View Javadoc
1   /*
2    * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  package sun.security.x509;
26  
27  import java.io.IOException;
28  import java.io.OutputStream;
29  import java.util.Enumeration;
30  
31  import sun.security.util.DerValue;
32  import sun.security.util.DerOutputStream;
33  
34  /**
35   * Represents the CRL Certificate Issuer Extension (OID = 2.5.29.29).
36   * <p>
37   * The CRL certificate issuer extension identifies the certificate issuer
38   * associated with an entry in an indirect CRL, i.e. a CRL that has the
39   * indirectCRL indicator set in its issuing distribution point extension. If
40   * this extension is not present on the first entry in an indirect CRL, the
41   * certificate issuer defaults to the CRL issuer. On subsequent entries
42   * in an indirect CRL, if this extension is not present, the certificate
43   * issuer for the entry is the same as that for the preceding entry.
44   * <p>
45   * If used by conforming CRL issuers, this extension is always
46   * critical.  If an implementation ignored this extension it could not
47   * correctly attribute CRL entries to certificates.  PKIX (RFC 3280)
48   * RECOMMENDS that implementations recognize this extension.
49   * <p>
50   * The ASN.1 definition for this is:
51   * <pre>
52   * id-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-ce 29 }
53   *
54   * certificateIssuer ::=     GeneralNames
55   * </pre>
56   *
57   * @author Anne Anderson
58   * @author Sean Mullan
59   * @since 1.5
60   * @see Extension
61   * @see CertAttrSet
62   */
63  public class CertificateIssuerExtension extends Extension
64      implements CertAttrSet<String> {
65  
66      /**
67       * Attribute names.
68       */
69      public static final String NAME = "CertificateIssuer";
70      public static final String ISSUER = "issuer";
71  
72      private GeneralNames names;
73  
74      /**
75       * Encode this extension
76       */
77      private void encodeThis() throws IOException {
78          if (names == null || names.isEmpty()) {
79              this.extensionValue = null;
80              return;
81          }
82          DerOutputStream os = new DerOutputStream();
83          names.encode(os);
84          this.extensionValue = os.toByteArray();
85      }
86  
87      /**
88       * Create a CertificateIssuerExtension containing the specified issuer name.
89       * Criticality is automatically set to true.
90       *
91       * @param issuer the certificate issuer
92       * @throws IOException on error
93       */
94      public CertificateIssuerExtension(GeneralNames issuer) throws IOException {
95          this.extensionId = PKIXExtensions.CertificateIssuer_Id;
96          this.critical = true;
97          this.names = issuer;
98          encodeThis();
99      }
100 
101     /**
102      * Create a CertificateIssuerExtension from the specified DER encoded
103      * value of the same.
104      *
105      * @param critical true if the extension is to be treated as critical.
106      * @param value an array of DER encoded bytes of the actual value
107      * @throws ClassCastException if value is not an array of bytes
108      * @throws IOException on error
109      */
110     public CertificateIssuerExtension(Boolean critical, Object value)
111         throws IOException {
112         this.extensionId = PKIXExtensions.CertificateIssuer_Id;
113         this.critical = critical.booleanValue();
114 
115         this.extensionValue = (byte[]) value;
116         DerValue val = new DerValue(this.extensionValue);
117         this.names = new GeneralNames(val);
118     }
119 
120     /**
121      * Set the attribute value.
122      *
123      * @throws IOException on error
124      */
125     public void set(String name, Object obj) throws IOException {
126         if (name.equalsIgnoreCase(ISSUER)) {
127             if (!(obj instanceof GeneralNames)) {
128                 throw new IOException("Attribute value must be of type " +
129                     "GeneralNames");
130             }
131             this.names = (GeneralNames)obj;
132         } else {
133             throw new IOException("Attribute name not recognized by " +
134                 "CertAttrSet:CertificateIssuer");
135         }
136         encodeThis();
137     }
138 
139     /**
140      * Gets the attribute value.
141      *
142      * @throws IOException on error
143      */
144     public GeneralNames get(String name) throws IOException {
145         if (name.equalsIgnoreCase(ISSUER)) {
146             return names;
147         } else {
148             throw new IOException("Attribute name not recognized by " +
149                 "CertAttrSet:CertificateIssuer");
150         }
151     }
152 
153     /**
154      * Deletes the attribute value.
155      *
156      * @throws IOException on error
157      */
158     public void delete(String name) throws IOException {
159         if (name.equalsIgnoreCase(ISSUER)) {
160             names = null;
161         } else {
162             throw new IOException("Attribute name not recognized by " +
163                 "CertAttrSet:CertificateIssuer");
164         }
165         encodeThis();
166     }
167 
168     /**
169      * Returns a printable representation of the certificate issuer.
170      */
171     public String toString() {
172         return super.toString() + "Certificate Issuer [\n" +
173             String.valueOf(names) + "]\n";
174     }
175 
176     /**
177      * Write the extension to the OutputStream.
178      *
179      * @param out the OutputStream to write the extension to
180      * @exception IOException on encoding errors
181      */
182     public void encode(OutputStream out) throws IOException {
183         DerOutputStream  tmp = new DerOutputStream();
184         if (extensionValue == null) {
185             extensionId = PKIXExtensions.CertificateIssuer_Id;
186             critical = true;
187             encodeThis();
188         }
189         super.encode(tmp);
190         out.write(tmp.toByteArray());
191     }
192 
193     /**
194      * Return an enumeration of names of attributes existing within this
195      * attribute.
196      */
197     public Enumeration<String> getElements() {
198         AttributeNameEnumeration elements = new AttributeNameEnumeration();
199         elements.addElement(ISSUER);
200         return elements.elements();
201     }
202 
203     /**
204      * Return the name of this attribute.
205      */
206     public String getName() {
207         return NAME;
208     }
209 }