1 /*
2 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security.cert;
27
28 import java.io.IOException;
29
30 import sun.misc.HexDumpEncoder;
31 import sun.security.util.DerValue;
32
33 /**
34 * An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo
35 * structure.
36 *
37 * <p>The ASN.1 definition is as follows:
38 * <pre>
39 * PolicyQualifierInfo ::= SEQUENCE {
40 * policyQualifierId PolicyQualifierId,
41 * qualifier ANY DEFINED BY policyQualifierId }
42 * </pre>
43 * <p>
44 * A certificate policies extension, if present in an X.509 version 3
45 * certificate, contains a sequence of one or more policy information terms,
46 * each of which consists of an object identifier (OID) and optional
47 * qualifiers. In an end-entity certificate, these policy information terms
48 * indicate the policy under which the certificate has been issued and the
49 * purposes for which the certificate may be used. In a CA certificate, these
50 * policy information terms limit the set of policies for certification paths
51 * which include this certificate.
52 * <p>
53 * A {@code Set} of {@code PolicyQualifierInfo} objects are returned
54 * by the {@link PolicyNode#getPolicyQualifiers PolicyNode.getPolicyQualifiers}
55 * method. This allows applications with specific policy requirements to
56 * process and validate each policy qualifier. Applications that need to
57 * process policy qualifiers should explicitly set the
58 * {@code policyQualifiersRejected} flag to false (by calling the
59 * {@link PKIXParameters#setPolicyQualifiersRejected
60 * PKIXParameters.setPolicyQualifiersRejected} method) before validating
61 * a certification path.
62 *
63 * <p>Note that the PKIX certification path validation algorithm specifies
64 * that any policy qualifier in a certificate policies extension that is
65 * marked critical must be processed and validated. Otherwise the
66 * certification path must be rejected. If the
67 * {@code policyQualifiersRejected} flag is set to false, it is up to
68 * the application to validate all policy qualifiers in this manner in order
69 * to be PKIX compliant.
70 *
71 * <p><b>Concurrent Access</b>
72 *
73 * <p>All {@code PolicyQualifierInfo} objects must be immutable and
74 * thread-safe. That is, multiple threads may concurrently invoke the
75 * methods defined in this class on a single {@code PolicyQualifierInfo}
76 * object (or more than one) with no ill effects. Requiring
77 * {@code PolicyQualifierInfo} objects to be immutable and thread-safe
78 * allows them to be passed around to various pieces of code without
79 * worrying about coordinating access.
80 *
81 * @author seth proctor
82 * @author Sean Mullan
83 * @since 1.4
84 */
85 public class PolicyQualifierInfo {
86
87 private byte [] mEncoded;
88 private String mId;
89 private byte [] mData;
90 private String pqiString;
91
92 /**
93 * Creates an instance of {@code PolicyQualifierInfo} from the
94 * encoded bytes. The encoded byte array is copied on construction.
95 *
96 * @param encoded a byte array containing the qualifier in DER encoding
97 * @exception IOException thrown if the byte array does not represent a
98 * valid and parsable policy qualifier
99 */
100 public PolicyQualifierInfo(byte[] encoded) throws IOException {
101 mEncoded = encoded.clone();
102
103 DerValue val = new DerValue(mEncoded);
104 if (val.tag != DerValue.tag_Sequence)
105 throw new IOException("Invalid encoding for PolicyQualifierInfo");
106
107 mId = (val.data.getDerValue()).getOID().toString();
108 byte [] tmp = val.data.toByteArray();
109 if (tmp == null) {
110 mData = null;
111 } else {
112 mData = new byte[tmp.length];
113 System.arraycopy(tmp, 0, mData, 0, tmp.length);
114 }
115 }
116
117 /**
118 * Returns the {@code policyQualifierId} field of this
119 * {@code PolicyQualifierInfo}. The {@code policyQualifierId}
120 * is an Object Identifier (OID) represented by a set of nonnegative
121 * integers separated by periods.
122 *
123 * @return the OID (never {@code null})
124 */
125 public final String getPolicyQualifierId() {
126 return mId;
127 }
128
129 /**
130 * Returns the ASN.1 DER encoded form of this
131 * {@code PolicyQualifierInfo}.
132 *
133 * @return the ASN.1 DER encoded bytes (never {@code null}).
134 * Note that a copy is returned, so the data is cloned each time
135 * this method is called.
136 */
137 public final byte[] getEncoded() {
138 return mEncoded.clone();
139 }
140
141 /**
142 * Returns the ASN.1 DER encoded form of the {@code qualifier}
143 * field of this {@code PolicyQualifierInfo}.
144 *
145 * @return the ASN.1 DER encoded bytes of the {@code qualifier}
146 * field. Note that a copy is returned, so the data is cloned each
147 * time this method is called.
148 */
149 public final byte[] getPolicyQualifier() {
150 return (mData == null ? null : mData.clone());
151 }
152
153 /**
154 * Return a printable representation of this
155 * {@code PolicyQualifierInfo}.
156 *
157 * @return a {@code String} describing the contents of this
158 * {@code PolicyQualifierInfo}
159 */
160 public String toString() {
161 if (pqiString != null) {
162 return pqiString;
163 }
164 HexDumpEncoder enc = new HexDumpEncoder();
165 StringBuilder sb = new StringBuilder();
166 sb.append("PolicyQualifierInfo: [\n");
167 sb.append(" qualifierID: ").append(mId).append('\n');
168 sb.append(" qualifier: ")
169 .append(mData == null ? "null" : enc.encodeBuffer(mData))
170 .append('\n');
171 sb.append(']');
172 pqiString = sb.toString();
173 return pqiString;
174 }
175 }