1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Object;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DEROutputStream;
import org.spongycastle.asn1.util.ASN1Dump;
/**
* An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo
* structure.<br />
* <br />
* The ASN.1 definition is as follows:<br />
* <br />
*
* <pre>
* PolicyQualifierInfo ::= SEQUENCE {
* policyQualifierId PolicyQualifierId,
* qualifier ANY DEFINED BY policyQualifierId }
* </pre>
*
* <br />
* <br />
* A certificate policies extension, if present in an X.509 version 3
* certificate, contains a sequence of one or more policy information terms,
* each of which consists of an object identifier (OID) and optional qualifiers.
* In an end-entity certificate, these policy information terms indicate the
* policy under which the certificate has been issued and the purposes for which
* the certificate may be used. In a CA certificate, these policy information
* terms limit the set of policies for certification paths which include this
* certificate.<br />
* <br />
* A <code>Set</code> of <code>PolicyQualifierInfo</code> objects are
* returned by the
* {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers} method.
* This allows applications with specific policy requirements to process and
* validate each policy qualifier. Applications that need to process policy
* qualifiers should explicitly set the <code>policyQualifiersRejected</code>
* flag to false (by calling the
* {@link PKIXParameters#setPolicyQualifiersRejected
* PKIXParameters.setPolicyQualifiersRejected} method) before validating a
* certification path.<br />
* <br />
* Note that the PKIX certification path validation algorithm specifies that any
* policy qualifier in a certificate policies extension that is marked critical
* must be processed and validated. Otherwise the certification path must be
* rejected. If the <code>policyQualifiersRejected</code> flag is set to
* false, it is up to the application to validate all policy qualifiers in this
* manner in order to be PKIX compliant.<br />
* <br />
* <b>Concurrent Access</b><br />
* <br />
* All <code>PolicyQualifierInfo</code> objects must be immutable and
* thread-safe. That is, multiple threads may concurrently invoke the methods
* defined in this class on a single <code>PolicyQualifierInfo</code> object
* (or more than one) with no ill effects. Requiring
* <code>PolicyQualifierInfo</code> objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without worrying
* about coordinating access.<br />
* <br />
* Uses {@link org.spongycastle.asn1.ASN1InputStream ASN1InputStream},
* {@link org.spongycastle.asn1.ASN1Sequence ASN1Sequence},
* {@link org.spongycastle.asn1.ASN1ObjectIdentifier ASN1ObjectIdentifier},
* {@link org.spongycastle.asn1.DEROutputStream DEROutputStream},
* {@link org.spongycastle.asn1.ASN1Object ASN1Object}
*/
public final class PolicyQualifierInfo
{
private String id;
private byte[] encoded;
private byte[] qualifier;
/**
* Creates an instance of <code>PolicyQualifierInfo</code> from the
* encoded bytes. The encoded byte array is copied on construction.<br />
* <br />
* Uses {@link org.spongycastle.asn1.ASN1InputStream ASN1InputStream},
* {@link org.spongycastle.asn1.ASN1Sequence ASN1Sequence},
* {@link org.spongycastle.asn1.ASN1ObjectIdentifier ASN1ObjectIdentifier} and
* {@link org.spongycastle.asn1.DEROutputStream DEROutputStream}
*
* @param encoded
* a byte array containing the qualifier in DER encoding
*
* @exception IOException
* thrown if the byte array does not represent a valid and
* parsable policy qualifier
*/
public PolicyQualifierInfo(byte[] encoded) throws IOException
{
this.encoded = (byte[])encoded.clone();
try
{
ByteArrayInputStream inStream = new ByteArrayInputStream(
this.encoded);
ASN1InputStream derInStream = new ASN1InputStream(inStream);
ASN1Sequence obj = (ASN1Sequence)derInStream.readObject();
id = ((ASN1ObjectIdentifier)obj.getObjectAt(0)).getId();
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
DEROutputStream derOutStream = new DEROutputStream(outStream);
derOutStream.writeObject(obj.getObjectAt(1));
derOutStream.close();
qualifier = outStream.toByteArray();
}
catch (Exception ex)
{
throw new IOException("parsing exception : " + ex.toString());
}
}
/**
* Returns the <code>policyQualifierId</code> field of this
* <code>PolicyQualifierInfo</code>. The <code>policyQualifierId</code>
* is an Object Identifier (OID) represented by a set of nonnegative
* integers separated by periods.
*
* @return the OID (never <code>null</code>)
*/
public String getPolicyQualifierId()
{
return id;
}
/**
* Returns the ASN.1 DER encoded form of this
* <code>PolicyQualifierInfo</code>.
*
* @return the ASN.1 DER encoded bytes (never <code>null</code>). Note
* that a copy is returned, so the data is cloned each time this
* method is called.
*/
public byte[] getEncoded()
{
return (byte[])encoded.clone();
}
/**
* Returns the ASN.1 DER encoded form of the <code>qualifier</code> field
* of this <code>PolicyQualifierInfo</code>.
*
* @return the ASN.1 DER encoded bytes of the <code>qualifier</code>
* field. Note that a copy is returned, so the data is cloned each
* time this method is called.
*/
public byte[] getPolicyQualifier()
{
if (qualifier == null)
{
return null;
}
return (byte[])qualifier.clone();
}
/**
* Return a printable representation of this
* <code>PolicyQualifierInfo</code>.<br />
* <br />
* Uses {@link org.spongycastle.asn1.ASN1InputStream ASN1InputStream},
* {@link org.spongycastle.asn1.ASN1Object ASN1Object}
*
* @return a <code>String</code> describing the contents of this
* <code>PolicyQualifierInfo</code>
*/
public String toString()
{
StringBuffer s = new StringBuffer();
s.append("PolicyQualifierInfo: [\n");
s.append("qualifierID: ").append(id).append('\n');
try
{
ByteArrayInputStream inStream = new ByteArrayInputStream(qualifier);
ASN1InputStream derInStream = new ASN1InputStream(inStream);
ASN1Object derObject = derInStream.readObject();
s
.append(" qualifier:\n").append(ASN1Dump.dumpAsString(derObject))
.append('\n');
}
catch (IOException ex)
{
s.append(ex.getMessage());
}
s.append("qualifier: ").append(id).append('\n');
s.append(']');
return s.toString();
}
}
|
