1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
/* * @(#)PolicyQualifierInfo.java 1.12 05/11/17 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.security.cert; import java.io.IOException; import sun.misc.HexDumpEncoder; import sun.security.util.DerValue; /** * An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo * structure. * * <p>The ASN.1 definition is as follows: * <p><pre> * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId } * </pre> * <p> * A certificate policies extension, if present in an X.509 version 3 * certificate, contains a sequence of one or more policy information terms, * each of which consists of an object identifier (OID) and optional * qualifiers. In an end-entity certificate, these policy information terms * indicate the policy under which the certificate has been issued and the * purposes for which the certificate may be used. In a CA certificate, these * policy information terms limit the set of policies for certification paths * which include this certificate. * <p> * A <code>Set</code> of <code>PolicyQualifierInfo</code> objects are returned * by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers} * method. This allows applications with specific policy requirements to * process and validate each policy qualifier. Applications that need to * process policy qualifiers should explicitly set the * <code>policyQualifiersRejected</code> flag to false (by calling the * {@link PKIXParameters#setPolicyQualifiersRejected * PKIXParameters.setPolicyQualifiersRejected} method) before validating * a certification path. * * <p>Note that the PKIX certification path validation algorithm specifies * that any policy qualifier in a certificate policies extension that is * marked critical must be processed and validated. Otherwise the * certification path must be rejected. If the * <code>policyQualifiersRejected</code> flag is set to false, it is up to * the application to validate all policy qualifiers in this manner in order * to be PKIX compliant. * * <p><b>Concurrent Access</b> * * <p>All <code>PolicyQualifierInfo</code> objects must be immutable and * thread-safe. That is, multiple threads may concurrently invoke the * methods defined in this class on a single <code>PolicyQualifierInfo</code> * object (or more than one) with no ill effects. Requiring * <code>PolicyQualifierInfo</code> objects to be immutable and thread-safe * allows them to be passed around to various pieces of code without * worrying about coordinating access. * * @author seth proctor * @author Sean Mullan * @version 1.12 11/17/05 * @since 1.4 */ public class PolicyQualifierInfo { private byte [] mEncoded; private String mId; private byte [] mData; private String pqiString; /** * Creates an instance of <code>PolicyQualifierInfo</code> from the * encoded bytes. The encoded byte array is copied on construction. * * @param encoded a byte array containing the qualifier in DER encoding * @exception IOException thrown if the byte array does not represent a * valid and parsable policy qualifier */ public PolicyQualifierInfo(byte[] encoded) throws IOException { mEncoded = (byte[]) encoded.clone(); DerValue val = new DerValue(mEncoded); if (val.tag != DerValue.tag_Sequence) throw new IOException("Invalid encoding for PolicyQualifierInfo"); mId = (val.data.getDerValue()).getOID().toString(); byte [] tmp = val.data.toByteArray(); if (tmp == null) { mData = null; } else { mData = new byte[tmp.length]; System.arraycopy(tmp, 0, mData, 0, tmp.length); } } /** * Returns the <code>policyQualifierId</code> field of this * <code>PolicyQualifierInfo</code>. The <code>policyQualifierId</code> * is an Object Identifier (OID) represented by a set of nonnegative * integers separated by periods. * * @return the OID (never <code>null</code>) */ public final String getPolicyQualifierId() { return mId; } /** * Returns the ASN.1 DER encoded form of this * <code>PolicyQualifierInfo</code>. * * @return the ASN.1 DER encoded bytes (never <code>null</code>). * Note that a copy is returned, so the data is cloned each time * this method is called. */ public final byte[] getEncoded() { return (byte[]) mEncoded.clone(); } /** * Returns the ASN.1 DER encoded form of the <code>qualifier</code> * field of this <code>PolicyQualifierInfo</code>. * * @return the ASN.1 DER encoded bytes of the <code>qualifier</code> * field. Note that a copy is returned, so the data is cloned each * time this method is called. */ public final byte[] getPolicyQualifier() { return (mData == null ? null : (byte[]) mData.clone()); } /** * Return a printable representation of this * <code>PolicyQualifierInfo</code>. * * @return a <code>String</code> describing the contents of this * <code>PolicyQualifierInfo</code> */ public String toString() { if (pqiString != null) return pqiString; HexDumpEncoder enc = new HexDumpEncoder(); StringBuffer sb = new StringBuffer(); sb.append("PolicyQualifierInfo: [\n"); sb.append(" qualifierID: " + mId + "\n"); sb.append(" qualifier: " + (mData == null ? "null" : enc.encodeBuffer(mData)) + "\n"); sb.append("]"); pqiString = sb.toString(); return pqiString; } }