src/java.base/share/classes/sun/security/provider/certpath/OCSPNonceExtension.java - platform/libcore - Git at Google

 /*
  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
  * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 package sun.security.provider.certpath;

 import java.io.IOException;
 import java.util.Objects;
 import java.security.SecureRandom;

 import sun.security.x509.Extension;
 import sun.security.x509.PKIXExtensions;
 import sun.security.util.Debug;
 import sun.security.util.DerValue;

 /**
  * Represent the OCSP Nonce Extension.
  * This extension, if present, provides a nonce value in OCSP requests
  * and responses.  This will cryptographically bind requests and responses
  * and help to prevent replay attacks (see RFC 6960, section 4.4.1).
  *
  * @see Extension
  */
 public final class OCSPNonceExtension extends Extension {

     /**
      * Attribute name.
      */
     private static final String EXTENSION_NAME = "OCSPNonce";
     private byte[] nonceData = null;

     /**
      * Create an {@code OCSPNonceExtension} by providing the nonce length.
      * The criticality is set to false, and the OID for the extension will
      * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
      *
      * @param length the number of random bytes composing the nonce
      *
      * @throws IOException if any errors happen during encoding of the
      *      extension.
      * @throws IllegalArgumentException if length is not a positive integer.
      */
     public OCSPNonceExtension(int length) throws IOException {
         this(false, length);
     }

     /**
      * Create an {@code OCSPNonceExtension} by providing the nonce length and
      * criticality setting.  The OID for the extension will
      * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
      *
      * @param isCritical a boolean flag indicating whether the criticality bit
      *      is set for this extension
      * @param length the number of random bytes composing the nonce
      *
      * @throws IOException if any errors happen during encoding of the
      *      extension.
      * @throws IllegalArgumentException if length is not a positive integer.
      */
     public OCSPNonceExtension(boolean isCritical, int length)
             throws IOException {
         this.extensionId = PKIXExtensions.OCSPNonce_Id;
         this.critical = isCritical;

         if (length > 0) {
             SecureRandom rng = new SecureRandom();
             this.nonceData = new byte[length];
             rng.nextBytes(nonceData);
             this.extensionValue = new DerValue(DerValue.tag_OctetString,
                     nonceData).toByteArray();
         } else {
             throw new IllegalArgumentException(
                     "Length must be a positive integer");
         }
     }

     /**
      * Create an {@code OCSPNonceExtension} by providing a nonce value.
      * The criticality is set to false, and the OID for the extension will
      * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
      *
      * @param incomingNonce The nonce data to be set for the extension.  This
      *      must be a non-null array of at least one byte long.
      *
      * @throws IOException if any errors happen during encoding of the
      *      extension.
      * @throws IllegalArgumentException if the incomingNonce length is not a
      *      positive integer.
      * @throws NullPointerException if the incomingNonce is null.
      */
     public OCSPNonceExtension(byte[] incomingNonce) throws IOException {
         this(false, incomingNonce);
     }

     /**
      * Create an {@code OCSPNonceExtension} by providing a nonce value and
      * criticality setting.  The OID for the extension will
      * be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
      *
      * @param isCritical a boolean flag indicating whether the criticality bit
      *      is set for this extension
      * @param incomingNonce The nonce data to be set for the extension.  This
      *      must be a non-null array of at least one byte long.
      *
      * @throws IOException if any errors happen during encoding of the
      *      extension.
      * @throws IllegalArgumentException if the incomingNonce length is not a
      *      positive integer.
      * @throws NullPointerException if the incomingNonce is null.
      */
     public OCSPNonceExtension(boolean isCritical, byte[] incomingNonce)
             throws IOException {
         this.extensionId = PKIXExtensions.OCSPNonce_Id;
         this.critical = isCritical;

         Objects.requireNonNull(incomingNonce, "Nonce data must be non-null");
         if (incomingNonce.length > 0) {
             this.nonceData = incomingNonce.clone();
             this.extensionValue = new DerValue(DerValue.tag_OctetString,
                     nonceData).toByteArray();
         } else {
             throw new IllegalArgumentException(
                     "Nonce data must be at least 1 byte in length");
         }
     }

     /**
      * Return the nonce bytes themselves, without any DER encoding.
      *
      * @return A copy of the underlying nonce bytes
      */
     public byte[] getNonceValue() {
         return nonceData.clone();
     }

     /**
      * Returns a printable representation of the {@code OCSPNonceExtension}.
      *
      * @return a string representation of the extension.
      */
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder();
         sb.append(super.toString()).append(EXTENSION_NAME).append(": ");
         sb.append((nonceData == null) ? "" : Debug.toString(nonceData));
         sb.append("\n");
         return sb.toString();
     }

     /**
      * Return the name of the extension as a {@code String}
      *
      * @return the name of the extension
      */
     public String getName() {
         return EXTENSION_NAME;
     }
 }
	/*
	* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.provider.certpath;

	import java.io.IOException;
	import java.util.Objects;
	import java.security.SecureRandom;

	import sun.security.x509.Extension;
	import sun.security.x509.PKIXExtensions;
	import sun.security.util.Debug;
	import sun.security.util.DerValue;

	/**
	* Represent the OCSP Nonce Extension.
	* This extension, if present, provides a nonce value in OCSP requests
	* and responses. This will cryptographically bind requests and responses
	* and help to prevent replay attacks (see RFC 6960, section 4.4.1).
	*
	* @see Extension
	*/
	public final class OCSPNonceExtension extends Extension {

	/**
	* Attribute name.
	*/
	private static final String EXTENSION_NAME = "OCSPNonce";
	private byte[] nonceData = null;

	/**
	* Create an {@code OCSPNonceExtension} by providing the nonce length.
	* The criticality is set to false, and the OID for the extension will
	* be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
	*
	* @param length the number of random bytes composing the nonce
	*
	* @throws IOException if any errors happen during encoding of the
	* extension.
	* @throws IllegalArgumentException if length is not a positive integer.
	*/
	public OCSPNonceExtension(int length) throws IOException {
	this(false, length);
	}

	/**
	* Create an {@code OCSPNonceExtension} by providing the nonce length and
	* criticality setting. The OID for the extension will
	* be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
	*
	* @param isCritical a boolean flag indicating whether the criticality bit
	* is set for this extension
	* @param length the number of random bytes composing the nonce
	*
	* @throws IOException if any errors happen during encoding of the
	* extension.
	* @throws IllegalArgumentException if length is not a positive integer.
	*/
	public OCSPNonceExtension(boolean isCritical, int length)
	throws IOException {
	this.extensionId = PKIXExtensions.OCSPNonce_Id;
	this.critical = isCritical;

	if (length > 0) {
	SecureRandom rng = new SecureRandom();
	this.nonceData = new byte[length];
	rng.nextBytes(nonceData);
	this.extensionValue = new DerValue(DerValue.tag_OctetString,
	nonceData).toByteArray();
	} else {
	throw new IllegalArgumentException(
	"Length must be a positive integer");
	}
	}

	/**
	* Create an {@code OCSPNonceExtension} by providing a nonce value.
	* The criticality is set to false, and the OID for the extension will
	* be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
	*
	* @param incomingNonce The nonce data to be set for the extension. This
	* must be a non-null array of at least one byte long.
	*
	* @throws IOException if any errors happen during encoding of the
	* extension.
	* @throws IllegalArgumentException if the incomingNonce length is not a
	* positive integer.
	* @throws NullPointerException if the incomingNonce is null.
	*/
	public OCSPNonceExtension(byte[] incomingNonce) throws IOException {
	this(false, incomingNonce);
	}

	/**
	* Create an {@code OCSPNonceExtension} by providing a nonce value and
	* criticality setting. The OID for the extension will
	* be the value defined by "id-pkix-ocsp-nonce" from RFC 6960.
	*
	* @param isCritical a boolean flag indicating whether the criticality bit
	* is set for this extension
	* @param incomingNonce The nonce data to be set for the extension. This
	* must be a non-null array of at least one byte long.
	*
	* @throws IOException if any errors happen during encoding of the
	* extension.
	* @throws IllegalArgumentException if the incomingNonce length is not a
	* positive integer.
	* @throws NullPointerException if the incomingNonce is null.
	*/
	public OCSPNonceExtension(boolean isCritical, byte[] incomingNonce)
	throws IOException {
	this.extensionId = PKIXExtensions.OCSPNonce_Id;
	this.critical = isCritical;

	Objects.requireNonNull(incomingNonce, "Nonce data must be non-null");
	if (incomingNonce.length > 0) {
	this.nonceData = incomingNonce.clone();
	this.extensionValue = new DerValue(DerValue.tag_OctetString,
	nonceData).toByteArray();
	} else {
	throw new IllegalArgumentException(
	"Nonce data must be at least 1 byte in length");
	}
	}

	/**
	* Return the nonce bytes themselves, without any DER encoding.
	*
	* @return A copy of the underlying nonce bytes
	*/
	public byte[] getNonceValue() {
	return nonceData.clone();
	}

	/**
	* Returns a printable representation of the {@code OCSPNonceExtension}.
	*
	* @return a string representation of the extension.
	*/
	@Override
	public String toString() {
	StringBuilder sb = new StringBuilder();
	sb.append(super.toString()).append(EXTENSION_NAME).append(": ");
	sb.append((nonceData == null) ? "" : Debug.toString(nonceData));
	sb.append("\n");
	return sb.toString();
	}

	/**
	* Return the name of the extension as a {@code String}
	*
	* @return the name of the extension
	*/
	public String getName() {
	return EXTENSION_NAME;
	}
	}