| /* |
| * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.x509; |
| |
| import java.io.IOException; |
| import java.io.OutputStream; |
| import java.util.Enumeration; |
| |
| import sun.security.util.Debug; |
| import sun.security.util.DerOutputStream; |
| import sun.security.util.DerValue; |
| import sun.security.util.ObjectIdentifier; |
| |
| /** |
| * This class represents the Inhibit Any-Policy Extension. |
| * |
| * <p>The inhibit any-policy extension can be used in certificates issued |
| * to CAs. The inhibit any-policy indicates that the special any-policy |
| * OID, with the value {2 5 29 32 0}, is not considered an explicit |
| * match for other certificate policies. The value indicates the number |
| * of additional certificates that may appear in the path before any- |
| * policy is no longer permitted. For example, a value of one indicates |
| * that any-policy may be processed in certificates issued by the sub- |
| * ject of this certificate, but not in additional certificates in the |
| * path. |
| * <p> |
| * This extension MUST be critical. |
| * <p> |
| * The ASN.1 syntax for this extension is: |
| * <pre>{@code |
| * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } |
| * |
| * InhibitAnyPolicy ::= SkipCerts |
| * |
| * SkipCerts ::= INTEGER (0..MAX) |
| * }</pre> |
| * @author Anne Anderson |
| * @see CertAttrSet |
| * @see Extension |
| */ |
| public class InhibitAnyPolicyExtension extends Extension |
| implements CertAttrSet<String> { |
| |
| private static final Debug debug = Debug.getInstance("certpath"); |
| |
| /** |
| * Identifier for this attribute, to be used with the |
| * get, set, delete methods of Certificate, x509 type. |
| */ |
| public static final String IDENT = "x509.info.extensions.InhibitAnyPolicy"; |
| |
| /** |
| * Object identifier for "any-policy" |
| */ |
| public static ObjectIdentifier AnyPolicy_Id; |
| static { |
| try { |
| AnyPolicy_Id = new ObjectIdentifier("2.5.29.32.0"); |
| } catch (IOException ioe) { |
| // Should not happen |
| } |
| } |
| |
| /** |
| * Attribute names. |
| */ |
| public static final String NAME = "InhibitAnyPolicy"; |
| public static final String SKIP_CERTS = "skip_certs"; |
| |
| // Private data members |
| private int skipCerts = Integer.MAX_VALUE; |
| |
| // Encode this extension value |
| private void encodeThis() throws IOException { |
| DerOutputStream out = new DerOutputStream(); |
| out.putInteger(skipCerts); |
| this.extensionValue = out.toByteArray(); |
| } |
| |
| /** |
| * Default constructor for this object. |
| * |
| * @param skipCerts specifies the depth of the certification path. |
| * Use value of -1 to request unlimited depth. |
| */ |
| public InhibitAnyPolicyExtension(int skipCerts) throws IOException { |
| if (skipCerts < -1) |
| throw new IOException("Invalid value for skipCerts"); |
| if (skipCerts == -1) |
| this.skipCerts = Integer.MAX_VALUE; |
| else |
| this.skipCerts = skipCerts; |
| this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id; |
| critical = true; |
| encodeThis(); |
| } |
| |
| /** |
| * Create the extension from the passed DER encoded value of the same. |
| * |
| * @param critical criticality flag to use. Must be true for this |
| * extension. |
| * @param value a byte array holding the DER-encoded extension value. |
| * @exception ClassCastException if value is not an array of bytes |
| * @exception IOException on error. |
| */ |
| public InhibitAnyPolicyExtension(Boolean critical, Object value) |
| throws IOException { |
| |
| this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id; |
| |
| if (!critical.booleanValue()) |
| throw new IOException("Criticality cannot be false for " + |
| "InhibitAnyPolicy"); |
| this.critical = critical.booleanValue(); |
| |
| this.extensionValue = (byte[]) value; |
| DerValue val = new DerValue(this.extensionValue); |
| if (val.tag != DerValue.tag_Integer) |
| throw new IOException("Invalid encoding of InhibitAnyPolicy: " |
| + "data not integer"); |
| |
| if (val.data == null) |
| throw new IOException("Invalid encoding of InhibitAnyPolicy: " |
| + "null data"); |
| int skipCertsValue = val.getInteger(); |
| if (skipCertsValue < -1) |
| throw new IOException("Invalid value for skipCerts"); |
| if (skipCertsValue == -1) { |
| this.skipCerts = Integer.MAX_VALUE; |
| } else { |
| this.skipCerts = skipCertsValue; |
| } |
| } |
| |
| /** |
| * Return user readable form of extension. |
| */ |
| public String toString() { |
| String s = super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n"; |
| return s; |
| } |
| |
| /** |
| * Encode this extension value to the output stream. |
| * |
| * @param out the DerOutputStream to encode the extension to. |
| */ |
| public void encode(OutputStream out) throws IOException { |
| DerOutputStream tmp = new DerOutputStream(); |
| if (extensionValue == null) { |
| this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id; |
| critical = true; |
| encodeThis(); |
| } |
| super.encode(tmp); |
| |
| out.write(tmp.toByteArray()); |
| } |
| |
| /** |
| * Set the attribute value. |
| * |
| * @param name name of attribute to set. Must be SKIP_CERTS. |
| * @param obj value to which attribute is to be set. Must be Integer |
| * type. |
| * @throws IOException on error |
| */ |
| public void set(String name, Object obj) throws IOException { |
| if (name.equalsIgnoreCase(SKIP_CERTS)) { |
| if (!(obj instanceof Integer)) |
| throw new IOException("Attribute value should be of type Integer."); |
| int skipCertsValue = ((Integer)obj).intValue(); |
| if (skipCertsValue < -1) |
| throw new IOException("Invalid value for skipCerts"); |
| if (skipCertsValue == -1) { |
| skipCerts = Integer.MAX_VALUE; |
| } else { |
| skipCerts = skipCertsValue; |
| } |
| } else |
| throw new IOException("Attribute name not recognized by " + |
| "CertAttrSet:InhibitAnyPolicy."); |
| encodeThis(); |
| } |
| |
| /** |
| * Get the attribute value. |
| * |
| * @param name name of attribute to get. Must be SKIP_CERTS. |
| * @return value of the attribute. In this case it will be of type |
| * Integer. |
| * @throws IOException on error |
| */ |
| public Integer get(String name) throws IOException { |
| if (name.equalsIgnoreCase(SKIP_CERTS)) |
| return (skipCerts); |
| else |
| throw new IOException("Attribute name not recognized by " + |
| "CertAttrSet:InhibitAnyPolicy."); |
| } |
| |
| /** |
| * Delete the attribute value. |
| * |
| * @param name name of attribute to delete. Must be SKIP_CERTS. |
| * @throws IOException on error. In this case, IOException will always be |
| * thrown, because the only attribute, SKIP_CERTS, is |
| * required. |
| */ |
| public void delete(String name) throws IOException { |
| if (name.equalsIgnoreCase(SKIP_CERTS)) |
| throw new IOException("Attribute " + SKIP_CERTS + |
| " may not be deleted."); |
| else |
| throw new IOException("Attribute name not recognized by " + |
| "CertAttrSet:InhibitAnyPolicy."); |
| } |
| |
| /** |
| * Return an enumeration of names of attributes existing within this |
| * attribute. |
| * |
| * @return enumeration of elements |
| */ |
| public Enumeration<String> getElements() { |
| AttributeNameEnumeration elements = new AttributeNameEnumeration(); |
| elements.addElement(SKIP_CERTS); |
| return (elements.elements()); |
| } |
| |
| /** |
| * Return the name of this attribute. |
| * |
| * @return name of attribute. |
| */ |
| public String getName() { |
| return (NAME); |
| } |
| } |