Class NameConstraintsExtension

java.lang.Object
org.mozilla.jss.netscape.security.x509.Extension
org.mozilla.jss.netscape.security.x509.NameConstraintsExtension
All Implemented Interfaces:
Serializable, CertAttrSet

public class NameConstraintsExtension extends Extension implements CertAttrSet
This class defines the Name Constraints Extension.

The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.

The ASN.1 syntax for this is:

 NameConstraints ::= SEQUENCE {
    permittedSubtrees [0]  GeneralSubtrees OPTIONAL,
    excludedSubtrees  [1]  GeneralSubtrees OPTIONAL
 }
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 GeneralSubtree ::== SEQUENCE {
    base                   GeneralName,
    minimum           [0]  BaseDistance DEFAULT 0,
    maximum           [1]  BaseDistance OPTIONAL }
 BaseDistance ::== INTEGER (0..MAX)
 
Version:
1.10
See Also:
  • Field Details

  • Constructor Details

    • NameConstraintsExtension

      public NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException
      The default constructor for this class. Either parameter can be set to null to indicate it is omitted but both cannot be null.
      Parameters:
      permitted - the permitted GeneralSubtrees (null for optional).
      excluded - the excluded GeneralSubtrees (null for optional).
      Throws:
      IOException
    • NameConstraintsExtension

      public NameConstraintsExtension(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException
      Throws:
      IOException
    • NameConstraintsExtension

      public NameConstraintsExtension(Boolean critical, Object value) throws IOException
      Create the extension from the passed DER encoded value.
      Parameters:
      critical - true if the extension is to be treated as critical.
      value - Array of DER encoded bytes of the actual value.
      Throws:
      IOException - on error.
  • Method Details

    • encodeThis

      private void encodeThis() throws IOException
      Throws:
      IOException
    • init

      private void init(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException
      Throws:
      IOException
    • toString

      public String toString()
      Return the printable string.
      Specified by:
      toString in interface CertAttrSet
      Overrides:
      toString in class Extension
      Returns:
      value of this certificate attribute in printable form.
    • toPrint

      public String toPrint(int indent)
    • decode

      public void decode(InputStream in) throws IOException
      Decode the extension from the InputStream.
      Specified by:
      decode in interface CertAttrSet
      Parameters:
      in - the InputStream to unmarshal the contents from.
      Throws:
      IOException - on decoding or validity errors.
    • encode

      public void encode(OutputStream out) throws IOException
      Write the extension to the OutputStream.
      Specified by:
      encode in interface CertAttrSet
      Parameters:
      out - the OutputStream to write the extension to.
      Throws:
      IOException - on encoding errors.
    • set

      public void set(String name, Object obj) throws IOException
      Set the attribute value.
      Specified by:
      set in interface CertAttrSet
      Parameters:
      name - the name of the attribute (e.g. "x509.info.key")
      obj - the attribute object.
      Throws:
      IOException - on other errors.
    • get

      public Object get(String name) throws IOException
      Get the attribute value.
      Specified by:
      get in interface CertAttrSet
      Parameters:
      name - the name of the attribute to return.
      Returns:
      attribute value
      Throws:
      IOException - on other errors.
    • delete

      public void delete(String name) throws IOException
      Delete the attribute value.
      Specified by:
      delete in interface CertAttrSet
      Parameters:
      name - the name of the attribute to delete.
      Throws:
      IOException - on other errors.
    • getAttributeNames

      public Enumeration<String> getAttributeNames()
      Return an enumeration of names of attributes existing within this attribute.
      Specified by:
      getAttributeNames in interface CertAttrSet
      Returns:
      an enumeration of the attribute names.
    • getName

      public String getName()
      Return the name of this attribute.
      Specified by:
      getName in interface CertAttrSet
      Returns:
      the name of this CertAttrSet.