Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / sun / security / x509 / URIName.java
blob: 4188df976a80432efc1314a47efe38d9d9370c0c [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 1997-2004 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26package sun.security.x509;
27
28import java.io.IOException;
29import java.net.URI;
30import java.net.URISyntaxException;
31
32import sun.security.util.*;
33
34/**
35 * This class implements the URIName as required by the GeneralNames
36 * ASN.1 object.
37 * <p>
38 * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be
39 * stored in the uniformResourceIdentifier (an IA5String). The name MUST
40 * be a non-relative URL, and MUST follow the URL syntax and encoding
41 * rules specified in [RFC 1738]. The name must include both a scheme
42 * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme-
43 * specific-part must include a fully qualified domain name or IP
44 * address as the host.
45 * <p>
46 * As specified in [RFC 1738], the scheme name is not case-sensitive
47 * (e.g., "http" is equivalent to "HTTP"). The host part is also not
48 * case-sensitive, but other components of the scheme-specific-part may
49 * be case-sensitive. When comparing URIs, conforming implementations
50 * MUST compare the scheme and host without regard to case, but assume
51 * the remainder of the scheme-specific-part is case sensitive.
52 * <p>
53 * [RFC1738] In general, URLs are written as follows:
54 * <pre>
55 * <scheme>:<scheme-specific-part>
56 * </pre>
57 * A URL contains the name of the scheme being used (<scheme>) followed
58 * by a colon and then a string (the <scheme-specific-part>) whose
59 * interpretation depends on the scheme.
60 * <p>
61 * While the syntax for the rest of the URL may vary depending on the
62 * particular scheme selected, URL schemes that involve the direct use
63 * of an IP-based protocol to a specified host on the Internet use a
64 * common syntax for the scheme-specific data:
65 * <pre>
66 * //<user>:<password>@<host>:<port>/<url-path>
67 * </pre>
68 * [RFC2732] specifies that an IPv6 address contained inside a URL
69 * must be enclosed in square brackets (to allow distinguishing the
70 * colons that separate IPv6 components from the colons that separate
71 * scheme-specific data.
72 * <p>
73 * @author Amit Kapoor
74 * @author Hemma Prafullchandra
75 * @author Sean Mullan
76 * @author Steve Hanna
77 * @see GeneralName
78 * @see GeneralNames
79 * @see GeneralNameInterface
80 */
81public class URIName implements GeneralNameInterface {
82
83 // private attributes
84 private URI uri;
85 private String host;
86 private DNSName hostDNS;
87 private IPAddressName hostIP;
88
89 /**
90 * Create the URIName object from the passed encoded Der value.
91 *
92 * @param derValue the encoded DER URIName.
93 * @exception IOException on error.
94 */
95 public URIName(DerValue derValue) throws IOException {
96 this(derValue.getIA5String());
97 }
98
99 /**
100 * Create the URIName object with the specified name.
101 *
102 * @param name the URIName.
103 * @throws IOException if name is not a proper URIName
104 */
105 public URIName(String name) throws IOException {
106 try {
107 uri = new URI(name);
108 } catch (URISyntaxException use) {
109 throw (IOException) new IOException
110 ("invalid URI name:" + name).initCause(use);
111 }
112 if (uri.getScheme() == null) {
113 throw new IOException("URI name must include scheme:" + name);
114 }
115
116 host = uri.getHost();
117 // RFC 3280 says that the host should be non-null, but we allow it to
118 // be null because some widely deployed certificates contain CDP
119 // extensions with URIs that have no hostname (see bugs 4802236 and
120 // 5107944).
121 if (host != null) {
122 if (host.charAt(0) == '[') {
123 // Verify host is a valid IPv6 address name
124 String ipV6Host = host.substring(1, host.length()-1);
125 try {
126 hostIP = new IPAddressName(ipV6Host);
127 } catch (IOException ioe) {
128 throw new IOException("invalid URI name (host " +
129 "portion is not a valid IPv6 address):" + name);
130 }
131 } else {
132 try {
133 hostDNS = new DNSName(host);
134 } catch (IOException ioe) {
135 // Not a valid DNS Name; see if it is a valid IPv4
136 // IPAddressName
137 try {
138 hostIP = new IPAddressName(host);
139 } catch (Exception ioe2) {
140 throw new IOException("invalid URI name (host " +
141 "portion is not a valid DNS name, IPv4 address," +
142 " or IPv6 address):" + name);
143 }
144 }
145 }
146 }
147 }
148
149 /**
150 * Create the URIName object with the specified name constraint. URI
151 * name constraints syntax is different than SubjectAltNames, etc. See
152 * 4.2.1.11 of RFC 3280.
153 *
154 * @param value the URI name constraint
155 * @throws IOException if name is not a proper URI name constraint
156 */
157 public static URIName nameConstraint(DerValue value) throws IOException {
158 URI uri;
159 String name = value.getIA5String();
160 try {
161 uri = new URI(name);
162 } catch (URISyntaxException use) {
163 throw (IOException) new IOException
164 ("invalid URI name constraint:" + name).initCause(use);
165 }
166 if (uri.getScheme() == null) {
167 String host = uri.getSchemeSpecificPart();
168 try {
169 DNSName hostDNS;
170 if (host.charAt(0) == '.') {
171 hostDNS = new DNSName(host.substring(1));
172 } else {
173 hostDNS = new DNSName(host);
174 }
175 return new URIName(uri, host, hostDNS);
176 } catch (IOException ioe) {
177 throw (IOException) new IOException
178 ("invalid URI name constraint:" + name).initCause(ioe);
179 }
180 } else {
181 throw new IOException("invalid URI name constraint (should not " +
182 "include scheme):" + name);
183 }
184 }
185
186 URIName(URI uri, String host, DNSName hostDNS) {
187 this.uri = uri;
188 this.host = host;
189 this.hostDNS = hostDNS;
190 }
191
192 /**
193 * Return the type of the GeneralName.
194 */
195 public int getType() {
196 return GeneralNameInterface.NAME_URI;
197 }
198
199 /**
200 * Encode the URI name into the DerOutputStream.
201 *
202 * @param out the DER stream to encode the URIName to.
203 * @exception IOException on encoding errors.
204 */
205 public void encode(DerOutputStream out) throws IOException {
206 out.putIA5String(uri.toASCIIString());
207 }
208
209 /**
210 * Convert the name into user readable string.
211 */
212 public String toString() {
213 return "URIName: " + uri.toString();
214 }
215
216 /**
217 * Compares this name with another, for equality.
218 *
219 * @return true iff the names are equivalent according to RFC2459.
220 */
221 public boolean equals(Object obj) {
222 if (this == obj) {
223 return true;
224 }
225
226 if (!(obj instanceof URIName)) {
227 return false;
228 }
229
230 URIName other = (URIName) obj;
231
232 return uri.equals(other.getURI());
233 }
234
235 /**
236 * Returns the URIName as a java.net.URI object
237 */
238 public URI getURI() {
239 return uri;
240 }
241
242 /**
243 * Returns this URI name.
244 */
245 public String getName() {
246 return uri.toString();
247 }
248
249 /**
250 * Return the scheme name portion of a URIName
251 *
252 * @returns scheme portion of full name
253 */
254 public String getScheme() {
255 return uri.getScheme();
256 }
257
258 /**
259 * Return the host name or IP address portion of the URIName
260 *
261 * @returns host name or IP address portion of full name
262 */
263 public String getHost() {
264 return host;
265 }
266
267 /**
268 * Return the host object type; if host name is a
269 * DNSName, then this host object does not include any
270 * initial "." on the name.
271 *
272 * @returns host name as DNSName or IPAddressName
273 */
274 public Object getHostObject() {
275 if (hostIP != null) {
276 return hostIP;
277 } else {
278 return hostDNS;
279 }
280 }
281
282 /**
283 * Returns the hash code value for this object.
284 *
285 * @return a hash code value for this object.
286 */
287 public int hashCode() {
288 return uri.hashCode();
289 }
290
291 /**
292 * Return type of constraint inputName places on this name:<ul>
293 * <li>NAME_DIFF_TYPE = -1: input name is different type from name
294 * (i.e. does not constrain).
295 * <li>NAME_MATCH = 0: input name matches name.
296 * <li>NAME_NARROWS = 1: input name narrows name (is lower in the naming
297 * subtree)
298 * <li>NAME_WIDENS = 2: input name widens name (is higher in the naming
299 * subtree)
300 * <li>NAME_SAME_TYPE = 3: input name does not match or narrow name, but
301 * is same type.
302 * </ul>.
303 * These results are used in checking NameConstraints during
304 * certification path verification.
305 * <p>
306 * RFC3280: For URIs, the constraint applies to the host part of the name.
307 * The constraint may specify a host or a domain. Examples would be
308 * "foo.bar.com"; and ".xyz.com". When the the constraint begins with
309 * a period, it may be expanded with one or more subdomains. That is,
310 * the constraint ".xyz.com" is satisfied by both abc.xyz.com and
311 * abc.def.xyz.com. However, the constraint ".xyz.com" is not satisfied
312 * by "xyz.com". When the constraint does not begin with a period, it
313 * specifies a host.
314 * <p>
315 * @param inputName to be checked for being constrained
316 * @returns constraint type above
317 * @throws UnsupportedOperationException if name is not exact match, but
318 * narrowing and widening are not supported for this name type.
319 */
320 public int constrains(GeneralNameInterface inputName)
321 throws UnsupportedOperationException {
322 int constraintType;
323 if (inputName == null) {
324 constraintType = NAME_DIFF_TYPE;
325 } else if (inputName.getType() != NAME_URI) {
326 constraintType = NAME_DIFF_TYPE;
327 } else {
328 // Assuming from here on that one or both of these is
329 // actually a URI name constraint (not a URI), so we
330 // only need to compare the host portion of the name
331
332 String otherHost = ((URIName)inputName).getHost();
333
334 // Quick check for equality
335 if (otherHost.equalsIgnoreCase(host)) {
336 constraintType = NAME_MATCH;
337 } else {
338 Object otherHostObject = ((URIName)inputName).getHostObject();
339
340 if ((hostDNS == null) ||
341 !(otherHostObject instanceof DNSName)) {
342 // If one (or both) is an IP address, only same type
343 constraintType = NAME_SAME_TYPE;
344 } else {
345 // Both host portions are DNS names. Are they domains?
346 boolean thisDomain = (host.charAt(0) == '.');
347 boolean otherDomain = (otherHost.charAt(0) == '.');
348 DNSName otherDNS = (DNSName) otherHostObject;
349
350 // Run DNSName.constrains.
351 constraintType = hostDNS.constrains(otherDNS);
352 // If neither one is a domain, then they can't
353 // widen or narrow. That's just SAME_TYPE.
354 if ((!thisDomain && !otherDomain) &&
355 ((constraintType == NAME_WIDENS) ||
356 (constraintType == NAME_NARROWS))) {
357 constraintType = NAME_SAME_TYPE;
358 }
359
360 // If one is a domain and the other isn't,
361 // then they can't match. The one that's a
362 // domain doesn't include the one that's
363 // not a domain.
364 if ((thisDomain != otherDomain) &&
365 (constraintType == NAME_MATCH)) {
366 if (thisDomain) {
367 constraintType = NAME_WIDENS;
368 } else {
369 constraintType = NAME_NARROWS;
370 }
371 }
372 }
373 }
374 }
375 return constraintType;
376 }
377
378 /**
379 * Return subtree depth of this name for purposes of determining
380 * NameConstraints minimum and maximum bounds and for calculating
381 * path lengths in name subtrees.
382 *
383 * @returns distance of name from root
384 * @throws UnsupportedOperationException if not supported for this name type
385 */
386 public int subtreeDepth() throws UnsupportedOperationException {
387 DNSName dnsName = null;
388 try {
389 dnsName = new DNSName(host);
390 } catch (IOException ioe) {
391 throw new UnsupportedOperationException(ioe.getMessage());
392 }
393 return dnsName.subtreeDepth();
394 }
395}