ProxyCertInfoExtension.java

/*
 * Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
 * See LICENCE file for licensing information.
 *
 * Derived from the code copyrighted and licensed as follows:
 * 
 * Copyright (c) Members of the EGEE Collaboration. 2004.
 * See http://www.eu-egee.org/partners/ for details on the copyright
 * holders.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *    http://www.apache.org/licenses/LICENSE-2.0
 *    
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package eu.emi.security.authn.x509.helpers.proxy;

import java.io.IOException;
import java.security.cert.X509Certificate;

import org.bouncycastle.asn1.ASN1Object;

import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.proxy.BaseProxyCertificateOptions;
import eu.emi.security.authn.x509.proxy.ProxyPolicy;

/**
 * Proxy cert info extension class. Defines the common contract, there are two implementations
 * {@link DraftRFCProxyCertInfoExtension} and {@link RFCProxyCertInfoExtension} as the ASN syntax is 
 * different for both types of proxies.
 * 
 * @author K. Benedyczak
 */
public abstract class ProxyCertInfoExtension extends ASN1Object
{
	/**
	 * The sub proxy path length, default is not limited.
	 */
	protected int pathLen = BaseProxyCertificateOptions.UNLIMITED_PROXY_LENGTH;

	/**
	 * The underlying policy object.
	 */
	protected ProxyPolicy policy;

	/**
	 * Tries to generate {@link ProxyCertInfoExtension} object from the 
	 * provided certificate. Returns null if the certificate has no proxy extension
	 * (draft or rfc).
	 * @param cert certificate
	 * @return instance intialized from the certificate object
	 * @throws IOException IO exception
	 */
	public static ProxyCertInfoExtension getInstance(X509Certificate cert) throws IOException
	{
		byte[] bytes = CertificateHelpers.getExtensionBytes(cert,
				RFCProxyCertInfoExtension.RFC_EXTENSION_OID);

		if (bytes != null)
		{
			return new RFCProxyCertInfoExtension(bytes);
		} else
		{
			// if not found, check if there is draft extension
			bytes = CertificateHelpers.getExtensionBytes(cert,
					DraftRFCProxyCertInfoExtension.DRAFT_EXTENSION_OID);
			if (bytes == null)
				return null;

			return new DraftRFCProxyCertInfoExtension(bytes);
		}
	}
	
	/**
	 * Get the proxy certificate path length limit of this extension, if
	 * set.
	 * 
	 * @return The number of allowed proxy certificates in the chain allowed
	 *         after this certificate. -1 if not set.
	 */
	public int getProxyPathLimit()
	{
		return pathLen;
	}

	/**
	 * Get the policy object of this extension.
	 * 
	 * @return The ProxyPolicy object.
	 */
	public ProxyPolicy getPolicy()
	{
		return policy;
	}
}