Path: blob/master/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
41159 views
/*1* Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.x509;2627import java.io.IOException;28import java.io.OutputStream;2930import java.util.*;3132import sun.security.util.DerOutputStream;33import sun.security.util.DerValue;3435/**36* The Authority Information Access Extension (OID = 1.3.6.1.5.5.7.1.1).37* <p>38* The AIA extension identifies how to access CA information and services39* for the certificate in which it appears. It enables CAs to issue their40* certificates pre-configured with the URLs appropriate for contacting41* services relevant to those certificates. For example, a CA may issue a42* certificate that identifies the specific OCSP Responder to use when43* performing on-line validation of that certificate.44* <p>45* This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">46* Internet X.509 PKI Certificate and Certificate Revocation List47* (CRL) Profile</a>. The profile permits48* the extension to be included in end-entity or CA certificates,49* and it must be marked as non-critical. Its ASN.1 definition is as follows:50* <pre>51* id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }52*53* AuthorityInfoAccessSyntax ::=54* SEQUENCE SIZE (1..MAX) OF AccessDescription55*56* AccessDescription ::= SEQUENCE {57* accessMethod OBJECT IDENTIFIER,58* accessLocation GeneralName }59* </pre>60*61* @see Extension62* @see CertAttrSet63*/6465public class AuthorityInfoAccessExtension extends Extension66implements CertAttrSet<String> {6768/**69* Identifier for this attribute, to be used with the70* get, set, delete methods of Certificate, x509 type.71*/72public static final String IDENT =73"x509.info.extensions.AuthorityInfoAccess";7475/**76* Attribute name.77*/78public static final String NAME = "AuthorityInfoAccess";79public static final String DESCRIPTIONS = "descriptions";8081/**82* The List of AccessDescription objects.83*/84private List<AccessDescription> accessDescriptions;8586/**87* Create an AuthorityInfoAccessExtension from a List of88* AccessDescription; the criticality is set to false.89*90* @param accessDescriptions the List of AccessDescription91* @throws IOException on error92*/93public AuthorityInfoAccessExtension(94List<AccessDescription> accessDescriptions) throws IOException {95this.extensionId = PKIXExtensions.AuthInfoAccess_Id;96this.critical = false;97this.accessDescriptions = accessDescriptions;98encodeThis();99}100101/**102* Create the extension from the passed DER encoded value of the same.103*104* @param critical true if the extension is to be treated as critical.105* @param value Array of DER encoded bytes of the actual value.106* @exception IOException on error.107*/108public AuthorityInfoAccessExtension(Boolean critical, Object value)109throws IOException {110this.extensionId = PKIXExtensions.AuthInfoAccess_Id;111this.critical = critical.booleanValue();112113if (!(value instanceof byte[])) {114throw new IOException("Illegal argument type");115}116117extensionValue = (byte[])value;118DerValue val = new DerValue(extensionValue);119if (val.tag != DerValue.tag_Sequence) {120throw new IOException("Invalid encoding for " +121"AuthorityInfoAccessExtension.");122}123accessDescriptions = new ArrayList<AccessDescription>();124while (val.data.available() != 0) {125DerValue seq = val.data.getDerValue();126AccessDescription accessDescription = new AccessDescription(seq);127accessDescriptions.add(accessDescription);128}129}130131/**132* Return the list of AccessDescription objects.133*/134public List<AccessDescription> getAccessDescriptions() {135return accessDescriptions;136}137138/**139* Return the name of this attribute.140*/141public String getName() {142return NAME;143}144145/**146* Write the extension to the DerOutputStream.147*148* @param out the DerOutputStream to write the extension to.149* @exception IOException on encoding errors.150*/151public void encode(OutputStream out) throws IOException {152DerOutputStream tmp = new DerOutputStream();153if (this.extensionValue == null) {154this.extensionId = PKIXExtensions.AuthInfoAccess_Id;155this.critical = false;156encodeThis();157}158super.encode(tmp);159out.write(tmp.toByteArray());160}161162/**163* Set the attribute value.164*/165@SuppressWarnings("unchecked") // Checked with an instanceof check166public void set(String name, Object obj) throws IOException {167if (name.equalsIgnoreCase(DESCRIPTIONS)) {168if (!(obj instanceof List)) {169throw new IOException("Attribute value should be of type List.");170}171accessDescriptions = (List<AccessDescription>)obj;172} else {173throw new IOException("Attribute name [" + name +174"] not recognized by " +175"CertAttrSet:AuthorityInfoAccessExtension.");176}177encodeThis();178}179180/**181* Get the attribute value.182*/183public List<AccessDescription> get(String name) throws IOException {184if (name.equalsIgnoreCase(DESCRIPTIONS)) {185return accessDescriptions;186} else {187throw new IOException("Attribute name [" + name +188"] not recognized by " +189"CertAttrSet:AuthorityInfoAccessExtension.");190}191}192193/**194* Delete the attribute value.195*/196public void delete(String name) throws IOException {197if (name.equalsIgnoreCase(DESCRIPTIONS)) {198accessDescriptions = new ArrayList<AccessDescription>();199} else {200throw new IOException("Attribute name [" + name +201"] not recognized by " +202"CertAttrSet:AuthorityInfoAccessExtension.");203}204encodeThis();205}206207/**208* Return an enumeration of names of attributes existing within this209* attribute.210*/211public Enumeration<String> getElements() {212AttributeNameEnumeration elements = new AttributeNameEnumeration();213elements.addElement(DESCRIPTIONS);214return elements.elements();215}216217// Encode this extension value218private void encodeThis() throws IOException {219if (accessDescriptions.isEmpty()) {220this.extensionValue = null;221} else {222DerOutputStream ads = new DerOutputStream();223for (AccessDescription accessDescription : accessDescriptions) {224accessDescription.encode(ads);225}226DerOutputStream seq = new DerOutputStream();227seq.write(DerValue.tag_Sequence, ads);228this.extensionValue = seq.toByteArray();229}230}231232/**233* Return the extension as user readable string.234*/235public String toString() {236return super.toString() + "AuthorityInfoAccess [\n "237+ accessDescriptions + "\n]\n";238}239240}241242243