All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.unboundid.util.ssl.cert.ExtendedKeyUsageExtension Maven / Gradle / Ivy

/*
 * Copyright 2017-2024 Ping Identity Corporation
 * All Rights Reserved.
 */
/*
 * Copyright 2017-2024 Ping Identity Corporation
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/*
 * Copyright (C) 2017-2024 Ping Identity Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.util.ssl.cert;



import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;

import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1ObjectIdentifier;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.OID;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;

import static com.unboundid.util.ssl.cert.CertMessages.*;



/**
 * This class provides an implementation of the extended key usage X.509
 * certificate extension as described in
 * RFC 5280 section 4.2.1.12.
 * This can be used to provide an extensible list of OIDs that identify ways
 * that a certificate is intended to be used.
 * 

* The OID for this extension is 2.5.29.37 and the value has the following * encoding: *
 *   ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
 *
 *   KeyPurposeId ::= OBJECT IDENTIFIER
 * 
* * @see ExtendedKeyUsageID */ @NotMutable() @ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) public final class ExtendedKeyUsageExtension extends X509CertificateExtension { /** * The OID (2.5.29.37) for extended key usage extensions. */ @NotNull public static final OID EXTENDED_KEY_USAGE_OID = new OID("2.5.29.37"); /** * The serial version UID for this serializable class. */ private static final long serialVersionUID = -8208115548961483723L; // The set of key purpose IDs included in this extension. @NotNull private final Set keyPurposeIDs; /** * Creates a new extended key usage extension with the provided set of key * purpose IDs. * * @param isCritical Indicates whether this extension should be * considered critical. * @param keyPurposeIDs The set of key purpose IDs included in this * extension. It must not be {@code null}. * * @throws CertException If a problem is encountered while encoding the * value for this extension. */ ExtendedKeyUsageExtension(final boolean isCritical, @NotNull final List keyPurposeIDs) throws CertException { super(EXTENDED_KEY_USAGE_OID, isCritical, encodeValue(keyPurposeIDs)); this.keyPurposeIDs = Collections.unmodifiableSet(new LinkedHashSet<>(keyPurposeIDs)); } /** * Creates a new extended key usage extension from the provided generic * extension. * * @param extension The extension to decode as an extended key usage * extension. * * @throws CertException If the provided extension cannot be decoded as an * extended key usage extension. */ ExtendedKeyUsageExtension(@NotNull final X509CertificateExtension extension) throws CertException { super(extension); try { final ASN1Element[] elements = ASN1Sequence.decodeAsSequence(extension.getValue()).elements(); final LinkedHashSet ids = new LinkedHashSet<>(StaticUtils.computeMapCapacity(elements.length)); for (final ASN1Element e : elements) { ids.add(e.decodeAsObjectIdentifier().getOID()); } keyPurposeIDs = Collections.unmodifiableSet(ids); } catch (final Exception e) { Debug.debugException(e); throw new CertException( ERR_EXTENDED_KEY_USAGE_EXTENSION_CANNOT_PARSE.get( String.valueOf(extension), StaticUtils.getExceptionMessage(e)), e); } } /** * Encodes the provided information for use as the value of this extension. * * @param keyPurposeIDs The set of key purpose IDs included in this * extension. It must not be {@code null}. * * @return The encoded value for this extension. * * @throws CertException If a problem is encountered while encoding the * value. */ @NotNull() private static byte[] encodeValue(@NotNull final List keyPurposeIDs) throws CertException { try { final ArrayList elements = new ArrayList<>(keyPurposeIDs.size()); for (final OID oid : keyPurposeIDs) { elements.add(new ASN1ObjectIdentifier(oid)); } return new ASN1Sequence(elements).encode(); } catch (final Exception e) { Debug.debugException(e); throw new CertException( ERR_EXTENDED_KEY_USAGE_EXTENSION_CANNOT_ENCODE.get( String.valueOf(keyPurposeIDs), StaticUtils.getExceptionMessage(e)), e); } } /** * Retrieves the OIDs of the key purpose values contained in this extension. * Some, all, or none of the OIDs contained in this extension may correspond * to values in the {@link ExtendedKeyUsageID} enumeration. * * @return The OIDs of the key purpose values contained in this extension. */ @NotNull() public Set getKeyPurposeIDs() { return keyPurposeIDs; } /** * {@inheritDoc} */ @Override() @NotNull() public String getExtensionName() { return INFO_EXTENDED_KEY_USAGE_EXTENSION_NAME.get(); } /** * {@inheritDoc} */ @Override() public void toString(@NotNull final StringBuilder buffer) { buffer.append("ExtendedKeyUsageExtension(oid='"); buffer.append(getOID()); buffer.append("', isCritical="); buffer.append(isCritical()); buffer.append(", keyPurposeIDs={"); final Iterator oidIterator = keyPurposeIDs.iterator(); while (oidIterator.hasNext()) { buffer.append('\''); buffer.append(ExtendedKeyUsageID.getNameOrOID(oidIterator.next())); buffer.append('\''); if (oidIterator.hasNext()) { buffer.append(", "); } } buffer.append("})"); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy