/*

 * Copyright 2003-2006 Sun Microsystems, Inc.  All Rights Reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Sun designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Sun in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

 * CA 95054 USA or visit www.sun.com if you need additional information or

 * have any questions.

 */

package sun.security.x509;

import java.io.IOException;

import java.io.OutputStream;

import java.util.Enumeration;

import sun.security.util.DerValue;

import sun.security.util.DerOutputStream;

/**

 * Represents the CRL Certificate Issuer Extension (OID = 2.5.29.29).

 * <p>

 * The CRL certificate issuer extension identifies the certificate issuer

 * associated with an entry in an indirect CRL, i.e. a CRL that has the

 * indirectCRL indicator set in its issuing distribution point extension. If

 * this extension is not present on the first entry in an indirect CRL, the

 * certificate issuer defaults to the CRL issuer. On subsequent entries

 * in an indirect CRL, if this extension is not present, the certificate

 * issuer for the entry is the same as that for the preceding entry.

 * <p>

 * If used by conforming CRL issuers, this extension is always

 * critical.  If an implementation ignored this extension it could not

 * correctly attribute CRL entries to certificates.  PKIX (RFC 3280)

 * RECOMMENDS that implementations recognize this extension.

 * <p>

 * The ASN.1 definition for this is:

 * <pre>

 * id-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-ce 29 }

 *

 * certificateIssuer ::=     GeneralNames

 * </pre>

 *

 * @author Anne Anderson

 * @author Sean Mullan

 * @since 1.5

 * @see Extension

 * @see CertAttrSet

 */

public class CertificateIssuerExtension extends Extension

    implements CertAttrSet<String> {

    /**

     * Attribute names.

     */

    public static final String NAME = "CertificateIssuer";

    public static final String ISSUER = "issuer";

    private GeneralNames names;

    /**

     * Encode this extension

     */

    private void encodeThis() throws IOException {

        if (names == null || names.isEmpty()) {

            this.extensionValue = null;

            return;

        }

        DerOutputStream os = new DerOutputStream();

        names.encode(os);

        this.extensionValue = os.toByteArray();

    }

    /**

     * Create a CertificateIssuerExtension containing the specified issuer name.

     * Criticality is automatically set to true.

     *

     * @param issuer the certificate issuer

     * @throws IOException on error

     */

    public CertificateIssuerExtension(GeneralNames issuer) throws IOException {

        this.extensionId = PKIXExtensions.CertificateIssuer_Id;

        this.critical = true;

        this.names = issuer;

        encodeThis();

    }

    /**

     * Create a CertificateIssuerExtension from the specified DER encoded

     * value of the same.

     *

     * @param critical true if the extension is to be treated as critical.

     * @param value an array of DER encoded bytes of the actual value

     * @throws ClassCastException if value is not an array of bytes

     * @throws IOException on error

     */

    public CertificateIssuerExtension(Boolean critical, Object value)

        throws IOException {

        this.extensionId = PKIXExtensions.CertificateIssuer_Id;

        this.critical = critical.booleanValue();

        this.extensionValue = (byte[]) value;

        DerValue val = new DerValue(this.extensionValue);

        this.names = new GeneralNames(val);

    }

    /**

     * Set the attribute value.

     *

     * @throws IOException on error

     */

    public void set(String name, Object obj) throws IOException {

        if (name.equalsIgnoreCase(ISSUER)) {

            if (!(obj instanceof GeneralNames)) {

                throw new IOException("Attribute value must be of type " +

                    "GeneralNames");

            }

            this.names = (GeneralNames)obj;

        } else {

            throw new IOException("Attribute name not recognized by " +

                "CertAttrSet:CertificateIssuer");

        }

        encodeThis();

    }

    /**

     * Gets the attribute value.

     *

     * @throws IOException on error

     */

    public Object get(String name) throws IOException {

        if (name.equalsIgnoreCase(ISSUER)) {

            return names;

        } else {

            throw new IOException("Attribute name not recognized by " +

                "CertAttrSet:CertificateIssuer");

        }

    }

    /**

     * Deletes the attribute value.

     *

     * @throws IOException on error

     */

    public void delete(String name) throws IOException {

        if (name.equalsIgnoreCase(ISSUER)) {

            names = null;

        } else {

            throw new IOException("Attribute name not recognized by " +

                "CertAttrSet:CertificateIssuer");

        }

        encodeThis();

    }

    /**

     * Returns a printable representation of the certificate issuer.

     */

    public String toString() {

        return super.toString() + "Certificate Issuer [\n" +

            String.valueOf(names) + "]\n";

    }

    /**

     * Write the extension to the OutputStream.

     *

     * @param out the OutputStream to write the extension to

     * @exception IOException on encoding errors

     */

    public void encode(OutputStream out) throws IOException {

        DerOutputStream  tmp = new DerOutputStream();

        if (extensionValue == null) {

            extensionId = PKIXExtensions.CertificateIssuer_Id;

            critical = true;

            encodeThis();

        }

        super.encode(tmp);

        out.write(tmp.toByteArray());

    }

    /**

     * Return an enumeration of names of attributes existing within this

     * attribute.

     */

    public Enumeration<String> getElements() {

        AttributeNameEnumeration elements = new AttributeNameEnumeration();

        elements.addElement(ISSUER);

        return elements.elements();

    }

    /**

     * Return the name of this attribute.

     */

    public String getName() {

        return NAME;

    }

}