diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java | 254 |
1 files changed, 127 insertions, 127 deletions
diff --git a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java index 7314c2ac0..43f993ee3 100644 --- a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java @@ -30,11 +30,10 @@ import netscape.security.util.DerValue; /** * This class represents the Basic Constraints Extension. - * - * <p>The basic constraints extension identifies whether the subject of the - * certificate is a CA and how deep a certification path may exist - * through that CA. - * + * + * <p> + * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a certification path may exist through that CA. + * * <pre> * The ASN.1 syntax for this extension is: * BasicConstraints ::= SEQUENCE { @@ -42,6 +41,7 @@ import netscape.security.util.DerValue; * pathLenConstraint INTEGER (0..MAX) OPTIONAL * } * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -49,7 +49,7 @@ import netscape.security.util.DerValue; * @see Extension */ public class BasicConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -57,7 +57,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.BasicConstraints"; /** * Attribute names. @@ -67,8 +67,8 @@ implements CertAttrSet { public static final String PATH_LEN = "path_len"; // Private data members - private boolean ca = false; - private int pathLen = -1; + private boolean ca = false; + private int pathLen = -1; // Encode this extension value private void encodeThis() throws IOException { @@ -87,7 +87,7 @@ implements CertAttrSet { /** * Default constructor for this object. - * + * * @param ca true, if the subject of the Certificate is a CA. * @param len specifies the depth of the certification path. */ @@ -105,7 +105,7 @@ implements CertAttrSet { /** * Default constructor for this object. - * + * * @param ca true, if the subject of the Certificate is a CA. * @param len specifies the depth of the certification path. */ @@ -119,80 +119,80 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param extension the DER encoded value of the extension. * @exception IOException on error. */ - public BasicConstraintsExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.BasicConstraints_Id; - this.critical = critical.booleanValue(); + public BasicConstraintsExtension(Boolean critical, Object value) + throws IOException { + this.extensionId = PKIXExtensions.BasicConstraints_Id; + this.critical = critical.booleanValue(); - if (value instanceof byte[]) { - int len = Array.getLength(value); - byte[] extValue = new byte[len]; - System.arraycopy(value, 0, extValue, 0, len); + if (value instanceof byte[]) { + int len = Array.getLength(value); + byte[] extValue = new byte[len]; + System.arraycopy(value, 0, extValue, 0, len); - this.extensionValue = extValue; - DerValue val = new DerValue(extValue); - if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding of BasicConstraints"); - } + this.extensionValue = extValue; + DerValue val = new DerValue(extValue); + if (val.tag != DerValue.tag_Sequence) { + throw new IOException("Invalid encoding of BasicConstraints"); + } - // non-CA cert with no limit to certification path length - if (val.data == null || val.data.available() < 1) { - this.ca = false; - this.pathLen = -1; - return; - } - DerValue opt = val.data.getDerValue(); - if (opt.tag != DerValue.tag_Boolean) { - this.ca = false; - } else { - this.ca = true; - if (val.data.available() != 0) { - opt = val.data.getDerValue(); - } else { - this.pathLen = -1; - return; - } - } - if (opt.tag != DerValue.tag_Integer) { - throw new IOException("Invalid encoding of BasicConstraints"); - } - this.pathLen = (opt.getInteger()).toInt(); - /* - * Activate this check once again after PKIX profiling - * is a standard and this check no longer imposes an - * interoperability barrier. - * if (ca) { - * if (!this.critical) { - * throw new IOException("Criticality cannot be false for CA."); - * } - * } - */ - } else - throw new IOException("Invalid argument type"); - } + // non-CA cert with no limit to certification path length + if (val.data == null || val.data.available() < 1) { + this.ca = false; + this.pathLen = -1; + return; + } + DerValue opt = val.data.getDerValue(); + if (opt.tag != DerValue.tag_Boolean) { + this.ca = false; + } else { + this.ca = true; + if (val.data.available() != 0) { + opt = val.data.getDerValue(); + } else { + this.pathLen = -1; + return; + } + } + if (opt.tag != DerValue.tag_Integer) { + throw new IOException("Invalid encoding of BasicConstraints"); + } + this.pathLen = (opt.getInteger()).toInt(); + /* + * Activate this check once again after PKIX profiling + * is a standard and this check no longer imposes an + * interoperability barrier. + * if (ca) { + * if (!this.critical) { + * throw new IOException("Criticality cannot be false for CA."); + * } + * } + */ + } else + throw new IOException("Invalid argument type"); + } - /** - * Return user readable form of extension. - */ - public String toString() { - String s = super.toString() + "BasicConstraints:[\n"; + /** + * Return user readable form of extension. + */ + public String toString() { + String s = super.toString() + "BasicConstraints:[\n"; - s += ((ca) ? ("CA:true") : ("CA:false")) + "\n"; - if (pathLen >= 0) { - s += "PathLen:" + pathLen + "\n"; - } else { - s += "PathLen: undefined\n"; - } - return (s + "]\n"); - } + s += ((ca) ? ("CA:true") : ("CA:false")) + "\n"; + if (pathLen >= 0) { + s += "PathLen:" + pathLen + "\n"; + } else { + s += "PathLen: undefined\n"; + } + return (s + "]\n"); + } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -200,77 +200,77 @@ implements CertAttrSet { throw new IOException("Method not to be called directly."); } - /** - * Encode this extension value to the output stream. - * - * @param out the DerOutputStream to encode the extension to. - */ - public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - if (extensionValue == null) { - this.extensionId = PKIXExtensions.BasicConstraints_Id; -/* #57286 - so that profile can set critiality */ -/* - if (ca) { - critical = true; - } else { - critical = false; - } -*/ - encodeThis(); - } - super.encode(tmp); + /** + * Encode this extension value to the output stream. + * + * @param out the DerOutputStream to encode the extension to. + */ + public void encode(OutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + if (extensionValue == null) { + this.extensionId = PKIXExtensions.BasicConstraints_Id; + /* #57286 - so that profile can set critiality */ + /* + if (ca) { + critical = true; + } else { + critical = false; + } + */ + encodeThis(); + } + super.encode(tmp); - out.write(tmp.toByteArray()); - } + out.write(tmp.toByteArray()); + } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(IS_CA)) { - if (!(obj instanceof Boolean)) { - throw new IOException("Attribute value should be of type Boolean."); - } - ca = ((Boolean)obj).booleanValue(); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - pathLen = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + if (!(obj instanceof Boolean)) { + throw new IOException("Attribute value should be of type Boolean."); + } + ca = ((Boolean) obj).booleanValue(); + } else if (name.equalsIgnoreCase(PATH_LEN)) { + if (!(obj instanceof Integer)) { + throw new IOException("Attribute value should be of type Integer."); + } + pathLen = ((Integer) obj).intValue(); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - return (new Boolean(ca)); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - return (Integer.valueOf(pathLen)); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + return (new Boolean(ca)); + } else if (name.equalsIgnoreCase(PATH_LEN)) { + return (Integer.valueOf(pathLen)); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - ca = false; - } else if (name.equalsIgnoreCase(PATH_LEN)) { - pathLen = -1; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + ca = false; + } else if (name.equalsIgnoreCase(PATH_LEN)) { + pathLen = -1; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** @@ -282,7 +282,7 @@ implements CertAttrSet { elements.addElement(IS_CA); elements.addElement(PATH_LEN); - return (elements.elements()); + return (elements.elements()); } /** |