|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.bouncycastle.jce.provider.PKIXNameConstraints
public class PKIXNameConstraints
Field Summary | |
---|---|
private java.util.Set |
excludedSubtreesDN
|
private java.util.Set |
excludedSubtreesDNS
|
private java.util.Set |
excludedSubtreesEmail
|
private java.util.Set |
excludedSubtreesIP
|
private java.util.Set |
excludedSubtreesURI
|
private java.util.Set |
permittedSubtreesDN
|
private java.util.Set |
permittedSubtreesDNS
|
private java.util.Set |
permittedSubtreesEmail
|
private java.util.Set |
permittedSubtreesIP
|
private java.util.Set |
permittedSubtreesURI
|
Constructor Summary | |
---|---|
PKIXNameConstraints()
|
Method Summary | |
---|---|
void |
addExcludedSubtree(GeneralSubtree subtree)
Adds a subtree to the excluded set of these name constraints. |
void |
checkExcluded(GeneralName name)
Check if the given GeneralName is contained in the excluded set. |
void |
checkExcludedDN(ASN1Sequence dns)
|
private void |
checkExcludedDN(java.util.Set excluded,
ASN1Sequence dns)
|
private void |
checkExcludedDNS(java.util.Set excluded,
java.lang.String dns)
|
private void |
checkExcludedEmail(java.util.Set excluded,
java.lang.String email)
|
private void |
checkExcludedIP(java.util.Set excluded,
byte[] ip)
Checks if the IP ip is included in the excluded set
excluded . |
private void |
checkExcludedURI(java.util.Set excluded,
java.lang.String uri)
|
void |
checkPermitted(GeneralName name)
Checks if the given GeneralName is in the permitted set. |
void |
checkPermittedDN(ASN1Sequence dns)
|
private void |
checkPermittedDN(java.util.Set permitted,
ASN1Sequence dns)
|
private void |
checkPermittedDNS(java.util.Set permitted,
java.lang.String dns)
|
private void |
checkPermittedEmail(java.util.Set permitted,
java.lang.String email)
|
private void |
checkPermittedIP(java.util.Set permitted,
byte[] ip)
Checks if the IP ip is included in the permitted set
permitted . |
private void |
checkPermittedURI(java.util.Set permitted,
java.lang.String uri)
|
private boolean |
collectionsAreEqual(java.util.Collection coll1,
java.util.Collection coll2)
|
private static int |
compareTo(byte[] ip1,
byte[] ip2)
Compares IP address ip1 with ip2 . |
private boolean |
emailIsConstrained(java.lang.String email,
java.lang.String constraint)
|
boolean |
equals(java.lang.Object o)
|
private boolean |
equals(java.lang.Object o1,
java.lang.Object o2)
|
private static java.lang.String |
extractHostFromURL(java.lang.String url)
|
private byte[][] |
extractIPsAndSubnetMasks(byte[] ipWithSubmask1,
byte[] ipWithSubmask2)
Splits the IP addresses and their subnet mask. |
private java.lang.String |
extractNameAsString(GeneralName name)
|
int |
hashCode()
|
private int |
hashCollection(java.util.Collection coll)
|
private java.util.Set |
intersectDN(java.util.Set permitted,
ASN1Sequence dn)
|
private java.util.Set |
intersectDNS(java.util.Set permitted,
java.lang.String dns)
|
private java.util.Set |
intersectEmail(java.util.Set permitted,
java.lang.String email)
|
private void |
intersectEmail(java.lang.String email1,
java.lang.String email2,
java.util.Set intersect)
The greatest common part email1 and email2
is added to the intersection intersect . |
private java.util.Set |
intersectIP(java.util.Set permitted,
byte[] ip)
Returns the intersection of the permitted IP ranges in permitted with ip . |
private java.util.Set |
intersectIPRange(byte[] ipWithSubmask1,
byte[] ipWithSubmask2)
Calculates the interesction if two IP ranges. |
void |
intersectPermittedSubtree(GeneralSubtree subtree)
Updates the permitted set of these name constraints with the intersection with the given subtree. |
private java.util.Set |
intersectURI(java.util.Set permitted,
java.lang.String uri)
|
private void |
intersectURI(java.lang.String email1,
java.lang.String email2,
java.util.Set intersect)
|
private byte[] |
ipWithSubnetMask(byte[] ip,
byte[] subnetMask)
Concatenates the IP address with its subnet mask. |
private boolean |
isIPConstrained(byte[] ip,
byte[] constraint)
Checks if the IP address ip is constrained by
constraint . |
private boolean |
isUriConstrained(java.lang.String uri,
java.lang.String constraint)
|
private static byte[] |
max(byte[] ip1,
byte[] ip2)
Returns the maximum IP address. |
private static byte[] |
min(byte[] ip1,
byte[] ip2)
Returns the minimum IP address. |
private byte[][] |
minMaxIPs(byte[] ip1,
byte[] subnetmask1,
byte[] ip2,
byte[] subnetmask2)
Based on the two IP addresses and their subnet masks the IP range is computed for each IP address - subnet mask pair and returned as the minimum IP address and the maximum address of the range. |
private static byte[] |
or(byte[] ip1,
byte[] ip2)
Returns the logical OR of the IP addresses ip1 and
ip2 . |
private java.lang.String |
stringifyIP(byte[] ip)
Stringifies an IPv4 or v6 address with subnet mask. |
private java.lang.String |
stringifyIPCollection(java.util.Set ips)
|
java.lang.String |
toString()
|
private java.util.Set |
unionDN(java.util.Set excluded,
ASN1Sequence dn)
|
protected java.util.Set |
unionDNS(java.util.Set excluded,
java.lang.String dns)
|
private java.util.Set |
unionEmail(java.util.Set excluded,
java.lang.String email)
|
private void |
unionEmail(java.lang.String email1,
java.lang.String email2,
java.util.Set union)
The common part of email1 and email2 is
added to the union union . |
private java.util.Set |
unionIP(java.util.Set excluded,
byte[] ip)
Returns the union of the excluded IP ranges in excluded
with ip . |
private java.util.Set |
unionIPRange(byte[] ipWithSubmask1,
byte[] ipWithSubmask2)
Calculates the union if two IP ranges. |
private java.util.Set |
unionURI(java.util.Set excluded,
java.lang.String uri)
|
private void |
unionURI(java.lang.String email1,
java.lang.String email2,
java.util.Set union)
|
private static boolean |
withinDNSubtree(ASN1Sequence dns,
ASN1Sequence subtree)
|
private boolean |
withinDomain(java.lang.String testDomain,
java.lang.String domain)
|
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
private java.util.Set excludedSubtreesDN
private java.util.Set excludedSubtreesDNS
private java.util.Set excludedSubtreesEmail
private java.util.Set excludedSubtreesURI
private java.util.Set excludedSubtreesIP
private java.util.Set permittedSubtreesDN
private java.util.Set permittedSubtreesDNS
private java.util.Set permittedSubtreesEmail
private java.util.Set permittedSubtreesURI
private java.util.Set permittedSubtreesIP
Constructor Detail |
---|
public PKIXNameConstraints()
Method Detail |
---|
private static boolean withinDNSubtree(ASN1Sequence dns, ASN1Sequence subtree)
public void checkPermittedDN(ASN1Sequence dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
public void checkExcludedDN(ASN1Sequence dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void checkPermittedDN(java.util.Set permitted, ASN1Sequence dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void checkExcludedDN(java.util.Set excluded, ASN1Sequence dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private java.util.Set intersectDN(java.util.Set permitted, ASN1Sequence dn)
private java.util.Set unionDN(java.util.Set excluded, ASN1Sequence dn)
private java.util.Set intersectEmail(java.util.Set permitted, java.lang.String email)
private java.util.Set unionEmail(java.util.Set excluded, java.lang.String email)
private java.util.Set intersectIP(java.util.Set permitted, byte[] ip)
permitted
with ip
.
permitted
- A Set
of permitted IP addresses with
their subnet mask as byte arrays.ip
- The IP address with its subnet mask.
Set
of permitted IP ranges intersected with
ip
.private java.util.Set unionIP(java.util.Set excluded, byte[] ip)
excluded
with ip
.
excluded
- A Set
of excluded IP addresses with their
subnet mask as byte arrays.ip
- The IP address with its subnet mask.
Set
of excluded IP ranges unified with
ip
as byte arrays.private java.util.Set unionIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
ipWithSubmask1
- The first IP address with its subnet mask.ipWithSubmask2
- The second IP address with its subnet mask.
Set
with the union of both addresses.private java.util.Set intersectIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
ipWithSubmask1
- The first IP address with its subnet mask.ipWithSubmask2
- The second IP address with its subnet mask.
Set
with the single IP address with its subnet
mask as a byte array or an empty Set
.private byte[] ipWithSubnetMask(byte[] ip, byte[] subnetMask)
ip
- The IP address.subnetMask
- Its subnet mask.
private byte[][] extractIPsAndSubnetMasks(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
ipWithSubmask1
- The first IP address with the subnet mask.ipWithSubmask2
- The second IP address with the subnet mask.
private byte[][] minMaxIPs(byte[] ip1, byte[] subnetmask1, byte[] ip2, byte[] subnetmask2)
ip1
- The first IP address.subnetmask1
- The subnet mask of the first IP address.ip2
- The second IP address.subnetmask2
- The subnet mask of the second IP address.
private void checkPermittedEmail(java.util.Set permitted, java.lang.String email) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void checkExcludedEmail(java.util.Set excluded, java.lang.String email) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void checkPermittedIP(java.util.Set permitted, byte[] ip) throws java.security.cert.CertPathValidatorException
ip
is included in the permitted set
permitted
.
permitted
- A Set
of permitted IP addresses with
their subnet mask as byte arrays.ip
- The IP address.
java.security.cert.CertPathValidatorException
- if the IP is not permitted.private void checkExcludedIP(java.util.Set excluded, byte[] ip) throws java.security.cert.CertPathValidatorException
ip
is included in the excluded set
excluded
.
excluded
- A Set
of excluded IP addresses with their
subnet mask as byte arrays.ip
- The IP address.
java.security.cert.CertPathValidatorException
- if the IP is excluded.private boolean isIPConstrained(byte[] ip, byte[] constraint)
ip
is constrained by
constraint
.
ip
- The IP address.constraint
- The constraint. This is an IP address concatenated with
its subnetmask.
true
if constrained, false
otherwise.private boolean emailIsConstrained(java.lang.String email, java.lang.String constraint)
private boolean withinDomain(java.lang.String testDomain, java.lang.String domain)
private void checkPermittedDNS(java.util.Set permitted, java.lang.String dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void checkExcludedDNS(java.util.Set excluded, java.lang.String dns) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private void unionEmail(java.lang.String email1, java.lang.String email2, java.util.Set union)
email1
and email2
is
added to the union union
. If email1
and
email2
have nothing in common they are added both.
email1
- Email address constraint 1.email2
- Email address constraint 2.union
- The union.private void unionURI(java.lang.String email1, java.lang.String email2, java.util.Set union)
private java.util.Set intersectDNS(java.util.Set permitted, java.lang.String dns)
protected java.util.Set unionDNS(java.util.Set excluded, java.lang.String dns)
private void intersectEmail(java.lang.String email1, java.lang.String email2, java.util.Set intersect)
email1
and email2
is added to the intersection intersect
.
email1
- Email address constraint 1.email2
- Email address constraint 2.intersect
- The intersection.private void checkExcludedURI(java.util.Set excluded, java.lang.String uri) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private java.util.Set intersectURI(java.util.Set permitted, java.lang.String uri)
private java.util.Set unionURI(java.util.Set excluded, java.lang.String uri)
private void intersectURI(java.lang.String email1, java.lang.String email2, java.util.Set intersect)
private void checkPermittedURI(java.util.Set permitted, java.lang.String uri) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
private boolean isUriConstrained(java.lang.String uri, java.lang.String constraint)
private static java.lang.String extractHostFromURL(java.lang.String url)
public void checkPermitted(GeneralName name) throws java.security.cert.CertPathValidatorException
name
- The GeneralName
java.security.cert.CertPathValidatorException
- If the name
public void checkExcluded(GeneralName name) throws java.security.cert.CertPathValidatorException
name
- The GeneralName.
java.security.cert.CertPathValidatorException
- If the name
is
excluded.public void intersectPermittedSubtree(GeneralSubtree subtree)
subtree
- A subtree with an excluded GeneralName.private java.lang.String extractNameAsString(GeneralName name)
public void addExcludedSubtree(GeneralSubtree subtree)
subtree
- A subtree with an excluded GeneralName.private static byte[] max(byte[] ip1, byte[] ip2)
ip1
- The first IP address.ip2
- The second IP address.
private static byte[] min(byte[] ip1, byte[] ip2)
ip1
- The first IP address.ip2
- The second IP address.
private static int compareTo(byte[] ip1, byte[] ip2)
ip1
with ip2
. If ip1
is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1
otherwise.
ip1
- The first IP address.ip2
- The second IP address.
private static byte[] or(byte[] ip1, byte[] ip2)
ip1
and
ip2
.
ip1
- The first IP address.ip2
- The second IP address.
ip1
and ip2
.public int hashCode()
hashCode
in class java.lang.Object
private int hashCollection(java.util.Collection coll)
public boolean equals(java.lang.Object o)
equals
in class java.lang.Object
private boolean collectionsAreEqual(java.util.Collection coll1, java.util.Collection coll2)
private boolean equals(java.lang.Object o1, java.lang.Object o2)
private java.lang.String stringifyIP(byte[] ip)
ip
- The IP with subnet mask.
private java.lang.String stringifyIPCollection(java.util.Set ips)
public java.lang.String toString()
toString
in class java.lang.Object
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |