com.ibm.security12.sun.security.x509
Class NameConstraintsExtension

java.lang.Object
  |
  +--com.ibm.security12.sun.security.x509.Extension
        |
        +--com.ibm.security12.sun.security.x509.NameConstraintsExtension

public class NameConstraintsExtension
extends Extension
implements CertAttrSet

This class defines the Name Constraints Extension.

The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.

The ASN.1 syntax for this is:

 NameConstraints ::= SEQUENCE {
    permittedSubtrees [0]  GeneralSubtrees OPTIONAL,
    excludedSubtrees  [1]  GeneralSubtrees OPTIONAL
 }
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 

Version:
1.13
Author:
Amit Kapoor, Hemma Prafullchandra
See Also:
Extension, CertAttrSet

Field Summary
static String EXCLUDED_SUBTREES
           
static String IDENT
          Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.
static String NAME
          Attribute names.
static String PERMITTED_SUBTREES
           
 
Fields inherited from class com.ibm.security12.sun.security.x509.Extension
critical, extensionId, extensionValue
 
Constructor Summary
NameConstraintsExtension(Boolean critical, Object value)
          Create the extension from the passed DER encoded value.
NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded)
          The default constructor for this class.
 
Method Summary
 void decode(InputStream in)
          Decode the extension from the InputStream.
 void delete(String name)
          Delete the attribute value.
 void encode(OutputStream out)
          Write the extension to the OutputStream.
 Object get(String name)
          Get the attribute value.
 Enumeration getElements()
          Return an enumeration of names of attributes existing within this attribute.
 String getName()
          Return the name of this attribute.
 void set(String name, Object obj)
          Set the attribute value.
 String toString()
          Return the printable string.
 
Methods inherited from class com.ibm.security12.sun.security.x509.Extension
encode, equals, getExtensionId, getExtensionValue, hashCode, isCritical
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

IDENT

public static final String IDENT
Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.

NAME

public static final String NAME
Attribute names.

PERMITTED_SUBTREES

public static final String PERMITTED_SUBTREES

EXCLUDED_SUBTREES

public static final String EXCLUDED_SUBTREES
Constructor Detail

NameConstraintsExtension

public NameConstraintsExtension(GeneralSubtrees permitted,
                                GeneralSubtrees excluded)
                         throws IOException
The default constructor for this class. Either parameter can be set to null to indicate it is omitted but both cannot be null.
Parameters:
permitted - the permitted GeneralSubtrees (null for optional).
excluded - the excluded GeneralSubtrees (null for optional).

NameConstraintsExtension

public NameConstraintsExtension(Boolean critical,
                                Object value)
                         throws IOException
Create the extension from the passed DER encoded value.
Parameters:
critical - true if the extension is to be treated as critical.
value - Array of DER encoded bytes of the actual value.
Throws:
IOException - on error.
Method Detail

toString

public String toString()
Return the printable string.
Specified by:
toString in interface CertAttrSet
Overrides:
toString in class Extension

decode

public void decode(InputStream in)
            throws IOException
Decode the extension from the InputStream.
Specified by:
decode in interface CertAttrSet
Parameters:
in - the InputStream to unmarshal the contents from.
Throws:
IOException - on decoding or validity errors.

encode

public void encode(OutputStream out)
            throws IOException
Write the extension to the OutputStream.
Specified by:
encode in interface CertAttrSet
Parameters:
out - the OutputStream to write the extension to.
Throws:
IOException - on encoding errors.

set

public void set(String name,
                Object obj)
         throws IOException
Set the attribute value.
Specified by:
set in interface CertAttrSet

get

public Object get(String name)
           throws IOException
Get the attribute value.
Specified by:
get in interface CertAttrSet

delete

public void delete(String name)
            throws IOException
Delete the attribute value.
Specified by:
delete in interface CertAttrSet

getElements

public Enumeration getElements()
Return an enumeration of names of attributes existing within this attribute.
Specified by:
getElements in interface CertAttrSet

getName

public String getName()
Return the name of this attribute.
Specified by:
getName in interface CertAttrSet