IPAddressName.java revision 2362
2239N/A * Copyright (c) 1997, 2002, Oracle and/or its affiliates. All rights reserved. 2868N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2868N/A * This code is free software; you can redistribute it and/or modify it 2868N/A * under the terms of the GNU General Public License version 2 only, as 2868N/A * published by the Free Software Foundation. Oracle designates this 2868N/A * particular file as subject to the "Classpath" exception as provided 2868N/A * by Oracle in the LICENSE file that accompanied this code. 6983N/A * This code is distributed in the hope that it will be useful, but WITHOUT 2868N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 2868N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 2868N/A * version 2 for more details (a copy is included in the LICENSE file that 6983N/A * You should have received a copy of the GNU General Public License version 6983N/A * 2 along with this work; if not, write to the Free Software Foundation, 6983N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2868N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2868N/A * or visit www.oracle.com if you need additional information or have any 1280N/A * This class implements the IPAddressName as required by the GeneralNames 1280N/A * ASN.1 object. Both IPv4 and IPv6 addresses are supported using the 1280N/A * formats specified in IETF PKIX RFC2459. 1280N/A * [RFC2459 4.2.1.7 Subject Alternative Name] 1280N/A * When the subjectAltName extension contains a iPAddress, the address 2874N/A * MUST be stored in the octet string in "network byte order," as 2874N/A * specified in RFC 791. The least significant bit (LSB) of 2874N/A * each octet is the LSB of the corresponding byte in the network 2624N/A * address. For IP Version 4, as specified in RFC 791, the octet string 1280N/A * MUST contain exactly four octets. For IP Version 6, as specified in 3156N/A * RFC 1883, the octet string MUST contain exactly sixteen octets. 1280N/A * [RFC2459 4.2.1.11 Name Constraints] 1280N/A * The syntax of iPAddress MUST be as described in section 4.2.1.7 with 1280N/A * the following additions specifically for Name Constraints. For IPv4 1280N/A * addresses, the ipAddress field of generalName MUST contain eight (8) 1280N/A * octets, encoded in the style of RFC 1519 (CIDR) to represent an 1280N/A * address range.[RFC 1519] For IPv6 addresses, the ipAddress field 1280N/A * MUST contain 32 octets similarly encoded. For example, a name 1280N/A * constraint for "class C" subnet 10.9.8.0 shall be represented as the 1280N/A * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation 1280N/A * @see GeneralNameInterface * @author Hemma Prafullchandra * Create the IPAddressName object from the passed encoded Der value. * @params derValue the encoded DER IPAddressName. * @exception IOException on error. * Create the IPAddressName object with the specified octets. * @params address the IP address * @throws IOException if address is not a valid IPv4 or IPv6 address * A valid address must consist of 4 bytes of address and * optional 4 bytes of 4 bytes of mask, or 16 bytes of address * and optional 16 bytes of mask. * Create an IPAddressName from a String. * [IETF RFC1338 Supernetting & IETF RFC1519 Classless Inter-Domain * Routing (CIDR)] For IPv4 addresses, the forms are * byte values 0-255 and m1 - m4 are decimal mask values * [IETF RFC2373 IP Version 6 Addressing Architecture] * For IPv6 addresses, the forms are "a1:a2:...:a8" or "a1:a2:...:a8/n", * where a1-a8 are hexadecimal values representing the eight 16-bit pieces * of the address. If /n is used, n is a decimal number indicating how many * of the leftmost contiguous bits of the address comprise the prefix for * this subnet. Internally, a mask value is created using the prefix length. * @param name String form of IPAddressName * @throws IOException if name can not be converted to a valid IPv4 or IPv6 throw new IOException(
"IPAddress cannot be null or empty");
// name is IPv6: uses colons as value separators // Parse name into byte-value address components and optional //name is IPv4: uses dots as value separators * @param name IPv4 address with optional mask values * @throws IOException on error // Parse name into byte-value address components * @param name String IPv6 address with optional /<prefix length> * If /<prefix length> is present, address[] array will * be 32 bytes long, otherwise 16. * @throws IOException on error // append a mask corresponding to the num of prefix bits specified throw new IOException(
"IPv6Address prefix is longer than 128");
// create new bit array initialized to zeros // set all most significant bits up to prefix length // copy mask bytes into mask portion of address * Return the type of the GeneralName. * Encode the IPAddress name into the DerOutputStream. * @params out the DER stream to encode the IPAddressName to. * @exception IOException on encoding errors. * Return a printable string of IPaddress // dump out hex rep for debugging purposes * Return a standard String representation of IPAddress. * See IPAddressName(String) for the formats used for IPv4 * @throws IOException if the IPAddress cannot be converted to a String //IPv4 address or subdomain byte[]
host =
new byte[
4];
byte[]
mask =
new byte[
4];
//IPv6 address or subdomain byte[]
host =
new byte[
16];
// IPv6 subdomain: display prefix length // copy subdomain into new array and convert to BitArray for (
int i=
16; i <
32; i++)
// Verify remaining bits 0 throw new IOException(
"Invalid IPv6 subdomain - set " +
"bit " + i +
" not contiguous");
* Returns this IPAddress name as a byte array. * Compares this name with another, for equality. * @return true iff the names are identical. // Mask each and compare masked values // Two IPv4 host addresses or two IPv6 host addresses * Returns the hash code value for this object. * @return a hash code value for this object. * Return type of constraint inputName places on this name:<ul> * <li>NAME_DIFF_TYPE = -1: input name is different type from name * (i.e. does not constrain). * <li>NAME_MATCH = 0: input name matches name. * <li>NAME_NARROWS = 1: input name narrows name (is lower in the naming * <li>NAME_WIDENS = 2: input name widens name (is higher in the naming * <li>NAME_SAME_TYPE = 3: input name does not match or narrow name, but * </ul>. These results are used in checking NameConstraints during * certification path verification. * [RFC2459] The syntax of iPAddress MUST be as described in section * 4.2.1.7 with the following additions specifically for Name Constraints. * For IPv4 addresses, the ipAddress field of generalName MUST contain * eight (8) octets, encoded in the style of RFC 1519 (CIDR) to represent an * address range.[RFC 1519] For IPv6 addresses, the ipAddress field * MUST contain 32 octets similarly encoded. For example, a name * constraint for "class C" subnet 10.9.8.0 shall be represented as the * octets 0A 09 08 00 FF FF FF 00, representing the CIDR notation * 10.9.8.0/255.255.255.0. * @param inputName to be checked for being constrained * @returns constraint type above * @throws UnsupportedOperationException if name is not exact match, but * narrowing and widening are not supported for this name type. // See if one address fully encloses the other address //Other is a subnet, this is a host address // Mask this address by other address mask and compare to other address // If all match, then this address is in other address subnet //This is a subnet, other is a host address // Mask other address by this address mask and compare to this address * Return subtree depth of this name for purposes of determining * NameConstraints minimum and maximum bounds and for calculating * path lengths in name subtrees. * @returns distance of name from root * @throws UnsupportedOperationException if not supported for this name type (
"subtreeDepth() not defined for IPAddressName");