diff options
Diffstat (limited to 'libjava/classpath/gnu/java/security/x509/ext')
9 files changed, 616 insertions, 127 deletions
diff --git a/libjava/classpath/gnu/java/security/x509/ext/CertificatePolicies.java b/libjava/classpath/gnu/java/security/x509/ext/CertificatePolicies.java index 50bc6d367d7..c451762f8e0 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/CertificatePolicies.java +++ b/libjava/classpath/gnu/java/security/x509/ext/CertificatePolicies.java @@ -1,5 +1,5 @@ /* CertificatePolicies.java -- certificate policy extension. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -61,8 +61,8 @@ public class CertificatePolicies extends Extension.Value public static final OID ID = new OID("2.5.29.32"); - private final List policies; - private final Map policyQualifierInfos; + private final List<OID> policies; + private final Map<OID, List<PolicyQualifierInfo>> policyQualifierInfos; // Constructor. // ------------------------------------------------------------------------- @@ -76,8 +76,9 @@ public class CertificatePolicies extends Extension.Value throw new IOException("malformed CertificatePolicies"); int len = 0; - LinkedList policyList = new LinkedList(); - HashMap qualifierMap = new HashMap(); + LinkedList<OID> policyList = new LinkedList<OID>(); + HashMap<OID, List<PolicyQualifierInfo>> qualifierMap + = new HashMap<OID, List<PolicyQualifierInfo>>(); while (len < pol.getLength()) { DERValue policyInfo = der.read(); @@ -92,7 +93,7 @@ public class CertificatePolicies extends Extension.Value { DERValue qual = der.read(); int len2 = 0; - LinkedList quals = new LinkedList(); + LinkedList<PolicyQualifierInfo> quals = new LinkedList<PolicyQualifierInfo>(); while (len2 < qual.getLength()) { val = der.read(); @@ -109,8 +110,8 @@ public class CertificatePolicies extends Extension.Value policyQualifierInfos = Collections.unmodifiableMap(qualifierMap); } - public CertificatePolicies (final List policies, - final Map policyQualifierInfos) + public CertificatePolicies (final List<OID> policies, + final Map<OID, List<PolicyQualifierInfo>> policyQualifierInfos) { for (Iterator it = policies.iterator(); it.hasNext(); ) if (!(it.next() instanceof OID)) @@ -129,54 +130,69 @@ public class CertificatePolicies extends Extension.Value throw new IllegalArgumentException ("policyQualifierInfos values must be Lists of PolicyQualifierInfos"); } - this.policies = Collections.unmodifiableList (new ArrayList (policies)); + this.policies = Collections.unmodifiableList (new ArrayList<OID>(policies)); this.policyQualifierInfos = Collections.unmodifiableMap - (new HashMap (policyQualifierInfos)); + (new HashMap<OID, List<PolicyQualifierInfo>>(policyQualifierInfos)); } // Instance methods. // ------------------------------------------------------------------------- - public List getPolicies() + public List<OID> getPolicies() { return policies; } + + /** + * Returns the list of policy OIDs, formatted as dotted-decimal strings. + * + * @return + */ + public List<String> getPolicyStrings() + { + List<String> l = new ArrayList<String>(policies.size()); + for (OID oid : policies) + { + l.add(oid.toString()); + } + return l; + } - public List getPolicyQualifierInfos(OID oid) + public List<PolicyQualifierInfo> getPolicyQualifierInfos(OID oid) { - return (List) policyQualifierInfos.get(oid); + return policyQualifierInfos.get(oid); } public byte[] getEncoded() { if (encoded == null) { - List pol = new ArrayList (policies.size()); - for (Iterator it = policies.iterator(); it.hasNext(); ) + List<DERValue> pol = new ArrayList<DERValue>(policies.size()); + for (Iterator<OID> it = policies.iterator(); it.hasNext(); ) { - OID policy = (OID) it.next(); - List qualifiers = getPolicyQualifierInfos (policy); - List l = new ArrayList (qualifiers == null ? 1 : 2); - l.add (new DERValue (DER.OBJECT_IDENTIFIER, policy)); + OID policy = it.next(); + List<PolicyQualifierInfo> qualifiers = getPolicyQualifierInfos(policy); + List<DERValue> l = new ArrayList<DERValue>(qualifiers == null ? 1 : 2); + l.add(new DERValue(DER.OBJECT_IDENTIFIER, policy)); if (qualifiers != null) { - List ll = new ArrayList (qualifiers.size()); - for (Iterator it2 = qualifiers.iterator(); it.hasNext(); ) + List<DERValue> ll = new ArrayList<DERValue>(qualifiers.size()); + for (Iterator<PolicyQualifierInfo> it2 = qualifiers.iterator(); it.hasNext(); ) { - PolicyQualifierInfo info = (PolicyQualifierInfo) it2.next(); + PolicyQualifierInfo info = it2.next(); try { - ll.add (DERReader.read (info.getEncoded())); + ll.add(DERReader.read(info.getEncoded())); } catch (IOException ioe) { } } - l.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ll)); + l.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, ll)); } - pol.add (new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, l)); + pol.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, l)); } - encoded = new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, pol).getEncoded(); + encoded = new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, pol).getEncoded(); } return (byte[]) encoded.clone(); } diff --git a/libjava/classpath/gnu/java/security/x509/ext/ExtendedKeyUsage.java b/libjava/classpath/gnu/java/security/x509/ext/ExtendedKeyUsage.java index 37b08acf43e..428013d04bd 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/ExtendedKeyUsage.java +++ b/libjava/classpath/gnu/java/security/x509/ext/ExtendedKeyUsage.java @@ -1,5 +1,5 @@ /* ExtendedKeyUsage.java -- the extended key usage extension. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -56,7 +56,7 @@ public class ExtendedKeyUsage extends Extension.Value public static final OID ID = new OID("2.5.29.37"); - private final List purposeIds; + private final List<OID> purposeIds; // Constructor. // ------------------------------------------------------------------------- @@ -69,13 +69,13 @@ public class ExtendedKeyUsage extends Extension.Value if (!usageList.isConstructed()) throw new IOException("malformed ExtKeyUsageSyntax"); int len = 0; - purposeIds = new LinkedList(); + purposeIds = new LinkedList<OID>(); while (len < usageList.getLength()) { DERValue val = der.read(); if (val.getTag() != DER.OBJECT_IDENTIFIER) throw new IOException("malformed KeyPurposeId"); - purposeIds.add(val.getValue()); + purposeIds.add((OID) val.getValue()); len += val.getEncodedLength(); } } @@ -83,7 +83,7 @@ public class ExtendedKeyUsage extends Extension.Value // Instance method. // ------------------------------------------------------------------------- - public List getPurposeIds() + public List<OID> getPurposeIds() { return Collections.unmodifiableList(purposeIds); } diff --git a/libjava/classpath/gnu/java/security/x509/ext/Extension.java b/libjava/classpath/gnu/java/security/x509/ext/Extension.java index 69251987ec9..2b7e96d5abc 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/Extension.java +++ b/libjava/classpath/gnu/java/security/x509/ext/Extension.java @@ -1,5 +1,5 @@ /* Extension.java -- an X.509 certificate or CRL extension. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -171,6 +171,10 @@ public class Extension { value = new ReasonCode(encval); } + else if (oid.equals(NameConstraints.ID)) + { + value = new NameConstraints(encval); + } else { value = new Value(encval); @@ -226,11 +230,11 @@ public class Extension public DERValue getDerValue() { - List ext = new ArrayList (3); - ext.add (new DERValue (DER.OBJECT_IDENTIFIER, oid)); - ext.add (new DERValue (DER.BOOLEAN, Boolean.valueOf (critical))); - ext.add (new DERValue (DER.OCTET_STRING, value.getEncoded())); - return new DERValue (DER.CONSTRUCTED|DER.SEQUENCE, ext); + List<DERValue> ext = new ArrayList<DERValue>(3); + ext.add(new DERValue(DER.OBJECT_IDENTIFIER, oid)); + ext.add(new DERValue(DER.BOOLEAN, Boolean.valueOf(critical))); + ext.add(new DERValue(DER.OCTET_STRING, value.getEncoded())); + return new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, ext); } // Own methods. diff --git a/libjava/classpath/gnu/java/security/x509/ext/GeneralName.java b/libjava/classpath/gnu/java/security/x509/ext/GeneralName.java new file mode 100644 index 00000000000..fbc05339f6d --- /dev/null +++ b/libjava/classpath/gnu/java/security/x509/ext/GeneralName.java @@ -0,0 +1,232 @@ +/* GeneralName.java -- a GeneralName. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509.ext; + +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.x509.Util; + +import java.io.IOException; +import java.util.Arrays; + +/** + * The GeneralName structure from X.509. + * + * <pre> + GeneralName ::= CHOICE { + otherName [0] OtherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } + + OtherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + + EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString } +</pre> + * + * @author Casey Marshall (csm@gnu.org) + */ +public class GeneralName +{ + public static enum Kind + { + otherName (0), + rfc822Name (1), + dNSName (2), + x400Address (3), + directoryName (4), + ediPartyName (5), + uniformResourceIdentifier (6), + iPAddress (7), + registeredId (8); + + private int tag; + + private Kind(int tag) + { + this.tag = tag; + } + + public static Kind forTag(final int tag) + { + switch (tag) + { + case 0: return otherName; + case 1: return rfc822Name; + case 2: return dNSName; + case 3: return x400Address; + case 4: return directoryName; + case 5: return ediPartyName; + case 6: return uniformResourceIdentifier; + case 7: return iPAddress; + case 8: return registeredId; + } + + throw new IllegalArgumentException("invalid tag: " + tag); + } + + public int tag() + { + return tag; + } + }; + + private final Kind kind; + private final byte[] name; + private final byte[] encoded; + + public GeneralName(byte[] encoded) throws IOException + { + DERReader reader = new DERReader(encoded); + DERValue value = reader.read(); + + if (value.getTagClass() != DER.CONTEXT) + throw new IOException("malformed GeneralName"); + + this.encoded = value.getEncoded(); + + kind = Kind.forTag(value.getTag()); + switch (kind) + { + case otherName: + name = value.getEncoded(); + name[0] = (byte) (DER.CONSTRUCTED | DER.SEQUENCE); + // Skip the two fields of the name. + reader.read(); // OID + reader.read(); // Octet string + break; + + case rfc822Name: + name = (byte[]) value.getValue(); + break; + + case dNSName: + name = (byte[]) value.getValue(); + break; + + case x400Address: + name = (byte[]) value.getValue(); + break; + + case directoryName: + name = value.getEncoded(); + name[0] = (byte) (DER.CONSTRUCTED | DER.SEQUENCE); + break; + + case ediPartyName: + name = value.getEncoded(); + name[0] = (byte) (DER.CONSTRUCTED | DER.SEQUENCE); + break; + + case uniformResourceIdentifier: + name = (byte[]) value.getValue(); + break; + + case iPAddress: + name = (byte[]) value.getValue(); + break; + + case registeredId: + name = value.getEncoded(); + name[0] = DER.OBJECT_IDENTIFIER; + break; + + default: + name = null; // Not reached. + } + } + + public GeneralName(Kind kind, byte[] name) + { + this.kind = kind; + this.name = (byte[]) name.clone(); + this.encoded = null; + } + + public Kind kind() + { + return kind; + } + + public byte[] name() + { + return (byte[]) name.clone(); + } + + public byte[] encoded() + { + try + { + return (byte[]) encoded.clone(); + } + catch (NullPointerException npe) + { + return null; + } + } + + public boolean equals(Object o) + { + try + { + GeneralName that = (GeneralName) o; + return (that.kind() == kind() && Arrays.equals(name, that.name)); + } + catch (ClassCastException cce) + { + return false; + } + } + + public String toString() + { + return (super.toString() + " [ kind=" + kind + "; name=" + + Util.hexDump(name, "") + " ]"); + } +} diff --git a/libjava/classpath/gnu/java/security/x509/ext/GeneralNames.java b/libjava/classpath/gnu/java/security/x509/ext/GeneralNames.java index b342cbd5f2e..f56ee963b9c 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/GeneralNames.java +++ b/libjava/classpath/gnu/java/security/x509/ext/GeneralNames.java @@ -38,106 +38,38 @@ exception statement from your version. */ package gnu.java.security.x509.ext; -import gnu.java.security.OID; -import gnu.java.security.der.DER; import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; import java.io.IOException; -import java.net.InetAddress; -import java.util.ArrayList; import java.util.Collections; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; -import javax.security.auth.x500.X500Principal; - public class GeneralNames { // Instance methods. // ------------------------------------------------------------------------- - public static final int OTHER_NAME = 0; - public static final int RFC822_NAME = 1; - public static final int DNS_NAME = 2; - public static final int X400_ADDRESS = 3; - public static final int DIRECTORY_NAME = 4; - public static final int EDI_PARTY_NAME = 5; - public static final int URI = 6; - public static final int IP_ADDRESS = 7; - public static final int REGISTERED_ID = 8; - - private List names; + private List<GeneralName> names; // Constructor. // ------------------------------------------------------------------------- public GeneralNames(final byte[] encoded) throws IOException { - names = new LinkedList(); + names = new LinkedList<GeneralName>(); DERReader der = new DERReader(encoded); DERValue nameList = der.read(); if (!nameList.isConstructed()) throw new IOException("malformed GeneralNames"); int len = 0; - int i = 0; while (len < nameList.getLength()) { DERValue name = der.read(); - List namePair = new ArrayList(2); - int tagClass = name.getTagClass(); - if (tagClass != DER.CONTEXT) - throw new IOException("malformed GeneralName: Tag class is " + tagClass); - namePair.add(Integer.valueOf(name.getTag())); - DERValue val = null; - switch (name.getTag()) - { - case RFC822_NAME: - case DNS_NAME: - case X400_ADDRESS: - case URI: - namePair.add(new String((byte[]) name.getValue())); - break; - - case OTHER_NAME: - // MUST return the encoded bytes of the OID/OctetString sequence - byte[] anotherName = name.getEncoded(); - anotherName[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE); - namePair.add(anotherName); - // DERReader goes back on Constructed things so we need to skip over them - DERValue skip = der.read(); // skip OID - skip = der.read(); // skip Octet String - break; - - case EDI_PARTY_NAME: - namePair.add(name.getValue()); - break; - - case DIRECTORY_NAME: - byte[] b = name.getEncoded(); - b[0] = (byte) (DER.CONSTRUCTED|DER.SEQUENCE); - DERReader r = new DERReader (b); - r.read (); - namePair.add(new X500Principal(r.read ().getEncoded ()).toString()); - break; - - case IP_ADDRESS: - namePair.add(InetAddress.getByAddress((byte[]) name.getValue()) - .getHostAddress()); - break; - - case REGISTERED_ID: - byte[] bb = name.getEncoded(); - bb[0] = (byte) DER.OBJECT_IDENTIFIER; - namePair.add(new OID(bb).toString()); - break; - - default: - throw new IOException("unknown tag " + name.getTag()); - } - names.add(namePair); + GeneralName generalName = new GeneralName(name.getEncoded()); + names.add(generalName); len += name.getEncodedLength(); } } @@ -145,21 +77,9 @@ public class GeneralNames // Instance methods. // ------------------------------------------------------------------------- - public List getNames() + public List<GeneralName> getNames() { - List l = new ArrayList(names.size()); - for (Iterator it = names.iterator(); it.hasNext(); ) - { - List ll = (List) it.next(); - List pair = new ArrayList(2); - pair.add(ll.get(0)); - if (ll.get(1) instanceof byte[]) - pair.add(((byte[]) ll.get(1)).clone()); - else - pair.add(ll.get(1)); - l.add(Collections.unmodifiableList(pair)); - } - return Collections.unmodifiableList(l); + return Collections.unmodifiableList(names); } public String toString() diff --git a/libjava/classpath/gnu/java/security/x509/ext/GeneralSubtree.java b/libjava/classpath/gnu/java/security/x509/ext/GeneralSubtree.java new file mode 100644 index 00000000000..5f6ffd98701 --- /dev/null +++ b/libjava/classpath/gnu/java/security/x509/ext/GeneralSubtree.java @@ -0,0 +1,156 @@ +/* GeneralSubtree.java -- + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509.ext; + +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.IOException; +import java.math.BigInteger; + +/** + * The GeneralSubtree structure, a part of the {@link NameConstraints} + * extension. + * + * <pre> + GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL } + + BaseDistance ::= INTEGER (0..MAX)</pre> + * + * @author Casey Marshall (csm@gnu.org) + */ +public class GeneralSubtree +{ + private final GeneralName base; + private final int minimum; + private final int maximum; + + public GeneralSubtree(byte[] encoded) throws IOException + { + DERReader reader = new DERReader(encoded); + DERValue generalSubtree = reader.read(); + + if (!generalSubtree.isConstructed()) + throw new IOException("malformed GeneralSubtree"); + + DERValue generalName = reader.read(); + base = new GeneralName(generalName.getEncoded()); + if (generalName.isConstructed()) + reader.skip(generalName.getLength()); + + int len = generalName.getEncodedLength(); + if (len < generalSubtree.getLength()) + { + DERValue distance = reader.read(); + if (distance.getTag() == 0) + { + minimum = ((BigInteger) distance.getValue()).intValue(); + len += distance.getEncodedLength(); + if (len < generalSubtree.getLength()) + { + distance = reader.read(); + if (distance.getTag() != 1) + throw new IOException("unexpected tag " + + distance.getTag() + + " (expected 1 for GeneralSubtree maximum distance)"); + maximum = ((BigInteger) distance.getValue()).intValue(); + } + else + { + maximum = -1; + } + } + else if (distance.getTag() == 1) + { + minimum = 1; + maximum = ((BigInteger) distance.getValue()).intValue(); + } + else + { + throw new IOException("unexpected tag " + distance.getTag() + + " (expected 0 or 1 for GeneralSubtree distance)"); + } + } + else + { + minimum = 0; + maximum = -1; + } + } + + /** + * Returns the base name. + * + * @return The base name. + */ + public GeneralName base() + { + return base; + } + + /** + * Returns the minimum base distance, possibly zero. + * + * @return The minimum base distance. + */ + public int minimum() + { + return minimum; + } + + /** + * Returns the maximum base distance, or -1 if this value was not specified. + * + * @return The maximum base distance. + */ + public int maximum() + { + return maximum; + } + + public String toString() + { + return (GeneralSubtree.class.getName() + " [ base=" + base + + "; minimum=" + minimum + "; maximim=" + maximum + + " ]"); + } +} diff --git a/libjava/classpath/gnu/java/security/x509/ext/IssuerAlternativeNames.java b/libjava/classpath/gnu/java/security/x509/ext/IssuerAlternativeNames.java index 8b017dc62d8..080070b9890 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/IssuerAlternativeNames.java +++ b/libjava/classpath/gnu/java/security/x509/ext/IssuerAlternativeNames.java @@ -1,5 +1,5 @@ /* IssuerAlternatuveNames.java -- issuer alternative names extension. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -65,7 +65,7 @@ public class IssuerAlternativeNames extends Extension.Value // Instance method. // ------------------------------------------------------------------------- - public List getNames() + public List<GeneralName> getNames() { return names.getNames(); } diff --git a/libjava/classpath/gnu/java/security/x509/ext/NameConstraints.java b/libjava/classpath/gnu/java/security/x509/ext/NameConstraints.java new file mode 100644 index 00000000000..607c4296642 --- /dev/null +++ b/libjava/classpath/gnu/java/security/x509/ext/NameConstraints.java @@ -0,0 +1,161 @@ +/* NameConstraints.java -- the NameConstraints X.509 extension. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.security.x509.ext; + +import gnu.java.security.OID; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.x509.ext.Extension.Value; + +import java.io.IOException; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; + +/** + * The NameConstraints extension. From RFC 3280, section 4.2.1.11, this + * extension is defined as: + * + * <pre> + id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } + + NameConstraints ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL } + + GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + + GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL } + + BaseDistance ::= INTEGER (0..MAX) + </pre> + * + * See also the classes {@link GeneralNames} and {@link GeneralSubtree}. + * + * @author csm + */ +public class NameConstraints extends Value +{ + public static final OID ID = new OID("2.5.29.30"); + + private List<GeneralSubtree> permittedSubtrees; + private List<GeneralSubtree> excludedSubtrees; + + public NameConstraints(byte[] encoded) throws IOException + { + super(encoded); + + DERReader der = new DERReader(encoded); + DERValue value = der.read(); + if (!value.isConstructed()) + { + throw new IOException("malformed NameConstraints"); + } + + permittedSubtrees = new LinkedList<GeneralSubtree>(); + excludedSubtrees = new LinkedList<GeneralSubtree>(); + int len = 0; + if (len < value.getLength()) + { + DERValue subtrees = der.read(); + if (subtrees.getTag() == 0) + { + int len2 = 0; + while (len2 < subtrees.getLength()) + { + DERValue subtree = der.read(); + permittedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); + der.skip(subtree.getLength()); + len2 += subtree.getEncodedLength(); + } + len += subtrees.getEncodedLength(); + + if (len < value.getLength()) + { + subtrees = der.read(); + if (subtrees.getTag() != 1) + throw new IOException("unexpected tag " + subtrees.getTag() + + " (expecting 1 for excludedSubtrees)"); + len2 = 0; + while (len2 < subtrees.getLength()) + { + DERValue subtree = der.read(); + excludedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); + der.skip(subtree.getLength()); + len2 += subtree.getEncodedLength(); + } + } + } + else if (subtrees.getTag() == 1) + { + int len2 = 0; + while (len2 < subtrees.getLength()) + { + DERValue subtree = der.read(); + excludedSubtrees.add(new GeneralSubtree(subtree.getEncoded())); + der.skip(subtree.getLength()); + len2 += subtree.getEncodedLength(); + } + } + else + throw new IOException("unexpected tag " + subtrees.getTag() + + " (expecting 0 or 1)"); + } + } + + public List<GeneralSubtree> permittedSubtrees() + { + return Collections.unmodifiableList(permittedSubtrees); + } + + public List<GeneralSubtree> excludedSubtrees() + { + return Collections.unmodifiableList(excludedSubtrees); + } + + public String toString() + { + return NameConstraints.class.getName() + " [ permittedSubtrees=" + + permittedSubtrees + "; excludedSubtrees=" + excludedSubtrees + + " ]"; + } +} diff --git a/libjava/classpath/gnu/java/security/x509/ext/SubjectAlternativeNames.java b/libjava/classpath/gnu/java/security/x509/ext/SubjectAlternativeNames.java index f88e854965f..8b6347d99a3 100644 --- a/libjava/classpath/gnu/java/security/x509/ext/SubjectAlternativeNames.java +++ b/libjava/classpath/gnu/java/security/x509/ext/SubjectAlternativeNames.java @@ -1,5 +1,5 @@ /* SubjectAlternatuveNames.java -- subject alternative names extension. - Copyright (C) 2004 Free Software Foundation, Inc. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -65,7 +65,7 @@ public class SubjectAlternativeNames extends Extension.Value // Instance method. // ------------------------------------------------------------------------- - public List getNames() + public List<GeneralName> getNames() { return names.getNames(); } |
