Package nl.nikhef.jgridstart

Class CertificateRequest

java.lang.Object

nl.nikhef.jgridstart.CertificateRequest

public class CertificateRequest
extends Object

Helper class for requesting a new certificate.

Field Summary

Fields

Modifier and Type	Field	Description
static String	defaultsPrefix	System properties prefix for prefill defaults

Constructor Summary

Constructors

Constructor	Description
CertificateRequest()

Method Summary

Modifier and Type	Method	Description
static void	completeData(Properties p)	Completes fields from certificate.
static void	postFillData(Properties p)	Complete data entered before creating a certificate signing request.
static void	postFillDataLock(Properties p)	Lock fields on which the request is dependent.
static void	preFillData(Properties p)	Set default properties to aid user in filling in the form.
static void	preFillData(Properties p, Properties parent)	Set default properties based on an amount of guessing to aid the user in filling in the form.
static void	validateDN(String dn)	Verifies that DN (complete or component) is valid.
static void	validatePassword(char[] pw, boolean strict)	Verifies that password is according to policy.
static void	validatePassword(String pw, boolean strict)	Verifies that password is according to policy.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

defaultsPrefix

public static final String defaultsPrefix

System properties prefix for prefill defaults

See Also:

Constant Field Values

Constructor Detail

CertificateRequest

public CertificateRequest()

Method Detail

preFillData

public static void preFillData(Properties p,
                               Properties parent)

Set default properties based on an amount of guessing to aid the user in filling in the form.

First properties are copied from its parent, if any. If the parent has no such property, it looks at system properties jgridstart.defaults.* and sets defaults from these. If a property already exists, it is not overwritten.

The parent is meant for renewing certificates, where most properties need to be copied from the parent certificate, but not all.

Cryptography-related properties are taken from system defaults, so that stronger cryptography defaults can be used with renewals.

Parameters:

p - Properties to set

parent - Parent Properties to copy from

preFillData

public static void preFillData(Properties p)

Set default properties to aid user in filling in the form.

This is equal to preFillData(Properties, null).

Parameters:

p - Properties to set

See Also:

preFillData(Properties, Properties)

postFillData

public static void postFillData(Properties p)

Complete data entered before creating a certificate signing request.

This should be called before CertificateStore.generateRequest() or CertificatePair.generateRequest() is called.

Currently assumes that the org property is a comma-separated list of organisation, organisation-units (if any OUs).

Parameters:

p - Properties to update

postFillDataLock

public static void postFillDataLock(Properties p)

Lock fields on which the request is dependent.

When the CSR is generated, some fields should not be changed anymore since these have become part of the request. This method should set all foo.locked variables so that the fields cannot be edited in TemplateDocuments.

completeData

public static void completeData(Properties p)

Completes fields from certificate.

When an external certificate is imported, its DN has to be parsed to get names, level, etc. This is kinda reverse of {#postFillData}.

validatePassword

public static void validatePassword(String pw,
                                    boolean strict)
                             throws InvalidKeyException

Verifies that password is according to policy.

Throws an InvalidKeyException if the policy is violated. Requirements are configured through the system properties; please see global.properties. Properties used:

• jgridstart.password.mode - how to apply the password policy. enforceminlength is always checked in strict mode. The value of this property affects all the other conditions: enforce to check them in strict mode, complain to check them in non-strict mode, and and ignore to ignore them completely.
• jgridstart.password.minlength - minimum password length
• jgridstart.password.regexp - regular expression that should return true
• jgridstart.enforceminlength - minimum password length that is always enforced in strict mode

If any property is not specified, it is not checked for.

Parameters:

strict - whether to check for strict requirements (strict mode), or suggestions only (non-strict mode)

Throws:

InvalidKeyException

validatePassword

public static void validatePassword(char[] pw,
                                    boolean strict)
                             throws InvalidKeyException

Verifies that password is according to policy.

Accepts char array as parameter for future compatibility.

Throws:

InvalidKeyException

See Also:

validatePassword(String, boolean)

validateDN

public static void validateDN(String dn)
                       throws Exception

Verifies that DN (complete or component) is valid.

The CP/CPS specified that PRINTABLESTRING should be used, and that quotes should not be used. What characters are allowed explicitly is determined by the property jgridstart.dnpolicy which is a regular expression.

Throws:

Exception