Examples of sun.security.x509.NameConstraintsExtension

• sun.security.x509.X500Name
  This class defines the Name Constraints Extension.

  The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees.

  The ASN.1 syntax for this is:

   NameConstraints ::= SEQUENCE { permittedSubtrees [0]  GeneralSubtrees OPTIONAL, excludedSubtrees  [1]  GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree 

  @author Amit Kapoor @author Hemma Prafullchandra @see Extension @see CertAttrSet

        try {
            if (is.markSupported())
                is.mark(is.available() + 1);
            DerValue der = new DerValue(is);
            thisX500Name = new X500Name(der.data);
        } catch (Exception e) {
            if (is.markSupported()) {
                try {
                    is.reset();
                } catch (IOException ioe) {

        throws java.io.IOException,
               java.io.NotActiveException,
               ClassNotFoundException {

        // re-create thisX500Name
        thisX500Name = new X500Name((byte[])s.readObject());
    }

        boolean success = false;
        try {
            if (certs != null) {
                Subject subject = new Subject();
                X509Certificate certificate = certs[0];
                X500Name x500Name = (X500Name) certificate.getSubjectDN();
                subject.getPublicCredentials().add(x500Name);
                // Put the certificate chain as an List in the subject, to be accessed by user's LoginModule.
                final List<X509Certificate> certificateCred = Arrays.asList(certs);
                subject.getPublicCredentials().add(certificateCred);
                LoginContextDriver.doX500Login(subject, moduleID);

                return null;
            }  else {
                // Set the transport principal in subject and
                // return the X500Name class
                ssc = new SecurityContext();
                X500Name x500Name = (X500Name) certChain[0].getSubjectDN();
                ssc.subject = new Subject();
                ssc.subject.getPublicCredentials().add(x500Name);
                ssc.identcls = X500Name.class;
                ssc.authcls = null;
                return ssc;

                derenc = X501DistinguishedNameHelper.extract(any);
            }
            if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"Create an X500Name object from identity token");
            }
            X500Name xname = new X500Name(derenc);
      if(_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,"Identity to be asserted is " + xname.toString());
    _logger.log(Level.FINE,"Adding X500Name to subject's PublicCredentials");
      }
            sc.subject.getPublicCredentials().add(xname);
            sc.identcls = X500Name.class;
            break;

        Any  any = orb.create_any();
        idtok = new IdentityToken();

        if (X500Name.class.isAssignableFrom(cls)) {
                _logger.log(Level.FINE,"Constructing an X500 DN Identity Token");
            X500Name credname = (X500Name) cred;
            credname.encode(dos);  // ASN.1 encoding
            X501DistinguishedNameHelper.insert(any, dos.toByteArray());

            /* IdentityToken with CDR encoded X501 name */
            idtok.dn(codec.encode_value(any));
        } else if (X509CertificateCredential.class.isAssignableFrom(cls)) {

    public X500Principal(String name) {
        if (name == null)
            throw new NullPointerException(rb.getString("provided.null.name"));

        try {
            thisX500Name = new X500Name(name);
        } catch (Exception e) {
            throw new IllegalArgumentException(e.toString());
        }

        this.name = name;

            return true;

        if (o instanceof X500Principal) {
            X500Principal that = (X500Principal)o;
            try {
                X500Name thatX500Name = new X500Name(that.getName());
                return thisX500Name.equals(thatX500Name);
            } catch (Exception e) {
                // any parsing exceptions, return false
                return false;
            }

                                        ClassNotFoundException {

        s.defaultReadObject();

        // re-create thisX500Name
        thisX500Name = new X500Name(name);
    }

        boolean success = false;
        try {
            if (certs != null) {
                Subject subject = new Subject();
                X509Certificate certificate = certs[0];
                X500Name x500Name = (X500Name) certificate.getSubjectDN();
                subject.getPublicCredentials().add(x500Name);
                // Put the certificate chain as an List in the subject, to be accessed by user's LoginModule.
                final List<X509Certificate> certificateCred = Arrays.asList(certs);
                subject.getPublicCredentials().add(certificateCred);
                LoginContextDriver.doX500Login(subject, moduleID);