0N/A/*
2362N/A * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.x509;
0N/A
0N/Aimport java.io.IOException;
0N/Aimport java.io.OutputStream;
0N/Aimport java.security.cert.CertificateException;
0N/Aimport java.util.Enumeration;
0N/Aimport java.util.Vector;
0N/A
0N/Aimport sun.security.util.*;
0N/A
0N/A/**
0N/A * This class defines the certificate extension which specifies the
0N/A * Policy constraints.
0N/A * <p>
0N/A * The policy constraints extension can be used in certificates issued
0N/A * to CAs. The policy constraints extension constrains path validation
0N/A * in two ways. It can be used to prohibit policy mapping or require
0N/A * that each certificate in a path contain an acceptable policy
0N/A * identifier.<p>
0N/A * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the
0N/A * module definition):
0N/A * <pre>
0N/A * PolicyConstraints ::= SEQUENCE {
0N/A * requireExplicitPolicy [0] SkipCerts OPTIONAL,
0N/A * inhibitPolicyMapping [1] SkipCerts OPTIONAL
0N/A * }
0N/A * SkipCerts ::= INTEGER (0..MAX)
0N/A * </pre>
0N/A * @author Amit Kapoor
0N/A * @author Hemma Prafullchandra
0N/A * @see Extension
0N/A * @see CertAttrSet
0N/A */
0N/Apublic class PolicyConstraintsExtension extends Extension
0N/Aimplements CertAttrSet<String> {
0N/A /**
0N/A * Identifier for this attribute, to be used with the
0N/A * get, set, delete methods of Certificate, x509 type.
0N/A */
0N/A public static final String IDENT = "x509.info.extensions.PolicyConstraints";
0N/A /**
0N/A * Attribute names.
0N/A */
0N/A public static final String NAME = "PolicyConstraints";
0N/A public static final String REQUIRE = "require";
0N/A public static final String INHIBIT = "inhibit";
0N/A
0N/A private static final byte TAG_REQUIRE = 0;
0N/A private static final byte TAG_INHIBIT = 1;
0N/A
0N/A private int require = -1;
0N/A private int inhibit = -1;
0N/A
0N/A // Encode this extension value.
0N/A private void encodeThis() throws IOException {
0N/A if (require == -1 && inhibit == -1) {
0N/A this.extensionValue = null;
0N/A return;
0N/A }
0N/A DerOutputStream tagged = new DerOutputStream();
0N/A DerOutputStream seq = new DerOutputStream();
0N/A
0N/A if (require != -1) {
0N/A DerOutputStream tmp = new DerOutputStream();
0N/A tmp.putInteger(require);
0N/A tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A false, TAG_REQUIRE), tmp);
0N/A }
0N/A if (inhibit != -1) {
0N/A DerOutputStream tmp = new DerOutputStream();
0N/A tmp.putInteger(inhibit);
0N/A tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A false, TAG_INHIBIT), tmp);
0N/A }
0N/A seq.write(DerValue.tag_Sequence, tagged);
0N/A this.extensionValue = seq.toByteArray();
0N/A }
0N/A
0N/A /**
0N/A * Create a PolicyConstraintsExtension object with both
0N/A * require explicit policy and inhibit policy mapping. The
0N/A * extension is marked non-critical.
0N/A *
0N/A * @param require require explicit policy (-1 for optional).
0N/A * @param inhibit inhibit policy mapping (-1 for optional).
0N/A */
0N/A public PolicyConstraintsExtension(int require, int inhibit)
0N/A throws IOException {
0N/A this(Boolean.FALSE, require, inhibit);
0N/A }
0N/A
0N/A /**
0N/A * Create a PolicyConstraintsExtension object with specified
0N/A * criticality and both require explicit policy and inhibit
0N/A * policy mapping.
0N/A *
0N/A * @param critical true if the extension is to be treated as critical.
0N/A * @param require require explicit policy (-1 for optional).
0N/A * @param inhibit inhibit policy mapping (-1 for optional).
0N/A */
0N/A public PolicyConstraintsExtension(Boolean critical, int require, int inhibit)
0N/A throws IOException {
0N/A this.require = require;
0N/A this.inhibit = inhibit;
0N/A this.extensionId = PKIXExtensions.PolicyConstraints_Id;
0N/A this.critical = critical.booleanValue();
0N/A encodeThis();
0N/A }
0N/A
0N/A /**
0N/A * Create the extension from its DER encoded value and criticality.
0N/A *
0N/A * @param critical true if the extension is to be treated as critical.
0N/A * @param value an array of DER encoded bytes of the actual value.
0N/A * @exception ClassCastException if value is not an array of bytes
0N/A * @exception IOException on error.
0N/A */
0N/A public PolicyConstraintsExtension(Boolean critical, Object value)
0N/A throws IOException {
0N/A this.extensionId = PKIXExtensions.PolicyConstraints_Id;
0N/A this.critical = critical.booleanValue();
0N/A
0N/A this.extensionValue = (byte[]) value;
0N/A DerValue val = new DerValue(this.extensionValue);
0N/A if (val.tag != DerValue.tag_Sequence) {
0N/A throw new IOException("Sequence tag missing for PolicyConstraint.");
0N/A }
0N/A DerInputStream in = val.data;
0N/A while (in != null && in.available() != 0) {
0N/A DerValue next = in.getDerValue();
0N/A
0N/A if (next.isContextSpecific(TAG_REQUIRE) && !next.isConstructed()) {
0N/A if (this.require != -1)
0N/A throw new IOException("Duplicate requireExplicitPolicy" +
0N/A "found in the PolicyConstraintsExtension");
0N/A next.resetTag(DerValue.tag_Integer);
0N/A this.require = next.getInteger();
0N/A
0N/A } else if (next.isContextSpecific(TAG_INHIBIT) &&
0N/A !next.isConstructed()) {
0N/A if (this.inhibit != -1)
0N/A throw new IOException("Duplicate inhibitPolicyMapping" +
0N/A "found in the PolicyConstraintsExtension");
0N/A next.resetTag(DerValue.tag_Integer);
0N/A this.inhibit = next.getInteger();
0N/A } else
0N/A throw new IOException("Invalid encoding of PolicyConstraint");
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Return the extension as user readable string.
0N/A */
0N/A public String toString() {
0N/A String s;
0N/A s = super.toString() + "PolicyConstraints: [" + " Require: ";
0N/A if (require == -1)
0N/A s += "unspecified;";
0N/A else
0N/A s += require + ";";
0N/A s += "\tInhibit: ";
0N/A if (inhibit == -1)
0N/A s += "unspecified";
0N/A else
0N/A s += inhibit;
0N/A s += " ]\n";
0N/A return s;
0N/A }
0N/A
0N/A /**
0N/A * Write the extension to the DerOutputStream.
0N/A *
0N/A * @param out the DerOutputStream to write the extension to.
0N/A * @exception IOException on encoding errors.
0N/A */
0N/A public void encode(OutputStream out) throws IOException {
0N/A DerOutputStream tmp = new DerOutputStream();
0N/A if (extensionValue == null) {
0N/A extensionId = PKIXExtensions.PolicyConstraints_Id;
0N/A critical = false;
0N/A encodeThis();
0N/A }
0N/A super.encode(tmp);
0N/A out.write(tmp.toByteArray());
0N/A }
0N/A
0N/A /**
0N/A * Set the attribute value.
0N/A */
0N/A public void set(String name, Object obj) throws IOException {
0N/A if (!(obj instanceof Integer)) {
0N/A throw new IOException("Attribute value should be of type Integer.");
0N/A }
0N/A if (name.equalsIgnoreCase(REQUIRE)) {
0N/A require = ((Integer)obj).intValue();
0N/A } else if (name.equalsIgnoreCase(INHIBIT)) {
0N/A inhibit = ((Integer)obj).intValue();
0N/A } else {
0N/A throw new IOException("Attribute name " + "[" + name + "]" +
0N/A " not recognized by " +
0N/A "CertAttrSet:PolicyConstraints.");
0N/A }
0N/A encodeThis();
0N/A }
0N/A
0N/A /**
0N/A * Get the attribute value.
0N/A */
0N/A public Object get(String name) throws IOException {
0N/A if (name.equalsIgnoreCase(REQUIRE)) {
0N/A return new Integer(require);
0N/A } else if (name.equalsIgnoreCase(INHIBIT)) {
0N/A return new Integer(inhibit);
0N/A } else {
0N/A throw new IOException("Attribute name not recognized by " +
0N/A "CertAttrSet:PolicyConstraints.");
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Delete the attribute value.
0N/A */
0N/A public void delete(String name) throws IOException {
0N/A if (name.equalsIgnoreCase(REQUIRE)) {
0N/A require = -1;
0N/A } else if (name.equalsIgnoreCase(INHIBIT)) {
0N/A inhibit = -1;
0N/A } else {
0N/A throw new IOException("Attribute name not recognized by " +
0N/A "CertAttrSet:PolicyConstraints.");
0N/A }
0N/A encodeThis();
0N/A }
0N/A
0N/A /**
0N/A * Return an enumeration of names of attributes existing within this
0N/A * attribute.
0N/A */
0N/A public Enumeration<String> getElements() {
0N/A AttributeNameEnumeration elements = new AttributeNameEnumeration();
0N/A elements.addElement(REQUIRE);
0N/A elements.addElement(INHIBIT);
0N/A
0N/A return (elements.elements());
0N/A }
0N/A
0N/A /**
0N/A * Return the name of this attribute.
0N/A */
0N/A public String getName() {
0N/A return (NAME);
0N/A }
0N/A}