Package org.mozilla.jss.netscape.security.x509

Class NameConstraintsExtension

  • All Implemented Interfaces:
    java.io.Serializable, CertAttrSet
    public class NameConstraintsExtension
extends Extension
implements CertAttrSet
    This class defines the Name Constraints Extension.

    The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.

    The ASN.1 syntax for this is: 

     NameConstraints ::= SEQUENCE {
    permittedSubtrees [0]  GeneralSubtrees OPTIONAL,
    excludedSubtrees  [1]  GeneralSubtrees OPTIONAL
 }
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 GeneralSubtree ::== SEQUENCE {
    base                   GeneralName,
    minimum           [0]  BaseDistance DEFAULT 0,
    maximum           [1]  BaseDistance OPTIONAL }
 BaseDistance ::== INTEGER (0..MAX)
    See Also:
    Extension, CertAttrSet, Serialized Form

    • Field Detail

      • IDENT

        public static final java.lang.String IDENT
        Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.
        See Also:
        Constant Field Values

      • PERMITTED_SUBTREES

        public static final java.lang.String PERMITTED_SUBTREES
        See Also:
        Constant Field Values

      • EXCLUDED_SUBTREES

        public static final java.lang.String EXCLUDED_SUBTREES
        See Also:
        Constant Field Values

    • Constructor Detail

      • NameConstraintsExtension

        public NameConstraintsExtension​(GeneralSubtrees permitted,
                                GeneralSubtrees excluded)
                         throws java.io.IOException
        The default constructor for this class. Either parameter can be set to null to indicate it is omitted but both cannot be null.
        Parameters:
        permitted - the permitted GeneralSubtrees (null for optional).
        excluded - the excluded GeneralSubtrees (null for optional).
        Throws:
        java.io.IOException

      • NameConstraintsExtension

        public NameConstraintsExtension​(boolean critical,
                                GeneralSubtrees permitted,
                                GeneralSubtrees excluded)
                         throws java.io.IOException
        Throws:
        java.io.IOException

      • NameConstraintsExtension

        public NameConstraintsExtension​(java.lang.Boolean critical,
                                java.lang.Object value)
                         throws java.io.IOException
        Create the extension from the passed DER encoded value.
        Parameters:
        critical - true if the extension is to be treated as critical.
        value - Array of DER encoded bytes of the actual value.
        Throws:
        java.io.IOException - on error.

    • Method Detail

      • toString

        public java.lang.String toString()
        Return the printable string.
        Specified by:
        toString in interface CertAttrSet
        Overrides:
        toString in class Extension
        Returns:
        value of this certificate attribute in printable form.

      • toPrint

        public java.lang.String toPrint​(int indent)

      • decode

        public void decode​(java.io.InputStream in)
            throws java.io.IOException
        Decode the extension from the InputStream.
        Specified by:
        decode in interface CertAttrSet
        Parameters:
        in - the InputStream to unmarshal the contents from.
        Throws:
        java.io.IOException - on decoding or validity errors.

      • encode

        public void encode​(java.io.OutputStream out)
            throws java.io.IOException
        Write the extension to the OutputStream.
        Specified by:
        encode in interface CertAttrSet
        Parameters:
        out - the OutputStream to write the extension to.
        Throws:
        java.io.IOException - on encoding errors.

      • set

        public void set​(java.lang.String name,
                java.lang.Object obj)
         throws java.io.IOException
        Set the attribute value.
        Specified by:
        set in interface CertAttrSet
        Parameters:
        name - the name of the attribute (e.g. "x509.info.key")
        obj - the attribute object.
        Throws:
        java.io.IOException - on other errors.

      • get

        public java.lang.Object get​(java.lang.String name)
                     throws java.io.IOException
        Get the attribute value.
        Specified by:
        get in interface CertAttrSet
        Parameters:
        name - the name of the attribute to return.
        Throws:
        java.io.IOException - on other errors.

      • delete

        public void delete​(java.lang.String name)
            throws java.io.IOException
        Delete the attribute value.
        Specified by:
        delete in interface CertAttrSet
        Parameters:
        name - the name of the attribute to delete.
        Throws:
        java.io.IOException - on other errors.

      • getAttributeNames

        public java.util.Enumeration<java.lang.String> getAttributeNames()
        Return an enumeration of names of attributes existing within this attribute.
        Specified by:
        getAttributeNames in interface CertAttrSet
        Returns:
        an enumeration of the attribute names.

      • getName

        public java.lang.String getName()
        Return the name of this attribute.
        Specified by:
        getName in interface CertAttrSet
        Returns:
        the name of this CertAttrSet.