diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java')
-rw-r--r-- | pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java | 204 |
1 files changed, 104 insertions, 100 deletions
diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java index 2dfe6d015..9a2ac91ce 100644 --- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -28,18 +28,18 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.PrettyPrintFormat; + /** * This class defines the Name Constraints Extension. * <p> - * The name constraints extension provides permitted and excluded subtrees that - * place restrictions on names that may be included within a certificate issued - * by a given CA. Restrictions may apply to the subject distinguished name or - * subject alternative names. Any name matching a restriction in the excluded - * subtrees field is invalid regardless of information appearing in the - * permitted subtrees. + * The name constraints extension provides permitted and excluded + * subtrees that place restrictions on names that may be included within + * a certificate issued by a given CA. Restrictions may apply to the + * subject distinguished name or subject alternative names. Any name + * matching a restriction in the excluded subtrees field is invalid + * regardless of information appearing in the permitted subtrees. * <p> * The ASN.1 syntax for this is: - * * <pre> * NameConstraints ::= SEQUENCE { * permittedSubtrees [0] GeneralSubtrees OPTIONAL, @@ -52,22 +52,23 @@ import netscape.security.util.PrettyPrintFormat; * maximum [1] BaseDistance OPTIONAL } * BaseDistance ::== INTEGER (0..MAX) * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.10 * @see Extension * @see CertAttrSet */ -public class NameConstraintsExtension extends Extension implements CertAttrSet { +public class NameConstraintsExtension extends Extension +implements CertAttrSet { /** * */ private static final long serialVersionUID = -3506940192931244539L; /** - * Identifier for this attribute, to be used with the get, set, delete - * methods of Certificate, x509 type. - */ + * Identifier for this attribute, to be used with the + * get, set, delete methods of Certificate, x509 type. + */ public static final String IDENT = "x509.info.extensions.NameConstraints"; /** * Attribute names. @@ -80,8 +81,8 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { private static final byte TAG_PERMITTED = 0; private static final byte TAG_EXCLUDED = 1; - private GeneralSubtrees permitted; - private GeneralSubtrees excluded; + private GeneralSubtrees permitted; + private GeneralSubtrees excluded; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -90,17 +91,17 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { DerOutputStream seq = new DerOutputStream(); DerOutputStream tagged = new DerOutputStream(); - if ((permitted != null) && (permitted.getSubtrees().size() > 0)) { + if ((permitted != null) &&(permitted.getSubtrees().size()>0)) { DerOutputStream tmp = new DerOutputStream(); permitted.encode(tmp); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, - TAG_PERMITTED), tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, TAG_PERMITTED), tmp); } - if ((excluded != null) && (excluded.getSubtrees().size() > 0)) { + if ((excluded != null) && (excluded.getSubtrees().size()>0)) { DerOutputStream tmp = new DerOutputStream(); excluded.encode(tmp); - tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, - TAG_EXCLUDED), tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, TAG_EXCLUDED), tmp); } if (permitted == null && excluded == null) { extensionValue = null; // no need to encode this extension @@ -111,25 +112,28 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { } /** - * The default constructor for this class. Either parameter can be set to - * null to indicate it is omitted but both cannot be null. - * + * The default constructor for this class. Either parameter + * can be set to null to indicate it is omitted but both + * cannot be null. + * * @param permitted the permitted GeneralSubtrees (null for optional). * @param excluded the excluded GeneralSubtrees (null for optional). */ public NameConstraintsExtension(GeneralSubtrees permitted, - GeneralSubtrees excluded) throws IOException { - init(false, permitted, excluded); + GeneralSubtrees excluded) + throws IOException { + init(false, permitted, excluded); } - public NameConstraintsExtension(boolean critical, - GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { - init(critical, permitted, excluded); + public NameConstraintsExtension(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { + init(critical, permitted, excluded); } - private void init(boolean critical, GeneralSubtrees permitted, - GeneralSubtrees excluded) throws IOException { + private void init(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { if (permitted == null && excluded == null) { throw new IOException("NameConstraints: Invalid arguments"); } @@ -143,13 +147,13 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public NameConstraintsExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.NameConstraints_Id; this.critical = critical.booleanValue(); @@ -157,14 +161,14 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; DerValue val = new DerValue(extValue); if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding for" - + " NameConstraintsExtension."); + throw new IOException("Invalid encoding for" + + " NameConstraintsExtension."); } // NB. this is always encoded with the IMPLICIT tag @@ -174,51 +178,51 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { DerValue opt = val.data.getDerValue(); if (opt.isContextSpecific(TAG_PERMITTED) && opt.isConstructed()) { - if (permitted != null) { - throw new IOException("Duplicate permitted " - + "GeneralSubtrees in NameConstraintsExtension."); - } + if (permitted != null) { + throw new IOException("Duplicate permitted " + + "GeneralSubtrees in NameConstraintsExtension."); + } opt.resetTag(DerValue.tag_Sequence); - permitted = new GeneralSubtrees(opt); + permitted = new GeneralSubtrees(opt); - } else if (opt.isContextSpecific(TAG_EXCLUDED) - && opt.isConstructed()) { - if (excluded != null) { - throw new IOException("Duplicate excluded " - + "GeneralSubtrees in NameConstraintsExtension."); - } + } else if (opt.isContextSpecific(TAG_EXCLUDED) && + opt.isConstructed()) { + if (excluded != null) { + throw new IOException("Duplicate excluded " + + "GeneralSubtrees in NameConstraintsExtension."); + } opt.resetTag(DerValue.tag_Sequence); - excluded = new GeneralSubtrees(opt); + excluded = new GeneralSubtrees(opt); } else - throw new IOException("Invalid encoding of " - + "NameConstraintsExtension."); + throw new IOException("Invalid encoding of " + + "NameConstraintsExtension."); + } } - } /** * Return the printable string. */ public String toString() { - return (super.toString() - + "NameConstraints: [" - + ((permitted == null) ? "" : ("\n Permitted:" + permitted - .toString())) - + ((excluded == null) ? "" : ("\n Excluded:" + excluded - .toString())) + " ]\n"); + return (super.toString() + "NameConstraints: [" + + ((permitted == null) ? "" : + ("\n Permitted:" + permitted.toString())) + + ((excluded == null) ? "" : + ("\n Excluded:" + excluded.toString())) + + " ]\n"); } public String toPrint(int indent) { - return ("GeneralSubtrees: " - + ((permitted == null) ? "" : ("\n" + pp.indent(indent + 2) - + "Permitted:" + permitted.toPrint(indent + 4))) - + ((excluded == null) ? "" : ("\n" + pp.indent(indent + 2) - + "Excluded:" + excluded.toPrint(indent + 4))) + "\n"); + return ("GeneralSubtrees: "+ + ((permitted == null) ? "" : + ("\n"+pp.indent(indent+2)+"Permitted:" + permitted.toPrint(indent+4))) + + ((excluded == null) ? "" : + ("\n"+pp.indent(indent+2)+"Excluded:" + excluded.toPrint(indent+4))) + "\n"); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -228,7 +232,7 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -239,7 +243,7 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** @@ -247,68 +251,68 @@ public class NameConstraintsExtension extends Extension implements CertAttrSet { */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be" - + " of type GeneralSubtrees."); - } - permitted = (GeneralSubtrees) obj; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be " - + "of type GeneralSubtrees."); - } - excluded = (GeneralSubtrees) obj; - } else { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be" + + " of type GeneralSubtrees."); + } + permitted = (GeneralSubtrees)obj; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be " + + "of type GeneralSubtrees."); + } + excluded = (GeneralSubtrees)obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - return (permitted); - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - return (excluded); - } else { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + return (permitted); + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + return (excluded); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - permitted = null; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - excluded = null; - } else { - throw new IOException("Attribute name not recognized by " - + "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + permitted = null; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + excluded = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getElements() { + public Enumeration<String> getElements () { Vector<String> elements = new Vector<String>(); elements.addElement(PERMITTED_SUBTREES); elements.addElement(EXCLUDED_SUBTREES); - return (elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ - public String getName() { + public String getName () { return (NAME); } } |