org.mozilla.jss.netscape.security.x509

Class NameConstraintsExtension

java.lang.Object

org.mozilla.jss.netscape.security.x509.Extension

org.mozilla.jss.netscape.security.x509.NameConstraintsExtension

All Implemented Interfaces:

java.io.Serializable, CertAttrSet

public class NameConstraintsExtension
extends Extension
implements CertAttrSet

This class defines the Name Constraints Extension.

The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.

The ASN.1 syntax for this is:

 NameConstraints ::= SEQUENCE {
    permittedSubtrees [0]  GeneralSubtrees OPTIONAL,
    excludedSubtrees  [1]  GeneralSubtrees OPTIONAL
 }
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 GeneralSubtree ::== SEQUENCE {
    base                   GeneralName,
    minimum           [0]  BaseDistance DEFAULT 0,
    maximum           [1]  BaseDistance OPTIONAL }
 BaseDistance ::== INTEGER (0..MAX)
 

See Also:

Extension, CertAttrSet, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	EXCLUDED_SUBTREES
static java.lang.String	IDENT Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.
static java.lang.String	NAME Attribute names.
static java.lang.String	PERMITTED_SUBTREES

Fields inherited from class org.mozilla.jss.netscape.security.x509.Extension

critical, extensionId, extensionValue

Constructor Summary

Constructors

Constructor and Description
NameConstraintsExtension(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded)
NameConstraintsExtension(java.lang.Boolean critical, java.lang.Object value) Create the extension from the passed DER encoded value.
NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) The default constructor for this class.

Method Summary

Modifier and Type	Method and Description
void	decode(java.io.InputStream in) Decode the extension from the InputStream.
void	delete(java.lang.String name) Delete the attribute value.
void	encode(java.io.OutputStream out) Write the extension to the OutputStream.
java.lang.Object	get(java.lang.String name) Get the attribute value.
java.util.Enumeration<java.lang.String>	getAttributeNames() Return an enumeration of names of attributes existing within this attribute.
java.lang.String	getName() Return the name of this attribute.
void	set(java.lang.String name, java.lang.Object obj) Set the attribute value.
java.lang.String	toPrint(int indent)
java.lang.String	toString() Return the printable string.

Methods inherited from class org.mozilla.jss.netscape.security.x509.Extension

clearValue, encode, getExtensionId, getExtensionValue, isCritical, setCritical, setExtensionId, setExtensionValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

IDENT

public static final java.lang.String IDENT

Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.

See Also:

Constant Field Values

NAME

public static final java.lang.String NAME

Attribute names.

See Also:

Constant Field Values

PERMITTED_SUBTREES

public static final java.lang.String PERMITTED_SUBTREES

See Also:

Constant Field Values

EXCLUDED_SUBTREES

public static final java.lang.String EXCLUDED_SUBTREES

See Also:

Constant Field Values

Constructor Detail

NameConstraintsExtension

public NameConstraintsExtension(GeneralSubtrees permitted,
                                GeneralSubtrees excluded)
                         throws java.io.IOException

The default constructor for this class. Either parameter can be set to null to indicate it is omitted but both cannot be null.

Parameters:

permitted - the permitted GeneralSubtrees (null for optional).

excluded - the excluded GeneralSubtrees (null for optional).

Throws:

java.io.IOException

NameConstraintsExtension

public NameConstraintsExtension(boolean critical,
                                GeneralSubtrees permitted,
                                GeneralSubtrees excluded)
                         throws java.io.IOException

Throws:

java.io.IOException

NameConstraintsExtension

public NameConstraintsExtension(java.lang.Boolean critical,
                                java.lang.Object value)
                         throws java.io.IOException

Create the extension from the passed DER encoded value.

Parameters:

critical - true if the extension is to be treated as critical.

value - Array of DER encoded bytes of the actual value.

Throws:

java.io.IOException - on error.

Method Detail

toString

public java.lang.String toString()

Return the printable string.

Specified by:

toString in interface CertAttrSet

Overrides:

toString in class Extension

Returns:

value of this certificate attribute in printable form.

toPrint

public java.lang.String toPrint(int indent)

decode

public void decode(java.io.InputStream in)
            throws java.io.IOException

Decode the extension from the InputStream.

Specified by:

decode in interface CertAttrSet

Parameters:

in - the InputStream to unmarshal the contents from.

Throws:

java.io.IOException - on decoding or validity errors.

encode

public void encode(java.io.OutputStream out)
            throws java.io.IOException

Write the extension to the OutputStream.

Specified by:

encode in interface CertAttrSet

Parameters:

out - the OutputStream to write the extension to.

Throws:

java.io.IOException - on encoding errors.

set

public void set(java.lang.String name,
                java.lang.Object obj)
         throws java.io.IOException

Set the attribute value.

Specified by:

set in interface CertAttrSet

Parameters:

name - the name of the attribute (e.g. "x509.info.key")

obj - the attribute object.

Throws:

java.io.IOException - on other errors.

get

public java.lang.Object get(java.lang.String name)
                     throws java.io.IOException

Get the attribute value.

Specified by:

get in interface CertAttrSet

Parameters:

name - the name of the attribute to return.

Throws:

java.io.IOException - on other errors.

delete

public void delete(java.lang.String name)
            throws java.io.IOException

Delete the attribute value.

Specified by:

delete in interface CertAttrSet

Parameters:

name - the name of the attribute to delete.

Throws:

java.io.IOException - on other errors.

getAttributeNames

public java.util.Enumeration<java.lang.String> getAttributeNames()

Return an enumeration of names of attributes existing within this attribute.

Specified by:

getAttributeNames in interface CertAttrSet

Returns:

an enumeration of the attribute names.

getName

public java.lang.String getName()

Return the name of this attribute.

Specified by:

getName in interface CertAttrSet

Returns:

the name of this CertAttrSet.