Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / sun / security / x509 / AuthorityInfoAccessExtension.java
blob: 5b0b287fa2424c73f2a7f2ee0a61975e31a2c49c [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 2004-2006 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26package sun.security.x509;
27
28import java.io.IOException;
29import java.io.OutputStream;
30
31import java.util.*;
32
33import sun.security.util.DerOutputStream;
34import sun.security.util.DerValue;
35
36/**
37 * The Authority Information Access Extension (OID = 1.3.6.1.5.5.7.1.1).
38 * <p>
39 * The AIA extension identifies how to access CA information and services
40 * for the certificate in which it appears. It enables CAs to issue their
41 * certificates pre-configured with the URLs appropriate for contacting
42 * services relevant to those certificates. For example, a CA may issue a
43 * certificate that identifies the specific OCSP Responder to use when
44 * performing on-line validation of that certificate.
45 * <p>
46 * This extension is defined in
47 * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile</a>. The profile permits
48 * the extension to be included in end-entity or CA certificates,
49 * and it must be marked as non-critical. Its ASN.1 definition is as follows:
50 * <pre>
51 * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
52 *
53 * AuthorityInfoAccessSyntax ::=
54 * SEQUENCE SIZE (1..MAX) OF AccessDescription
55 *
56 * AccessDescription ::= SEQUENCE {
57 * accessMethod OBJECT IDENTIFIER,
58 * accessLocation GeneralName }
59 * </pre>
60 * <p>
61 * @see Extension
62 * @see CertAttrSet
63 */
64
65public class AuthorityInfoAccessExtension extends Extension
66 implements CertAttrSet<String> {
67
68 /**
69 * Identifier for this attribute, to be used with the
70 * get, set, delete methods of Certificate, x509 type.
71 */
72 public static final String IDENT =
73 "x509.info.extensions.AuthorityInfoAccess";
74
75 /**
76 * Attribute name.
77 */
78 public static final String NAME = "AuthorityInfoAccess";
79 public static final String DESCRIPTIONS = "descriptions";
80
81 /**
82 * The List of AccessDescription objects.
83 */
84 private List<AccessDescription> accessDescriptions;
85
86 /**
87 * Create an AuthorityInfoAccessExtension from a List of
88 * AccessDescription; the criticality is set to false.
89 *
90 * @param accessDescriptions the List of AccessDescription
91 * @throws IOException on error
92 */
93 public AuthorityInfoAccessExtension(
94 List<AccessDescription> accessDescriptions) throws IOException {
95 this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
96 this.critical = false;
97 this.accessDescriptions = accessDescriptions;
98 encodeThis();
99 }
100
101 /**
102 * Create the extension from the passed DER encoded value of the same.
103 *
104 * @param critical true if the extension is to be treated as critical.
105 * @param value Array of DER encoded bytes of the actual value.
106 * @exception IOException on error.
107 */
108 public AuthorityInfoAccessExtension(Boolean critical, Object value)
109 throws IOException {
110 this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
111 this.critical = critical.booleanValue();
112
113 if (!(value instanceof byte[])) {
114 throw new IOException("Illegal argument type");
115 }
116
117 extensionValue = (byte[])value;
118 DerValue val = new DerValue(extensionValue);
119 if (val.tag != DerValue.tag_Sequence) {
120 throw new IOException("Invalid encoding for " +
121 "AuthorityInfoAccessExtension.");
122 }
123 accessDescriptions = new ArrayList<AccessDescription>();
124 while (val.data.available() != 0) {
125 DerValue seq = val.data.getDerValue();
126 AccessDescription accessDescription = new AccessDescription(seq);
127 accessDescriptions.add(accessDescription);
128 }
129 }
130
131 /**
132 * Return the list of AccessDescription objects.
133 */
134 public List<AccessDescription> getAccessDescriptions() {
135 return accessDescriptions;
136 }
137
138 /**
139 * Return the name of this attribute.
140 */
141 public String getName() {
142 return NAME;
143 }
144
145 /**
146 * Write the extension to the DerOutputStream.
147 *
148 * @param out the DerOutputStream to write the extension to.
149 * @exception IOException on encoding errors.
150 */
151 public void encode(OutputStream out) throws IOException {
152 DerOutputStream tmp = new DerOutputStream();
153 if (this.extensionValue == null) {
154 this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
155 this.critical = false;
156 encodeThis();
157 }
158 super.encode(tmp);
159 out.write(tmp.toByteArray());
160 }
161
162 /**
163 * Set the attribute value.
164 */
165 public void set(String name, Object obj) throws IOException {
166 if (name.equalsIgnoreCase(DESCRIPTIONS)) {
167 if (!(obj instanceof List)) {
168 throw new IOException("Attribute value should be of type List.");
169 }
170 accessDescriptions = (List<AccessDescription>)obj;
171 } else {
172 throw new IOException("Attribute name [" + name +
173 "] not recognized by " +
174 "CertAttrSet:AuthorityInfoAccessExtension.");
175 }
176 encodeThis();
177 }
178
179 /**
180 * Get the attribute value.
181 */
182 public Object get(String name) throws IOException {
183 if (name.equalsIgnoreCase(DESCRIPTIONS)) {
184 return accessDescriptions;
185 } else {
186 throw new IOException("Attribute name [" + name +
187 "] not recognized by " +
188 "CertAttrSet:AuthorityInfoAccessExtension.");
189 }
190 }
191
192 /**
193 * Delete the attribute value.
194 */
195 public void delete(String name) throws IOException {
196 if (name.equalsIgnoreCase(DESCRIPTIONS)) {
197 accessDescriptions = new ArrayList<AccessDescription>();
198 } else {
199 throw new IOException("Attribute name [" + name +
200 "] not recognized by " +
201 "CertAttrSet:AuthorityInfoAccessExtension.");
202 }
203 encodeThis();
204 }
205
206 /**
207 * Return an enumeration of names of attributes existing within this
208 * attribute.
209 */
210 public Enumeration<String> getElements() {
211 AttributeNameEnumeration elements = new AttributeNameEnumeration();
212 elements.addElement(DESCRIPTIONS);
213 return elements.elements();
214 }
215
216 // Encode this extension value
217 private void encodeThis() throws IOException {
218 if (accessDescriptions.isEmpty()) {
219 this.extensionValue = null;
220 } else {
221 DerOutputStream ads = new DerOutputStream();
222 for (AccessDescription accessDescription : accessDescriptions) {
223 accessDescription.encode(ads);
224 }
225 DerOutputStream seq = new DerOutputStream();
226 seq.write(DerValue.tag_Sequence, ads);
227 this.extensionValue = seq.toByteArray();
228 }
229 }
230
231 /**
232 * Return the extension as user readable string.
233 */
234 public String toString() {
235 return super.toString() + "AuthorityInfoAccess [\n "
236 + accessDescriptions + "\n]\n";
237 }
238
239}