public class ProxyAddressRestrictionData
extends org.bouncycastle.asn1.ASN1Object
iGTFProxyRestrictFrom ::= NameConstraints iGTFProxyRestrictTarget ::= NameConstraints NameConstraints::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..MAX) GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER } OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString }And in this class only the IPAddress as a IP address - netmask combination is supported.
Modifier and Type | Field and Description |
---|---|
private java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> |
excludedGeneralSubtrees |
private java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> |
permittedGeneralSubtrees |
static java.lang.String |
SOURCE_RESTRICTION_OID |
static java.lang.String |
TARGET_RESTRICTION_OID |
Constructor and Description |
---|
ProxyAddressRestrictionData()
Constructor to generate an empty ProxyRestrictionData object for
creating new restrictions.
|
ProxyAddressRestrictionData(byte[] bytes)
Parses the restriction data from byte array.
|
Modifier and Type | Method and Description |
---|---|
void |
addExcludedIPAddressWithNetmask(java.lang.String address)
Adds a new excluded IP addressSpace to the data structure.
|
void |
addPermittedIPAddressWithNetmask(java.lang.String address)
Adds a new permitted IP addressSpace to the data structure.
|
private static void |
addTaggedSequenceOfSubtrees(int tagNo,
java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> subtrees,
org.bouncycastle.asn1.ASN1EncodableVector asn1Vector)
Adds, with the given tag, a DER sequence object that contains the
GeneralSubtree objects into the ASN1Vector.
|
static java.lang.String |
convert2sr(byte[] src) |
static java.lang.String[] |
convert2strings(byte[][] src) |
private static void |
copyCondSequenceToVector(org.bouncycastle.asn1.DERSequence subSeq,
java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> vector)
This method copies the contents of a generalSubtrees sequence into
the given vector.
|
java.lang.String[] |
getExcludedAddresses() |
static ProxyAddressRestrictionData |
getInstance(java.security.cert.X509Certificate certificate,
boolean source)
Creates an instance of the extension of the given type from a certificate.
|
byte[][][] |
getIPSpaces()
Returns a Vector of Vectors of IP address spaces as defined in rfc
4632.
|
java.lang.String[] |
getPermittedAddresses() |
private static byte[][] |
subtreesIntoArray(java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> subtrees)
Generates a string array of IP address spaces from a list of
GeneralSubtrees.
|
org.bouncycastle.asn1.ASN1Primitive |
toASN1Primitive()
Returns the NameConstraints structure of the restrictions.
|
public static final java.lang.String SOURCE_RESTRICTION_OID
public static final java.lang.String TARGET_RESTRICTION_OID
private java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> permittedGeneralSubtrees
private java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> excludedGeneralSubtrees
public ProxyAddressRestrictionData(byte[] bytes) throws java.io.IOException
bytes
- The byte array to parse.java.io.IOException
- In case there is a problem parsing the structure.public ProxyAddressRestrictionData()
public static ProxyAddressRestrictionData getInstance(java.security.cert.X509Certificate certificate, boolean source) throws java.io.IOException
certificate
- certificatesource
- whether to create object representing the source restriction (if true) or target (if value is false).java.io.IOException
- IO exceptionprivate static void copyCondSequenceToVector(org.bouncycastle.asn1.DERSequence subSeq, java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> vector)
subSeq
- the subsequence to copy.vector
- The target to copy the parsed GeneralSubtree objects.public void addPermittedIPAddressWithNetmask(java.lang.String address)
address
- The address space to add to the allowed ip address
space. Example of the format: 192.168.0.0/16. Which
equals a 192.168.0.0 with a net mask 255.255.0.0. A
single IP address can be defined as
xxx.xxx.xxx.xxx/32. public void addExcludedIPAddressWithNetmask(java.lang.String address)
address
- The address space to add to the allowed ip address
space. Example of the format: 192.168.0.0/16. Which
equals a 192.168.0.0 with a net mask 255.255.0.0. A
single IP address can be defined as
xxx.xxx.xxx.xxx/32. public org.bouncycastle.asn1.ASN1Primitive toASN1Primitive()
toASN1Primitive
in interface org.bouncycastle.asn1.ASN1Encodable
toASN1Primitive
in class org.bouncycastle.asn1.ASN1Object
private static void addTaggedSequenceOfSubtrees(int tagNo, java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> subtrees, org.bouncycastle.asn1.ASN1EncodableVector asn1Vector)
tagNo
- The tag to tag the object.subtrees
- The Vector of GeneralSubtree objects. Null will throw
NullPointerException. An empty Vector will not be
added.asn1Vector
- The vector to add the subtrees sequence with the given
tag.public byte[][][] getIPSpaces()
addExcludedIPAddressWithNetmask(String)
public java.lang.String[] getPermittedAddresses()
public java.lang.String[] getExcludedAddresses()
private static byte[][] subtreesIntoArray(java.util.List<org.bouncycastle.asn1.x509.GeneralSubtree> subtrees)
subtrees
- The list of GeneralSubtrees to parse. Null as input
will return null.public static java.lang.String convert2sr(byte[] src)
public static java.lang.String[] convert2strings(byte[][] src)