📄 x509certselector.java
字号:
* clear this criterion. Note that if non-null, the argument will be * cloned to prevent modification. * * @param nameConstraints The new name constraints. * @throws IOException If the argument is not a valid DER-encoded * name constraints. */ public void setNameConstraints(byte[] nameConstraints) throws IOException { // FIXME check if the argument is valid. this.nameConstraints = nameConstraints != null ? (byte[]) nameConstraints.clone() : null; } /** * Returns the basic constraints criterion, or -1 if this value is not set. * * @return The basic constraints. */ public int getBasicConstraints() { return basicConstraints; } /** * Sets the basic constraints criterion. Specify -1 to clear this parameter. * * @param basicConstraints The new basic constraints value. */ public void setBasicConstraints(int basicConstraints) { if (basicConstraints < -1) basicConstraints = -1; this.basicConstraints = basicConstraints; } // The last two criteria not yet implemented are certificate policies // and path-to-names. Both of these are somewhat advanced extensions // (you could probably count the applications that actually use them // on one hand), and they both have no support in the X509Certificate // class. // // Not having support in X509Certificate is not always a problem; for // example, we can compare DER-encoded values as byte arrays for some // extensions. We can't, however, compare them if they are specified // in a set (as policies are). We need to parse the actual value in the // certificate, and check it against the specified set. // FIXME// public void setPolicy(Set policy) throws IOException// {// if (policy != null)// {// for (Iterator it = policy.iterator(); it.hasNext(); )// try// {// OID oid = new OID((String) it.next());// int[] i = oid.getIDs();// if (!checkOid(i))// throw new IOException("invalid OID");// }// catch (Exception x)// {// throw new IOException("invalid OID");// }// }// this.policy = policy != null ? new HashSet(policy) : null;// } // FIXME// public void setPathToNames(Collection names) throws IOException// {// if (names == null)// {// this.names = null;// return;// }// for (Iterator it = names.iterator(); it.hasNext(); )// {// try// {// List l = (List) it.next();// if (l.get(1) instanceof String)// addPathToName(((Integer)l.get(0)).intValue(), (String)l.get(1));// else// addPathToName(((Integer)l.get(0)).intValue(), (byte[])l.get(1));// }// catch (Exception x)// {// this.names = null;// throw new IOException("invalid names");// }// }// } // FIXME// public void addPathToName(int id, String name) throws IOException// {// } // FIXME// public void addPathToName(int id, byte[] name) throws IOException// {// } // FIXME// public Collection getSubjectAlternativeNames()// {// return null;// } // FIXME// public Set getPolicy()// {// return null;// } // FIXME// public Collection getPathToNames()// {// return null;// } /** * Match a certificate. This method will check the given certificate * against all the enabled criteria of this selector, and will return * <code>true</code> if the given certificate matches. * * @param certificate The certificate to check. * @return true if the certificate matches all criteria. */ public boolean match(Certificate certificate) { if (!(certificate instanceof X509Certificate)) return false; X509Certificate cert = (X509Certificate) certificate; if (this.cert != null) { try { byte[] e1 = this.cert.getEncoded(); byte[] e2 = cert.getEncoded(); if (!Arrays.equals(e1, e2)) return false; } catch (CertificateEncodingException cee) { return false; } } if (serialNo != null) { if (!serialNo.equals(cert.getSerialNumber())) return false; } if (certValid != null) { try { cert.checkValidity(certValid); } catch (CertificateException ce) { return false; } } if (issuer != null) { if (!issuer.equals(cert.getIssuerX500Principal())) return false; } if (subject != null) { if (!subject.equals(cert.getSubjectX500Principal())) return false; } if (sigId != null) { if (!sigId.toString().equals(cert.getSigAlgOID())) return false; } if (subjectKeyId != null) { byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID); if (!Arrays.equals(b, subjectKeyId)) return false; } if (authKeyId != null) { byte[] b = cert.getExtensionValue(AUTH_KEY_ID); if (!Arrays.equals(b, authKeyId)) return false; } if (keyUsage != null) { boolean[] b = cert.getKeyUsage(); if (!Arrays.equals(b, keyUsage)) return false; } if (basicConstraints >= 0) { if (cert.getBasicConstraints() != basicConstraints) return false; } if (keyPurposeSet != null) { List kp = null; try { kp = cert.getExtendedKeyUsage(); } catch (CertificateParsingException cpe) { return false; } if (kp == null) return false; for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); ) { if (!kp.contains(it.next())) return false; } } if (altNames != null) { Collection an = null; try { an = cert.getSubjectAlternativeNames(); } catch (CertificateParsingException cpe) { return false; } if (an == null) return false; int match = 0; for (Iterator it = altNames.iterator(); it.hasNext(); ) { List l = (List) it.next(); Integer id = (Integer) l.get(0); String s = null; byte[] b = null; if (l.get(1) instanceof String) s = (String) l.get(1); else if (l.get(1) instanceof byte[]) b = (byte[]) l.get(1); else return false; for (Iterator it2 = an.iterator(); it2.hasNext(); ) { Object o = it2.next(); if (!(o instanceof List)) continue; List l2 = (List) o; if (l2.size() != 2) continue; if (!id.equals(l2.get(0))) continue; if (s != null && (l2.get(1) instanceof String) && s.equals(l2.get(1))) match++; else if (b != null && (l2.get(1) instanceof byte[]) && Arrays.equals(b, (byte[]) l2.get(1))) match++; } if (match == 0 || (matchAllNames && match != altNames.size())) return false; } } if (nameConstraints != null) { byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID); if (!Arrays.equals(nameConstraints, nc)) return false; } // FIXME check policies. // FIXME check path-to-names. return true; } public String toString() { StringBuffer str = new StringBuffer(X509CertSelector.class.getName()); String nl = SystemProperties.getProperty("line.separator"); String eol = ";" + nl; str.append(" {").append(nl); if (cert != null) str.append(" certificate = ").append(cert).append(eol); if (basicConstraints >= 0) str.append(" basic constraints = ").append(basicConstraints).append(eol); if (serialNo != null) str.append(" serial number = ").append(serialNo).append(eol); if (certValid != null) str.append(" valid date = ").append(certValid).append(eol); if (issuer != null) str.append(" issuer = ").append(issuer).append(eol); if (subject != null) str.append(" subject = ").append(subject).append(eol); if (sigId != null) str.append(" signature OID = ").append(sigId).append(eol); if (subjectKey != null) str.append(" subject public key = ").append(subjectKey).append(eol); if (subjectKeyId != null) { str.append(" subject key ID = "); for (int i = 0; i < subjectKeyId.length; i++) { str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16)); str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16)); if (i < subjectKeyId.length - 1) str.append(':'); } str.append(eol); } if (authKeyId != null) { str.append(" authority key ID = "); for (int i = 0; i < authKeyId.length; i++) { str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16)); str.append(Character.forDigit((authKeyId[i] & 0x0F), 16)); if (i < authKeyId.length - 1) str.append(':'); } str.append(eol); } if (keyUsage != null) { str.append(" key usage = "); for (int i = 0; i < keyUsage.length; i++) str.append(keyUsage[i] ? '1' : '0'); str.append(eol); } if (keyPurposeSet != null) str.append(" key purpose = ").append(keyPurposeSet).append(eol); if (altNames != null) str.append(" alternative names = ").append(altNames).append(eol); if (nameConstraints != null) str.append(" name constraints = <blob of data>").append(eol); str.append("}").append(nl); return str.toString(); } public Object clone() { try { return super.clone(); } catch (CloneNotSupportedException shouldNotHappen) { throw new Error(shouldNotHappen); } } // Own methods. // ------------------------------------------------------------------------- private static boolean checkOid(int[] oid) { return (oid != null && oid.length > 2 && (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39)); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -