bcpkix/src/main/java/org/bouncycastle/cert/dane/DANEEntry.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.cert.dane;

 import java.io.IOException;

 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.util.Arrays;

 /**
  * Carrier class for a DANE entry.
  */
 public class DANEEntry
 {
     public static final int CERT_USAGE_CA = 0;
     public static final int CERT_USAGE_PKIX_VALIDATE = 1;
     public static final int CERT_USAGE_TRUST_ANCHOR = 2;
     public static final int CERT_USAGE_ACCEPT = 3;

     static final int CERT_USAGE = 0;
     static final int SELECTOR = 1;
     static final int MATCHING_TYPE = 2;

     private final String domainName;
     private final byte[] flags;
     private final X509CertificateHolder certHolder;

     DANEEntry(String domainName, byte[] flags, X509CertificateHolder certHolder)
     {
         this.flags = flags;
         this.domainName = domainName;
         this.certHolder = certHolder;
     }

     public DANEEntry(String domainName, byte[] data)
         throws IOException
     {
         this(domainName, Arrays.copyOfRange(data, 0, 3), new X509CertificateHolder(Arrays.copyOfRange(data, 3, data.length)));
     }

     public byte[] getFlags()
     {
         return Arrays.clone(flags);
     }

     /**
      * Return the certificate associated with this entry.
      *
      * @return the entry's certificate.
      */
     public X509CertificateHolder getCertificate()
     {
         return certHolder;
     }

     public String getDomainName()
     {
         return domainName;
     }

     /**
      * Return the full data string as it would appear in the DNS record - flags + encoding
      *
      * @return byte array representing the full data string.
      * @throws IOException if there is an issue encoding the certificate inside this entry.
      */
     public byte[] getRDATA()
         throws IOException
     {
         byte[] certEnc = certHolder.getEncoded();
         byte[] data = new byte[flags.length + certEnc.length];

         System.arraycopy(flags, 0, data, 0, flags.length);
         System.arraycopy(certEnc, 0, data, flags.length, certEnc.length);

         return data;
     }

     /**
      * Return true if the byte string has the correct flag bytes to indicate a certificate entry.
      *
      * @param data the byte string of interest.
      * @return true if flags indicate a valid certificate, false otherwise.
      */
     public static boolean isValidCertificate(byte[] data)
     {
         // TODO: perhaps validate ASN.1 data as well...
         return ((data[CERT_USAGE] >= 0 || data[CERT_USAGE] <= 3)&& data[SELECTOR] == 0 && data[MATCHING_TYPE] == 0);
     }
 }
	package org.bouncycastle.cert.dane;

	import java.io.IOException;

	import org.bouncycastle.cert.X509CertificateHolder;
	import org.bouncycastle.util.Arrays;

	/**
	* Carrier class for a DANE entry.
	*/
	public class DANEEntry
	{
	public static final int CERT_USAGE_CA = 0;
	public static final int CERT_USAGE_PKIX_VALIDATE = 1;
	public static final int CERT_USAGE_TRUST_ANCHOR = 2;
	public static final int CERT_USAGE_ACCEPT = 3;

	static final int CERT_USAGE = 0;
	static final int SELECTOR = 1;
	static final int MATCHING_TYPE = 2;

	private final String domainName;
	private final byte[] flags;
	private final X509CertificateHolder certHolder;

	DANEEntry(String domainName, byte[] flags, X509CertificateHolder certHolder)
	{
	this.flags = flags;
	this.domainName = domainName;
	this.certHolder = certHolder;
	}

	public DANEEntry(String domainName, byte[] data)
	throws IOException
	{
	this(domainName, Arrays.copyOfRange(data, 0, 3), new X509CertificateHolder(Arrays.copyOfRange(data, 3, data.length)));
	}

	public byte[] getFlags()
	{
	return Arrays.clone(flags);
	}

	/**
	* Return the certificate associated with this entry.
	*
	* @return the entry's certificate.
	*/
	public X509CertificateHolder getCertificate()
	{
	return certHolder;
	}

	public String getDomainName()
	{
	return domainName;
	}

	/**
	* Return the full data string as it would appear in the DNS record - flags + encoding
	*
	* @return byte array representing the full data string.
	* @throws IOException if there is an issue encoding the certificate inside this entry.
	*/
	public byte[] getRDATA()
	throws IOException
	{
	byte[] certEnc = certHolder.getEncoded();
	byte[] data = new byte[flags.length + certEnc.length];

	System.arraycopy(flags, 0, data, 0, flags.length);
	System.arraycopy(certEnc, 0, data, flags.length, certEnc.length);

	return data;
	}

	/**
	* Return true if the byte string has the correct flag bytes to indicate a certificate entry.
	*
	* @param data the byte string of interest.
	* @return true if flags indicate a valid certificate, false otherwise.
	*/
	public static boolean isValidCertificate(byte[] data)
	{
	// TODO: perhaps validate ASN.1 data as well...
	return ((data[CERT_USAGE] >= 0 \|\| data[CERT_USAGE] <= 3)&& data[SELECTOR] == 0 && data[MATCHING_TYPE] == 0);
	}
	}