Examples of sun.security.x509.InhibitAnyPolicyExtension

• sun.security.x509.X500Name
  This class represents the Inhibit Any-Policy Extension.

  The inhibit any-policy extension can be used in certificates issued to CAs. The inhibit any-policy indicates that the special any-policy OID, with the value {2 5 29 32 0}, is not considered an explicit match for other certificate policies. The value indicates the number of additional certificates that may appear in the path before any- policy is no longer permitted. For example, a value of one indicates that any-policy may be processed in certificates issued by the sub- ject of this certificate, but not in additional certificates in the path.

  This extension MUST be critical.

  The ASN.1 syntax for this extension is:

   id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } InhibitAnyPolicy ::= SkipCerts SkipCerts ::= INTEGER (0..MAX) 

  @author Anne Anderson @see CertAttrSet @see Extension

        Any  any = orb.create_any();
        idtok = new IdentityToken();

        if (X500Name.class.isAssignableFrom(cls)) {
                _logger.log(Level.FINE,"Constructing an X500 DN Identity Token");
            X500Name name = (X500Name) cred;
            name.encode(dos);  // ASN.1 encoding
            X501DistinguishedNameHelper.insert(any, dos.toByteArray());

            /* IdentityToken with CDR encoded X501 name */
            idtok.dn(codec.encode_value(any));
        } else if (X509CertificateCredential.class.isAssignableFrom(cls)) {

        boolean success = false;
        try {
            if (certs != null) {
                Subject subject = new Subject();
                X509Certificate certificate = certs[0];
                X500Name x500Name = (X500Name) certificate.getSubjectDN();
                Switch.getSwitch().getCallFlowAgent().addRequestInfo(
                        RequestInfo.REMOTE_USER, x500Name.getName());
                subject.getPublicCredentials().add(x500Name);
                LoginContextDriver.login(subject, X500Name.class);
                realm_name = CertificateRealm.AUTH_TYPE;
            } else {
                Switch.getSwitch().getCallFlowAgent().addRequestInfo(

                derenc = X501DistinguishedNameHelper.extract(any);
            }
            if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"Create an X500Name object from identity token");
            }
            X500Name name = new X500Name(derenc);
      if(_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,"Identity to be asserted is " + name.toString());
    _logger.log(Level.FINE,"Adding X500Name to subject's PublicCredentials");
      }
            sc.subject.getPublicCredentials().add(name);
            sc.identcls = X500Name.class;
            break;

            _logger.fine("Processing X.500 name login.");
       }
       String user = null;
       String realm_name = null;
       try{
            X500Name x500name = (X500Name)getPublicCredentials(s, X500Name.class);
            user = x500name.getName();

            // In the RI-inherited implementation this directly creates
            // some credentials and sets the security context. This means
            // that the certificate realm does not get an opportunity to
            // process the request. While the realm will not do any

     *
     * @param name the name in RFC 2253 form
     * @throws IOException if a parsing error occurs
     */
    public void addIssuerName(String name) throws IOException {
        addIssuerNameInternal(name, new X500Name(name).asX500Principal());
    }

     * @param name a byte array containing the name in ASN.1 DER encoded form
     * @throws IOException if a parsing error occurs
     */
    public void addIssuerName(byte[] name) throws IOException {
        // clone because byte arrays are modifiable
        addIssuerNameInternal(name.clone(), new X500Name(name).asX500Principal());
    }

    throws IOException {
        HashSet<X500Principal> x500Principals = new HashSet<X500Principal>();
        for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
            Object nameObject = t.next();
            if (nameObject instanceof String) {
                x500Principals.add(new X500Name((String)nameObject).asX500Principal());
            } else {
                try {
                    x500Principals.add(new X500Principal((byte[])nameObject));
                } catch (IllegalArgumentException e) {
                    throw (IOException)new IOException("Invalid name").initCause(e);

                (sun.security.util.ResourcesMgr.getString
                ("provided.null.keyword.map"));
        }

        try {
            thisX500Name = new X500Name(name, keywordMap);
        } catch (Exception e) {
            IllegalArgumentException iae = new IllegalArgumentException
                        ("improperly specified input name: " + name);
            iae.initCause(e);
            throw iae;

     * @throws IllegalArgumentException if an encoding error occurs
     *          (incorrect form for DN)
     */
    public X500Principal(byte[] name) {
        try {
            thisX500Name = new X500Name(name);
        } catch (Exception e) {
            IllegalArgumentException iae = new IllegalArgumentException
                        ("improperly specified input name");
            iae.initCause(e);
            throw iae;

        try {
            if (is.markSupported())
                is.mark(is.available() + 1);
            DerValue der = new DerValue(is);
            thisX500Name = new X500Name(der.data);
        } catch (Exception e) {
            if (is.markSupported()) {
                try {
                    is.reset();
                } catch (IOException ioe) {