diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java')
| -rw-r--r-- | pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java | 146 |
1 files changed, 72 insertions, 74 deletions
diff --git a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java index 681d449b2..ae782dfcd 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java @@ -33,13 +33,10 @@ import netscape.security.util.DerValue; * This class defines the certificate extension which specifies the * Policy constraints. * <p> - * The policy constraints extension can be used in certificates issued - * to CAs. The policy constraints extension constrains path validation - * in two ways. It can be used to prohibit policy mapping or require - * that each certificate in a path contain an acceptable policy - * identifier.<p> - * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the - * module definition): + * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier. + * <p> + * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition): + * * <pre> * PolicyConstraints ::= SEQUENCE { * requireExplicitPolicy [0] SkipCerts OPTIONAL, @@ -47,6 +44,7 @@ import netscape.security.util.DerValue; * } * SkipCerts ::= INTEGER (0..MAX) * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -54,7 +52,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class PolicyConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -62,7 +60,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.PolicyConstraints"; /** * Attribute names. @@ -87,19 +85,19 @@ implements CertAttrSet { tmp.putInteger(new BigInt(require)); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_REQUIRE), tmp); - } + } if (inhibit != -1) { - DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); tmp.putInteger(new BigInt(inhibit)); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_INHIBIT), tmp); } seq.write(DerValue.tag_Sequence, tagged); - extensionValue = seq.toByteArray(); + extensionValue = seq.toByteArray(); } /** - * Create a PolicyConstraintsExtension object with criticality and + * Create a PolicyConstraintsExtension object with criticality and * both require explicit policy and inhibit policy mapping. * * @param critical whether this extension should be critical @@ -107,52 +105,52 @@ implements CertAttrSet { * @param inhibit inhibit policy mapping (-1 for optional). */ public PolicyConstraintsExtension(boolean crit, int require, int inhibit) - throws IOException { - init(crit, require, inhibit); + throws IOException { + init(crit, require, inhibit); } /** * Create a PolicyConstraintsExtension object with both * require explicit policy and inhibit policy mapping. - * + * * @param require require explicit policy (-1 for optional). * @param inhibit inhibit policy mapping (-1 for optional). */ public PolicyConstraintsExtension(int require, int inhibit) - throws IOException { - init(false, require, inhibit); + throws IOException { + init(false, require, inhibit); } private void init(boolean crit, int require, int inhibit) - throws IOException { + throws IOException { this.require = require; this.inhibit = inhibit; - this.extensionId = PKIXExtensions.PolicyConstraints_Id; - this.critical = crit; + this.extensionId = PKIXExtensions.PolicyConstraints_Id; + this.critical = crit; encodeThis(); } /** * Create the extension from its DER encoded value and criticality. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public PolicyConstraintsExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.PolicyConstraints_Id; - this.critical = critical.booleanValue(); + throws IOException { + this.extensionId = PKIXExtensions.PolicyConstraints_Id; + this.critical = critical.booleanValue(); if (!(value instanceof byte[])) throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; - DerValue val = new DerValue(extValue); + DerValue val = new DerValue(extValue); if (val.tag != DerValue.tag_Sequence) { throw new IOException("Sequence tag missing for PolicyConstraint."); } @@ -163,7 +161,7 @@ implements CertAttrSet { if (next.isContextSpecific(TAG_REQUIRE) && !next.isConstructed()) { if (this.require != -1) throw new IOException("Duplicate requireExplicitPolicy" + - "found in the PolicyConstraintsExtension"); + "found in the PolicyConstraintsExtension"); next.resetTag(DerValue.tag_Integer); this.require = (next.getInteger()).toInt(); @@ -171,12 +169,12 @@ implements CertAttrSet { !next.isConstructed()) { if (this.inhibit != -1) throw new IOException("Duplicate inhibitPolicyMapping" + - "found in the PolicyConstraintsExtension"); + "found in the PolicyConstraintsExtension"); next.resetTag(DerValue.tag_Integer); this.inhibit = (next.getInteger()).toInt(); } else throw new IOException("Invalid encoding of PolicyConstraint"); - } + } } /** @@ -185,12 +183,12 @@ implements CertAttrSet { public String toString() { String s; s = super.toString() + "PolicyConstraints: [" + " Require: "; - if (require == -1) + if (require == -1) s += "unspecified;"; else s += require + ";"; s += "\tInhibit: "; - if (inhibit == -1) + if (inhibit == -1) s += "unspecified"; else s += inhibit; @@ -200,7 +198,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -210,83 +208,83 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); if (extensionValue == null) { - extensionId = PKIXExtensions.PolicyConstraints_Id; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + extensionId = PKIXExtensions.PolicyConstraints_Id; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - clearValue(); - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - if (name.equalsIgnoreCase(REQUIRE)) { - require = ((Integer)obj).intValue(); - } else if (name.equalsIgnoreCase(INHIBIT)) { - inhibit = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name " + "[" + name + "]" + - " not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + clearValue(); + if (!(obj instanceof Integer)) { + throw new IOException("Attribute value should be of type Integer."); + } + if (name.equalsIgnoreCase(REQUIRE)) { + require = ((Integer) obj).intValue(); + } else if (name.equalsIgnoreCase(INHIBIT)) { + inhibit = ((Integer) obj).intValue(); + } else { + throw new IOException("Attribute name " + "[" + name + "]" + + " not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(REQUIRE)) { - return Integer.valueOf(require); - } else if (name.equalsIgnoreCase(INHIBIT)) { - return Integer.valueOf(inhibit); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + if (name.equalsIgnoreCase(REQUIRE)) { + return Integer.valueOf(require); + } else if (name.equalsIgnoreCase(INHIBIT)) { + return Integer.valueOf(inhibit); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(REQUIRE)) { - require = -1; - } else if (name.equalsIgnoreCase(INHIBIT)) { - inhibit = -1; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + if (name.equalsIgnoreCase(REQUIRE)) { + require = -1; + } else if (name.equalsIgnoreCase(INHIBIT)) { + inhibit = -1; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getElements () { + public Enumeration<String> getElements() { Vector<String> elements = new Vector<String>(); elements.addElement(REQUIRE); elements.addElement(INHIBIT); - return (elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ - public String getName () { + public String getName() { return (NAME); } @@ -294,13 +292,13 @@ implements CertAttrSet { * returns the requireExplicitMapping parameter. */ public int getRequireExplicitMapping() { - return require; + return require; } /** - * returns the inhibitPolicyMapping parameter. + * returns the inhibitPolicyMapping parameter. */ public int getInhibitPolicyMapping() { - return inhibit; + return inhibit; } } |