Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
The BSD License Copyright (c) 2010-2012 RIPE NCC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the RIPE NCC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 package net.ripe.rpki.commons.crypto.rfc3779;
 
 import static net.ripe.rpki.commons.crypto.util.Asn1Util.*;
 
Parses the certificate resource extensions as specified in RFC3779. Resource inheritance is not yet supported. The methods in this class are named after the grammar rules in RFC3779, prefixed with "derTo".
 
 public class ResourceExtensionParser {
 
     private static final AddressFamily[] SUPPORTED_ADDRESS_FAMILIES = new AddressFamily[] {..};


    
Parses the IP address blocks extension and merges all address families into a single net.ripe.ipresource.IpResourceSet containing both IPv4 and IPv6 addresses. Maps an AddressFamily to null when the resource of this type are inherited. If no resources are specified it is mapped to an empty resource set.
 
     public SortedMap<AddressFamilyIpResourceSetparseIpAddressBlocks(byte[] extension) {
         ASN1Primitive octetString = decode(extension);
         expect(octetStringASN1OctetString.class);
         ASN1OctetString o = (ASN1OctetStringoctetString;
 
         for (AddressFamily family) {
             if (!map.containsKey(family)) {
                 map.put(familynew IpResourceSet());
             }
         }
 
         for (AddressFamily addressFamily : map.keySet()) {
             Validate.isTrue(!addressFamily.hasSubsequentAddressFamilyIdentifier(), "SAFI not supported");
         }
 
         return map;
     }

    
Parses the AS Identifier extension. All ASNUM entries are returned as an net.ripe.ipresource.IpResourceSet. RDI information is not supported. Returns null if the AS numbers are inherited.
 
     public IpResourceSet parseAsIdentifiers(byte[] extension) {
         ASN1Primitive octetString = decode(extension);
         expect(octetStringASN1OctetString.class);
         ASN1OctetString o = (ASN1OctetStringoctetString;
         IpResourceSet[] resources = derToAsIdentifiers(decode(o.getOctets()));
        Validate.notNull(resources[1], "inheritance of resources has not been implemented yet");
        Validate.isTrue(resources[1].isEmpty(), "routing domain identifiers (RDI) not supported");
        return resources[0];
    }

    
IPAddrBlocks ::= SEQUENCE OF IPAddressFamily
        ASN1Sequence seq = expect(derASN1Sequence.class);
        for (int i = 0; i < seq.size(); i++) {
            derToIpAddressFamily(seq.getObjectAt(i), map);
        }
        return map;
    }

    
IPAddressFamily ::= SEQUENCE { -- AFI & opt SAFI -- addressFamily OCTET STRING (SIZE (2..3)), ipAddressChoice IPAddressChoice }
        ASN1Sequence seq = expect(derASN1Sequence.class);
        Validate.isTrue(seq.size() == 2, "IpAddressFamily must have exactly two entries: addressFamily and IpAddressChoice");
        AddressFamily addressFamily = AddressFamily.fromDer(seq.getObjectAt(0));
        IpResourceSet resources = derToIpAddressChoice(addressFamily.toIpResourceType(), seq.getObjectAt(1));
        map.put(addressFamilyresources);
    }

    
IPAddressChoice ::= CHOICE { inherit NULL, -- inherit from issuer -- addressesOrRanges SEQUENCE OF IPAddressOrRange }
        if (der instanceof ASN1Null) {
            return null;
        } else if (der instanceof ASN1Sequence) {
            IpResourceSet result = new IpResourceSet();
            ASN1Sequence seq = (ASN1Sequenceder;
            for (int i = 0; i < seq.size(); i++) {
                result.add(derToIpAddressOrRange(typeseq.getObjectAt(i)));
            }
            return result;
        } else {
            throw new IllegalArgumentException("ASN1Null or ASN1Sequence expected, got: " + der);
        }
    }

    
IPAddressOrRange ::= CHOICE { addressPrefix IPAddress, addressRange IPAddressRange }
        if (der instanceof ASN1Sequence) {
            return derToIpRange(typeder);
        } else if (der instanceof DERBitString) {
            return parseIpAddressAsPrefix(typeder);
        } else {
            throw new IllegalArgumentException("ASN1Sequence or DERBitString expected, got: " + der);
        }
    }

    
IPAddressRange ::= SEQUENCE { min IPAddress, max IPAddress }
        ASN1Sequence sequence = expect(derASN1Sequence.class);
        Validate.isTrue(sequence.size() == 2, "IPRange MUST consist of two entries (start and end)");
        IpAddress start = parseIpAddress(typesequence.getObjectAt(0), false);
        IpAddress end = parseIpAddress(typesequence.getObjectAt(1), true);
        return IpRange.range(startend);
    }

    
ASRange ::= SEQUENCE { min ASId, max ASId }
        ASN1Sequence seq = expect(derASN1Sequence.class);
        Validate.isTrue(seq.size() == 2, "ASN1Sequence with two elements expected");
        return parseAsId(seq.getObjectAt(0)).upTo(parseAsId(seq.getObjectAt(1)));
    }

    
ASIdOrRange ::= CHOICE { id ASId, range ASRange }
        if (der instanceof ASN1Integer) {
            return parseAsId(der);
        } else if (der instanceof ASN1Sequence) {
            return derToAsRange(der);
        } else {
            throw new IllegalArgumentException("ASN1Integer or ASN1Sequence expected, got: " + der);
        }
    }

    
asIdsOrRanges ::= SEQUENCE OF ASIdOrRange
        expect(derASN1Sequence.class);
        ASN1Sequence seq = (ASN1Sequenceder;
        IpResourceSet result = new IpResourceSet();
        for (int i = 0; i < seq.size(); ++i) {
            result.add(derToAsIdOrRange(seq.getObjectAt(i)));
        }
        return result;
    }

    
ASIdentifierChoice ::= CHOICE { inherit NULL, -- inherit from issuer -- asIdsOrRanges SEQUENCE OF ASIdOrRange }
        if (der instanceof ASN1Null) {
            return null;
        } else if (der instanceof ASN1Sequence) {
            return derToAsIdsOrRanges(der);
        } else {
            throw new IllegalArgumentException("ASN1Null or ASN1Sequence expected, got: " + der);
        }
    }

    
ASIdentifiers ::= SEQUENCE { asnum [0] EXPLICIT ASIdentifierChoice OPTIONAL, rdi [1] EXPLICIT ASIdentifierChoice OPTIONAL}

Returns:
an array of two elements: the first element is the set of ASNUM resources, the second element is the set of RDI resources. Each can be null, indicating the set is inherited from the issuing certificate. An empty resource set indicates no resources were specified in the certificate.
        expect(derASN1Sequence.class);
        ASN1Sequence seq = (ASN1Sequenceder;
        Validate.isTrue(seq.size() <= 2, "ASN1Sequence with 2 or fewer elements expected");
        IpResourceSet[] result = { new IpResourceSet(), new IpResourceSet() };
        for (int i = 0; i < seq.size(); ++i) {
            expect(seq.getObjectAt(i), ASN1TaggedObject.class);
            ASN1TaggedObject tagged = (ASN1TaggedObjectseq.getObjectAt(i);
            Validate.isTrue(tagged.getTagNo() == 0 || tagged.getTagNo() == 1, "unknown tag no: " + tagged.getTagNo());
            result[tagged.getTagNo()] = derToAsIdentifierChoice(tagged.getObject());
        }
        return result;
    }
New to GrepCode? Check out our FAQ X