Package org.apache.harmony.security.x509

Class NameConstraints

java.lang.Object

org.apache.harmony.security.x509.ExtensionValue

org.apache.harmony.security.x509.NameConstraints

public final class NameConstraints
extends ExtensionValue

The class encapsulates the ASN.1 DER encoding/decoding work with the following structure which is a part of X.509 certificate (as specified in RFC 3280 - Internet X.509 Public Key Infrastructure. Certificate and Certificate Revocation List (CRL) Profile. http://www.ietf.org/rfc/rfc3280.txt):

   NameConstraints ::= SEQUENCE {
        permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
        excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }

   GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

 

See Also:

GeneralSubtree, GeneralName

Field Summary

Fields

Modifier and Type	Field	Description
static ASN1Sequence	ASN1	X.509 NameConstraints encoder/decoder.

Constructor Summary

Constructors

Constructor	Description
NameConstraints(GeneralSubtrees permittedSubtrees, GeneralSubtrees excludedSubtrees)	Constructs NameConstrains object

Method Summary

Modifier and Type	Method	Description
static NameConstraints	decode(byte[] encoding)
void	dumpValue(StringBuilder sb, String prefix)
byte[]	getEncoded()	Returns encoded form of the object.
boolean	isAcceptable(X509Certificate cert)	Apply the name restrictions specified by this NameConstraints instance to the subject distinguished name and subject alternative names of specified X509Certificate.
boolean	isAcceptable(List<GeneralName> names)	Check if this list of names is acceptable according to this NameConstraints object.

Methods inherited from class org.apache.harmony.security.x509.ExtensionValue

dumpValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ASN1

public static final ASN1Sequence ASN1

X.509 NameConstraints encoder/decoder.

Constructor Details

NameConstraints

public NameConstraints(GeneralSubtrees permittedSubtrees,
GeneralSubtrees excludedSubtrees)

Constructs NameConstrains object

Method Details

decode

public static NameConstraints decode(byte[] encoding)
                              throws IOException

Throws:

IOException

getEncoded

public byte[] getEncoded()

Description copied from class: ExtensionValue

Returns encoded form of the object.

Overrides:

getEncoded in class ExtensionValue

isAcceptable

public boolean isAcceptable(X509Certificate cert)

Apply the name restrictions specified by this NameConstraints instance to the subject distinguished name and subject alternative names of specified X509Certificate. Restrictions apply only if specified name form is present in the certificate. The restrictions are applied according the RFC 3280 (see 4.2.1.11 Name Constraints), excepting that restrictions are applied and to CA certificates, and to certificates which issuer and subject names the same (i.e. method does not check if it CA's certificate or not, or if the names differ or not. This check if it is needed should be done by caller before calling this method).

Parameters:

cert - X.509 Certificate to be checked.

Returns:

true if the certificate is acceptable according these NameConstraints restrictions

isAcceptable

public boolean isAcceptable(List<GeneralName> names)

Check if this list of names is acceptable according to this NameConstraints object.

dumpValue

public void dumpValue(StringBuilder sb,
String prefix)

Overrides:

dumpValue in class ExtensionValue