1 /*
2  * Copyright (c) 2009, 2018, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package sun.security.x509;
27 
28 import java.io.IOException;
29 import java.io.OutputStream;
30 import java.util.Enumeration;
31 
32 import sun.security.util.*;
33 
34 /**
35  * Represent the OCSP NoCheck Extension from RFC2560.
36  * <p>
37  * A CA may specify that an OCSP client can trust a responder for the
38  * lifetime of the responder's certificate. The CA does so by including
39  * the extension id-pkix-ocsp-nocheck. This SHOULD be a non-critical
40  * extension. The value of the extension should be NULL. CAs issuing
41  * such a certificate should realize that a compromise of the
42  * responder's key is as serious as the compromise of a CA key used to
43  * sign CRLs, at least for the validity period of this certificate. CA's
44  * may choose to issue this type of certificate with a very short
45  * lifetime and renew it frequently.
46  * <pre>
47  * id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
48  * </pre>
49  *
50  * @author Xuelei Fan
51  * @see Extension
52  * @see CertAttrSet
53  */
54 public class OCSPNoCheckExtension extends Extension
55     implements CertAttrSet<String> {
56 
57     /**
58      * Identifier for this attribute, to be used with the
59      * get, set, delete methods of Certificate, x509 type.
60      */
61     public static final String IDENT =
62                          "x509.info.extensions.OCSPNoCheck";
63     /**
64      * Attribute names.
65      */
66     public static final String NAME = "OCSPNoCheck";
67 
68     /**
69      * Create a OCSPNoCheckExtension
70      */
OCSPNoCheckExtension()71     public OCSPNoCheckExtension() throws IOException {
72         this.extensionId = PKIXExtensions.OCSPNoCheck_Id;
73         this.critical = false;
74         this.extensionValue = new byte[0];
75     }
76 
77     /**
78      * Create the extension from the passed DER encoded value.
79      *
80      * @param critical true if the extension is to be treated as critical.
81      * @param value an array of DER encoded bytes of the actual value.
82      * @exception IOException on error.
83      */
OCSPNoCheckExtension(Boolean critical, Object value)84     public OCSPNoCheckExtension(Boolean critical, Object value)
85         throws IOException {
86 
87         this.extensionId = PKIXExtensions.OCSPNoCheck_Id;
88         this.critical = critical.booleanValue();
89 
90         // the value should be null, just ignore it here.
91         this.extensionValue = new byte[0];
92     }
93 
94     /**
95      * Set the attribute value.
96      */
set(String name, Object obj)97     public void set(String name, Object obj) throws IOException {
98         throw new IOException("No attribute is allowed by " +
99                         "CertAttrSet:OCSPNoCheckExtension.");
100     }
101 
102     /**
103      * Get the attribute value.
104      */
get(String name)105     public Object get(String name) throws IOException {
106         throw new IOException("No attribute is allowed by " +
107                         "CertAttrSet:OCSPNoCheckExtension.");
108     }
109 
110     /**
111      * Delete the attribute value.
112      */
delete(String name)113     public void delete(String name) throws IOException {
114         throw new IOException("No attribute is allowed by " +
115                         "CertAttrSet:OCSPNoCheckExtension.");
116     }
117 
118     /**
119      * Return an enumeration of names of attributes existing within this
120      * attribute.
121      */
getElements()122     public Enumeration<String> getElements() {
123         return (new AttributeNameEnumeration()).elements();
124     }
125 
126     /**
127      * Return the name of this attribute.
128      */
getName()129     public String getName() {
130         return NAME;
131     }
132 }
133