1
/*
2
 * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package sun.security.x509;
27

28
import java.io.IOException;
29
import java.io.OutputStream;
30
import java.util.Enumeration;
31

32
import sun.security.util.Debug;
33
import sun.security.util.DerOutputStream;
34
import sun.security.util.DerValue;
35
import sun.security.util.ObjectIdentifier;
36

37
/**
38
 * This class represents the Inhibit Any-Policy Extension.
39
 *
40
 * <p>The inhibit any-policy extension can be used in certificates issued
41
 * to CAs. The inhibit any-policy indicates that the special any-policy
42
 * OID, with the value {2 5 29 32 0}, is not considered an explicit
43
 * match for other certificate policies.  The value indicates the number
44
 * of additional certificates that may appear in the path before any-
45
 * policy is no longer permitted.  For example, a value of one indicates
46
 * that any-policy may be processed in certificates issued by the sub-
47
 * ject of this certificate, but not in additional certificates in the
48
 * path.
49
 * <p>
50
 * This extension MUST be critical.
51
 * <p>
52
 * The ASN.1 syntax for this extension is:
53
 * <code><pre>
54
 * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
55
 *
56
 * InhibitAnyPolicy ::= SkipCerts
57
 *
58
 * SkipCerts ::= INTEGER (0..MAX)
59
 * </pre></code>
60
 * @author Anne Anderson
61
 * @see CertAttrSet
62
 * @see Extension
63
 */
64
public class InhibitAnyPolicyExtension extends Extension
65
implements CertAttrSet<String> {
66

67
    private static final Debug debug = Debug.getInstance("certpath");
68

69
    /**
70
     * Identifier for this attribute, to be used with the
71
     * get, set, delete methods of Certificate, x509 type.
72
     */
73
    public static final String IDENT = "x509.info.extensions.InhibitAnyPolicy";
74

75
    /**
76
     * Object identifier for "any-policy"
77
     */
78
    public static ObjectIdentifier AnyPolicy_Id;
79
    static {
80
        try {
81
            AnyPolicy_Id = new ObjectIdentifier("2.5.29.32.0");
82
        } catch (IOException ioe) {
83
            // Should not happen
84
        }
85
    }
86

87
    /**
88
     * Attribute names.
89
     */
90
    public static final String NAME = "InhibitAnyPolicy";
91
    public static final String SKIP_CERTS = "skip_certs";
92

93
    // Private data members
94
    private int skipCerts = Integer.MAX_VALUE;
95

96
    // Encode this extension value
97
    private void encodeThis() throws IOException {
98
        DerOutputStream out = new DerOutputStream();
99
        out.putInteger(skipCerts);
100
        this.extensionValue = out.toByteArray();
101
    }
102

103
    /**
104
     * Default constructor for this object.
105
     *
106
     * @param skipCerts specifies the depth of the certification path.
107
     *                  Use value of -1 to request unlimited depth.
108
     */
109
    public InhibitAnyPolicyExtension(int skipCerts) throws IOException {
110
        if (skipCerts < -1)
111
            throw new IOException("Invalid value for skipCerts");
112
        if (skipCerts == -1)
113
            this.skipCerts = Integer.MAX_VALUE;
114
        else
115
            this.skipCerts = skipCerts;
116
        this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
117
        critical = true;
118
        encodeThis();
119
    }
120

121
    /**
122
     * Create the extension from the passed DER encoded value of the same.
123
     *
124
     * @param critical criticality flag to use.  Must be true for this
125
     *                 extension.
126
     * @param value a byte array holding the DER-encoded extension value.
127
     * @exception ClassCastException if value is not an array of bytes
128
     * @exception IOException on error.
129
     */
130
    public InhibitAnyPolicyExtension(Boolean critical, Object value)
131
        throws IOException {
132

133
        this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
134

135
        if (!critical.booleanValue())
136
            throw new IOException("Criticality cannot be false for " +
137
                                  "InhibitAnyPolicy");
138
        this.critical = critical.booleanValue();
139

140
        this.extensionValue = (byte[]) value;
141
        DerValue val = new DerValue(this.extensionValue);
142
        if (val.tag != DerValue.tag_Integer)
143
            throw new IOException("Invalid encoding of InhibitAnyPolicy: "
144
                                  + "data not integer");
145

146
        if (val.data == null)
147
            throw new IOException("Invalid encoding of InhibitAnyPolicy: "
148
                                  + "null data");
149
        int skipCertsValue = val.getInteger();
150
        if (skipCertsValue < -1)
151
            throw new IOException("Invalid value for skipCerts");
152
        if (skipCertsValue == -1) {
153
            this.skipCerts = Integer.MAX_VALUE;
154
        } else {
155
            this.skipCerts = skipCertsValue;
156
        }
157
    }
158

159
     /**
160
      * Return user readable form of extension.
161
      */
162
     public String toString() {
163
         String s = super.toString() + "InhibitAnyPolicy: " + skipCerts + "\n";
164
         return s;
165
     }
166

167
     /**
168
      * Encode this extension value to the output stream.
169
      *
170
      * @param out the DerOutputStream to encode the extension to.
171
      */
172
     public void encode(OutputStream out) throws IOException {
173
         DerOutputStream tmp = new DerOutputStream();
174
         if (extensionValue == null) {
175
             this.extensionId = PKIXExtensions.InhibitAnyPolicy_Id;
176
             critical = true;
177
             encodeThis();
178
         }
179
         super.encode(tmp);
180

181
         out.write(tmp.toByteArray());
182
     }
183

184
    /**
185
     * Set the attribute value.
186
     *
187
     * @param name name of attribute to set. Must be SKIP_CERTS.
188
     * @param obj  value to which attribute is to be set.  Must be Integer
189
     *             type.
190
     * @throws IOException on error
191
     */
192
    public void set(String name, Object obj) throws IOException {
193
        if (name.equalsIgnoreCase(SKIP_CERTS)) {
194
            if (!(obj instanceof Integer))
195
                throw new IOException("Attribute value should be of type Integer.");
196
            int skipCertsValue = ((Integer)obj).intValue();
197
            if (skipCertsValue < -1)
198
                throw new IOException("Invalid value for skipCerts");
199
            if (skipCertsValue == -1) {
200
                skipCerts = Integer.MAX_VALUE;
201
            } else {
202
                skipCerts = skipCertsValue;
203
            }
204
        } else
205
            throw new IOException("Attribute name not recognized by " +
206
                                  "CertAttrSet:InhibitAnyPolicy.");
207
        encodeThis();
208
    }
209

210
    /**
211
     * Get the attribute value.
212
     *
213
     * @param name name of attribute to get.  Must be SKIP_CERTS.
214
     * @returns value of the attribute.  In this case it will be of type
215
     *          Integer.
216
     * @throws IOException on error
217
     */
218
    public Integer get(String name) throws IOException {
219
        if (name.equalsIgnoreCase(SKIP_CERTS))
220
            return (new Integer(skipCerts));
221
        else
222
            throw new IOException("Attribute name not recognized by " +
223
                                  "CertAttrSet:InhibitAnyPolicy.");
224
    }
225

226
    /**
227
     * Delete the attribute value.
228
     *
229
     * @param name name of attribute to delete. Must be SKIP_CERTS.
230
     * @throws IOException on error.  In this case, IOException will always be
231
     *                     thrown, because the only attribute, SKIP_CERTS, is
232
     *                     required.
233
     */
234
    public void delete(String name) throws IOException {
235
        if (name.equalsIgnoreCase(SKIP_CERTS))
236
            throw new IOException("Attribute " + SKIP_CERTS +
237
                                  " may not be deleted.");
238
        else
239
            throw new IOException("Attribute name not recognized by " +
240
                                  "CertAttrSet:InhibitAnyPolicy.");
241
    }
242

243
    /**
244
     * Return an enumeration of names of attributes existing within this
245
     * attribute.
246
     *
247
     * @returns enumeration of elements
248
     */
249
    public Enumeration<String> getElements() {
250
        AttributeNameEnumeration elements = new AttributeNameEnumeration();
251
        elements.addElement(SKIP_CERTS);
252
        return (elements.elements());
253
    }
254

255
    /**
256
     * Return the name of this attribute.
257
     *
258
     * @returns name of attribute.
259
     */
260
    public String getName() {
261
        return (NAME);
262
    }
263
}
264

265