Back to index...

	/*
	* Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.x509;

	import java.io.IOException;
	import java.io.OutputStream;

	import java.util.*;

	import sun.security.util.DerOutputStream;
	import sun.security.util.DerValue;

	/**
	* The Authority Information Access Extension (OID = 1.3.6.1.5.5.7.1.1).
	* <p>
	* The AIA extension identifies how to access CA information and services
	* for the certificate in which it appears. It enables CAs to issue their
	* certificates pre-configured with the URLs appropriate for contacting
	* services relevant to those certificates. For example, a CA may issue a
	* certificate that identifies the specific OCSP Responder to use when
	* performing on-line validation of that certificate.
	* <p>
	* This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">
	* Internet X.509 PKI Certificate and Certificate Revocation List
	* (CRL) Profile</a>. The profile permits
	* the extension to be included in end-entity or CA certificates,
	* and it must be marked as non-critical. Its ASN.1 definition is as follows:
	* <pre>
	* id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
	*
	* AuthorityInfoAccessSyntax ::=
	* SEQUENCE SIZE (1..MAX) OF AccessDescription
	*
	* AccessDescription ::= SEQUENCE {
	* accessMethod OBJECT IDENTIFIER,
	* accessLocation GeneralName }
	* </pre>
	*
	* @see Extension
	* @see CertAttrSet
	*/

	public class AuthorityInfoAccessExtension extends Extension
	implements CertAttrSet<String> {

	/**
	* Identifier for this attribute, to be used with the
	* get, set, delete methods of Certificate, x509 type.
	*/
	public static final String IDENT =
	"x509.info.extensions.AuthorityInfoAccess";

	/**
	* Attribute name.
	*/
	public static final String NAME = "AuthorityInfoAccess";
	public static final String DESCRIPTIONS = "descriptions";

	/**
	* The List of AccessDescription objects.
	*/
	private List<AccessDescription> accessDescriptions;

	/**
	* Create an AuthorityInfoAccessExtension from a List of
	* AccessDescription; the criticality is set to false.
	*
	* @param accessDescriptions the List of AccessDescription
	* @throws IOException on error
	*/
	public AuthorityInfoAccessExtension(
	List<AccessDescription> accessDescriptions) throws IOException {
	this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
	this.critical = false;
	this.accessDescriptions = accessDescriptions;
	encodeThis();
	}

	/**
	* Create the extension from the passed DER encoded value of the same.
	*
	* @param critical true if the extension is to be treated as critical.
	* @param value Array of DER encoded bytes of the actual value.
	* @exception IOException on error.
	*/
	public AuthorityInfoAccessExtension(Boolean critical, Object value)
	throws IOException {
	this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
	this.critical = critical.booleanValue();

	if (!(value instanceof byte[])) {
	throw new IOException("Illegal argument type");
	}

	extensionValue = (byte[])value;
	DerValue val = new DerValue(extensionValue);
	if (val.tag != DerValue.tag_Sequence) {
	throw new IOException("Invalid encoding for " +
	"AuthorityInfoAccessExtension.");
	}
	accessDescriptions = new ArrayList<AccessDescription>();
	while (val.data.available() != 0) {
	DerValue seq = val.data.getDerValue();
	AccessDescription accessDescription = new AccessDescription(seq);
	accessDescriptions.add(accessDescription);
	}
	}

	/**
	* Return the list of AccessDescription objects.
	*/
	public List<AccessDescription> getAccessDescriptions() {
	return accessDescriptions;
	}

	/**
	* Return the name of this attribute.
	*/
	public String getName() {
	return NAME;
	}

	/**
	* Write the extension to the DerOutputStream.
	*
	* @param out the DerOutputStream to write the extension to.
	* @exception IOException on encoding errors.
	*/
	public void encode(OutputStream out) throws IOException {
	DerOutputStream tmp = new DerOutputStream();
	if (this.extensionValue == null) {
	this.extensionId = PKIXExtensions.AuthInfoAccess_Id;
	this.critical = false;
	encodeThis();
	}
	super.encode(tmp);
	out.write(tmp.toByteArray());
	}

	/**
	* Set the attribute value.
	*/
	@SuppressWarnings("unchecked") // Checked with an instanceof check
	public void set(String name, Object obj) throws IOException {
	if (name.equalsIgnoreCase(DESCRIPTIONS)) {
	if (!(obj instanceof List)) {
	throw new IOException("Attribute value should be of type List.");
	}
	accessDescriptions = (List<AccessDescription>)obj;
	} else {
	throw new IOException("Attribute name [" + name +
	"] not recognized by " +
	"CertAttrSet:AuthorityInfoAccessExtension.");
	}
	encodeThis();
	}

	/**
	* Get the attribute value.
	*/
	public List<AccessDescription> get(String name) throws IOException {
	if (name.equalsIgnoreCase(DESCRIPTIONS)) {
	return accessDescriptions;
	} else {
	throw new IOException("Attribute name [" + name +
	"] not recognized by " +
	"CertAttrSet:AuthorityInfoAccessExtension.");
	}
	}

	/**
	* Delete the attribute value.
	*/
	public void delete(String name) throws IOException {
	if (name.equalsIgnoreCase(DESCRIPTIONS)) {
	accessDescriptions = new ArrayList<AccessDescription>();
	} else {
	throw new IOException("Attribute name [" + name +
	"] not recognized by " +
	"CertAttrSet:AuthorityInfoAccessExtension.");
	}
	encodeThis();
	}

	/**
	* Return an enumeration of names of attributes existing within this
	* attribute.
	*/
	public Enumeration<String> getElements() {
	AttributeNameEnumeration elements = new AttributeNameEnumeration();
	elements.addElement(DESCRIPTIONS);
	return elements.elements();
	}

	// Encode this extension value
	private void encodeThis() throws IOException {
	if (accessDescriptions.isEmpty()) {
	this.extensionValue = null;
	} else {
	DerOutputStream ads = new DerOutputStream();
	for (AccessDescription accessDescription : accessDescriptions) {
	accessDescription.encode(ads);
	}
	DerOutputStream seq = new DerOutputStream();
	seq.write(DerValue.tag_Sequence, ads);
	this.extensionValue = seq.toByteArray();
	}
	}

	/**
	* Return the extension as user readable string.
	*/
	public String toString() {
	return super.toString() + "AuthorityInfoAccess [\n "
	+ accessDescriptions + "\n]\n";
	}

	}

Back to index...