x509certselector.java

JAVA基本类源代码,大家可以学习学习!

	    // Ensure that we either set both of these or neither
	    subjectAlternativeGeneralNames = parseNames(tempNames);
	    subjectAlternativeNames = tempNames;
	}
    }

    /**
     * Adds a name to the subjectAlternativeNames criterion. The
     * <code>X509Certificate</code> must contain all or at least one
     * of the specified subjectAlternativeNames, depending on the value of
     * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
     * setMatchAllSubjectAltNames}).
     * <p>
     * This method allows the caller to add a name to the set of subject
     * alternative names. 
     * The specified name is added to any previous value for the
     * subjectAlternativeNames criterion. If the specified name is a 
     * duplicate, it may be ignored.
     * <p>
     * The name is provided in string format. RFC 822, DNS, and URI names
     * use the well-established string formats for those types (subject to
     * the restrictions included in RFC 2459). IPv4 address names are
     * supplied using dotted quad notation. OID address names are represented
     * as a series of nonnegative integers separated by periods. And
     * directory names (distinguished names) are supplied in RFC 2253 format.
     * No standard string format is defined for otherNames, X.400 names,
     * EDI party names, IPv6 address names, or any other type of names. They
     * should be specified using the 
     * {@link #addSubjectAlternativeName(int type, byte [] name) 
     * addSubjectAlternativeName(int type, byte [] name)}
     * method.
     *
     * @param type the name type (0-8, as specified in
     *             RFC 2459, section 4.2.1.7)
     * @param name the name in string form (not <code>null</code>)
     * @throws IOException if a parsing error occurs
     */
    public void addSubjectAlternativeName(int type, String name)
	    throws IOException {
	addSubjectAlternativeNameInternal(type, name);
    }

    /**
     * Adds a name to the subjectAlternativeNames criterion. The
     * <code>X509Certificate</code> must contain all or at least one
     * of the specified subjectAlternativeNames, depending on the value of
     * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames
     * setMatchAllSubjectAltNames}).
     * <p>
     * This method allows the caller to add a name to the set of subject
     * alternative names.
     * The specified name is added to any previous value for the
     * subjectAlternativeNames criterion. If the specified name is a 
     * duplicate, it may be ignored.
     * <p>
     * The name is provided as a byte array. This byte array should contain
     * the DER encoded name, as it would appear in the GeneralName structure
     * defined in RFC 2459 and X.509. The encoded byte array should only contain
     * the encoded value of the name, and should not include the tag associated 
     * with the name in the GeneralName structure. The ASN.1 definition of this 
     * structure appears below.
     * <pre><code>
     *  GeneralName ::= CHOICE {
     *       otherName                       [0]     OtherName,
     *       rfc822Name                      [1]     IA5String,
     *       dNSName                         [2]     IA5String,
     *       x400Address                     [3]     ORAddress,
     *       directoryName                   [4]     Name,
     *       ediPartyName                    [5]     EDIPartyName,
     *       uniformResourceIdentifier       [6]     IA5String,
     *       iPAddress                       [7]     OCTET STRING,
     *       registeredID                    [8]     OBJECT IDENTIFIER}
     * </code></pre>
     * <p>
     * Note that the byte array supplied here is cloned to protect against
     * subsequent modifications.
     * 
     * @param type the name type (0-8, as listed above)
     * @param name a byte array containing the name in ASN.1 DER encoded form
     * @throws IOException if a parsing error occurs
     */
    public void addSubjectAlternativeName(int type, byte[] name)
	    throws IOException {
	// clone because byte arrays are modifiable
	addSubjectAlternativeNameInternal(type, name.clone());
    }

    /**
     * A private method that adds a name (String or byte array) to the
     * subjectAlternativeNames criterion. The <code>X509Certificate</code>
     * must contain the specified subjectAlternativeName.
     *
     * @param type the name type (0-8, as specified in
     *             RFC 2459, section 4.2.1.7)
     * @param name the name in string or byte array form
     * @throws IOException if a parsing error occurs
     */
    private void addSubjectAlternativeNameInternal(int type, Object name)
	    throws IOException {
	// First, ensure that the name parses
	GeneralNameInterface tempName = makeGeneralNameInterface(type, name);
	if (subjectAlternativeNames == null) {
	    subjectAlternativeNames = new HashSet();
	}
	if (subjectAlternativeGeneralNames == null) {
	    subjectAlternativeGeneralNames = new HashSet();
	}
	ArrayList list = new ArrayList();
	list.add(new Integer(type));
	list.add(name);
	subjectAlternativeNames.add(list);
	subjectAlternativeGeneralNames.add(tempName);
    }

    /**
     * Parse an argument of the form passed to setSubjectAlternativeNames,
     * returning a <code>Collection</code> of 
     * <code>GeneralNameInterface</code>s.
     * Throw an IllegalArgumentException or a ClassCastException
     * if the argument is malformed.
     *
     * @param names a Collection with one entry per name.
     *              Each entry is a <code>List</code> whose first entry
     *              is an Integer (the name type, 0-8) and whose second
     *              entry is a String or a byte array (the name, in
     *              string or ASN.1 DER encoded form, respectively).
     *              There can be multiple names of the same type. Null is
     *              not an acceptable value.
     * @return a Set of <code>GeneralNameInterface</code>s
     * @throws IOException if a parsing error occurs
     */
    private static Set parseNames(Collection names) throws IOException {
	Set genNames = new HashSet();
	Iterator i = names.iterator();
	while (i.hasNext()) {
	    Object o = i.next();
	    if (!(o instanceof List)) {
		throw new IOException("expected List");
	    }
	    List nameList = (List) o;
	    if (nameList.size() != 2) {
		throw new IOException("name list size not 2");
	    }
	    o =  nameList.get(0);
	    if (!(o instanceof Integer)) {
		throw new IOException("expected an Integer");
	    }
	    int nameType = ((Integer) o).intValue();
	    o = nameList.get(1);
	    genNames.add(makeGeneralNameInterface(nameType, o));
	}
	return genNames;
    }
  
    /**
     * Compare for equality two objects of the form passed to
     * setSubjectAlternativeNames (or X509CRLSelector.setIssuerNames).
     * Throw an <code>IllegalArgumentException</code> or a
     * <code>ClassCastException</code> if one of the objects is malformed.
     *
     * @param object1 a Collection containing the first object to compare
     * @param object2 a Collection containing the second object to compare
     * @return true if the objects are equal, false otherwise
     */
    static boolean equalNames(Collection object1, Collection object2) {
	if ((object1 == null) || (object2 == null)) {
	    return object1 == object2;
	}
	return object1.equals(object2);
    }

    /**
     * Make a <code>GeneralNameInterface</code> out of a name type (0-8) and an
     * Object that may be a byte array holding the ASN.1 DER encoded
     * name or a String form of the name.  Except for X.509
     * Distinguished Names, the String form of the name must not be the
     * result from calling toString on an existing GeneralNameInterface
     * implementing class.  The output of toString is not compatible
     * with the String constructors for names other than Distinguished
     * Names.
     *
     * @param type name type (0-8)
     * @param name name as ASN.1 Der-encoded byte array or String
     * @return a GeneralNameInterface name
     * @throws IOException if a parsing error occurs
     */
    static GeneralNameInterface makeGeneralNameInterface(int type, Object name)
	    throws IOException {
	GeneralNameInterface result;
	if (debug != null) {
	    debug.println("X509CertSelector.makeGeneralNameInterface("
	        + type + ")...");
	}
  
	if (name instanceof String) {
	    if (debug != null) {
		debug.println("X509CertSelector.makeGeneralNameInterface() "
		    + "name is String: " + name);
	    }
	    switch (type) {
	    case NAME_RFC822:
		result = new RFC822Name((String)name);
		break;
	    case NAME_DNS:
		result = new DNSName((String)name);
		break;
	    case NAME_DIRECTORY:
		result = new X500Name((String)name, "RFC2253");
		break;
	    case NAME_URI:
		result = new URIName((String)name);
		break;
	    case NAME_IP:
		result = new IPAddressName((String)name);
		break;
	    case NAME_OID:
		result = new OIDName((String)name);
		break;
	    default:
		throw new IOException("unable to parse String names of type "
				      + type);
	    }
	    if (debug != null) {
		debug.println("X509CertSelector.makeGeneralNameInterface() "
		    + "result: " + result.toString());
	    }
	} else if (name instanceof byte[]) {
	    DerValue val = new DerValue((byte[]) name);
	    if (debug != null) {
		debug.println
		    ("X509CertSelector.makeGeneralNameInterface() is byte[]");
	    }
    
	    switch (type) {
	    case NAME_ANY:
		result = new OtherName(val);
		break;
	    case NAME_RFC822:
		result = new RFC822Name(val);
		break;
	    case NAME_DNS:
		result = new DNSName(val);
		break;
	    case NAME_X400:
		result = new X400Address(val);
		break;
	    case NAME_DIRECTORY:
		result = new X500Name(val);
		break;
	    case NAME_EDI:
		result = new EDIPartyName(val);
		break;
	    case NAME_URI:
		result = new URIName(val);
		break;
	    case NAME_IP:
		result = new IPAddressName(val);
		break;
	    case NAME_OID:
		result = new OIDName(val);
		break;
	    default:
		throw new IOException("unable to parse byte array names of "
		    + "type " + type);
	    }
	    if (debug != null) {
		debug.println("X509CertSelector.makeGeneralNameInterface() result: "
		    + result.toString());
	    }
	} else {
	    if (debug != null) {
		debug.println("X509CertSelector.makeGeneralName() input name "
		    + "not String or byte array");
	    }
	    throw new IOException("name not String or byte array");
	}
	return result;
    }


    /**
     * Sets the name constraints criterion. The <code>X509Certificate</code>
     * must have subject and subject alternative names that
     * meet the specified name constraints.
     * <p>
     * The name constraints are specified as a byte array. This byte array
     * should contain the DER encoded form of the name constraints, as they
     * would appear in the NameConstraints structure defined in RFC 2459
     * and X.509. The ASN.1 definition of this structure appears below.
     *
     * <pre><code>
     *  NameConstraints ::= SEQUENCE {
     *       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
     *       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
     *
     *  GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
     *
     *  GeneralSubtree ::= SEQUENCE {
     *       base                    GeneralName,
     *       minimum         [0]     BaseDistance DEFAULT 0,
     *       maximum         [1]     BaseDistance OPTIONAL }
     *
     *  BaseDistance ::= INTEGER (0..MAX)
     *
     *  GeneralName ::= CHOICE {
     *       otherName                       [0]     OtherName,
     *       rfc822Name                      [1]     IA5String,
     *       dNSName                         [2]     IA5String,
     *       x400Address                     [3]     ORAddress,
     *       directoryName                   [4]     Name,
     *       ediPartyName                    [5]     EDIPartyName,
     *       uniformResourceIdentifier       [6]     IA5String,
     *       iPAddress                       [7]     OCTET STRING,
     *       registeredID                    [8]     OBJECT IDENTIFIER}
     * </code></pre>
     * <p>
     * Note that the byte array supplied here is cloned to protect against
     * subsequent modifications.
     *
     * @param bytes a byte array containing the ASN.1 DER encoding of
     *              a NameConstraints extension to be used for checking
     *              name constraints. Only the value of the extension is
     *              included, not the OID or criticality flag. Can be
     *              <code>null</code>,
     *              in which case no name constraints check will be performed.
     * @throws IOException if a parsing error occurs
     * @see #getNameConstraints