diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java')
-rw-r--r-- | pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java | 158 |
1 files changed, 76 insertions, 82 deletions
diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java index 9a2ac91ce..3a0718d30 100644 --- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -28,18 +28,13 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.PrettyPrintFormat; - /** * This class defines the Name Constraints Extension. * <p> - * The name constraints extension provides permitted and excluded - * subtrees that place restrictions on names that may be included within - * a certificate issued by a given CA. Restrictions may apply to the - * subject distinguished name or subject alternative names. Any name - * matching a restriction in the excluded subtrees field is invalid - * regardless of information appearing in the permitted subtrees. + * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees. * <p> * The ASN.1 syntax for this is: + * * <pre> * NameConstraints ::= SEQUENCE { * permittedSubtrees [0] GeneralSubtrees OPTIONAL, @@ -52,7 +47,7 @@ import netscape.security.util.PrettyPrintFormat; * maximum [1] BaseDistance OPTIONAL } * BaseDistance ::== INTEGER (0..MAX) * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.10 @@ -60,7 +55,7 @@ import netscape.security.util.PrettyPrintFormat; * @see CertAttrSet */ public class NameConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -68,7 +63,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.NameConstraints"; /** * Attribute names. @@ -81,8 +76,8 @@ implements CertAttrSet { private static final byte TAG_PERMITTED = 0; private static final byte TAG_EXCLUDED = 1; - private GeneralSubtrees permitted; - private GeneralSubtrees excluded; + private GeneralSubtrees permitted; + private GeneralSubtrees excluded; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -91,13 +86,13 @@ implements CertAttrSet { DerOutputStream seq = new DerOutputStream(); DerOutputStream tagged = new DerOutputStream(); - if ((permitted != null) &&(permitted.getSubtrees().size()>0)) { + if ((permitted != null) && (permitted.getSubtrees().size() > 0)) { DerOutputStream tmp = new DerOutputStream(); permitted.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_PERMITTED), tmp); } - if ((excluded != null) && (excluded.getSubtrees().size()>0)) { + if ((excluded != null) && (excluded.getSubtrees().size() > 0)) { DerOutputStream tmp = new DerOutputStream(); excluded.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, @@ -115,25 +110,25 @@ implements CertAttrSet { * The default constructor for this class. Either parameter * can be set to null to indicate it is omitted but both * cannot be null. - * + * * @param permitted the permitted GeneralSubtrees (null for optional). * @param excluded the excluded GeneralSubtrees (null for optional). */ public NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { - init(false, permitted, excluded); + throws IOException { + init(false, permitted, excluded); } - public NameConstraintsExtension(boolean critical, - GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { - init(critical, permitted, excluded); + public NameConstraintsExtension(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { + init(critical, permitted, excluded); } - private void init(boolean critical, - GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { + private void init(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { if (permitted == null && excluded == null) { throw new IOException("NameConstraints: Invalid arguments"); } @@ -147,13 +142,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public NameConstraintsExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.NameConstraints_Id; this.critical = critical.booleanValue(); @@ -161,7 +156,7 @@ implements CertAttrSet { throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; @@ -178,26 +173,26 @@ implements CertAttrSet { DerValue opt = val.data.getDerValue(); if (opt.isContextSpecific(TAG_PERMITTED) && opt.isConstructed()) { - if (permitted != null) { - throw new IOException("Duplicate permitted " + - "GeneralSubtrees in NameConstraintsExtension."); - } + if (permitted != null) { + throw new IOException("Duplicate permitted " + + "GeneralSubtrees in NameConstraintsExtension."); + } opt.resetTag(DerValue.tag_Sequence); - permitted = new GeneralSubtrees(opt); + permitted = new GeneralSubtrees(opt); } else if (opt.isContextSpecific(TAG_EXCLUDED) && opt.isConstructed()) { - if (excluded != null) { - throw new IOException("Duplicate excluded " + + if (excluded != null) { + throw new IOException("Duplicate excluded " + "GeneralSubtrees in NameConstraintsExtension."); - } + } opt.resetTag(DerValue.tag_Sequence); - excluded = new GeneralSubtrees(opt); + excluded = new GeneralSubtrees(opt); } else - throw new IOException("Invalid encoding of " + + throw new IOException("Invalid encoding of " + "NameConstraintsExtension."); - } } + } /** * Return the printable string. @@ -205,24 +200,23 @@ implements CertAttrSet { public String toString() { return (super.toString() + "NameConstraints: [" + ((permitted == null) ? "" : - ("\n Permitted:" + permitted.toString())) + + ("\n Permitted:" + permitted.toString())) + ((excluded == null) ? "" : - ("\n Excluded:" + excluded.toString())) - + " ]\n"); + ("\n Excluded:" + excluded.toString())) + " ]\n"); } public String toPrint(int indent) { - return ("GeneralSubtrees: "+ - ((permitted == null) ? "" : - ("\n"+pp.indent(indent+2)+"Permitted:" + permitted.toPrint(indent+4))) + - ((excluded == null) ? "" : - ("\n"+pp.indent(indent+2)+"Excluded:" + excluded.toPrint(indent+4))) + "\n"); + return ("GeneralSubtrees: " + + ((permitted == null) ? "" : + ("\n" + pp.indent(indent + 2) + "Permitted:" + permitted.toPrint(indent + 4))) + + ((excluded == null) ? "" : + ("\n" + pp.indent(indent + 2) + "Excluded:" + excluded.toPrint(indent + 4))) + "\n"); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -232,7 +226,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -243,7 +237,7 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** @@ -251,68 +245,68 @@ implements CertAttrSet { */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be" + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be" + " of type GeneralSubtrees."); - } - permitted = (GeneralSubtrees)obj; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be " + } + permitted = (GeneralSubtrees) obj; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be " + "of type GeneralSubtrees."); - } - excluded = (GeneralSubtrees)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + } + excluded = (GeneralSubtrees) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - return (permitted); - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - return (excluded); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + return (permitted); + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + return (excluded); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - permitted = null; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - excluded = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + permitted = null; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + excluded = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getElements () { + public Enumeration<String> getElements() { Vector<String> elements = new Vector<String>(); elements.addElement(PERMITTED_SUBTREES); elements.addElement(EXCLUDED_SUBTREES); - return (elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ - public String getName () { + public String getName() { return (NAME); } } |