📄 pkixnameconstraintvalidator.java
字号:
if (sub.indexOf('/') != -1) { sub = sub.substring(0, sub.indexOf('/')); } return sub; } /** * Checks if the given GeneralName is in the permitted set. * * @param name The GeneralName * @throws PKIXNameConstraintValidatorException * If the <code>name</code> */ public void checkPermitted(GeneralName name) throws PKIXNameConstraintValidatorException { switch (name.getTagNo()) { case 1: checkPermittedEmail(permittedSubtreesEmail, extractNameAsString(name)); break; case 2: checkPermittedDNS(permittedSubtreesDNS, DERIA5String.getInstance( name.getName()).getString()); break; case 4: checkPermittedDN(ASN1Sequence.getInstance(name.getName() .getDERObject())); break; case 6: checkPermittedURI(permittedSubtreesURI, DERIA5String.getInstance( name.getName()).getString()); break; case 7: byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); checkPermittedIP(permittedSubtreesIP, ip); } } /** * Check if the given GeneralName is contained in the excluded set. * * @param name The GeneralName. * @throws PKIXNameConstraintValidatorException * If the <code>name</code> is * excluded. */ public void checkExcluded(GeneralName name) throws PKIXNameConstraintValidatorException { switch (name.getTagNo()) { case 1: checkExcludedEmail(excludedSubtreesEmail, extractNameAsString(name)); break; case 2: checkExcludedDNS(excludedSubtreesDNS, DERIA5String.getInstance( name.getName()).getString()); break; case 4: checkExcludedDN(ASN1Sequence.getInstance(name.getName() .getDERObject())); break; case 6: checkExcludedURI(excludedSubtreesURI, DERIA5String.getInstance( name.getName()).getString()); break; case 7: byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); checkExcludedIP(excludedSubtreesIP, ip); } } /** * Updates the permitted set of these name constraints with the intersection * with the given subtree. * * @param permitted The permitted subtrees */ public void intersectPermittedSubtree(ASN1Sequence permitted) { Map subtreesMap = new HashMap(); // group in sets in a map ordered by tag no. for (Enumeration e = permitted.getObjects(); e.hasMoreElements();) { GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); Integer tagNo = new Integer(subtree.getBase().getTagNo()); if (subtreesMap.get(tagNo) == null) { subtreesMap.put(tagNo, new HashSet()); } ((Set)subtreesMap.get(tagNo)).add(subtree); } for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext();) { Map.Entry entry = (Map.Entry)it.next(); // go through all subtree groups switch (((Integer)entry.getKey()).intValue()) { case 1: permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, (Set)entry.getValue()); break; case 2: permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, (Set)entry.getValue()); break; case 4: permittedSubtreesDN = intersectDN(permittedSubtreesDN, (Set)entry.getValue()); break; case 6: permittedSubtreesURI = intersectURI(permittedSubtreesURI, (Set)entry.getValue()); break; case 7: permittedSubtreesIP = intersectIP(permittedSubtreesIP, (Set)entry.getValue()); } } } private String extractNameAsString(GeneralName name) { return DERIA5String.getInstance(name.getName()).getString(); } public void intersectEmptyPermittedSubtree(int nameType) { switch (nameType) { case 1: permittedSubtreesEmail = new HashSet(); break; case 2: permittedSubtreesDNS = new HashSet(); break; case 4: permittedSubtreesDN = new HashSet(); break; case 6: permittedSubtreesURI = new HashSet(); break; case 7: permittedSubtreesIP = new HashSet(); } } /** * Adds a subtree to the excluded set of these name constraints. * * @param subtree A subtree with an excluded GeneralName. */ public void addExcludedSubtree(GeneralSubtree subtree) { GeneralName base = subtree.getBase(); switch (base.getTagNo()) { case 1: excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, extractNameAsString(base)); break; case 2: excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, extractNameAsString(base)); break; case 4: excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName().getDERObject()); break; case 6: excludedSubtreesURI = unionURI(excludedSubtreesURI, extractNameAsString(base)); break; case 7: excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString .getInstance(base.getName()).getOctets()); break; } } /** * Returns the maximum IP address. * * @param ip1 The first IP address. * @param ip2 The second IP address. * @return The maximum IP address. */ private static byte[] max(byte[] ip1, byte[] ip2) { for (int i = 0; i < ip1.length; i++) { if ((ip1[i] & 0xFFFF) > (ip2[i] & 0xFFFF)) { return ip1; } } return ip2; } /** * Returns the minimum IP address. * * @param ip1 The first IP address. * @param ip2 The second IP address. * @return The minimum IP address. */ private static byte[] min(byte[] ip1, byte[] ip2) { for (int i = 0; i < ip1.length; i++) { if ((ip1[i] & 0xFFFF) < (ip2[i] & 0xFFFF)) { return ip1; } } return ip2; } /** * Compares IP address <code>ip1</code> with <code>ip2</code>. If ip1 * is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1 * otherwise. * * @param ip1 The first IP address. * @param ip2 The second IP address. * @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise. */ private static int compareTo(byte[] ip1, byte[] ip2) { if (Arrays.areEqual(ip1, ip2)) { return 0; } if (Arrays.areEqual(max(ip1, ip2), ip1)) { return 1; } return -1; } /** * Returns the logical OR of the IP addresses <code>ip1</code> and * <code>ip2</code>. * * @param ip1 The first IP address. * @param ip2 The second IP address. * @return The OR of <code>ip1</code> and <code>ip2</code>. */ private static byte[] or(byte[] ip1, byte[] ip2) { byte[] temp = new byte[ip1.length]; for (int i = 0; i < ip1.length; i++) { temp[i] = (byte)(ip1[i] | ip2[i]); } return temp; } public int hashCode() { return hashCollection(excludedSubtreesDN) + hashCollection(excludedSubtreesDNS) + hashCollection(excludedSubtreesEmail) + hashCollection(excludedSubtreesIP) + hashCollection(excludedSubtreesURI) + hashCollection(permittedSubtreesDN) + hashCollection(permittedSubtreesDNS) + hashCollection(permittedSubtreesEmail) + hashCollection(permittedSubtreesIP) + hashCollection(permittedSubtreesURI); } private int hashCollection(Collection coll) { if (coll == null) { return 0; } int hash = 0; Iterator it1 = coll.iterator(); while (it1.hasNext()) { Object o = it1.next(); if (o instanceof byte[]) { hash += Arrays.hashCode((byte[])o); } else { hash += o.hashCode(); } } return hash; } public boolean equals(Object o) { if (!(o instanceof PKIXNameConstraintValidator)) { return false; } PKIXNameConstraintValidator constraintValidator = (PKIXNameConstraintValidator)o; return collectionsAreEqual(constraintValidator.excludedSubtreesDN, excludedSubtreesDN) && collectionsAreEqual(constraintValidator.excludedSubtreesDNS, excludedSubtreesDNS) && collectionsAreEqual(constraintValidator.excludedSubtreesEmail, excludedSubtreesEmail) && collectionsAreEqual(constraintValidator.excludedSubtreesIP, excludedSubtreesIP) && collectionsAreEqual(constraintValidator.excludedSubtreesURI, excludedSubtreesURI) && collectionsAreEqual(constraintValidator.permittedSubtreesDN, permittedSubtreesDN) && collectionsAreEqual(constraintValidator.permittedSubtreesDNS, permittedSubtreesDNS) && collectionsAreEqual(constraintValidator.permittedSubtreesEmail, permittedSubtreesEmail) && collectionsAreEqual(constraintValidator.permittedSubtreesIP, permittedSubtreesIP) && collectionsAreEqual(constraintValidator.permittedSubtreesURI, permittedSubtreesURI); } private boolean collectionsAreEqual(Collection coll1, Collection coll2) { if (coll1 == coll2) { return true; } if (coll1 == null || coll2 == null) { return false; } if (coll1.size() != coll2.size()) { return false; } Iterator it1 = coll1.iterator(); while (it1.hasNext()) { Object a = it1.next(); Iterator it2 = coll2.iterator(); boolean found = false; while (it2.hasNext()) { Object b = it2.next(); if (equals(a, b)) { found = true; break; } } if (!found) { return false; } } return true; } private boolean equals(Object o1, Object o2) { if (o1 == o2) { return true; } if (o1 == null || o2 == null) { return false; } if (o1 instanceof byte[] && o2 instanceof byte[]) { return Arrays.areEqual((byte[])o1, (byte[])o2); } else { return o1.equals(o2); } } /** * Stringifies an IPv4 or v6 address with subnet mask. * * @param ip The IP with subnet mask. * @return The stringified IP address. */ private String stringifyIP(byte[] ip) { String temp = ""; for (int i = 0; i < ip.length / 2; i++) { temp += Integer.toString(ip[i] & 0x00FF) + "."; } temp = temp.substring(0, temp.length() - 1); temp += "/"; for (int i = ip.length / 2; i < ip.length; i++) { temp += Integer.toString(ip[i] & 0x00FF) + "."; } temp = temp.substring(0, temp.length() - 1); return temp; } private String stringifyIPCollection(Set ips) { String temp = ""; temp += "["; for (Iterator it = ips.iterator(); it.hasNext();) { temp += stringifyIP((byte[])it.next()) + ","; } if (temp.length() > 1) { temp = temp.substring(0, temp.length() - 1); } temp += "]"; return temp; } public String toString() { String temp = ""; temp += "permitted:\n"; if (permittedSubtreesDN != null) { temp += "DN:\n"; temp += permittedSubtreesDN.toString() + "\n"; } if (permittedSubtreesDNS != null) { temp += "DNS:\n"; temp += permittedSubtreesDNS.toString() + "\n"; } if (permittedSubtreesEmail != null) { temp += "Email:\n"; temp += permittedSubtreesEmail.toString() + "\n"; } if (permittedSubtreesURI != null) { temp += "URI:\n"; temp += permittedSubtreesURI.toString() + "\n"; } if (permittedSubtreesIP != null) { temp += "IP:\n"; temp += stringifyIPCollection(permittedSubtreesIP) + "\n"; } temp += "excluded:\n"; if (!excludedSubtreesDN.isEmpty()) { temp += "DN:\n"; temp += excludedSubtreesDN.toString() + "\n"; } if (!excludedSubtreesDNS.isEmpty()) { temp += "DNS:\n"; temp += excludedSubtreesDNS.toString() + "\n"; } if (!excludedSubtreesEmail.isEmpty()) { temp += "Email:\n"; temp += excludedSubtreesEmail.toString() + "\n"; } if (!excludedSubtreesURI.isEmpty()) { temp += "URI:\n"; temp += excludedSubtreesURI.toString() + "\n"; } if (!excludedSubtreesIP.isEmpty()) { temp += "IP:\n"; temp += stringifyIPCollection(excludedSubtreesIP) + "\n"; } return temp; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -