Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
The BSD License Copyright (c) 2010-2012 RIPE NCC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - Neither the name of the RIPE NCC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 package net.ripe.rpki.commons.crypto.rfc3779;
 
 
 import java.util.List;
Encodes the certificate resource extensions as specified in RFC3779. Resource inheritance is not yet supported.

The methods in this class are named after the grammar rules in RFC3779, suffixed with "ToDer".

 
 public class ResourceExtensionEncoder {

    
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
 
     public static final String OID_PKIX = "1.3.6.1.5.5.7";

    
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
 
     public static final String OID_PE =  + ".1";

    
id-pe-ipAddrBlocks OBJECT IDENTIFIER ::= { id-pe 7 }
 
     public static final ASN1ObjectIdentifier OID_IP_ADDRESS_BLOCKS = new ASN1ObjectIdentifier( + ".7");

    
id-pe-autonomousSysIds OBJECT IDENTIFIER ::= { id-pe 8 }
 
     public static final ASN1ObjectIdentifier OID_AUTONOMOUS_SYS_IDS = new ASN1ObjectIdentifier( + ".8");

    
Encode the IP Address Block extension for Resource Certificates. This extension is identified by OID_IP_ADDRESS_BLOCKS.

Parameters:
inheritIpv4 inherit IPv4 resources from signing certificate.
inheritIpv6 inherit IPv6 resources from signing certificate.
resources the set of IPv4 and IPv6 resources.
Returns:
the DER encoding of the IP Address Block Extension.
 
     public ASN1Object encodeIpAddressBlocks(boolean inheritIpv4boolean inheritIpv6IpResourceSet resources) {
         SortedMap<AddressFamilyIpResourceSetaddressBlocks = new TreeMap<AddressFamilyIpResourceSet>();
 
         if (inheritIpv4) {
             addressBlocks.put(.null);
         } else if (resources.containsType(.)) {
            addressBlocks.put(.resources);
        }
        if (inheritIpv6) {
            addressBlocks.put(.null);
        } else if (resources.containsType(.)) {
            addressBlocks.put(.resources);
        }
        return addressBlocks.isEmpty() ? null : ipAddressBlocksToDer(addressBlocks);
    }

    
Encode the AS Identifier extension for resource certificates. Only the "asnum" part is encoded, since we do not use the "rdi" (routing domain identifiers).

Parameters:
inherit inherit ASNs from signing certificate.
resources the set of ASNs.
Returns:
the DER encoding of the AS Identifier extension.
    public ASN1Object encodeAsIdentifiers(boolean inheritIpResourceSet resources) {
        if (inherit || resources.containsType(.)) {
            return asIdentifiersToDer(inheritresourcesfalsenew IpResourceSet());
        }
        return null;
    }
    /*
     * Internal support code.
     */

    
ASIdentifiers ::= SEQUENCE { asnum [0] EXPLICIT ASIdentifierChoice OPTIONAL, rdi [1] EXPLICIT ASIdentifierChoice OPTIONAL}
    ASN1Object asIdentifiersToDer(boolean inheritAsnIpResourceSet asnResourcesboolean inheritRdiIpResourceSet rdiResources) {
        List<ASN1Encodableseq = new ArrayList<ASN1Encodable>(2);
        if (inheritAsn || asnResources.containsType(.)) {
            seq.add(new DERTaggedObject(0, asIdentifierChoiceToDer(inheritAsnasnResources)));
        }
        if (inheritRdi || rdiResources.containsType(.)) {
            seq.add(new DERTaggedObject(1, asIdentifierChoiceToDer(inheritRdirdiResources)));
        }
        return new DERSequence(seq.toArray(new ASN1Encodable[seq.size()]));
    }

    
ASIdentifierChoice ::= CHOICE { inherit NULL, -- inherit from issuer -- asIdsOrRanges SEQUENCE OF ASIdOrRange }
    ASN1Encodable asIdentifierChoiceToDer(boolean inheritIpResourceSet resources) {
        return inherit ? . : asIdsOrRangesToDer(resources);
    }

    
asIdsOrRanges ::= SEQUENCE OF ASIdOrRange
        List<ASN1Encodableseq = new ArrayList<ASN1Encodable>();
        for (IpResource resource : resources) {
            if (. == resource.getType()) {
                seq.add(asIdOrRangeToDer(IpResourceRange.range(resource.getStart(), resource.getEnd())));
            }
        }
        return new DERSequence(seq.toArray(new ASN1Encodable[seq.size()]));
    }

    
ASIdOrRange ::= CHOICE { id ASId, range ASRange }
        return range.isUnique() ? asIdToDer((Asnrange.getStart()) : asRangeToDer(range);
    }

    
ASRange ::= SEQUENCE { min ASId, max ASId }
        ASN1Encodable[] seq = {asIdToDer((Asnrange.getStart()), asIdToDer((Asnrange.getEnd())};
        return new DERSequence(seq);
    }

    
ASId ::= INTEGER
    ASN1Integer asIdToDer(Asn asn) {
        return new ASN1Integer(asn.getValue());
    }

    
IPAddrBlocks ::= SEQUENCE OF IPAddressFamily
        List<ASN1Encodableseq = new ArrayList<ASN1Encodable>(2);
        for (AddressFamily addressFamily : resources.keySet()) {
            seq.add(ipAddressFamilyToDer(addressFamilyresources.get(addressFamily)));
        }
        return new DERSequence(seq.toArray(new ASN1Encodable[seq.size()]));
    }

    
IPAddressFamily ::= SEQUENCE { -- AFI & opt SAFI -- addressFamily OCTET STRING (SIZE (2..3)), ipAddressChoice IPAddressChoice }
    ASN1Object ipAddressFamilyToDer(AddressFamily addressFamilyIpResourceSet resources) {
        IpResourceType type = addressFamily.toIpResourceType();
        ASN1Encodable[] seq = new ASN1Encodable[2];
        seq[0] = addressFamily.toDer();
        seq[1] = ipAddressChoiceToDer(typeresources);
        return new DERSequence(seq);
    }

    
IPAddressChoice ::= CHOICE { inherit NULL, -- inherit from issuer -- addressesOrRanges SEQUENCE OF IPAddressOrRange }
        if (resources == null) {
            return .;
        }
        List<ASN1EncodableaddressesOrRanges = new ArrayList<ASN1Encodable>();
        for (IpResource resource : resources) {
            if (resource.getType() == type) {
                addressesOrRanges.add(ipAddressOrRangeToDer(asRange(resource)));
            }
        }
        Validate.notEmpty(addressesOrRanges"no resources of type " + type + " in set");
        return new DERSequence(addressesOrRanges.toArray(new ASN1Encodable[addressesOrRanges.size()]));
    }
    private IpRange asRange(IpResource resource) {
        return IpRange.range((IpAddressresource.getStart(), (IpAddressresource.getEnd());
    }

    
IPAddressOrRange ::= CHOICE { addressPrefix IPAddress, addressRange IPAddressRange }
        return range.isLegalPrefix() ? Asn1Util.encodeIpAddress(range) : ipRangeToDer(range);
    }

    
IPAddressRange ::= SEQUENCE { min IPAddress, max IPAddress }
    DERSequence ipRangeToDer(IpRange range) {
        ASN1Encodable[] encodables = {startIpAddressToDer((IpAddressrange.getStart()), endIpAddressToDer((IpAddressrange.getEnd())};
        return new DERSequence(encodables);
    }

    
get the {DERBitString} for the ending IPv4 address; i.e. strip the least significant ZERO values as described by rfc3779
    private static DERBitString startIpAddressToDer(IpAddress address) {
        // Just keep track of the index of the last ONE bit
        int lastOne = address.getLeastSignificantOne();
        return Asn1Util.resourceToBitString(addressaddress.getType().getBitSize() - lastOne);
    }

    
get the {DERBitString} for the ending IPv4 address; i.e. strip the least significant ONE values as described by rfc3779
    private static DERBitString endIpAddressToDer(IpAddress address) {
        // Just keep track of the index of the last Zero bit
        int lastOne = address.getLeastSignificantZero();
        return Asn1Util.resourceToBitString(address.stripLeastSignificantOnes(), address.getType().getBitSize() - lastOne);
    }
New to GrepCode? Check out our FAQ X