com.unboundid.util.ssl.cert.X509CertificateExtension Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of unboundid-ldapsdk Show documentation
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use Java API for communicating with LDAP directory servers and performing related tasks like reading and writing LDIF, encoding and decoding data using base64 and ASN.1 BER, and performing secure communication. This package contains the Standard Edition of the LDAP SDK, which is a complete, general-purpose library for communicating with LDAPv3 directory servers.
There is a newer version: 7.0.1
Show newest version
/*
 * Copyright 2017-2018 Ping Identity Corporation
 * All Rights Reserved.
 */
/*
 * Copyright (C) 2017-2018 Ping Identity Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.util.ssl.cert;



import java.io.Serializable;
import java.util.ArrayList;

import com.unboundid.asn1.ASN1Boolean;
import com.unboundid.asn1.ASN1Constants;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.util.Debug;
import com.unboundid.util.NotExtensible;
import com.unboundid.util.NotMutable;
import com.unboundid.util.OID;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;

import static com.unboundid.util.ssl.cert.CertMessages.*;



/**
 * This class represents a data structure that holds information about an X.509
 * certificate extension.
 */
@NotExtensible()
@NotMutable()
@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public class X509CertificateExtension
       implements Serializable
{
  /**
   * The serial version UID for this serializable class.
   */
  private static final long serialVersionUID = -4044598072050168580L;



  // Indicates whether this extension is considered critical.
  private final boolean isCritical;

  // The value for this extension.
  private final byte[] value;

  // The OID for this extension.
  private final OID oid;



  /**
   * Creates a new X.509 certificate extension that wraps the provided
   * extension.
   *
   * @param  extension  The extension to wrap.
   */
  protected X509CertificateExtension(final X509CertificateExtension extension)
  {
    oid = extension.oid;
    isCritical = extension.isCritical;
    value = extension.value;
  }



  /**
   * Creates a new X.509 certificate extension with the provided information.
   *
   * @param  oid         The OID for this extension.
   * @param  isCritical  Indicates whether this extension is considered
   *                     critical.
   * @param  value       The value for this extension.
   */
  public X509CertificateExtension(final OID oid, final boolean isCritical,
                                  final byte[] value)
  {
    this.oid = oid;
    this.isCritical = isCritical;
    this.value = value;
  }



  /**
   * Decodes the provided ASN.1 element as an X.509 certificate extension.
   *
   * @param  extensionElement  The ASN.1 element containing the encoded
   *                           extension.
   *
   * @return  The decoded extension.
   *
   * @throws  CertException  If a problem is encountered while attempting to
   *                         decode the extension.
   */
  static X509CertificateExtension decode(final ASN1Element extensionElement)
         throws CertException
  {
    final OID oid;
    final X509CertificateExtension extension;
    try
    {
      final ASN1Element[] elements =
           extensionElement.decodeAsSequence().elements();
      oid = elements[0].decodeAsObjectIdentifier().getOID();

      final boolean isCritical;
      final byte[] value;
      if (elements[1].getType() == ASN1Constants.UNIVERSAL_BOOLEAN_TYPE)
      {
        isCritical = elements[1].decodeAsBoolean().booleanValue();
        value = elements[2].decodeAsOctetString().getValue();
      }
      else
      {
        isCritical = false;
        value = elements[1].decodeAsOctetString().getValue();
      }

      extension = new X509CertificateExtension(oid, isCritical, value);
    }
    catch (final Exception e)
    {
      Debug.debugException(e);
      throw new CertException(
           ERR_EXTENSION_DECODE_ERROR.get(
                StaticUtils.getExceptionMessage(e)),
           e);
    }

    if (oid.equals(AuthorityKeyIdentifierExtension.
         AUTHORITY_KEY_IDENTIFIER_OID))
    {
      try
      {
        return new AuthorityKeyIdentifierExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(SubjectKeyIdentifierExtension.
         SUBJECT_KEY_IDENTIFIER_OID))
    {
      try
      {
        return new SubjectKeyIdentifierExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(KeyUsageExtension.KEY_USAGE_OID))
    {
      try
      {
        return new KeyUsageExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(SubjectAlternativeNameExtension.
         SUBJECT_ALTERNATIVE_NAME_OID))
    {
      try
      {
        return new SubjectAlternativeNameExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(IssuerAlternativeNameExtension.
         ISSUER_ALTERNATIVE_NAME_OID))
    {
      try
      {
        return new IssuerAlternativeNameExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(BasicConstraintsExtension.
         BASIC_CONSTRAINTS_OID))
    {
      try
      {
        return new BasicConstraintsExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(ExtendedKeyUsageExtension.
         EXTENDED_KEY_USAGE_OID))
    {
      try
      {
        return new ExtendedKeyUsageExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }
    else if (oid.equals(CRLDistributionPointsExtension.
         CRL_DISTRIBUTION_POINTS_OID))
    {
      try
      {
        return new CRLDistributionPointsExtension(extension);
      }
      catch (final Exception e)
      {
        Debug.debugException(e);
      }
    }

    return extension;
  }



  /**
   * Retrieves the OID for this extension.
   *
   * @return  The OID for this extension.
   */
  public final OID getOID()
  {
    return oid;
  }



  /**
   * Indicates whether this extension is considered critical.
   *
   * @return  {@code true} if this extension is considered critical, or
   *          {@code false} if not.
   */
  public final boolean isCritical()
  {
    return isCritical;
  }



  /**
   * Retrieves the value for this extension.
   *
   * @return  The value for this extension.
   */
  public final byte[] getValue()
  {
    return value;
  }



  /**
   * Encodes this extension to an ASN.1 element suitable for inclusion in an
   * encoded X.509 certificate.
   *
   * @return  The encoded representation of this extension.
   *
   * @throws  CertException  If a problem is encountered while encoding the
   *                         extension.
   */
  ASN1Sequence encode()
       throws CertException
  {
    try
    {
      final ArrayList elements = new ArrayList<>(3);
      elements.add(new ASN1ObjectIdentifier(oid));

      if (isCritical)
      {
        elements.add(ASN1Boolean.UNIVERSAL_BOOLEAN_TRUE_ELEMENT);
      }

      elements.add(new ASN1OctetString(value));
      return new ASN1Sequence(elements);
    }
    catch (final Exception e)
    {
      Debug.debugException(e);
      throw new CertException(
           ERR_EXTENSION_ENCODE_ERROR.get(toString(),
                StaticUtils.getExceptionMessage(e)),
           e);
    }
  }



  /**
   * Retrieves the name for this extension.
   *
   * @return  The name for this extension.
   */
  public String getExtensionName()
  {
    return oid.toString();
  }



  /**
   * Retrieves a string representation of this extension.
   *
   * @return  A string representation of this extension.
   */
  public final String toString()
  {
    final StringBuilder buffer = new StringBuilder();
    toString(buffer);
    return buffer.toString();
  }



  /**
   * Appends a string representation of this certificate extension to the
   * provided buffer.
   *
   * @param  buffer  The buffer to which the information should be appended.
   */
  public void toString(final StringBuilder buffer)
  {
    buffer.append("X509CertificateExtension(oid='");
    buffer.append(oid.toString());
    buffer.append("', isCritical=");
    buffer.append(isCritical);

    if (StaticUtils.isPrintableString(value))
    {
      buffer.append(", value='");
      buffer.append(StaticUtils.toUTF8String(value));
      buffer.append('\'');
    }
    else
    {
      buffer.append(", valueLength=");
      buffer.append(value.length);
    }

    buffer.append(')');
  }
}