diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java')
-rw-r--r-- | pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java | 317 |
1 files changed, 169 insertions, 148 deletions
diff --git a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java index 1cef0f883..931bc8591 100644 --- a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java +++ b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java @@ -33,9 +33,9 @@ import netscape.security.util.DerValue; import org.mozilla.jss.asn1.ASN1Util; /** - * A critical CRL extension that identifies the CRL distribution point - * for a particular CRL - * + * A critical CRL extension that identifies the CRL distribution point for a + * particular CRL + * * <pre> * issuingDistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, @@ -43,11 +43,11 @@ import org.mozilla.jss.asn1.ASN1Util; * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, * onlySomeReasons [3] ReasonFlags OPTIONAL, * indirectCRL [4] BOOLEAN DEFAULT FALSE } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -56,9 +56,9 @@ import org.mozilla.jss.asn1.ASN1Util; * superseded (4), * cessationOfOperation (5), * certificateHold (6) } - * + * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * + * * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, @@ -69,30 +69,29 @@ import org.mozilla.jss.asn1.ASN1Util; * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER} - * + * * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } - * + * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } - * + * * RelativeDistinguishedName ::= * SET OF AttributeTypeAndValue - * + * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue } - * + * * AttributeType ::= OBJECT IDENTIFIER - * + * * AttributeValue ::= ANY DEFINED BY AttributeType * </pre> */ -public class IssuingDistributionPointExtension extends Extension - implements CertAttrSet -{ +public class IssuingDistributionPointExtension extends Extension implements + CertAttrSet { /** * */ @@ -113,37 +112,38 @@ public class IssuingDistributionPointExtension extends Extension private IssuingDistributionPoint issuingDistributionPoint = null; // Cached DER-encoding to improve performance. - private byte[] cachedEncoding=null; - + private byte[] cachedEncoding = null; // no default constructor - private IssuingDistributionPointExtension() { } - + private IssuingDistributionPointExtension() { + } static { try { - OIDMap.addAttribute(IssuingDistributionPointExtension.class.getName(), - OID, NAME); - } catch (CertificateException e) {} + OIDMap.addAttribute( + IssuingDistributionPointExtension.class.getName(), OID, + NAME); + } catch (CertificateException e) { + } } - /** - * This constructor is very important, since it will be called - * by the system. + * This constructor is very important, since it will be called by the + * system. */ public IssuingDistributionPointExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id; this.critical = critical.booleanValue(); - this.extensionValue = (byte[])((byte[])value).clone(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); byte[] extValue = this.extensionValue; issuingDistributionPoint = new IssuingDistributionPoint(); DerValue val = new DerValue(extValue); if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding of IssuingDistributionPoint"); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint"); } while (val.data.available() != 0) { @@ -151,45 +151,60 @@ public class IssuingDistributionPointExtension extends Extension if (opt != null) { for (int i = 0; i < 5; i++) { - if (opt.isContextSpecific((byte)i)) { - if ((i == 0 && opt.isConstructed() && opt.data.available() != 0) || - (i != 0 && (!opt.isConstructed()) && opt.data.available() != 0)) { + if (opt.isContextSpecific((byte) i)) { + if ((i == 0 && opt.isConstructed() && opt.data + .available() != 0) + || (i != 0 && (!opt.isConstructed()) && opt.data + .available() != 0)) { if (i == 0) { DerValue opt1 = opt.data.getDerValue(); if (opt1 != null) { - if (opt1.isContextSpecific((byte)0)) { - if (opt1.isConstructed() && opt1.data.available() != 0) { + if (opt1.isContextSpecific((byte) 0)) { + if (opt1.isConstructed() + && opt1.data.available() != 0) { opt1.resetTag(DerValue.tag_Sequence); try { - GeneralNames fullName = new GeneralNames(opt1); + GeneralNames fullName = new GeneralNames( + opt1); if (fullName != null) { - issuingDistributionPoint.setFullName(fullName); + issuingDistributionPoint + .setFullName(fullName); } } catch (GeneralNamesException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint " + + e); } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint " + + e); } } else { - throw new IOException("Invalid encoding of IssuingDistributionPoint"); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint"); } - } else if (opt1.isContextSpecific((byte)1)) { - if (opt1.isConstructed() && opt1.data.available() != 0) { + } else if (opt1.isContextSpecific((byte) 1)) { + if (opt1.isConstructed() + && opt1.data.available() != 0) { opt1.resetTag(DerValue.tag_Set); try { RDN relativeName = new RDN(opt1); if (relativeName != null) { - issuingDistributionPoint.setRelativeName(relativeName); + issuingDistributionPoint + .setRelativeName(relativeName); } } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint " + + e); } } else { - throw new IOException("Invalid encoding of IssuingDistributionPoint"); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint"); } } } @@ -197,11 +212,15 @@ public class IssuingDistributionPointExtension extends Extension } else if (i == 3) { opt.resetTag(DerValue.tag_BitString); try { - BitArray reasons = opt.getUnalignedBitString(); - issuingDistributionPoint.setOnlySomeReasons(reasons); + BitArray reasons = opt + .getUnalignedBitString(); + issuingDistributionPoint + .setOnlySomeReasons(reasons); byte[] a = reasons.toByteArray(); } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint " + + e); } } else { @@ -209,32 +228,38 @@ public class IssuingDistributionPointExtension extends Extension try { boolean b = opt.getBoolean(); if (i == 1) { - issuingDistributionPoint.setOnlyContainsUserCerts(b); + issuingDistributionPoint + .setOnlyContainsUserCerts(b); } else if (i == 2) { - issuingDistributionPoint.setOnlyContainsCACerts(b); + issuingDistributionPoint + .setOnlyContainsCACerts(b); } else if (i == 4) { - issuingDistributionPoint.setIndirectCRL(b); + issuingDistributionPoint + .setIndirectCRL(b); } } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint " + + e); } } } else { - throw new IOException("Invalid encoding of IssuingDistributionPoint"); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint"); } } } } else { - throw new IOException("Invalid encoding of IssuingDistributionPoint"); + throw new IOException( + "Invalid encoding of IssuingDistributionPoint"); } } } - /** - * Creates a new IssuingDistributionPoint extension, with the given - * issuing distribution point as the first element. + * Creates a new IssuingDistributionPoint extension, with the given issuing + * distribution point as the first element. */ public IssuingDistributionPointExtension(IssuingDistributionPoint idp) { this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id; @@ -249,27 +274,26 @@ public class IssuingDistributionPointExtension extends Extension return issuingDistributionPoint; } - /** - * Sets the criticality of this extension. PKIX dictates that this - * extension SHOULD be critical, so applications can make it not critical - * if they have a very good reason. By default, the extension is critical. + /** + * Sets the criticality of this extension. PKIX dictates that this extension + * SHOULD be critical, so applications can make it not critical if they have + * a very good reason. By default, the extension is critical. */ public void setCritical(boolean critical) { this.critical = critical; } - /** - * Gets the criticality of this extension. PKIX dictates that this - * extension SHOULD be critical, so by default, the extension is critical. + /** + * Gets the criticality of this extension. PKIX dictates that this extension + * SHOULD be critical, so by default, the extension is critical. */ public boolean getCritical(boolean critical) { return this.critical; } /** - * Encodes this extension to the given DerOutputStream. - * This method re-encodes each time it is called, so it is not very - * efficient. + * Encodes this extension to the given DerOutputStream. This method + * re-encodes each time it is called, so it is not very efficient. */ public void encode(DerOutputStream out) throws IOException { extensionValue = ASN1Util.encode(issuingDistributionPoint); @@ -277,15 +301,16 @@ public class IssuingDistributionPointExtension extends Extension } /** - * Should be called if any change is made to this data structure - * so that the cached DER encoding can be discarded. + * Should be called if any change is made to this data structure so that the + * cached DER encoding can be discarded. */ public void flushCachedEncoding() { cachedEncoding = null; } /** - * Returns a printable representation of the IssuingDistributionPointExtension + * Returns a printable representation of the + * IssuingDistributionPointExtension */ public String toString() { @@ -295,10 +320,9 @@ public class IssuingDistributionPointExtension extends Extension /** * DER-encodes this extension to the given OutputStream. */ - public void encode(OutputStream ostream) - throws CertificateException, IOException - { - if( cachedEncoding == null ) { + public void encode(OutputStream ostream) throws CertificateException, + IOException { + if (cachedEncoding == null) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -307,45 +331,39 @@ public class IssuingDistributionPointExtension extends Extension ostream.write(cachedEncoding); } - public void decode(InputStream in) - throws CertificateException, IOException - { + public void decode(InputStream in) throws CertificateException, IOException { throw new IOException("Not supported"); } - public void set(String name, Object obj) - throws CertificateException, IOException - { + public void set(String name, Object obj) throws CertificateException, + IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { if (!(obj instanceof IssuingDistributionPoint)) { - throw new IOException("Attribute value should be of type IssuingDistributionPoint."); + throw new IOException( + "Attribute value should be of type IssuingDistributionPoint."); } - issuingDistributionPoint = (IssuingDistributionPoint)obj; + issuingDistributionPoint = (IssuingDistributionPoint) obj; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } - public Object get(String name) - throws CertificateException, IOException - { + public Object get(String name) throws CertificateException, IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { return issuingDistributionPoint; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } - public void delete(String name) - throws CertificateException, IOException - { + public void delete(String name) throws CertificateException, IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { issuingDistributionPoint = null; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } @@ -353,10 +371,9 @@ public class IssuingDistributionPointExtension extends Extension Vector<String> elements = new Vector<String>(); elements.addElement(ISSUING_DISTRIBUTION_POINT); return (elements.elements()); -// return (new Vector()).elements(); + // return (new Vector()).elements(); } - public String getName() { return NAME; } @@ -366,61 +383,65 @@ public class IssuingDistributionPointExtension extends Extension */ public static void main(String args[]) { - try { + try { - if( args.length != 1 ) { - System.out.println("Usage: IssuingDistributionPointExtension "+ - "<outfile>"); - System.exit(-1); - } + if (args.length != 1) { + System.out.println("Usage: IssuingDistributionPointExtension " + + "<outfile>"); + System.exit(-1); + } - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0]) ); - - - // URI only - IssuingDistributionPoint idp = new IssuingDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - idp.setFullName(generalNames); - IssuingDistributionPointExtension idpExt = - new IssuingDistributionPointExtension(idp); - - // DN only - idp = new IssuingDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - idp.setFullName(generalNames); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - idp = new IssuingDistributionPoint(); - idp.setFullName(generalNames); - idp.setOnlySomeReasons(ba); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - - // relative DN + reason + crlIssuer - idp = new IssuingDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - idp.setRelativeName(rdn); - idp.setOnlySomeReasons(ba); - idp.setOnlyContainsCACerts(true); - idp.setOnlyContainsUserCerts(true); - idp.setIndirectCRL(true); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - idpExt.setCritical(false); - idpExt.encode(bos); - - bos.close(); - - } catch(Exception e) { + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + // URI only + IssuingDistributionPoint idp = new IssuingDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + idp.setFullName(generalNames); + IssuingDistributionPointExtension idpExt = new IssuingDistributionPointExtension( + idp); + + // DN only + idp = new IssuingDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + idp.setFullName(generalNames); + idpExt.set( + IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, + idp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + idp = new IssuingDistributionPoint(); + idp.setFullName(generalNames); + idp.setOnlySomeReasons(ba); + idpExt.set( + IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, + idp); + + // relative DN + reason + crlIssuer + idp = new IssuingDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + idp.setRelativeName(rdn); + idp.setOnlySomeReasons(ba); + idp.setOnlyContainsCACerts(true); + idp.setOnlyContainsUserCerts(true); + idp.setIndirectCRL(true); + idpExt.set( + IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, + idp); + + idpExt.setCritical(false); + idpExt.encode(bos); + + bos.close(); + + } catch (Exception e) { e.printStackTrace(); - } + } } } |