001/* 002 * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. 003 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 004 * 005 * This code is free software; you can redistribute it and/or modify it 006 * under the terms of the GNU General Public License version 2 only, as 007 * published by the Free Software Foundation. Oracle designates this 008 * particular file as subject to the "Classpath" exception as provided 009 * by Oracle in the LICENSE file that accompanied this code. 010 * 011 * This code is distributed in the hope that it will be useful, but WITHOUT 012 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 013 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 014 * version 2 for more details (a copy is included in the LICENSE file that 015 * accompanied this code). 016 * 017 * You should have received a copy of the GNU General Public License version 018 * 2 along with this work; if not, write to the Free Software Foundation, 019 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 020 * 021 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 022 * or visit www.oracle.com if you need additional information or have any 023 * questions. 024 */ 025package org.openstreetmap.josm.io.remotecontrol; 026 027import java.io.IOException; 028import java.util.Locale; 029 030import sun.security.util.DerOutputStream; 031import sun.security.x509.GeneralNameInterface; 032 033/** 034 * This class implements the DNSName as required by the GeneralNames 035 * ASN.1 object. 036 * <p> 037 * [RFC2459] When the subjectAltName extension contains a domain name service 038 * label, the domain name MUST be stored in the dNSName (an IA5String). 039 * The name MUST be in the "preferred name syntax," as specified by RFC 040 * 1034 [RFC 1034]. Note that while upper and lower case letters are 041 * allowed in domain names, no signifigance is attached to the case. In 042 * addition, while the string " " is a legal domain name, subjectAltName 043 * extensions with a dNSName " " are not permitted. Finally, the use of 044 * the DNS representation for Internet mail addresses (wpolk.nist.gov 045 * instead of wpolk@nist.gov) is not permitted; such identities are to 046 * be encoded as rfc822Name. 047 * 048 * This class has been copied from OpenJDK7u repository and modified 049 * in order to fix Java bug 8016345: 050 * https://bugs.openjdk.java.net/browse/JDK-8016345 051 * 052 * It can be deleted after a migration to a Java release fixing this bug. 053 * <p> 054 * @author Amit Kapoor 055 * @author Hemma Prafullchandra 056 * @author JOSM developers 057 * @since 7347 058 */ 059public class DNSName implements GeneralNameInterface { 060 private final String name; 061 062 private static final String alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 063 private static final String digitsAndHyphen = "0123456789-"; 064 private static final String alphaDigitsAndHyphen = alpha + digitsAndHyphen; 065 066 /** 067 * Create the DNSName object with the specified name. 068 * 069 * @param name the DNSName. 070 * @throws IOException if the name is not a valid DNSName subjectAltName 071 */ 072 public DNSName(String name) throws IOException { 073 if (name == null || name.length() == 0) 074 throw new IOException("DNS name must not be null"); 075 if (name.indexOf(' ') != -1) 076 throw new IOException("DNS names or NameConstraints with blank components are not permitted"); 077 if (name.charAt(0) == '.' || name.charAt(name.length() -1) == '.') 078 throw new IOException("DNS names or NameConstraints may not begin or end with a ."); 079 //Name will consist of label components separated by "." 080 //startIndex is the index of the first character of a component 081 //endIndex is the index of the last character of a component plus 1 082 for (int endIndex,startIndex=0; startIndex < name.length(); startIndex = endIndex+1) { 083 endIndex = name.indexOf('.', startIndex); 084 if (endIndex < 0) { 085 endIndex = name.length(); 086 } 087 if ((endIndex-startIndex) < 1) 088 throw new IOException("DNSName SubjectAltNames with empty components are not permitted"); 089 090 //nonStartIndex: index for characters in the component beyond the first one 091 for (int nonStartIndex=startIndex+1; nonStartIndex < endIndex; nonStartIndex++) { 092 char x = name.charAt(nonStartIndex); 093 if ((alphaDigitsAndHyphen).indexOf(x) < 0) 094 throw new IOException("DNSName components must consist of letters, digits, and hyphens"); 095 } 096 } 097 this.name = name; 098 } 099 100 /** 101 * Return the type of the GeneralName. 102 */ 103 @Override 104 public int getType() { 105 return GeneralNameInterface.NAME_DNS; 106 } 107 108 /** 109 * Return the actual name value of the GeneralName. 110 * @return the actual name value of the GeneralName 111 */ 112 public String getName() { 113 return name; 114 } 115 116 /** 117 * Encode the DNS name into the DerOutputStream. 118 * 119 * @param out the DER stream to encode the DNSName to. 120 * @exception IOException on encoding errors. 121 */ 122 @Override 123 public void encode(DerOutputStream out) throws IOException { 124 out.putIA5String(name); 125 } 126 127 /** 128 * Convert the name into user readable string. 129 */ 130 @Override 131 public String toString() { 132 return "DNSName: " + name; 133 } 134 135 /** 136 * Compares this name with another, for equality. 137 * 138 * @return true iff the names are equivalent 139 * according to RFC2459. 140 */ 141 @Override 142 public boolean equals(Object obj) { 143 if (this == obj) 144 return true; 145 146 if (!(obj instanceof DNSName)) 147 return false; 148 149 DNSName other = (DNSName)obj; 150 151 // RFC2459 mandates that these names are 152 // not case-sensitive 153 return name.equalsIgnoreCase(other.name); 154 } 155 156 /** 157 * Returns the hash code value for this object. 158 * 159 * @return a hash code value for this object. 160 */ 161 @Override 162 public int hashCode() { 163 return name.toUpperCase().hashCode(); 164 } 165 166 /** 167 * Return type of constraint inputName places on this name:<ul> 168 * <li>NAME_DIFF_TYPE = -1: input name is different type from name (i.e. does not constrain). 169 * <li>NAME_MATCH = 0: input name matches name. 170 * <li>NAME_NARROWS = 1: input name narrows name (is lower in the naming subtree) 171 * <li>NAME_WIDENS = 2: input name widens name (is higher in the naming subtree) 172 * <li>NAME_SAME_TYPE = 3: input name does not match or narrow name, but is same type. 173 * </ul>. These results are used in checking NameConstraints during 174 * certification path verification. 175 * <p> 176 * RFC2459: DNS name restrictions are expressed as foo.bar.com. Any subdomain 177 * satisfies the name constraint. For example, www.foo.bar.com would 178 * satisfy the constraint but bigfoo.bar.com would not. 179 * <p> 180 * draft-ietf-pkix-new-part1-00.txt: DNS name restrictions are expressed as foo.bar.com. 181 * Any DNS name that 182 * can be constructed by simply adding to the left hand side of the name 183 * satisfies the name constraint. For example, www.foo.bar.com would 184 * satisfy the constraint but foo1.bar.com would not. 185 * <p> 186 * RFC1034: By convention, domain names can be stored with arbitrary case, but 187 * domain name comparisons for all present domain functions are done in a 188 * case-insensitive manner, assuming an ASCII character set, and a high 189 * order zero bit. 190 * <p> 191 * @param inputName to be checked for being constrained 192 * @return constraint type above 193 * @throws UnsupportedOperationException if name is not exact match, but narrowing and widening are 194 * not supported for this name type. 195 */ 196 @Override 197 public int constrains(GeneralNameInterface inputName) { 198 int constraintType; 199 if (inputName == null) 200 constraintType = NAME_DIFF_TYPE; 201 else if (inputName.getType() != NAME_DNS) 202 constraintType = NAME_DIFF_TYPE; 203 else { 204 String inName = 205 (((DNSName)inputName).getName()).toLowerCase(Locale.ENGLISH); 206 String thisName = name.toLowerCase(Locale.ENGLISH); 207 if (inName.equals(thisName)) 208 constraintType = NAME_MATCH; 209 else if (thisName.endsWith(inName)) { 210 int inNdx = thisName.lastIndexOf(inName); 211 if (thisName.charAt(inNdx-1) == '.' ) 212 constraintType = NAME_WIDENS; 213 else 214 constraintType = NAME_SAME_TYPE; 215 } else if (inName.endsWith(thisName)) { 216 int ndx = inName.lastIndexOf(thisName); 217 if (inName.charAt(ndx-1) == '.' ) 218 constraintType = NAME_NARROWS; 219 else 220 constraintType = NAME_SAME_TYPE; 221 } else { 222 constraintType = NAME_SAME_TYPE; 223 } 224 } 225 return constraintType; 226 } 227 228 /** 229 * Return subtree depth of this name for purposes of determining 230 * NameConstraints minimum and maximum bounds and for calculating 231 * path lengths in name subtrees. 232 * 233 * @return distance of name from root 234 * @throws UnsupportedOperationException if not supported for this name type 235 */ 236 @Override 237 public int subtreeDepth() { 238 String subtree=name; 239 int i=1; 240 241 /* count dots */ 242 for (; subtree.lastIndexOf('.') >= 0; i++) { 243 subtree=subtree.substring(0,subtree.lastIndexOf('.')); 244 } 245 246 return i; 247 } 248}