--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,381 @@
+/*
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.x509;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.security.cert.CertificateException;
+import java.util.*;
+
+import sun.security.util.HexDumpEncoder;
+
+import sun.security.util.*;
+
+/**
+ * This class defines the Extensions attribute for the Certificate.
+ *
+ * @author Amit Kapoor
+ * @author Hemma Prafullchandra
+ * @see CertAttrSet
+ */
+public class CertificateExtensions implements CertAttrSet<Extension> {
+ /**
+ * Identifier for this attribute, to be used with the
+ * get, set, delete methods of Certificate, x509 type.
+ */
+ public static final String IDENT = "x509.info.extensions";
+ /**
+ * name
+ */
+ public static final String NAME = "extensions";
+
+ private static final Debug debug = Debug.getInstance("x509");
+
+ private Map<String,Extension> map = Collections.synchronizedMap(
+ new TreeMap<String,Extension>());
+ private boolean unsupportedCritExt = false;
+
+ private Map<String,Extension> unparseableExtensions;
+
+ /**
+ * Default constructor.
+ */
+ public CertificateExtensions() { }
+
+ /**
+ * Create the object, decoding the values from the passed DER stream.
+ *
+ * @param in the DerInputStream to read the Extension from.
+ * @exception IOException on decoding errors.
+ */
+ public CertificateExtensions(DerInputStream in) throws IOException {
+ init(in);
+ }
+
+ // helper routine
+ private void init(DerInputStream in) throws IOException {
+
+ DerValue[] exts = in.getSequence(5);
+
+ for (int i = 0; i < exts.length; i++) {
+ Extension ext = new Extension(exts[i]);
+ parseExtension(ext);
+ }
+ }
+
+ private static Class<?>[] PARAMS = {Boolean.class, Object.class};
+
+ // Parse the encoded extension
+ private void parseExtension(Extension ext) throws IOException {
+ try {
+ Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
+ if (extClass == null) { // Unsupported extension
+ if (ext.isCritical()) {
+ unsupportedCritExt = true;
+ }
+ if (map.put(ext.getExtensionId().toString(), ext) == null) {
+ return;
+ } else {
+ throw new IOException("Duplicate extensions not allowed");
+ }
+ }
+ Constructor<?> cons = extClass.getConstructor(PARAMS);
+
+ Object[] passed = new Object[] {Boolean.valueOf(ext.isCritical()),
+ ext.getExtensionValue()};
+ CertAttrSet<?> certExt = (CertAttrSet<?>)
+ cons.newInstance(passed);
+ if (map.put(certExt.getName(), (Extension)certExt) != null) {
+ throw new IOException("Duplicate extensions not allowed");
+ }
+ } catch (InvocationTargetException invk) {
+ Throwable e = invk.getTargetException();
+ if (ext.isCritical() == false) {
+ // ignore errors parsing non-critical extensions
+ if (unparseableExtensions == null) {
+ unparseableExtensions = new TreeMap<String,Extension>();
+ }
+ unparseableExtensions.put(ext.getExtensionId().toString(),
+ new UnparseableExtension(ext, e));
+ if (debug != null) {
+ debug.println("Error parsing extension: " + ext);
+ e.printStackTrace();
+ HexDumpEncoder h = new HexDumpEncoder();
+ System.err.println(h.encodeBuffer(ext.getExtensionValue()));
+ }
+ return;
+ }
+ if (e instanceof IOException) {
+ throw (IOException)e;
+ } else {
+ throw new IOException(e);
+ }
+ } catch (IOException e) {
+ throw e;
+ } catch (Exception e) {
+ throw new IOException(e);
+ }
+ }
+
+ /**
+ * Encode the extensions in DER form to the stream, setting
+ * the context specific tag as needed in the X.509 v3 certificate.
+ *
+ * @param out the DerOutputStream to marshal the contents to.
+ * @exception CertificateException on encoding errors.
+ * @exception IOException on errors.
+ */
+ public void encode(OutputStream out)
+ throws CertificateException, IOException {
+ encode(out, false);
+ }
+
+ /**
+ * Encode the extensions in DER form to the stream.
+ *
+ * @param out the DerOutputStream to marshal the contents to.
+ * @param isCertReq if true then no context specific tag is added.
+ * @exception CertificateException on encoding errors.
+ * @exception IOException on errors.
+ */
+ public void encode(OutputStream out, boolean isCertReq)
+ throws CertificateException, IOException {
+ DerOutputStream extOut = new DerOutputStream();
+ Collection<Extension> allExts = map.values();
+ Object[] objs = allExts.toArray();
+
+ for (int i = 0; i < objs.length; i++) {
+ if (objs[i] instanceof CertAttrSet)
+ ((CertAttrSet)objs[i]).encode(extOut);
+ else if (objs[i] instanceof Extension)
+ ((Extension)objs[i]).encode(extOut);
+ else
+ throw new CertificateException("Illegal extension object");
+ }
+
+ DerOutputStream seq = new DerOutputStream();
+ seq.write(DerValue.tag_Sequence, extOut);
+
+ DerOutputStream tmp;
+ if (!isCertReq) { // certificate
+ tmp = new DerOutputStream();
+ tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)3),
+ seq);
+ } else
+ tmp = seq; // pkcs#10 certificateRequest
+
+ out.write(tmp.toByteArray());
+ }
+
+ /**
+ * Set the attribute value.
+ * @param name the extension name used in the cache.
+ * @param obj the object to set.
+ * @exception IOException if the object could not be cached.
+ */
+ public void set(String name, Object obj) throws IOException {
+ if (obj instanceof Extension) {
+ map.put(name, (Extension)obj);
+ } else {
+ throw new IOException("Unknown extension type.");
+ }
+ }
+
+ /**
+ * Get the attribute value.
+ * @param name the extension name used in the lookup.
+ * @exception IOException if named extension is not found.
+ */
+ public Extension get(String name) throws IOException {
+ Extension obj = map.get(name);
+ if (obj == null) {
+ throw new IOException("No extension found with name " + name);
+ }
+ return (obj);
+ }
+
+ // Similar to get(String), but throw no exception, might return null.
+ // Used in X509CertImpl::getExtension(OID).
+ Extension getExtension(String name) {
+ return map.get(name);
+ }
+
+ /**
+ * Delete the attribute value.
+ * @param name the extension name used in the lookup.
+ * @exception IOException if named extension is not found.
+ */
+ public void delete(String name) throws IOException {
+ Object obj = map.get(name);
+ if (obj == null) {
+ throw new IOException("No extension found with name " + name);
+ }
+ map.remove(name);
+ }
+
+ public String getNameByOid(ObjectIdentifier oid) throws IOException {
+ for (String name: map.keySet()) {
+ if (map.get(name).getExtensionId().equals(oid)) {
+ return name;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Return an enumeration of names of attributes existing within this
+ * attribute.
+ */
+ public Enumeration<Extension> getElements() {
+ return Collections.enumeration(map.values());
+ }
+
+ /**
+ * Return a collection view of the extensions.
+ * @return a collection view of the extensions in this Certificate.
+ */
+ public Collection<Extension> getAllExtensions() {
+ return map.values();
+ }
+
+ public Map<String,Extension> getUnparseableExtensions() {
+ if (unparseableExtensions == null) {
+ return Collections.emptyMap();
+ } else {
+ return unparseableExtensions;
+ }
+ }
+
+ /**
+ * Return the name of this attribute.
+ */
+ public String getName() {
+ return NAME;
+ }
+
+ /**
+ * Return true if a critical extension is found that is
+ * not supported, otherwise return false.
+ */
+ public boolean hasUnsupportedCriticalExtension() {
+ return unsupportedCritExt;
+ }
+
+ /**
+ * Compares this CertificateExtensions for equality with the specified
+ * object. If the {@code other} object is an
+ * {@code instanceof} {@code CertificateExtensions}, then
+ * all the entries are compared with the entries from this.
+ *
+ * @param other the object to test for equality with this
+ * CertificateExtensions.
+ * @return true iff all the entries match that of the Other,
+ * false otherwise.
+ */
+ public boolean equals(Object other) {
+ if (this == other)
+ return true;
+ if (!(other instanceof CertificateExtensions))
+ return false;
+ Collection<Extension> otherC =
+ ((CertificateExtensions)other).getAllExtensions();
+ Object[] objs = otherC.toArray();
+
+ int len = objs.length;
+ if (len != map.size())
+ return false;
+
+ Extension otherExt, thisExt;
+ String key = null;
+ for (int i = 0; i < len; i++) {
+ if (objs[i] instanceof CertAttrSet)
+ key = ((CertAttrSet)objs[i]).getName();
+ otherExt = (Extension)objs[i];
+ if (key == null)
+ key = otherExt.getExtensionId().toString();
+ thisExt = map.get(key);
+ if (thisExt == null)
+ return false;
+ if (! thisExt.equals(otherExt))
+ return false;
+ }
+ return this.getUnparseableExtensions().equals(
+ ((CertificateExtensions)other).getUnparseableExtensions());
+ }
+
+ /**
+ * Returns a hashcode value for this CertificateExtensions.
+ *
+ * @return the hashcode value.
+ */
+ public int hashCode() {
+ return map.hashCode() + getUnparseableExtensions().hashCode();
+ }
+
+ /**
+ * Returns a string representation of this {@code CertificateExtensions}
+ * object in the form of a set of entries, enclosed in braces and separated
+ * by the ASCII characters "<code>, </code>" (comma and space).
+ * <p>Overrides to {@code toString} method of {@code Object}.
+ *
+ * @return a string representation of this CertificateExtensions.
+ */
+ public String toString() {
+ return map.toString();
+ }
+
+}
+
+class UnparseableExtension extends Extension {
+ private String name;
+ private Throwable why;
+
+ public UnparseableExtension(Extension ext, Throwable why) {
+ super(ext);
+
+ name = "";
+ try {
+ Class<?> extClass = OIDMap.getClass(ext.getExtensionId());
+ if (extClass != null) {
+ Field field = extClass.getDeclaredField("NAME");
+ name = (String)(field.get(null)) + " ";
+ }
+ } catch (Exception e) {
+ // If we cannot find the name, just ignore it
+ }
+
+ this.why = why;
+ }
+
+ @Override public String toString() {
+ return super.toString() +
+ "Unparseable " + name + "extension due to\n" + why + "\n\n" +
+ new HexDumpEncoder().encodeBuffer(getExtensionValue());
+ }
+}