📄 pkixnameconstraintvalidator.java
字号:
if (permitted == null) { return; } Iterator it = permitted.iterator(); while (it.hasNext()) { String str = ((String)it.next()); if (emailIsConstrained(email, str)) { return; } } if (email.length() == 0 && permitted.size() == 0) { return; } throw new PKIXNameConstraintValidatorException( "Subject email address is not from a permitted subtree."); } private void checkExcludedEmail(Set excluded, String email) throws PKIXNameConstraintValidatorException { if (excluded.isEmpty()) { return; } Iterator it = excluded.iterator(); while (it.hasNext()) { String str = (String)it.next(); if (emailIsConstrained(email, str)) { throw new PKIXNameConstraintValidatorException( "Email address is from an excluded subtree."); } } } /** * Checks if the IP <code>ip</code> is included in the permitted set * <code>permitted</code>. * * @param permitted A <code>Set</code> of permitted IP addresses with * their subnet mask as byte arrays. * @param ip The IP address. * @throws PKIXNameConstraintValidatorException * if the IP is not permitted. */ private void checkPermittedIP(Set permitted, byte[] ip) throws PKIXNameConstraintValidatorException { if (permitted == null) { return; } Iterator it = permitted.iterator(); while (it.hasNext()) { byte[] ipWithSubnet = (byte[])it.next(); if (isIPConstrained(ip, ipWithSubnet)) { return; } } if (ip.length == 0 && permitted.size() == 0) { return; } throw new PKIXNameConstraintValidatorException( "IP is not from a permitted subtree."); } /** * Checks if the IP <code>ip</code> is included in the excluded set * <code>excluded</code>. * * @param excluded A <code>Set</code> of excluded IP addresses with their * subnet mask as byte arrays. * @param ip The IP address. * @throws PKIXNameConstraintValidatorException * if the IP is excluded. */ private void checkExcludedIP(Set excluded, byte[] ip) throws PKIXNameConstraintValidatorException { if (excluded.isEmpty()) { return; } Iterator it = excluded.iterator(); while (it.hasNext()) { byte[] ipWithSubnet = (byte[])it.next(); if (isIPConstrained(ip, ipWithSubnet)) { throw new PKIXNameConstraintValidatorException( "IP is from an excluded subtree."); } } } /** * Checks if the IP address <code>ip</code> is constrained by * <code>constraint</code>. * * @param ip The IP address. * @param constraint The constraint. This is an IP address concatenated with * its subnetmask. * @return <code>true</code> if constrained, <code>false</code> * otherwise. */ private boolean isIPConstrained(byte ip[], byte[] constraint) { int ipLength = ip.length; if (ipLength != (constraint.length / 2)) { return false; } byte[] subnetMask = new byte[ipLength]; System.arraycopy(constraint, ipLength, subnetMask, 0, ipLength); byte[] permittedSubnetAddress = new byte[ipLength]; byte[] ipSubnetAddress = new byte[ipLength]; // the resulting IP address by applying the subnet mask for (int i = 0; i < ipLength; i++) { permittedSubnetAddress[i] = (byte)(constraint[i] & subnetMask[i]); ipSubnetAddress[i] = (byte)(ip[i] & subnetMask[i]); } return Arrays.areEqual(permittedSubnetAddress, ipSubnetAddress); } private boolean emailIsConstrained(String email, String constraint) { String sub = email.substring(email.indexOf('@') + 1); // a particular mailbox if (constraint.indexOf('@') != -1) { if (email.equalsIgnoreCase(constraint)) { return true; } } // on particular host else if (!(constraint.charAt(0) == '.')) { if (sub.equalsIgnoreCase(constraint)) { return true; } } // address in sub domain else if (withinDomain(sub, constraint)) { return true; } return false; } private boolean withinDomain(String testDomain, String domain) { String tempDomain = domain; if (tempDomain.startsWith(".")) { tempDomain = tempDomain.substring(1); } String[] domainParts = Strings.split(tempDomain, '.'); String[] testDomainParts = Strings.split(testDomain, '.'); // must have at least one subdomain if (testDomainParts.length <= domainParts.length) { return false; } int d = testDomainParts.length - domainParts.length; for (int i = -1; i < domainParts.length; i++) { if (i == -1) { if (testDomainParts[i + d].equals("")) { return false; } } else if (!domainParts[i].equalsIgnoreCase(testDomainParts[i + d])) { return false; } } return true; } private void checkPermittedDNS(Set permitted, String dns) throws PKIXNameConstraintValidatorException { if (permitted == null) { return; } Iterator it = permitted.iterator(); while (it.hasNext()) { String str = ((String)it.next()); // is sub domain if (withinDomain(dns, str) || dns.equalsIgnoreCase(str)) { return; } } if (dns.length() == 0 && permitted.size() == 0) { return; } throw new PKIXNameConstraintValidatorException( "DNS is not from a permitted subtree."); } private void checkExcludedDNS(Set excluded, String dns) throws PKIXNameConstraintValidatorException { if (excluded.isEmpty()) { return; } Iterator it = excluded.iterator(); while (it.hasNext()) { String str = ((String)it.next()); // is sub domain or the same if (withinDomain(dns, str) || dns.equalsIgnoreCase(str)) { throw new PKIXNameConstraintValidatorException( "DNS is from an excluded subtree."); } } } /** * The common part of <code>email1</code> and <code>email2</code> is * added to the union <code>union</code>. If <code>email1</code> and * <code>email2</code> have nothing in common they are added both. * * @param email1 Email address constraint 1. * @param email2 Email address constraint 2. * @param union The union. */ private void unionEmail(String email1, String email2, Set union) { // email1 is a particular address if (email1.indexOf('@') != -1) { String _sub = email1.substring(email1.indexOf('@') + 1); // both are a particular mailbox if (email2.indexOf('@') != -1) { if (email1.equalsIgnoreCase(email2)) { union.add(email1); } else { union.add(email1); union.add(email2); } } // email2 specifies a domain else if (email2.startsWith(".")) { if (withinDomain(_sub, email2)) { union.add(email2); } else { union.add(email1); union.add(email2); } } // email2 specifies a particular host else { if (_sub.equalsIgnoreCase(email2)) { union.add(email2); } else { union.add(email1); union.add(email2); } } } // email1 specifies a domain else if (email1.startsWith(".")) { if (email2.indexOf('@') != -1) { String _sub = email2.substring(email1.indexOf('@') + 1); if (withinDomain(_sub, email1)) { union.add(email1); } else { union.add(email1); union.add(email2); } } // email2 specifies a domain else if (email2.startsWith(".")) { if (withinDomain(email1, email2) || email1.equalsIgnoreCase(email2)) { union.add(email2); } else if (withinDomain(email2, email1)) { union.add(email1); } else { union.add(email1); union.add(email2); } } else { if (withinDomain(email2, email1)) { union.add(email1); } else { union.add(email1); union.add(email2); } } } // email specifies a host else { if (email2.indexOf('@') != -1) { String _sub = email2.substring(email1.indexOf('@') + 1); if (_sub.equalsIgnoreCase(email1)) { union.add(email1); } else { union.add(email1); union.add(email2); } } // email2 specifies a domain else if (email2.startsWith(".")) { if (withinDomain(email1, email2)) { union.add(email2); } else { union.add(email1); union.add(email2); } } // email2 specifies a particular host else { if (email1.equalsIgnoreCase(email2)) { union.add(email1); } else { union.add(email1); union.add(email2); } } } } private void unionURI(String email1, String email2, Set union) { // email1 is a particular address if (email1.indexOf('@') != -1) { String _sub = email1.substring(email1.indexOf('@') + 1); // both are a particular mailbox if (email2.indexOf('@') != -1) { if (email1.equalsIgnoreCase(email2)) { union.add(email1); } else { union.add(email1); union.add(email2); } } // email2 specifies a domain else if (email2.startsWith(".")) { if (withinDomain(_sub, email2)) { union.add(email2); } else { union.add(email1); union.add(email2); } } // email2 specifies a particular host else { if (_sub.equalsIgnoreCase(email2)) { union.add(email2); } else { union.add(email1); union.add(email2); } } } // email1 specifies a domain else if (email1.startsWith(".")) { if (email2.indexOf('@') != -1) { String _sub = email2.substring(email1.indexOf('@') + 1); if (withinDomain(_sub, email1)) { union.add(email1); } else { union.add(email1); union.add(email2); } } // email2 specifies a domain else if (email2.startsWith(".")) { if (withinDomain(email1, email2) || email1.equalsIgnoreCase(email2)) { union.add(email2); } else if (withinDomain(email2, email1))⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -