rev 13439 : 8213952: Relax DNSName restriction as per RFC 1123
Reviewed-by: weijun, mullan, chegar
1 /*
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.x509;
27
28 import java.io.IOException;
29 import java.util.Locale;
30
31 import sun.security.util.*;
32
33 /**
34 * This class implements the RFC822Name as required by the GeneralNames
35 * ASN.1 object.
36 *
37 * @author Amit Kapoor
38 * @author Hemma Prafullchandra
39 * @see GeneralName
40 * @see GeneralNames
41 * @see GeneralNameInterface
42 */
43 public class RFC822Name implements GeneralNameInterface
44 {
45 private String name;
46
47 /**
48 * Create the RFC822Name object from the passed encoded Der value.
49 *
50 * @param derValue the encoded DER RFC822Name.
51 * @exception IOException on error.
52 */
53 public RFC822Name(DerValue derValue) throws IOException {
54 name = derValue.getIA5String();
55 parseName(name);
56 }
57
58 /**
59 * Create the RFC822Name object with the specified name.
60 *
61 * @param name the RFC822Name.
62 * @throws IOException on invalid input name
63 */
64 public RFC822Name(String name) throws IOException {
65 parseName(name);
66 this.name = name;
67 }
68
69 /**
70 * Parse an RFC822Name string to see if it is a valid
71 * addr-spec according to IETF RFC822 and RFC2459:
72 * [local-part@]domain
73 * <p>
74 * local-part@ could be empty for an RFC822Name NameConstraint,
75 * but the domain at least must be non-empty. Case is not
76 * significant.
77 *
78 * @param name the RFC822Name string
79 * @throws IOException if name is not valid
80 */
81 public void parseName(String name) throws IOException {
82 if (name == null || name.length() == 0) {
83 throw new IOException("RFC822Name may not be null or empty");
84 }
85 // See if domain is a valid domain name
86 String domain = name.substring(name.indexOf('@')+1);
87 if (domain.length() == 0) {
88 throw new IOException("RFC822Name may not end with @");
89 } else {
90 //An RFC822 NameConstraint could start with a ., although
91 //a DNSName may not
92 if (domain.startsWith(".")) {
93 if (domain.length() == 1)
94 throw new IOException("RFC822Name domain may not be just .");
95 }
96 }
97 }
98
99 /**
100 * Return the type of the GeneralName.
101 */
102 public int getType() {
103 return (GeneralNameInterface.NAME_RFC822);
104 }
105
106 /**
107 * Return the actual name value of the GeneralName.
108 */
109 public String getName() {
110 return name;
111 }
112
113 /**
114 * Encode the RFC822 name into the DerOutputStream.
115 *
116 * @param out the DER stream to encode the RFC822Name to.
117 * @exception IOException on encoding errors.
118 */
119 public void encode(DerOutputStream out) throws IOException {
120 out.putIA5String(name);
121 }
122
123 /**
124 * Convert the name into user readable string.
125 */
126 public String toString() {
127 return ("RFC822Name: " + name);
128 }
129
130 /**
131 * Compares this name with another, for equality.
132 *
133 * @return true iff the names are equivalent
134 * according to RFC2459.
135 */
136 public boolean equals(Object obj) {
137 if (this == obj)
138 return true;
139
140 if (!(obj instanceof RFC822Name))
141 return false;
142
143 RFC822Name other = (RFC822Name)obj;
144
145 // RFC2459 mandates that these names are
146 // not case-sensitive
147 return name.equalsIgnoreCase(other.name);
148 }
149
150 /**
151 * Returns the hash code value for this object.
152 *
153 * @return a hash code value for this object.
154 */
155 public int hashCode() {
156 return name.toUpperCase(Locale.ENGLISH).hashCode();
157 }
158
159 /**
160 * Return constraint type:<ul>
161 * <li>NAME_DIFF_TYPE = -1: input name is different type from name (i.e. does not constrain)
162 * <li>NAME_MATCH = 0: input name matches name
163 * <li>NAME_NARROWS = 1: input name narrows name
164 * <li>NAME_WIDENS = 2: input name widens name
165 * <li>NAME_SAME_TYPE = 3: input name does not match or narrow name, but is same type
166 * </ul>. These results are used in checking NameConstraints during
167 * certification path verification.
168 * <p>
169 * [RFC2459] When the subjectAltName extension contains an Internet mail address,
170 * the address MUST be included as an rfc822Name. The format of an
171 * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. An
172 * addr-spec has the form "local-part@domain". Note that an addr-spec
173 * has no phrase (such as a common name) before it, has no comment (text
174 * surrounded in parentheses) after it, and is not surrounded by "<" and
175 * ">". Note that while upper and lower case letters are allowed in an
176 * RFC 822 addr-spec, no significance is attached to the case.
177 * <p>
178 * @param inputName to be checked for being constrained
179 * @returns constraint type above
180 * @throws UnsupportedOperationException if name is not exact match, but narrowing and widening are
181 * not supported for this name type.
182 */
183 public int constrains(GeneralNameInterface inputName) throws UnsupportedOperationException {
184 int constraintType;
185 if (inputName == null)
186 constraintType = NAME_DIFF_TYPE;
187 else if (inputName.getType() != (GeneralNameInterface.NAME_RFC822)) {
188 constraintType = NAME_DIFF_TYPE;
189 } else {
190 //RFC2459 specifies that case is not significant in RFC822Names
191 String inName =
192 (((RFC822Name)inputName).getName()).toLowerCase(Locale.ENGLISH);
193 String thisName = name.toLowerCase(Locale.ENGLISH);
194 if (inName.equals(thisName)) {
195 constraintType = NAME_MATCH;
196 } else if (thisName.endsWith(inName)) {
197 /* if both names contain @, then they had to match exactly */
198 if (inName.indexOf('@') != -1) {
199 constraintType = NAME_SAME_TYPE;
200 } else if (inName.startsWith(".")) {
201 constraintType = NAME_WIDENS;
202 } else {
203 int inNdx = thisName.lastIndexOf(inName);
204 if (thisName.charAt(inNdx-1) == '@' ) {
205 constraintType = NAME_WIDENS;
206 } else {
207 constraintType = NAME_SAME_TYPE;
208 }
209 }
210 } else if (inName.endsWith(thisName)) {
211 /* if thisName contains @, then they had to match exactly */
212 if (thisName.indexOf('@') != -1) {
213 constraintType = NAME_SAME_TYPE;
214 } else if (thisName.startsWith(".")) {
215 constraintType = NAME_NARROWS;
216 } else {
217 int ndx = inName.lastIndexOf(thisName);
218 if (inName.charAt(ndx-1) == '@') {
219 constraintType = NAME_NARROWS;
220 } else {
221 constraintType = NAME_SAME_TYPE;
222 }
223 }
224 } else {
225 constraintType = NAME_SAME_TYPE;
226 }
227 }
228 return constraintType;
229 }
230
231 /**
232 * Return subtree depth of this name for purposes of determining
233 * NameConstraints minimum and maximum bounds.
234 *
235 * @returns distance of name from root
236 * @throws UnsupportedOperationException if not supported for this name type
237 */
238 public int subtreeDepth() throws UnsupportedOperationException {
239 String subtree=name;
240 int i=1;
241
242 /* strip off name@ portion */
243 int atNdx = subtree.lastIndexOf('@');
244 if (atNdx >= 0) {
245 i++;
246 subtree=subtree.substring(atNdx+1);
247 }
248
249 /* count dots in dnsname, adding one if dnsname preceded by @ */
250 for (; subtree.lastIndexOf('.') >= 0; i++) {
251 subtree=subtree.substring(0,subtree.lastIndexOf('.'));
252 }
253
254 return i;
255 }
256 }
--- EOF ---