Class NameConstraintsExtension
java.lang.Object
org.mozilla.jss.netscape.security.x509.Extension
org.mozilla.jss.netscape.security.x509.NameConstraintsExtension
- All Implemented Interfaces:
Serializable
,CertAttrSet
This class defines the Name Constraints Extension.
The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.
The ASN.1 syntax for this is:
NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::== SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::== INTEGER (0..MAX)
- Version:
- 1.10
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate GeneralSubtrees
static final String
static final String
Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.static final String
Attribute names.private GeneralSubtrees
static final String
private PrettyPrintFormat
private static final long
private static final byte
private static final byte
Fields inherited from class org.mozilla.jss.netscape.security.x509.Extension
critical, extensionId, extensionValue
-
Constructor Summary
ConstructorsConstructorDescriptionNameConstraintsExtension
(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) NameConstraintsExtension
(Boolean critical, Object value) Create the extension from the passed DER encoded value.NameConstraintsExtension
(GeneralSubtrees permitted, GeneralSubtrees excluded) The default constructor for this class. -
Method Summary
Modifier and TypeMethodDescriptionvoid
decode
(InputStream in) Decode the extension from the InputStream.void
Delete the attribute value.void
encode
(OutputStream out) Write the extension to the OutputStream.private void
Get the attribute value.Return an enumeration of names of attributes existing within this attribute.getName()
Return the name of this attribute.private void
init
(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) void
Set the attribute value.toPrint
(int indent) toString()
Return the printable string.Methods inherited from class org.mozilla.jss.netscape.security.x509.Extension
clearValue, encode, getExtensionId, getExtensionValue, isCritical, setCritical, setExtensionId, setExtensionValue
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
IDENT
Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.- See Also:
-
NAME
Attribute names.- See Also:
-
PERMITTED_SUBTREES
- See Also:
-
EXCLUDED_SUBTREES
- See Also:
-
TAG_PERMITTED
private static final byte TAG_PERMITTED- See Also:
-
TAG_EXCLUDED
private static final byte TAG_EXCLUDED- See Also:
-
permitted
-
excluded
-
pp
-
-
Constructor Details
-
NameConstraintsExtension
public NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException The default constructor for this class. Either parameter can be set to null to indicate it is omitted but both cannot be null.- Parameters:
permitted
- the permitted GeneralSubtrees (null for optional).excluded
- the excluded GeneralSubtrees (null for optional).- Throws:
IOException
-
NameConstraintsExtension
public NameConstraintsExtension(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException - Throws:
IOException
-
NameConstraintsExtension
Create the extension from the passed DER encoded value.- Parameters:
critical
- true if the extension is to be treated as critical.value
- Array of DER encoded bytes of the actual value.- Throws:
IOException
- on error.
-
-
Method Details
-
encodeThis
- Throws:
IOException
-
init
private void init(boolean critical, GeneralSubtrees permitted, GeneralSubtrees excluded) throws IOException - Throws:
IOException
-
toString
Return the printable string.- Specified by:
toString
in interfaceCertAttrSet
- Overrides:
toString
in classExtension
- Returns:
- value of this certificate attribute in printable form.
-
toPrint
-
decode
Decode the extension from the InputStream.- Specified by:
decode
in interfaceCertAttrSet
- Parameters:
in
- the InputStream to unmarshal the contents from.- Throws:
IOException
- on decoding or validity errors.
-
encode
Write the extension to the OutputStream.- Specified by:
encode
in interfaceCertAttrSet
- Parameters:
out
- the OutputStream to write the extension to.- Throws:
IOException
- on encoding errors.
-
set
Set the attribute value.- Specified by:
set
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute (e.g. "x509.info.key")obj
- the attribute object.- Throws:
IOException
- on other errors.
-
get
Get the attribute value.- Specified by:
get
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute to return.- Returns:
- attribute value
- Throws:
IOException
- on other errors.
-
delete
Delete the attribute value.- Specified by:
delete
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute to delete.- Throws:
IOException
- on other errors.
-
getAttributeNames
Return an enumeration of names of attributes existing within this attribute.- Specified by:
getAttributeNames
in interfaceCertAttrSet
- Returns:
- an enumeration of the attribute names.
-
getName
Return the name of this attribute.- Specified by:
getName
in interfaceCertAttrSet
- Returns:
- the name of this CertAttrSet.
-