public class NameConstraintsExtension extends Extension implements CertAttrSet
The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.
The ASN.1 syntax for this is:
NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::== SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::== INTEGER (0..MAX)
Extension
,
CertAttrSet
,
Serialized FormModifier and Type | Field and Description |
---|---|
static java.lang.String |
EXCLUDED_SUBTREES |
static java.lang.String |
IDENT
Identifier for this attribute, to be used with the
get, set, delete methods of Certificate, x509 type.
|
static java.lang.String |
NAME
Attribute names.
|
static java.lang.String |
PERMITTED_SUBTREES |
critical, extensionId, extensionValue
Constructor and Description |
---|
NameConstraintsExtension(boolean critical,
GeneralSubtrees permitted,
GeneralSubtrees excluded) |
NameConstraintsExtension(java.lang.Boolean critical,
java.lang.Object value)
Create the extension from the passed DER encoded value.
|
NameConstraintsExtension(GeneralSubtrees permitted,
GeneralSubtrees excluded)
The default constructor for this class.
|
Modifier and Type | Method and Description |
---|---|
void |
decode(java.io.InputStream in)
Decode the extension from the InputStream.
|
void |
delete(java.lang.String name)
Delete the attribute value.
|
void |
encode(java.io.OutputStream out)
Write the extension to the OutputStream.
|
java.lang.Object |
get(java.lang.String name)
Get the attribute value.
|
java.util.Enumeration<java.lang.String> |
getAttributeNames()
Return an enumeration of names of attributes existing within this
attribute.
|
java.lang.String |
getName()
Return the name of this attribute.
|
void |
set(java.lang.String name,
java.lang.Object obj)
Set the attribute value.
|
java.lang.String |
toPrint(int indent) |
java.lang.String |
toString()
Return the printable string.
|
clearValue, encode, getExtensionId, getExtensionValue, isCritical, setCritical, setExtensionId, setExtensionValue
public static final java.lang.String IDENT
public static final java.lang.String NAME
public static final java.lang.String PERMITTED_SUBTREES
public static final java.lang.String EXCLUDED_SUBTREES
public NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) throws java.io.IOException
permitted
- the permitted GeneralSubtrees (null for optional).excluded
- the excluded GeneralSubtrees (null for optional).java.io.IOException
public NameConstraintsExtension(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) throws java.io.IOException
java.io.IOException
public NameConstraintsExtension(java.lang.Boolean critical, java.lang.Object value) throws java.io.IOException
critical
- true if the extension is to be treated as critical.value
- Array of DER encoded bytes of the actual value.java.io.IOException
- on error.public java.lang.String toString()
toString
in interface CertAttrSet
toString
in class Extension
public java.lang.String toPrint(int indent)
public void decode(java.io.InputStream in) throws java.io.IOException
decode
in interface CertAttrSet
in
- the InputStream to unmarshal the contents from.java.io.IOException
- on decoding or validity errors.public void encode(java.io.OutputStream out) throws java.io.IOException
encode
in interface CertAttrSet
out
- the OutputStream to write the extension to.java.io.IOException
- on encoding errors.public void set(java.lang.String name, java.lang.Object obj) throws java.io.IOException
set
in interface CertAttrSet
name
- the name of the attribute (e.g. "x509.info.key")obj
- the attribute object.java.io.IOException
- on other errors.public java.lang.Object get(java.lang.String name) throws java.io.IOException
get
in interface CertAttrSet
name
- the name of the attribute to return.java.io.IOException
- on other errors.public void delete(java.lang.String name) throws java.io.IOException
delete
in interface CertAttrSet
name
- the name of the attribute to delete.java.io.IOException
- on other errors.public java.util.Enumeration<java.lang.String> getAttributeNames()
getAttributeNames
in interface CertAttrSet
public java.lang.String getName()
getName
in interface CertAttrSet