Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.bouncycastle.jce.provider
Class PKIXNameConstraints

java.lang.Object
  extended by org.bouncycastle.jce.provider.PKIXNameConstraints

public class PKIXNameConstraints
extends java.lang.Object

Field Summary
private  java.util.Set excludedSubtreesDN
           
private  java.util.Set excludedSubtreesDNS
           
private  java.util.Set excludedSubtreesEmail
           
private  java.util.Set excludedSubtreesIP
           
private  java.util.Set excludedSubtreesURI
           
private  java.util.Set permittedSubtreesDN
           
private  java.util.Set permittedSubtreesDNS
           
private  java.util.Set permittedSubtreesEmail
           
private  java.util.Set permittedSubtreesIP
           
private  java.util.Set permittedSubtreesURI
           
 
Constructor Summary
PKIXNameConstraints()
           
 
Method Summary
 void addExcludedSubtree(GeneralSubtree subtree)
          Adds a subtree to the excluded set of these name constraints.
 void checkExcluded(GeneralName name)
          Check if the given GeneralName is contained in the excluded set.
 void checkExcludedDN(ASN1Sequence dns)
           
private  void checkExcludedDN(java.util.Set excluded, ASN1Sequence dns)
           
private  void checkExcludedDNS(java.util.Set excluded, java.lang.String dns)
           
private  void checkExcludedEmail(java.util.Set excluded, java.lang.String email)
           
private  void checkExcludedIP(java.util.Set excluded, byte[] ip)
          Checks if the IP ip is included in the excluded set excluded.
private  void checkExcludedURI(java.util.Set excluded, java.lang.String uri)
           
 void checkPermitted(GeneralName name)
          Checks if the given GeneralName is in the permitted set.
 void checkPermittedDN(ASN1Sequence dns)
           
private  void checkPermittedDN(java.util.Set permitted, ASN1Sequence dns)
           
private  void checkPermittedDNS(java.util.Set permitted, java.lang.String dns)
           
private  void checkPermittedEmail(java.util.Set permitted, java.lang.String email)
           
private  void checkPermittedIP(java.util.Set permitted, byte[] ip)
          Checks if the IP ip is included in the permitted set permitted.
private  void checkPermittedURI(java.util.Set permitted, java.lang.String uri)
           
private  boolean collectionsAreEqual(java.util.Collection coll1, java.util.Collection coll2)
           
private static int compareTo(byte[] ip1, byte[] ip2)
          Compares IP address ip1 with ip2.
private  boolean emailIsConstrained(java.lang.String email, java.lang.String constraint)
           
 boolean equals(java.lang.Object o)
           
private  boolean equals(java.lang.Object o1, java.lang.Object o2)
           
private static java.lang.String extractHostFromURL(java.lang.String url)
           
private  byte[][] extractIPsAndSubnetMasks(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
          Splits the IP addresses and their subnet mask.
private  java.lang.String extractNameAsString(GeneralName name)
           
 int hashCode()
           
private  int hashCollection(java.util.Collection coll)
           
private  java.util.Set intersectDN(java.util.Set permitted, ASN1Sequence dn)
           
private  java.util.Set intersectDNS(java.util.Set permitted, java.lang.String dns)
           
private  java.util.Set intersectEmail(java.util.Set permitted, java.lang.String email)
           
private  void intersectEmail(java.lang.String email1, java.lang.String email2, java.util.Set intersect)
          The greatest common part email1 and email2 is added to the intersection intersect.
private  java.util.Set intersectIP(java.util.Set permitted, byte[] ip)
          Returns the intersection of the permitted IP ranges in permitted with ip.
private  java.util.Set intersectIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
          Calculates the interesction if two IP ranges.
 void intersectPermittedSubtree(GeneralSubtree subtree)
          Updates the permitted set of these name constraints with the intersection with the given subtree.
private  java.util.Set intersectURI(java.util.Set permitted, java.lang.String uri)
           
private  void intersectURI(java.lang.String email1, java.lang.String email2, java.util.Set intersect)
           
private  byte[] ipWithSubnetMask(byte[] ip, byte[] subnetMask)
          Concatenates the IP address with its subnet mask.
private  boolean isIPConstrained(byte[] ip, byte[] constraint)
          Checks if the IP address ip is constrained by constraint.
private  boolean isUriConstrained(java.lang.String uri, java.lang.String constraint)
           
private static byte[] max(byte[] ip1, byte[] ip2)
          Returns the maximum IP address.
private static byte[] min(byte[] ip1, byte[] ip2)
          Returns the minimum IP address.
private  byte[][] minMaxIPs(byte[] ip1, byte[] subnetmask1, byte[] ip2, byte[] subnetmask2)
          Based on the two IP addresses and their subnet masks the IP range is computed for each IP address - subnet mask pair and returned as the minimum IP address and the maximum address of the range.
private static byte[] or(byte[] ip1, byte[] ip2)
          Returns the logical OR of the IP addresses ip1 and ip2.
private  java.lang.String stringifyIP(byte[] ip)
          Stringifies an IPv4 or v6 address with subnet mask.
private  java.lang.String stringifyIPCollection(java.util.Set ips)
           
 java.lang.String toString()
           
private  java.util.Set unionDN(java.util.Set excluded, ASN1Sequence dn)
           
protected  java.util.Set unionDNS(java.util.Set excluded, java.lang.String dns)
           
private  java.util.Set unionEmail(java.util.Set excluded, java.lang.String email)
           
private  void unionEmail(java.lang.String email1, java.lang.String email2, java.util.Set union)
          The common part of email1 and email2 is added to the union union.
private  java.util.Set unionIP(java.util.Set excluded, byte[] ip)
          Returns the union of the excluded IP ranges in excluded with ip.
private  java.util.Set unionIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2)
          Calculates the union if two IP ranges.
private  java.util.Set unionURI(java.util.Set excluded, java.lang.String uri)
           
private  void unionURI(java.lang.String email1, java.lang.String email2, java.util.Set union)
           
private static boolean withinDNSubtree(ASN1Sequence dns, ASN1Sequence subtree)
           
private  boolean withinDomain(java.lang.String testDomain, java.lang.String domain)
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

excludedSubtreesDN

private java.util.Set excludedSubtreesDN

excludedSubtreesDNS

private java.util.Set excludedSubtreesDNS

excludedSubtreesEmail

private java.util.Set excludedSubtreesEmail

excludedSubtreesURI

private java.util.Set excludedSubtreesURI

excludedSubtreesIP

private java.util.Set excludedSubtreesIP

permittedSubtreesDN

private java.util.Set permittedSubtreesDN

permittedSubtreesDNS

private java.util.Set permittedSubtreesDNS

permittedSubtreesEmail

private java.util.Set permittedSubtreesEmail

permittedSubtreesURI

private java.util.Set permittedSubtreesURI

permittedSubtreesIP

private java.util.Set permittedSubtreesIP
Constructor Detail

PKIXNameConstraints

public PKIXNameConstraints()
Method Detail

withinDNSubtree

private static boolean withinDNSubtree(ASN1Sequence dns,
                                       ASN1Sequence subtree)

checkPermittedDN

public void checkPermittedDN(ASN1Sequence dns)
                      throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkExcludedDN

public void checkExcludedDN(ASN1Sequence dns)
                     throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkPermittedDN

private void checkPermittedDN(java.util.Set permitted,
                              ASN1Sequence dns)
                       throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkExcludedDN

private void checkExcludedDN(java.util.Set excluded,
                             ASN1Sequence dns)
                      throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

intersectDN

private java.util.Set intersectDN(java.util.Set permitted,
                                  ASN1Sequence dn)

unionDN

private java.util.Set unionDN(java.util.Set excluded,
                              ASN1Sequence dn)

intersectEmail

private java.util.Set intersectEmail(java.util.Set permitted,
                                     java.lang.String email)

unionEmail

private java.util.Set unionEmail(java.util.Set excluded,
                                 java.lang.String email)

intersectIP

private java.util.Set intersectIP(java.util.Set permitted,
                                  byte[] ip)
Returns the intersection of the permitted IP ranges in permitted with ip.

Parameters:
permitted - A Set of permitted IP addresses with their subnet mask as byte arrays.
ip - The IP address with its subnet mask.
Returns:
The Set of permitted IP ranges intersected with ip.

unionIP

private java.util.Set unionIP(java.util.Set excluded,
                              byte[] ip)
Returns the union of the excluded IP ranges in excluded with ip.

Parameters:
excluded - A Set of excluded IP addresses with their subnet mask as byte arrays.
ip - The IP address with its subnet mask.
Returns:
The Set of excluded IP ranges unified with ip as byte arrays.

unionIPRange

private java.util.Set unionIPRange(byte[] ipWithSubmask1,
                                   byte[] ipWithSubmask2)
Calculates the union if two IP ranges.

Parameters:
ipWithSubmask1 - The first IP address with its subnet mask.
ipWithSubmask2 - The second IP address with its subnet mask.
Returns:
A Set with the union of both addresses.

intersectIPRange

private java.util.Set intersectIPRange(byte[] ipWithSubmask1,
                                       byte[] ipWithSubmask2)
Calculates the interesction if two IP ranges.

Parameters:
ipWithSubmask1 - The first IP address with its subnet mask.
ipWithSubmask2 - The second IP address with its subnet mask.
Returns:
A Set with the single IP address with its subnet mask as a byte array or an empty Set.

ipWithSubnetMask

private byte[] ipWithSubnetMask(byte[] ip,
                                byte[] subnetMask)
Concatenates the IP address with its subnet mask.

Parameters:
ip - The IP address.
subnetMask - Its subnet mask.
Returns:
The concatenated IP address with its subnet mask.

extractIPsAndSubnetMasks

private byte[][] extractIPsAndSubnetMasks(byte[] ipWithSubmask1,
                                          byte[] ipWithSubmask2)
Splits the IP addresses and their subnet mask.

Parameters:
ipWithSubmask1 - The first IP address with the subnet mask.
ipWithSubmask2 - The second IP address with the subnet mask.
Returns:
An array with two elements. Each element contains the IP address and the subnet mask in this order.

minMaxIPs

private byte[][] minMaxIPs(byte[] ip1,
                           byte[] subnetmask1,
                           byte[] ip2,
                           byte[] subnetmask2)
Based on the two IP addresses and their subnet masks the IP range is computed for each IP address - subnet mask pair and returned as the minimum IP address and the maximum address of the range.

Parameters:
ip1 - The first IP address.
subnetmask1 - The subnet mask of the first IP address.
ip2 - The second IP address.
subnetmask2 - The subnet mask of the second IP address.
Returns:
A array with two elements. The first/second element contains the min and max IP address of the first/second IP address and its subnet mask.

checkPermittedEmail

private void checkPermittedEmail(java.util.Set permitted,
                                 java.lang.String email)
                          throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkExcludedEmail

private void checkExcludedEmail(java.util.Set excluded,
                                java.lang.String email)
                         throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkPermittedIP

private void checkPermittedIP(java.util.Set permitted,
                              byte[] ip)
                       throws java.security.cert.CertPathValidatorException
Checks if the IP ip is included in the permitted set permitted.

Parameters:
permitted - A Set of permitted IP addresses with their subnet mask as byte arrays.
ip - The IP address.
Throws:
java.security.cert.CertPathValidatorException - if the IP is not permitted.

checkExcludedIP

private void checkExcludedIP(java.util.Set excluded,
                             byte[] ip)
                      throws java.security.cert.CertPathValidatorException
Checks if the IP ip is included in the excluded set excluded.

Parameters:
excluded - A Set of excluded IP addresses with their subnet mask as byte arrays.
ip - The IP address.
Throws:
java.security.cert.CertPathValidatorException - if the IP is excluded.

isIPConstrained

private boolean isIPConstrained(byte[] ip,
                                byte[] constraint)
Checks if the IP address ip is constrained by constraint.

Parameters:
ip - The IP address.
constraint - The constraint. This is an IP address concatenated with its subnetmask.
Returns:
true if constrained, false otherwise.

emailIsConstrained

private boolean emailIsConstrained(java.lang.String email,
                                   java.lang.String constraint)

withinDomain

private boolean withinDomain(java.lang.String testDomain,
                             java.lang.String domain)

checkPermittedDNS

private void checkPermittedDNS(java.util.Set permitted,
                               java.lang.String dns)
                        throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

checkExcludedDNS

private void checkExcludedDNS(java.util.Set excluded,
                              java.lang.String dns)
                       throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

unionEmail

private void unionEmail(java.lang.String email1,
                        java.lang.String email2,
                        java.util.Set union)
The common part of email1 and email2 is added to the union union. If email1 and email2 have nothing in common they are added both.

Parameters:
email1 - Email address constraint 1.
email2 - Email address constraint 2.
union - The union.

unionURI

private void unionURI(java.lang.String email1,
                      java.lang.String email2,
                      java.util.Set union)

intersectDNS

private java.util.Set intersectDNS(java.util.Set permitted,
                                   java.lang.String dns)

unionDNS

protected java.util.Set unionDNS(java.util.Set excluded,
                                 java.lang.String dns)

intersectEmail

private void intersectEmail(java.lang.String email1,
                            java.lang.String email2,
                            java.util.Set intersect)
The greatest common part email1 and email2 is added to the intersection intersect.

Parameters:
email1 - Email address constraint 1.
email2 - Email address constraint 2.
intersect - The intersection.

checkExcludedURI

private void checkExcludedURI(java.util.Set excluded,
                              java.lang.String uri)
                       throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

intersectURI

private java.util.Set intersectURI(java.util.Set permitted,
                                   java.lang.String uri)

unionURI

private java.util.Set unionURI(java.util.Set excluded,
                               java.lang.String uri)

intersectURI

private void intersectURI(java.lang.String email1,
                          java.lang.String email2,
                          java.util.Set intersect)

checkPermittedURI

private void checkPermittedURI(java.util.Set permitted,
                               java.lang.String uri)
                        throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

isUriConstrained

private boolean isUriConstrained(java.lang.String uri,
                                 java.lang.String constraint)

extractHostFromURL

private static java.lang.String extractHostFromURL(java.lang.String url)

checkPermitted

public void checkPermitted(GeneralName name)
                    throws java.security.cert.CertPathValidatorException
Checks if the given GeneralName is in the permitted set.

Parameters:
name - The GeneralName
Throws:
java.security.cert.CertPathValidatorException - If the name

checkExcluded

public void checkExcluded(GeneralName name)
                   throws java.security.cert.CertPathValidatorException
Check if the given GeneralName is contained in the excluded set.

Parameters:
name - The GeneralName.
Throws:
java.security.cert.CertPathValidatorException - If the name is excluded.

intersectPermittedSubtree

public void intersectPermittedSubtree(GeneralSubtree subtree)
Updates the permitted set of these name constraints with the intersection with the given subtree.

Parameters:
subtree - A subtree with an excluded GeneralName.

extractNameAsString

private java.lang.String extractNameAsString(GeneralName name)

addExcludedSubtree

public void addExcludedSubtree(GeneralSubtree subtree)
Adds a subtree to the excluded set of these name constraints.

Parameters:
subtree - A subtree with an excluded GeneralName.

max

private static byte[] max(byte[] ip1,
                          byte[] ip2)
Returns the maximum IP address.

Parameters:
ip1 - The first IP address.
ip2 - The second IP address.
Returns:
The maximum IP address.

min

private static byte[] min(byte[] ip1,
                          byte[] ip2)
Returns the minimum IP address.

Parameters:
ip1 - The first IP address.
ip2 - The second IP address.
Returns:
The minimum IP address.

compareTo

private static int compareTo(byte[] ip1,
                             byte[] ip2)
Compares IP address ip1 with ip2. If ip1 is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1 otherwise.

Parameters:
ip1 - The first IP address.
ip2 - The second IP address.
Returns:
0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise.

or

private static byte[] or(byte[] ip1,
                         byte[] ip2)
Returns the logical OR of the IP addresses ip1 and ip2.

Parameters:
ip1 - The first IP address.
ip2 - The second IP address.
Returns:
The OR of ip1 and ip2.

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object

hashCollection

private int hashCollection(java.util.Collection coll)

equals

public boolean equals(java.lang.Object o)
Overrides:
equals in class java.lang.Object

collectionsAreEqual

private boolean collectionsAreEqual(java.util.Collection coll1,
                                    java.util.Collection coll2)

equals

private boolean equals(java.lang.Object o1,
                       java.lang.Object o2)

stringifyIP

private java.lang.String stringifyIP(byte[] ip)
Stringifies an IPv4 or v6 address with subnet mask.

Parameters:
ip - The IP with subnet mask.
Returns:
The stringified IP address.

stringifyIPCollection

private java.lang.String stringifyIPCollection(java.util.Set ips)

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD