151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 2d7819a81f8b1b8d1a6b26329e4aa5f046afbf1f6Kenny Root * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage sun.security.x509; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.IOException; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.OutputStream; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.cert.CertificateException; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Enumeration; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Vector; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.util.*; 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class defines the certificate extension which specifies the 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Policy constraints. 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The policy constraints extension can be used in certificates issued 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * to CAs. The policy constraints extension constrains path validation 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in two ways. It can be used to prohibit policy mapping or require 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that each certificate in a path contain an acceptable policy 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * identifier.<p> 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * module definition): 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * PolicyConstraints ::= SEQUENCE { 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * requireExplicitPolicy [0] SkipCerts OPTIONAL, 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inhibitPolicyMapping [1] SkipCerts OPTIONAL 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SkipCerts ::= INTEGER (0..MAX) 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Amit Kapoor 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see Extension 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see CertAttrSet 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic class PolicyConstraintsExtension extends Extension 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimplements CertAttrSet<String> { 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Identifier for this attribute, to be used with the 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * get, set, delete methods of Certificate, x509 type. 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final String IDENT = "x509.info.extensions.PolicyConstraints"; 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Attribute names. 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final String NAME = "PolicyConstraints"; 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final String REQUIRE = "require"; 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final String INHIBIT = "inhibit"; 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final byte TAG_REQUIRE = 0; 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final byte TAG_INHIBIT = 1; 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private int require = -1; 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private int inhibit = -1; 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // Encode this extension value. 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private void encodeThis() throws IOException { 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (require == -1 && inhibit == -1) { 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensionValue = null; 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return; 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream tagged = new DerOutputStream(); 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream seq = new DerOutputStream(); 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (require != -1) { 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream tmp = new DerOutputStream(); 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tmp.putInteger(require); 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski false, TAG_REQUIRE), tmp); 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (inhibit != -1) { 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream tmp = new DerOutputStream(); 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tmp.putInteger(inhibit); 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski false, TAG_INHIBIT), tmp); 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski seq.write(DerValue.tag_Sequence, tagged); 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensionValue = seq.toByteArray(); 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create a PolicyConstraintsExtension object with both 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * require explicit policy and inhibit policy mapping. The 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * extension is marked non-critical. 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param require require explicit policy (-1 for optional). 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inhibit inhibit policy mapping (-1 for optional). 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public PolicyConstraintsExtension(int require, int inhibit) 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException { 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this(Boolean.FALSE, require, inhibit); 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create a PolicyConstraintsExtension object with specified 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * criticality and both require explicit policy and inhibit 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * policy mapping. 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param critical true if the extension is to be treated as critical. 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param require require explicit policy (-1 for optional). 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inhibit inhibit policy mapping (-1 for optional). 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public PolicyConstraintsExtension(Boolean critical, int require, int inhibit) 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException { 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.require = require; 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.inhibit = inhibit; 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensionId = PKIXExtensions.PolicyConstraints_Id; 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.critical = critical.booleanValue(); 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski encodeThis(); 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create the extension from its DER encoded value and criticality. 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param critical true if the extension is to be treated as critical. 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param value an array of DER encoded bytes of the actual value. 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception ClassCastException if value is not an array of bytes 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IOException on error. 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public PolicyConstraintsExtension(Boolean critical, Object value) 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException { 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensionId = PKIXExtensions.PolicyConstraints_Id; 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.critical = critical.booleanValue(); 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.extensionValue = (byte[]) value; 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue val = new DerValue(this.extensionValue); 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (val.tag != DerValue.tag_Sequence) { 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Sequence tag missing for PolicyConstraint."); 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerInputStream in = val.data; 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski while (in != null && in.available() != 0) { 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerValue next = in.getDerValue(); 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (next.isContextSpecific(TAG_REQUIRE) && !next.isConstructed()) { 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (this.require != -1) 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Duplicate requireExplicitPolicy" + 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "found in the PolicyConstraintsExtension"); 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski next.resetTag(DerValue.tag_Integer); 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.require = next.getInteger(); 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (next.isContextSpecific(TAG_INHIBIT) && 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski !next.isConstructed()) { 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (this.inhibit != -1) 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Duplicate inhibitPolicyMapping" + 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "found in the PolicyConstraintsExtension"); 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski next.resetTag(DerValue.tag_Integer); 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.inhibit = next.getInteger(); 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Invalid encoding of PolicyConstraint"); 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Return the extension as user readable string. 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String toString() { 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String s; 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s = super.toString() + "PolicyConstraints: [" + " Require: "; 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (require == -1) 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += "unspecified;"; 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski else 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += require + ";"; 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += "\tInhibit: "; 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (inhibit == -1) 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += "unspecified"; 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski else 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += inhibit; 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s += " ]\n"; 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return s; 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Write the extension to the DerOutputStream. 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param out the DerOutputStream to write the extension to. 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IOException on encoding errors. 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void encode(OutputStream out) throws IOException { 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski DerOutputStream tmp = new DerOutputStream(); 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (extensionValue == null) { 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski extensionId = PKIXExtensions.PolicyConstraints_Id; 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski critical = false; 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski encodeThis(); 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski super.encode(tmp); 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski out.write(tmp.toByteArray()); 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Set the attribute value. 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void set(String name, Object obj) throws IOException { 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (!(obj instanceof Integer)) { 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Attribute value should be of type Integer."); 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (name.equalsIgnoreCase(REQUIRE)) { 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski require = ((Integer)obj).intValue(); 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (name.equalsIgnoreCase(INHIBIT)) { 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski inhibit = ((Integer)obj).intValue(); 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Attribute name " + "[" + name + "]" + 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski " not recognized by " + 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "CertAttrSet:PolicyConstraints."); 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski encodeThis(); 22951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Get the attribute value. 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 234d7819a81f8b1b8d1a6b26329e4aa5f046afbf1f6Kenny Root public Integer get(String name) throws IOException { 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (name.equalsIgnoreCase(REQUIRE)) { 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new Integer(require); 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (name.equalsIgnoreCase(INHIBIT)) { 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new Integer(inhibit); 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Attribute name not recognized by " + 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "CertAttrSet:PolicyConstraints."); 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Delete the attribute value. 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void delete(String name) throws IOException { 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (name.equalsIgnoreCase(REQUIRE)) { 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski require = -1; 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (name.equalsIgnoreCase(INHIBIT)) { 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski inhibit = -1; 25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new IOException("Attribute name not recognized by " + 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski "CertAttrSet:PolicyConstraints."); 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski encodeThis(); 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Return an enumeration of names of attributes existing within this 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * attribute. 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public Enumeration<String> getElements() { 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski AttributeNameEnumeration elements = new AttributeNameEnumeration(); 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski elements.addElement(REQUIRE); 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski elements.addElement(INHIBIT); 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (elements.elements()); 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Return the name of this attribute. 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String getName() { 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (NAME); 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 279