diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/KeyUsageExtension.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/KeyUsageExtension.java | 414 |
1 files changed, 0 insertions, 414 deletions
diff --git a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java deleted file mode 100644 index 56084dbcf..000000000 --- a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java +++ /dev/null @@ -1,414 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package netscape.security.x509; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.lang.reflect.Array; -import java.util.Enumeration; -import java.util.Vector; - -import netscape.security.util.BitArray; -import netscape.security.util.DerOutputStream; -import netscape.security.util.DerValue; - -/** - * Represent the Key Usage Extension. - * - * <p> - * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key - * contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted - * (e.g., when an RSA key should be used only for signing or only for key encipherment). - * - * @author Amit Kapoor - * @author Hemma Prafullchandra - * @version 1.9 - * @see Extension - * @see CertAttrSet - */ -public class KeyUsageExtension extends Extension - implements CertAttrSet { - - /** - * - */ - private static final long serialVersionUID = 2899719374157256708L; - /** - * Identifier for this attribute, to be used with the - * get, set, delete methods of Certificate, x509 type. - */ - public static final String IDENT = "x509.info.extensions.KeyUsage"; - /** - * Attribute names. - */ - public static final String NAME = "KeyUsage"; - public static final String DIGITAL_SIGNATURE = "digital_signature"; - public static final String NON_REPUDIATION = "non_repudiation"; - public static final String KEY_ENCIPHERMENT = "key_encipherment"; - public static final String DATA_ENCIPHERMENT = "data_encipherment"; - public static final String KEY_AGREEMENT = "key_agreement"; - public static final String KEY_CERTSIGN = "key_certsign"; - public static final String CRL_SIGN = "crl_sign"; - public static final String ENCIPHER_ONLY = "encipher_only"; - public static final String DECIPHER_ONLY = "decipher_only"; - - public static final int DIGITAL_SIGNATURE_BIT = 0; - public static final int NON_REPUDIATION_BIT = 1; - public static final int KEY_ENCIPHERMENT_BIT = 2; - public static final int DATA_ENCIPHERMENT_BIT = 3; - public static final int KEY_AGREEMENT_BIT = 4; - public static final int KEY_CERTSIGN_BIT = 5; - public static final int CRL_SIGN_BIT = 6; - public static final int ENCIPHER_ONLY_BIT = 7; - public static final int DECIPHER_ONLY_BIT = 8; - - public static final int NBITS = 9; - - public static String[] names = new String[NBITS]; - - static { - names[DIGITAL_SIGNATURE_BIT] = DIGITAL_SIGNATURE; - names[NON_REPUDIATION_BIT] = NON_REPUDIATION; - names[KEY_ENCIPHERMENT_BIT] = KEY_ENCIPHERMENT; - names[DATA_ENCIPHERMENT_BIT] = DATA_ENCIPHERMENT; - names[KEY_AGREEMENT_BIT] = KEY_AGREEMENT; - names[KEY_CERTSIGN_BIT] = KEY_CERTSIGN; - names[CRL_SIGN_BIT] = CRL_SIGN; - names[ENCIPHER_ONLY_BIT] = ENCIPHER_ONLY; - names[DECIPHER_ONLY_BIT] = DECIPHER_ONLY; - } - - // Private data members - private boolean[] bitString; - - // Encode this extension value - private void encodeThis() throws IOException { - DerOutputStream os = new DerOutputStream(); - os.putUnalignedBitString(this.bitString); - this.extensionValue = os.toByteArray(); - } - - /** - * Check if bit is set. - * - * @param position the position in the bit string to check. - */ - private boolean isSet(int position) { - if (bitString.length <= position) - return false; - return bitString[position]; - } - - /** - * Set the bit at the specified position. - */ - private void set(int position, boolean val) { - // enlarge bitString if necessary - if (position >= bitString.length) { - boolean[] tmp = new boolean[position + 1]; - System.arraycopy(bitString, 0, tmp, 0, bitString.length); - bitString = tmp; - } - bitString[position] = val; - } - - /** - * Create a KeyUsageExtension with the passed bit settings. The criticality - * is set to true. - * - * @param bitString the bits to be set for the extension. - */ - public KeyUsageExtension(boolean critical, byte[] bitString) throws IOException { - this.bitString = - new BitArray(bitString.length * 8, bitString).toBooleanArray(); - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = critical; - encodeThis(); - } - - public KeyUsageExtension(byte[] bitString) throws IOException { - this.bitString = - new BitArray(bitString.length * 8, bitString).toBooleanArray(); - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = true; - encodeThis(); - } - - /** - * Create a KeyUsageExtension with the passed bit settings. The criticality - * is set to true. - * - * @param bitString the bits to be set for the extension. - */ - public KeyUsageExtension(boolean critical, boolean[] bitString) throws IOException { - this.bitString = bitString; - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = critical; - encodeThis(); - } - - public KeyUsageExtension(boolean[] bitString) throws IOException { - this.bitString = bitString; - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = true; - encodeThis(); - } - - /** - * Create a KeyUsageExtension with the passed bit settings. The criticality - * is set to true. - * - * @param bitString the bits to be set for the extension. - */ - public KeyUsageExtension(BitArray bitString) throws IOException { - this.bitString = bitString.toBooleanArray(); - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = true; - encodeThis(); - } - - /** - * Create the extension from the passed DER encoded value of the same. - * - * @param critical true if the extension is to be treated as critical. - * @param value Array of DER encoded bytes of the actual value. - * @exception IOException on error. - */ - public KeyUsageExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = critical.booleanValue(); - /* - * The following check should be activated again after - * the PKIX profiling work becomes standard and the check - * is not a barrier to interoperability ! - * if (!this.critical) { - * throw new IOException("KeyUsageExtension not marked critical," - * + " invalid profile."); - * } - */ - int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } - this.extensionValue = extValue; - DerValue val = new DerValue(extValue); - this.bitString = val.getUnalignedBitString().toBooleanArray(); - } - - /** - * Create a default key usage. - */ - public KeyUsageExtension() { - extensionId = PKIXExtensions.KeyUsage_Id; - critical = true; - bitString = new boolean[0]; - } - - /** - * Set the attribute value. - */ - public void set(String name, Object obj) throws IOException { - clearValue(); - if (!(obj instanceof Boolean)) { - throw new IOException("Attribute must be of type Boolean."); - } - boolean val = ((Boolean) obj).booleanValue(); - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - set(0, val); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - set(1, val); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - set(2, val); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - set(3, val); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - set(4, val); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - set(5, val); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - set(6, val); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - set(7, val); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - set(8, val); - } else { - throw new IOException("Attribute name not recognized by" - + " CertAttrSet:KeyUsage."); - } - encodeThis(); - } - - /** - * Get the attribute value. - */ - public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - return new Boolean(isSet(0)); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - return new Boolean(isSet(1)); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - return new Boolean(isSet(2)); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - return new Boolean(isSet(3)); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - return new Boolean(isSet(4)); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - return new Boolean(isSet(5)); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - return new Boolean(isSet(6)); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - return new Boolean(isSet(7)); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - return new Boolean(isSet(8)); - } else { - throw new IOException("Attribute name not recognized by" - + " CertAttrSet:KeyUsage."); - } - } - - /** - * Delete the attribute value. - */ - public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - set(0, false); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - set(1, false); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - set(2, false); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - set(3, false); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - set(4, false); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - set(5, false); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - set(6, false); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - set(7, false); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - set(8, false); - } else { - throw new IOException("Attribute name not recognized by" - + " CertAttrSet:KeyUsage."); - } - } - - /** - * Returns a printable representation of the KeyUsage. - */ - public String toString() { - String s = super.toString() + "KeyUsage [\n"; - - try { - if (isSet(0)) { - s += " DigitalSignature\n"; - } - if (isSet(1)) { - s += " Non_repudiation\n"; - } - if (isSet(2)) { - s += " Key_Encipherment\n"; - } - if (isSet(3)) { - s += " Data_Encipherment\n"; - } - if (isSet(4)) { - s += " Key_Agreement\n"; - } - if (isSet(5)) { - s += " Key_CertSign\n"; - } - if (isSet(6)) { - s += " Crl_Sign\n"; - } - if (isSet(7)) { - s += " Encipher_Only\n"; - } - if (isSet(8)) { - s += " Decipher_Only\n"; - } - } catch (ArrayIndexOutOfBoundsException ex) { - } - - s += "]\n"; - - return (s); - } - - /** - * Decode the extension from the InputStream. - * - * @param in the InputStream to unmarshal the contents from. - * @exception IOException on decoding or validity errors. - */ - public void decode(InputStream in) throws IOException { - throw new IOException("Method not to be called directly."); - } - - /** - * Write the extension to the DerOutputStream. - * - * @param out the DerOutputStream to write the extension to. - * @exception IOException on encoding errors. - */ - public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = true; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); - } - - /** - * Return an enumeration of names of attributes existing within this - * attribute. - */ - public Enumeration<String> getAttributeNames() { - Vector<String> elements = new Vector<String>(); - elements.addElement(DIGITAL_SIGNATURE); - elements.addElement(NON_REPUDIATION); - elements.addElement(KEY_ENCIPHERMENT); - elements.addElement(DATA_ENCIPHERMENT); - elements.addElement(KEY_AGREEMENT); - elements.addElement(KEY_CERTSIGN); - elements.addElement(CRL_SIGN); - elements.addElement(ENCIPHER_ONLY); - elements.addElement(DECIPHER_ONLY); - - return (elements.elements()); - } - - public boolean[] getBits() { - return (boolean[]) bitString.clone(); - } - - /** - * Return the name of this attribute. - */ - public String getName() { - return (NAME); - } -} |