1/*
2 * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25package sun.security.x509;
26
27import java.io.IOException;
28import java.io.OutputStream;
29import java.util.Enumeration;
30
31import sun.security.util.DerValue;
32import sun.security.util.DerOutputStream;
33
34/**
35 * Represents the CRL Certificate Issuer Extension (OID = 2.5.29.29).
36 * <p>
37 * The CRL certificate issuer extension identifies the certificate issuer
38 * associated with an entry in an indirect CRL, i.e. a CRL that has the
39 * indirectCRL indicator set in its issuing distribution point extension. If
40 * this extension is not present on the first entry in an indirect CRL, the
41 * certificate issuer defaults to the CRL issuer. On subsequent entries
42 * in an indirect CRL, if this extension is not present, the certificate
43 * issuer for the entry is the same as that for the preceding entry.
44 * <p>
45 * If used by conforming CRL issuers, this extension is always
46 * critical.  If an implementation ignored this extension it could not
47 * correctly attribute CRL entries to certificates.  PKIX (RFC 3280)
48 * RECOMMENDS that implementations recognize this extension.
49 * <p>
50 * The ASN.1 definition for this is:
51 * <pre>
52 * id-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-ce 29 }
53 *
54 * certificateIssuer ::=     GeneralNames
55 * </pre>
56 *
57 * @author Anne Anderson
58 * @author Sean Mullan
59 * @since 1.5
60 * @see Extension
61 * @see CertAttrSet
62 */
63public class CertificateIssuerExtension extends Extension
64    implements CertAttrSet<String> {
65
66    /**
67     * Attribute names.
68     */
69    public static final String NAME = "CertificateIssuer";
70    public static final String ISSUER = "issuer";
71
72    private GeneralNames names;
73
74    /**
75     * Encode this extension
76     */
77    private void encodeThis() throws IOException {
78        if (names == null || names.isEmpty()) {
79            this.extensionValue = null;
80            return;
81        }
82        DerOutputStream os = new DerOutputStream();
83        names.encode(os);
84        this.extensionValue = os.toByteArray();
85    }
86
87    /**
88     * Create a CertificateIssuerExtension containing the specified issuer name.
89     * Criticality is automatically set to true.
90     *
91     * @param issuer the certificate issuer
92     * @throws IOException on error
93     */
94    public CertificateIssuerExtension(GeneralNames issuer) throws IOException {
95        this.extensionId = PKIXExtensions.CertificateIssuer_Id;
96        this.critical = true;
97        this.names = issuer;
98        encodeThis();
99    }
100
101    /**
102     * Create a CertificateIssuerExtension from the specified DER encoded
103     * value of the same.
104     *
105     * @param critical true if the extension is to be treated as critical.
106     * @param value an array of DER encoded bytes of the actual value
107     * @throws ClassCastException if value is not an array of bytes
108     * @throws IOException on error
109     */
110    public CertificateIssuerExtension(Boolean critical, Object value)
111        throws IOException {
112        this.extensionId = PKIXExtensions.CertificateIssuer_Id;
113        this.critical = critical.booleanValue();
114
115        this.extensionValue = (byte[]) value;
116        DerValue val = new DerValue(this.extensionValue);
117        this.names = new GeneralNames(val);
118    }
119
120    /**
121     * Set the attribute value.
122     *
123     * @throws IOException on error
124     */
125    public void set(String name, Object obj) throws IOException {
126        if (name.equalsIgnoreCase(ISSUER)) {
127            if (!(obj instanceof GeneralNames)) {
128                throw new IOException("Attribute value must be of type " +
129                    "GeneralNames");
130            }
131            this.names = (GeneralNames)obj;
132        } else {
133            throw new IOException("Attribute name not recognized by " +
134                "CertAttrSet:CertificateIssuer");
135        }
136        encodeThis();
137    }
138
139    /**
140     * Gets the attribute value.
141     *
142     * @throws IOException on error
143     */
144    public Object get(String name) throws IOException {
145        if (name.equalsIgnoreCase(ISSUER)) {
146            return names;
147        } else {
148            throw new IOException("Attribute name not recognized by " +
149                "CertAttrSet:CertificateIssuer");
150        }
151    }
152
153    /**
154     * Deletes the attribute value.
155     *
156     * @throws IOException on error
157     */
158    public void delete(String name) throws IOException {
159        if (name.equalsIgnoreCase(ISSUER)) {
160            names = null;
161        } else {
162            throw new IOException("Attribute name not recognized by " +
163                "CertAttrSet:CertificateIssuer");
164        }
165        encodeThis();
166    }
167
168    /**
169     * Returns a printable representation of the certificate issuer.
170     */
171    public String toString() {
172        return super.toString() + "Certificate Issuer [\n" +
173            String.valueOf(names) + "]\n";
174    }
175
176    /**
177     * Write the extension to the OutputStream.
178     *
179     * @param out the OutputStream to write the extension to
180     * @exception IOException on encoding errors
181     */
182    public void encode(OutputStream out) throws IOException {
183        DerOutputStream  tmp = new DerOutputStream();
184        if (extensionValue == null) {
185            extensionId = PKIXExtensions.CertificateIssuer_Id;
186            critical = true;
187            encodeThis();
188        }
189        super.encode(tmp);
190        out.write(tmp.toByteArray());
191    }
192
193    /**
194     * Return an enumeration of names of attributes existing within this
195     * attribute.
196     */
197    public Enumeration<String> getElements() {
198        AttributeNameEnumeration elements = new AttributeNameEnumeration();
199        elements.addElement(ISSUER);
200        return elements.elements();
201    }
202
203    /**
204     * Return the name of this attribute.
205     */
206    public String getName() {
207        return NAME;
208    }
209}
210