String skey, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public void fillNSHKEY(java.util.Locale locale, java.lang.String tcuid, java.lang.String skey, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public void fillKeyGen(java.util.Locale locale, org.mozilla.jss.netscape.security.util.DerInputStream derIn, org.mozilla.jss.netscape.security.x509.X509CertInfo info, IRequest req) throws EProfileException
EProfileException
public java.util.Locale getLocale(IRequest request)
public void populateInput(java.util.Map<java.lang.String,java.lang.String> ctx, IRequest request) throws java.lang.Exception
(either all "agent" profile cert requests NOT made through a connector, or all "EE" profile cert requests NOT made through a connector)
populateInput
in class Profile
ctx
- profile contextrequest
- the certificate requestjava.lang.Exception
- an error related to this profile has occurredpublic void populate(IRequest request) throws EProfileException
Profile
populate
in class Profile
request
- requestEProfileException
- failed to populate default valuespublic void validate(IRequest request) throws ERejectException
validate
in class Profile
request
- requestERejectException
- validation violationprotected java.lang.String auditRequesterID(IRequest request)
request
- the actual requestprotected java.lang.String auditProfileID()
public void verifyPOP(java.util.Locale locale, org.mozilla.jss.pkix.crmf.CertReqMsg certReqMsg) throws EProfileException, ECMCPopFailedException