Home | History | Annotate | Download | only in x509 
      1 /*
      2  * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 package sun.security.x509;
     27 
     28 import java.io.IOException;
     29 import java.io.OutputStream;
     30 import java.util.*;
     31 
     32 import sun.security.util.DerValue;
     33 import sun.security.util.DerOutputStream;
     34 
     35 /**
     36  * This class defines the certificate policies extension which specifies the
     37  * policies under which the certificate has been issued
     38  * and the purposes for which the certificate may be used.
     39  * <p>
     40  * Applications with specific policy requirements are expected to have a
     41  * list of those policies which they will accept and to compare the
     42  * policy OIDs in the certificate to that list.  If this extension is
     43  * critical, the path validation software MUST be able to interpret this
     44  * extension (including the optional qualifier), or MUST reject the
     45  * certificate.
     46  * <p>
     47  * Optional qualifiers are not supported in this implementation, as they are
     48  * not recommended by RFC2459.
     49  *
     50  * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the
     51  * module definition):
     52  * <pre>
     53  * id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
     54  *
     55  * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
     56  *
     57  * PolicyInformation ::= SEQUENCE {
     58  *      policyIdentifier   CertPolicyId,
     59  *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
     60  *                              PolicyQualifierInfo OPTIONAL }
     61  *
     62  * CertPolicyId ::= OBJECT IDENTIFIER
     63  * </pre>
     64  * @author Anne Anderson
     65  * @since       1.4
     66  * @see Extension
     67  * @see CertAttrSet
     68  */
     69 public class CertificatePoliciesExtension extends Extension
     70 implements CertAttrSet<String> {
     71     /**
     72      * Identifier for this attribute, to be used with the
     73      * get, set, delete methods of Certificate, x509 type.
     74      */
     75     public static final String IDENT = "x509.info.extensions.CertificatePolicies";
     76     /**
     77      * Attribute names.
     78      */
     79     public static final String NAME = "CertificatePolicies";
     80     public static final String POLICIES = "policies";
     81 
     82     /**
     83      * List of PolicyInformation for this object.
     84      */
     85     private List<PolicyInformation> certPolicies;
     86 
     87     // Encode this extension value.
     88     private void encodeThis() throws IOException {
     89         if (certPolicies == null || certPolicies.isEmpty()) {
     90             this.extensionValue = null;
     91         } else {
     92             DerOutputStream os = new DerOutputStream();
     93             DerOutputStream tmp = new DerOutputStream();
     94 
     95             for (PolicyInformation info : certPolicies) {
     96                 info.encode(tmp);
     97             }
     98 
     99             os.write(DerValue.tag_Sequence, tmp);
    100             this.extensionValue = os.toByteArray();
    101         }
    102     }
    103 
    104     /**
    105      * Create a CertificatePoliciesExtension object from
    106      * a List of PolicyInformation; the criticality is set to false.
    107      *
    108      * @param certPolicies the List of PolicyInformation.
    109      */
    110     public CertificatePoliciesExtension(List<PolicyInformation> certPolicies)
    111     throws IOException {
    112         this(Boolean.FALSE, certPolicies);
    113     }
    114 
    115     /**
    116      * Create a CertificatePoliciesExtension object from
    117      * a List of PolicyInformation with specified criticality.
    118      *
    119      * @param critical true if the extension is to be treated as critical.
    120      * @param certPolicies the List of PolicyInformation.
    121      */
    122     public CertificatePoliciesExtension(Boolean critical,
    123             List<PolicyInformation> certPolicies) throws IOException {
    124         this.certPolicies = certPolicies;
    125         this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    126         this.critical = critical.booleanValue();
    127         encodeThis();
    128     }
    129 
    130     /**
    131      * Create the extension from its DER encoded value and criticality.
    132      *
    133      * @param critical true if the extension is to be treated as critical.
    134      * @param value an array of DER encoded bytes of the actual value.
    135      * @exception ClassCastException if value is not an array of bytes
    136      * @exception IOException on error.
    137      */
    138     public CertificatePoliciesExtension(Boolean critical, Object value)
    139     throws IOException {
    140         this.extensionId = PKIXExtensions.CertificatePolicies_Id;
    141         this.critical = critical.booleanValue();
    142         this.extensionValue = (byte[]) value;
    143         DerValue val = new DerValue(this.extensionValue);
    144         if (val.tag != DerValue.tag_Sequence) {
    145             throw new IOException("Invalid encoding for " +
    146                                    "CertificatePoliciesExtension.");
    147         }
    148         certPolicies = new ArrayList<PolicyInformation>();
    149         while (val.data.available() != 0) {
    150             DerValue seq = val.data.getDerValue();
    151             PolicyInformation policy = new PolicyInformation(seq);
    152             certPolicies.add(policy);
    153         }
    154     }
    155 
    156     /**
    157      * Return the extension as user readable string.
    158      */
    159     public String toString() {
    160         if (certPolicies == null) {
    161             return "";
    162         }
    163         StringBuilder sb = new StringBuilder(super.toString());
    164         sb.append("CertificatePolicies [\n");
    165         for (PolicyInformation info : certPolicies) {
    166             sb.append(info.toString());
    167         }
    168         sb.append("]\n");
    169         return sb.toString();
    170     }
    171 
    172     /**
    173      * Write the extension to the DerOutputStream.
    174      *
    175      * @param out the DerOutputStream to write the extension to.
    176      * @exception IOException on encoding errors.
    177      */
    178     public void encode(OutputStream out) throws IOException {
    179         DerOutputStream tmp = new DerOutputStream();
    180         if (extensionValue == null) {
    181           extensionId = PKIXExtensions.CertificatePolicies_Id;
    182           critical = false;
    183           encodeThis();
    184         }
    185         super.encode(tmp);
    186         out.write(tmp.toByteArray());
    187     }
    188 
    189     /**
    190      * Set the attribute value.
    191      */
    192     @SuppressWarnings("unchecked") // Checked with an instanceof check
    193     public void set(String name, Object obj) throws IOException {
    194         if (name.equalsIgnoreCase(POLICIES)) {
    195             if (!(obj instanceof List)) {
    196                 throw new IOException("Attribute value should be of type List.");
    197             }
    198             certPolicies = (List<PolicyInformation>)obj;
    199         } else {
    200           throw new IOException("Attribute name [" + name +
    201                                 "] not recognized by " +
    202                                 "CertAttrSet:CertificatePoliciesExtension.");
    203         }
    204         encodeThis();
    205     }
    206 
    207     /**
    208      * Get the attribute value.
    209      */
    210     public List<PolicyInformation> get(String name) throws IOException {
    211         if (name.equalsIgnoreCase(POLICIES)) {
    212             //XXXX May want to consider cloning this
    213             return certPolicies;
    214         } else {
    215           throw new IOException("Attribute name [" + name +
    216                                 "] not recognized by " +
    217                                 "CertAttrSet:CertificatePoliciesExtension.");
    218         }
    219     }
    220 
    221     /**
    222      * Delete the attribute value.
    223      */
    224     public void delete(String name) throws IOException {
    225         if (name.equalsIgnoreCase(POLICIES)) {
    226             certPolicies = null;
    227         } else {
    228           throw new IOException("Attribute name [" + name +
    229                                 "] not recognized by " +
    230                                 "CertAttrSet:CertificatePoliciesExtension.");
    231         }
    232         encodeThis();
    233     }
    234 
    235     /**
    236      * Return an enumeration of names of attributes existing within this
    237      * attribute.
    238      */
    239     public Enumeration<String> getElements() {
    240         AttributeNameEnumeration elements = new AttributeNameEnumeration();
    241         elements.addElement(POLICIES);
    242 
    243         return (elements.elements());
    244     }
    245 
    246     /**
    247      * Return the name of this attribute.
    248      */
    249     public String getName() {
    250         return (NAME);
    251     }
    252 }
    253