diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java')
-rw-r--r-- | pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java | 236 |
1 files changed, 117 insertions, 119 deletions
diff --git a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java index 64fd045e8..30944495d 100644 --- a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java +++ b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java @@ -35,37 +35,37 @@ import netscape.security.util.DerValue; /** * This class defines the Private Key Usage Extension. - * - * <p> - * The Private Key Usage Period extension allows the certificate issuer to - * specify a different validity period for the private key than the certificate. - * This extension is intended for use with digital signature keys. This - * extension consists of two optional components notBefore and notAfter. The - * private key associated with the certificate should not be used to sign - * objects before or after the times specified by the two components, - * respectively. - * + * + * <p>The Private Key Usage Period extension allows the certificate issuer + * to specify a different validity period for the private key than the + * certificate. This extension is intended for use with digital + * signature keys. This extension consists of two optional components + * notBefore and notAfter. The private key associated with the + * certificate should not be used to sign objects before or after the + * times specified by the two components, respectively. + * * <pre> * PrivateKeyUsagePeriod ::= SEQUENCE { * notBefore [0] GeneralizedTime OPTIONAL, * notAfter [1] GeneralizedTime OPTIONAL } * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.12 * @see Extension * @see CertAttrSet */ -public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { +public class PrivateKeyUsageExtension extends Extension +implements CertAttrSet { /** * */ private static final long serialVersionUID = -7623695233957629936L; /** - * Identifier for this attribute, to be used with the get, set, delete - * methods of Certificate, x509 type. - */ + * Identifier for this attribute, to be used with the + * get, set, delete methods of Certificate, x509 type. + */ public static final String IDENT = "x509.info.extensions.PrivateKeyUsage"; /** * Sub attributes name for this CertAttrSet. @@ -78,8 +78,8 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { private static final byte TAG_BEFORE = 0; private static final byte TAG_AFTER = 1; - private Date notBefore; - private Date notAfter; + private Date notBefore; + private Date notAfter; // Encode this extension value. private void encodeThis() throws IOException { @@ -89,16 +89,14 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { if (notBefore != null) { DerOutputStream tmp = new DerOutputStream(); tmp.putGeneralizedTime(notBefore); - tagged.writeImplicit( - DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_BEFORE), - tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_BEFORE), tmp); } if (notAfter != null) { DerOutputStream tmp = new DerOutputStream(); tmp.putGeneralizedTime(notAfter); - tagged.writeImplicit( - DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_AFTER), - tmp); + tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, TAG_AFTER), tmp); } seq.write(DerValue.tag_Sequence, tagged); extensionValue = seq.toByteArray(); @@ -106,14 +104,14 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { /** * The default constructor for PrivateKeyUsageExtension. - * - * @param notBefore the date/time before which the private key should not be - * used. - * @param notAfter the date/time after which the private key should not be - * used. + * + * @param notBefore the date/time before which the private key + * should not be used. + * @param notAfter the date/time after which the private key + * should not be used. */ public PrivateKeyUsageExtension(Date notBefore, Date notAfter) - throws IOException { + throws IOException { this.notBefore = notBefore; this.notAfter = notAfter; @@ -124,15 +122,15 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. - * + * * @exception CertificateException on certificate parsing errors. * @exception IOException on error. */ public PrivateKeyUsageExtension(Boolean critical, Object value) - throws CertificateException, IOException { + throws CertificateException, IOException { this.extensionId = PKIXExtensions.PrivateKeyUsage_Id; this.critical = critical.booleanValue(); @@ -140,41 +138,41 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { throw new CertificateException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; - DerInputStream str = new DerInputStream(extValue); - DerValue[] seq = str.getSequence(2); + DerInputStream str = new DerInputStream(extValue); + DerValue[] seq = str.getSequence(2); - // NB. this is always encoded with the IMPLICIT tag - // The checks only make sense if we assume implicit tagging, - // with explicit tagging the form is always constructed. - for (int i = 0; i < seq.length; i++) { + // NB. this is always encoded with the IMPLICIT tag + // The checks only make sense if we assume implicit tagging, + // with explicit tagging the form is always constructed. + for (int i = 0; i < seq.length; i++) { DerValue opt = seq[i]; - if (opt.isContextSpecific((byte) TAG_BEFORE) - && !opt.isConstructed()) { - if (notBefore != null) { + if (opt.isContextSpecific((byte)TAG_BEFORE) && + !opt.isConstructed()) { + if (notBefore != null) { throw new CertificateParsingException( - "Duplicate notBefore in PrivateKeyUsage."); - } + "Duplicate notBefore in PrivateKeyUsage."); + } opt.resetTag(DerValue.tag_GeneralizedTime); - str = new DerInputStream(opt.toByteArray()); - notBefore = str.getGeneralizedTime(); + str = new DerInputStream(opt.toByteArray()); + notBefore = str.getGeneralizedTime(); - } else if (opt.isContextSpecific((byte) TAG_AFTER) - && !opt.isConstructed()) { - if (notAfter != null) { + } else if (opt.isContextSpecific((byte)TAG_AFTER) && + !opt.isConstructed()) { + if (notAfter != null) { throw new CertificateParsingException( - "Duplicate notAfter in PrivateKeyUsage."); - } + "Duplicate notAfter in PrivateKeyUsage."); + } opt.resetTag(DerValue.tag_GeneralizedTime); - str = new DerInputStream(opt.toByteArray()); - notAfter = str.getGeneralizedTime(); + str = new DerInputStream(opt.toByteArray()); + notAfter = str.getGeneralizedTime(); } else - throw new IOException("Invalid encoding of " - + "PrivateKeyUsageExtension"); + throw new IOException("Invalid encoding of " + + "PrivateKeyUsageExtension"); } } @@ -182,67 +180,69 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { * Return the printable string. */ public String toString() { - return (super.toString() + "PrivateKeyUsage: [From: " - + ((notBefore == null) ? "" : notBefore.toString()) + ", To: " - + ((notAfter == null) ? "" : notAfter.toString()) + "]\n"); + return(super.toString() + + "PrivateKeyUsage: [From: " + + ((notBefore == null) ? "" : notBefore.toString()) + + ", To: " + + ((notAfter == null) ? "" : notAfter.toString()) + "]\n"); } /** * Return notBefore date */ public Date getNotBefore() { - return (notBefore); + return(notBefore); } /** * Return notAfter date */ public Date getNotAfter() { - return (notAfter); + return(notAfter); } /** * Verify that that the current time is within the validity period. - * + * * @exception CertificateExpiredException if the certificate has expired. - * @exception CertificateNotYetValidException if the certificate is not yet - * valid. - */ - public void valid() throws CertificateNotYetValidException, - CertificateExpiredException { + * @exception CertificateNotYetValidException if the certificate is not + * yet valid. + */ + public void valid() + throws CertificateNotYetValidException, CertificateExpiredException { Date now = new Date(); valid(now); } /** * Verify that that the passed time is within the validity period. - * + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>Date</code> supplied. - * @exception CertificateNotYetValidException if the certificate is not yet - * valid with respect to the <code>Date</code> supplied. - * + * with respect to the <code>Date</code> supplied. + * @exception CertificateNotYetValidException if the certificate is not + * yet valid with respect to the <code>Date</code> supplied. + * */ - public void valid(Date now) throws CertificateNotYetValidException, - CertificateExpiredException { + public void valid(Date now) + throws CertificateNotYetValidException, CertificateExpiredException { /* - * we use the internal Dates rather than the passed in Date because - * someone could override the Date methods after() and before() to do - * something entirely different. + * we use the internal Dates rather than the passed in Date + * because someone could override the Date methods after() + * and before() to do something entirely different. */ if (notBefore.after(now)) { - throw new CertificateNotYetValidException("NotBefore: " - + notBefore.toString()); + throw new CertificateNotYetValidException("NotBefore: " + + notBefore.toString()); } if (notAfter.before(now)) { - throw new CertificateExpiredException("NotAfter: " - + notAfter.toString()); + throw new CertificateExpiredException("NotAfter: " + + notAfter.toString()); } } /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -254,12 +254,12 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception CertificateException on decoding errors. */ @@ -269,54 +269,52 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { /** * Set the attribute value. - * * @exception CertificateException on attribute handling errors. */ - public void set(String name, Object obj) throws CertificateException { - clearValue(); + public void set(String name, Object obj) + throws CertificateException { + clearValue(); if (!(obj instanceof Date)) { - throw new CertificateException("Attribute must be of type Date."); - } - if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = (Date) obj; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = (Date) obj; - } else { - throw new CertificateException("Attribute name not recognized by" - + " CertAttrSet:PrivateKeyUsage."); - } + throw new CertificateException("Attribute must be of type Date."); + } + if (name.equalsIgnoreCase(NOT_BEFORE)) { + notBefore = (Date)obj; + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + notAfter = (Date)obj; + } else { + throw new CertificateException("Attribute name not recognized by" + + " CertAttrSet:PrivateKeyUsage."); + } } /** * Get the attribute value. - * * @exception CertificateException on attribute handling errors. */ public Object get(String name) throws CertificateException { - if (name.equalsIgnoreCase(NOT_BEFORE)) { - return (new Date(notBefore.getTime())); - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - return (new Date(notAfter.getTime())); - } else { - throw new CertificateException("Attribute name not recognized by" - + " CertAttrSet:PrivateKeyUsage."); - } - } + if (name.equalsIgnoreCase(NOT_BEFORE)) { + return (new Date(notBefore.getTime())); + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + return (new Date(notAfter.getTime())); + } else { + throw new CertificateException("Attribute name not recognized by" + + " CertAttrSet:PrivateKeyUsage."); + } + } /** * Delete the attribute value. - * * @exception CertificateException on attribute handling errors. */ public void delete(String name) throws CertificateException { if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = null; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = null; - } else { - throw new CertificateException("Attribute name not recognized by" - + " CertAttrSet:PrivateKeyUsage."); - } + notBefore = null; + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + notAfter = null; + } else { + throw new CertificateException("Attribute name not recognized by" + + " CertAttrSet:PrivateKeyUsage."); + } } /** @@ -325,16 +323,16 @@ public class PrivateKeyUsageExtension extends Extension implements CertAttrSet { */ public Enumeration<String> getElements() { Vector<String> elements = new Vector<String>(); - elements.addElement(NOT_BEFORE); - elements.addElement(NOT_AFTER); - - return (elements.elements()); + elements.addElement(NOT_BEFORE); + elements.addElement(NOT_AFTER); + + return(elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return (NAME); + return(NAME); } } |