Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/provider/certpath/OCSPNonceExtension.java
38923 views
1
/*

2
 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.provider.certpath;

27


28
import java.io.IOException;

29
import java.util.Objects;

30
import java.security.SecureRandom;

31


32
import sun.security.x509.Extension;

33
import sun.security.x509.PKIXExtensions;

34
import sun.security.util.Debug;

35
import sun.security.util.DerValue;

36


37
/**

38
 * Represent the OCSP Nonce Extension.

39
 * This extension, if present, provides a nonce value in OCSP requests

40
 * and responses.  This will cryptographically bind requests and responses

41
 * and help to prevent replay attacks (see RFC 6960, section 4.4.1).

42
 *

43
 * @see Extension

44
 */

45
public final class OCSPNonceExtension extends Extension {

46


47
    /**

48
     * Attribute name.

49
     */

50
    private static final String EXTENSION_NAME = "OCSPNonce";

51
    private byte[] nonceData = null;

52


53
    /**

54
     * Create an {@code OCSPNonceExtension} by providing the nonce length.

55
     * The criticality is set to false, and the OID for the extension will

56
     * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.

57
     *

58
     * @param length the number of random bytes composing the nonce

59
     *

60
     * @throws IOException if any errors happen during encoding of the

61
     *      extension.

62
     * @throws IllegalArgumentException if length is not a positive integer.

63
     */

64
    public OCSPNonceExtension(int length) throws IOException {

65
        this(false, length);

66
    }

67


68
    /**

69
     * Create an {@code OCSPNonceExtension} by providing the nonce length and

70
     * criticality setting.  The OID for the extension will

71
     * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.

72
     *

73
     * @param isCritical a boolean flag indicating whether the criticality bit

74
     *      is set for this extension

75
     * @param length the number of random bytes composing the nonce

76
     *

77
     * @throws IOException if any errors happen during encoding of the

78
     *      extension.

79
     * @throws IllegalArgumentException if length is not a positive integer.

80
     */

81
    public OCSPNonceExtension(boolean isCritical, int length)

82
            throws IOException {

83
        this.extensionId = PKIXExtensions.OCSPNonce_Id;

84
        this.critical = isCritical;

85


86
        if (length > 0) {

87
            SecureRandom rng = new SecureRandom();

88
            this.nonceData = new byte[length];

89
            rng.nextBytes(nonceData);

90
            this.extensionValue = new DerValue(DerValue.tag_OctetString,

91
                    nonceData).toByteArray();

92
        } else {

93
            throw new IllegalArgumentException(

94
                    "Length must be a positive integer");

95
        }

96
    }

97


98
    /**

99
     * Create an {@code OCSPNonceExtension} by providing a nonce value.

100
     * The criticality is set to false, and the OID for the extension will

101
     * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.

102
     *

103
     * @param incomingNonce The nonce data to be set for the extension.  This

104
     *      must be a non-null array of at least one byte long.

105
     *

106
     * @throws IOException if any errors happen during encoding of the

107
     *      extension.

108
     * @throws IllegalArgumentException if the incomingNonce length is not a

109
     *      positive integer.

110
     * @throws NullPointerException if the incomingNonce is null.

111
     */

112
    public OCSPNonceExtension(byte[] incomingNonce) throws IOException {

113
        this(false, incomingNonce);

114
    }

115


116
    /**

117
     * Create an {@code OCSPNonceExtension} by providing a nonce value and

118
     * criticality setting.  The OID for the extension will

119
     * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.

120
     *

121
     * @param isCritical a boolean flag indicating whether the criticality bit

122
     *      is set for this extension

123
     * @param incomingNonce The nonce data to be set for the extension.  This

124
     *      must be a non-null array of at least one byte long.

125
     *

126
     * @throws IOException if any errors happen during encoding of the

127
     *      extension.

128
     * @throws IllegalArgumentException if the incomingNonce length is not a

129
     *      positive integer.

130
     * @throws NullPointerException if the incomingNonce is null.

131
     */

132
    public OCSPNonceExtension(boolean isCritical, byte[] incomingNonce)

133
            throws IOException {

134
        this.extensionId = PKIXExtensions.OCSPNonce_Id;

135
        this.critical = isCritical;

136


137
        Objects.requireNonNull(incomingNonce, "Nonce data must be non-null");

138
        if (incomingNonce.length > 0) {

139
            this.nonceData = incomingNonce.clone();

140
            this.extensionValue = new DerValue(DerValue.tag_OctetString,

141
                    nonceData).toByteArray();

142
        } else {

143
            throw new IllegalArgumentException(

144
                    "Nonce data must be at least 1 byte in length");

145
        }

146
    }

147


148
    /**

149
     * Return the nonce bytes themselves, without any DER encoding.

150
     *

151
     * @return A copy of the underlying nonce bytes

152
     */

153
    public byte[] getNonceValue() {

154
        return nonceData.clone();

155
    }

156


157
    /**

158
     * Returns a printable representation of the {@code OCSPNonceExtension}.

159
     *

160
     * @return a string representation of the extension.

161
     */

162
    @Override

163
    public String toString() {

164
        StringBuilder sb = new StringBuilder();

165
        sb.append(super.toString()).append(EXTENSION_NAME).append(": ");

166
        sb.append((nonceData == null) ? "" : Debug.toString(nonceData));

167
        sb.append("\n");

168
        return sb.toString();

169
    }

170


171
    /**

172
     * Return the name of the extension as a {@code String}

173
     *

174
     * @return the name of the extension

175
     */

176
    public String getName() {

177
        return EXTENSION_NAME;

178
    }

179
}

180


181