/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class represents the Basic Constraints Extension.
*
* <p>The basic constraints extension identifies whether the subject of the
* certificate is a CA and how deep a certification path may exist
* through that CA.
*
* <pre>
* The ASN.1 syntax for this extension is:
* BasicConstraints ::= SEQUENCE {
* cA BOOLEAN DEFAULT FALSE,
* pathLenConstraint INTEGER (0..MAX) OPTIONAL
* }
* </pre>
* @author Amit Kapoor
* @author Hemma Prafullchandra
* @see CertAttrSet
* @see Extension
*/
implements CertAttrSet<String> {
/**
* Identifier for this attribute, to be used with the
* get, set, delete methods of Certificate, x509 type.
*/
/**
* Attribute names.
*/
// Private data members
private boolean ca = false;
// Encode this extension value
if (ca) {
// Only encode pathLen when ca == true
if (pathLen >= 0) {
}
}
}
/**
* Default constructor for this object. The extension is marked
* critical if the ca flag is true, false otherwise.
*
* @param ca true, if the subject of the Certificate is a CA.
* @param len specifies the depth of the certification path.
*/
}
/**
* Constructor for this object with specified criticality.
*
* @param critical true, if the extension should be marked critical
* @param ca true, if the subject of the Certificate is a CA.
* @param len specifies the depth of the certification path.
*/
throws IOException {
encodeThis();
}
/**
* Create the extension from the passed DER encoded value of the same.
*
* @param critical flag indicating if extension is critical or not
* @param value an array containing the DER encoded bytes of the extension.
* @exception ClassCastException if value is not an array of bytes
* @exception IOException on error.
*/
throws IOException
{
this.extensionValue = (byte[]) value;
throw new IOException("Invalid encoding of BasicConstraints");
}
// non-CA cert ("cA" field is FALSE by default), return -1
return;
}
// non-CA cert ("cA" field is FALSE by default), return -1
return;
}
// From PKIX profile:
// Where pathLenConstraint does not appear, there is no
// limit to the allowed length of the certification path.
return;
}
throw new IOException("Invalid encoding of BasicConstraints");
}
/*
* Activate this check once again after PKIX profiling
* is a standard and this check no longer imposes an
* interoperability barrier.
* if (ca) {
* if (!this.critical) {
* throw new IOException("Criticality cannot be false for CA.");
* }
* }
*/
}
/**
* Return user readable form of extension.
*/
if (pathLen >= 0) {
} else {
s += " PathLen: undefined\n";
}
return (s + "]\n");
}
/**
* Encode this extension value to the output stream.
*
* @param out the DerOutputStream to encode the extension to.
*/
if (extensionValue == null) {
if (ca) {
critical = true;
} else {
critical = false;
}
encodeThis();
}
}
/**
* Set the attribute value.
*/
throw new IOException("Attribute value should be of type Boolean.");
}
throw new IOException("Attribute value should be of type Integer.");
}
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
encodeThis();
}
/**
* Get the attribute value.
*/
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
}
/**
* Delete the attribute value.
*/
ca = false;
pathLen = -1;
} else {
throw new IOException("Attribute name not recognized by " +
"CertAttrSet:BasicConstraints.");
}
encodeThis();
}
/**
* Return an enumeration of names of attributes existing within this
* attribute.
*/
}
/**
* Return the name of this attribute.
*/
return (NAME);
}
}