Example 21 with PolicyInformation
use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method prepareCertB.
protected static PKIXPolicyNode prepareCertB(CertPath certPath, int index, List[] policyNodes, PKIXPolicyNode validPolicyTree, int policyMapping) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
// (b)
//
ASN1Sequence pm = null;
try {
pm = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
} catch (AnnotatedException ex) {
throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
}
PKIXPolicyNode _validPolicyTree = validPolicyTree;
if (pm != null) {
ASN1Sequence mappings = (ASN1Sequence) pm;
Map m_idp = new HashMap();
Set s_idp = new HashSet();
for (int j = 0; j < mappings.size(); j++) {
ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
String id_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(0)).getId();
String sd_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(1)).getId();
Set tmp;
if (!m_idp.containsKey(id_p)) {
tmp = new HashSet();
tmp.add(sd_p);
m_idp.put(id_p, tmp);
s_idp.add(id_p);
} else {
tmp = (Set) m_idp.get(id_p);
tmp.add(sd_p);
}
}
Iterator it_idp = s_idp.iterator();
while (it_idp.hasNext()) {
String id_p = (String) it_idp.next();
//
if (policyMapping > 0) {
boolean idp_found = false;
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (node.getValidPolicy().equals(id_p)) {
idp_found = true;
node.expectedPolicies = (Set) m_idp.get(id_p);
break;
}
}
if (!idp_found) {
nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (RFC3280CertPathUtilities.ANY_POLICY.equals(node.getValidPolicy())) {
Set pq = null;
ASN1Sequence policies = null;
try {
policies = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Certificate policies extension could not be decoded.", e, certPath, index);
}
Enumeration e = policies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pinfo = null;
try {
pinfo = PolicyInformation.getInstance(e.nextElement());
} catch (Exception ex) {
throw new CertPathValidatorException("Policy information could not be decoded.", ex, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
try {
pq = CertPathValidatorUtilities.getQualifierSet(pinfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be decoded.", ex, certPath, index);
}
break;
}
}
boolean ci = false;
if (cert.getCriticalExtensionOIDs() != null) {
ci = cert.getCriticalExtensionOIDs().contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
}
PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
if (RFC3280CertPathUtilities.ANY_POLICY.equals(p_node.getValidPolicy())) {
PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
p_node.addChild(c_node);
policyNodes[i].add(c_node);
}
break;
}
}
}
//
// (2)
//
} else if (policyMapping <= 0) {
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (node.getValidPolicy().equals(id_p)) {
PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
p_node.removeChild(node);
nodes_i.remove();
for (int k = (i - 1); k >= 0; k--) {
List nodes = policyNodes[k];
for (int l = 0; l < nodes.size(); l++) {
PKIXPolicyNode node2 = (PKIXPolicyNode) nodes.get(l);
if (!node2.hasChildren()) {
_validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, node2);
if (_validPolicyTree == null) {
break;
}
}
}
}
}
}
}
}
}
return _validPolicyTree;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Enumeration(java.util.Enumeration)
HashMap(java.util.HashMap)
PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation)
ArrayList(java.util.ArrayList)
ASN1String(com.github.zhenwei.core.asn1.ASN1String)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 22 with PolicyInformation
use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkPolicy.
private void checkPolicy() {
//
// 6.1.1 Inputs
//
// c) Initial Policy Set
Set userInitialPolicySet = pkixParams.getInitialPolicies();
// e) f) g) are part of pkixParams
//
// 6.1.2 Initialization
//
// a) valid policy tree
List[] policyNodes = new ArrayList[n + 1];
for (int j = 0; j < policyNodes.length; j++) {
policyNodes[j] = new ArrayList();
}
Set policySet = new HashSet();
policySet.add(ANY_POLICY);
PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), ANY_POLICY, false);
policyNodes[0].add(validPolicyTree);
// d) explicit policy
int explicitPolicy;
if (pkixParams.isExplicitPolicyRequired()) {
explicitPolicy = 0;
} else {
explicitPolicy = n + 1;
}
// e) inhibit any policy
int inhibitAnyPolicy;
if (pkixParams.isAnyPolicyInhibited()) {
inhibitAnyPolicy = 0;
} else {
inhibitAnyPolicy = n + 1;
}
// f) policy mapping
int policyMapping;
if (pkixParams.isPolicyMappingInhibited()) {
policyMapping = 0;
} else {
policyMapping = n + 1;
}
Set acceptablePolicies = null;
//
// 6.1.3 Basic Certificate processing
//
X509Certificate cert = null;
int index;
int i;
try {
for (index = certs.size() - 1; index >= 0; index--) {
// i as defined in the algorithm description
i = n - index;
// set certificate to be checked in this round
cert = (X509Certificate) certs.get(index);
// d) process policy information
ASN1Sequence certPolicies;
try {
certPolicies = (ASN1Sequence) getExtensionValue(cert, CERTIFICATE_POLICIES);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (certPolicies != null && validPolicyTree != null) {
// d) 1)
Enumeration e = certPolicies.getObjects();
Set pols = new HashSet();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier();
pols.add(pOid.getId());
if (!ANY_POLICY.equals(pOid.getId())) {
Set pq;
try {
pq = getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
boolean match = processCertD1i(i, policyNodes, pOid, pq);
if (!match) {
processCertD1ii(i, policyNodes, pOid, pq);
}
}
}
if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) {
acceptablePolicies = pols;
} else {
Iterator it = acceptablePolicies.iterator();
Set t1 = new HashSet();
while (it.hasNext()) {
Object o = it.next();
if (pols.contains(o)) {
t1.add(o);
}
}
acceptablePolicies = t1;
}
if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert))) {
e = certPolicies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
Set _apq;
try {
_apq = getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException cpve) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
List _nodes = policyNodes[i - 1];
for (int k = 0; k < _nodes.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
Iterator _policySetIter = _node.getExpectedPolicies().iterator();
while (_policySetIter.hasNext()) {
Object _tmp = _policySetIter.next();
String _policy;
if (_tmp instanceof String) {
_policy = (String) _tmp;
} else if (_tmp instanceof ASN1ObjectIdentifier) {
_policy = ((ASN1ObjectIdentifier) _tmp).getId();
} else {
continue;
}
boolean _found = false;
Iterator _childrenIter = _node.getChildren();
while (_childrenIter.hasNext()) {
PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
if (_policy.equals(_child.getValidPolicy())) {
_found = true;
}
}
if (!_found) {
Set _newChildExpectedPolicies = new HashSet();
_newChildExpectedPolicies.add(_policy);
PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
_node.addChild(_newChild);
policyNodes[i].add(_newChild);
}
}
}
break;
}
}
}
//
for (int j = (i - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
if (validPolicyTree == null) {
break;
}
}
}
}
//
// d (4)
//
Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
if (criticalExtensionOids != null) {
boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES);
List nodes = policyNodes[i];
for (int j = 0; j < nodes.size(); j++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
node.setCritical(critical);
}
}
}
if (certPolicies == null) {
validPolicyTree = null;
}
if (explicitPolicy <= 0 && validPolicyTree == null) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noValidPolicyTree");
throw new CertPathReviewerException(msg);
}
if (i != n) {
// a)
ASN1Primitive pm;
try {
pm = getExtensionValue(cert, POLICY_MAPPINGS);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyMapExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
}
if (pm != null) {
ASN1Sequence mappings = (ASN1Sequence) pm;
for (int j = 0; j < mappings.size(); j++) {
ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
ASN1ObjectIdentifier ip_id = (ASN1ObjectIdentifier) mapping.getObjectAt(0);
ASN1ObjectIdentifier sp_id = (ASN1ObjectIdentifier) mapping.getObjectAt(1);
if (ANY_POLICY.equals(ip_id.getId())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
throw new CertPathReviewerException(msg, certPath, index);
}
if (ANY_POLICY.equals(sp_id.getId())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
throw new CertPathReviewerException(msg, certPath, index);
}
}
}
if (pm != null) {
ASN1Sequence mappings = (ASN1Sequence) pm;
Map m_idp = new HashMap();
Set s_idp = new HashSet();
for (int j = 0; j < mappings.size(); j++) {
ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
String id_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(0)).getId();
String sd_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(1)).getId();
Set tmp;
if (!m_idp.containsKey(id_p)) {
tmp = new HashSet();
tmp.add(sd_p);
m_idp.put(id_p, tmp);
s_idp.add(id_p);
} else {
tmp = (Set) m_idp.get(id_p);
tmp.add(sd_p);
}
}
Iterator it_idp = s_idp.iterator();
while (it_idp.hasNext()) {
String id_p = (String) it_idp.next();
//
if (policyMapping > 0) {
try {
prepareNextCertB1(i, policyNodes, id_p, m_idp, cert);
} catch (AnnotatedException ae) {
// error processing certificate policies extension
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
throw new CertPathReviewerException(msg, ae, certPath, index);
} catch (CertPathValidatorException cpve) {
// error building qualifier set
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
throw new CertPathReviewerException(msg, cpve, certPath, index);
}
//
// (2)
//
} else if (policyMapping <= 0) {
validPolicyTree = prepareNextCertB2(i, policyNodes, id_p, validPolicyTree);
}
}
}
if (!isSelfIssued(cert)) {
// (1)
if (explicitPolicy != 0) {
explicitPolicy--;
}
// (2)
if (policyMapping != 0) {
policyMapping--;
}
// (3)
if (inhibitAnyPolicy != 0) {
inhibitAnyPolicy--;
}
}
try {
ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
int tmpInt;
switch(constraint.getTagNo()) {
case 0:
tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
if (tmpInt < explicitPolicy) {
explicitPolicy = tmpInt;
}
break;
case 1:
tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
if (tmpInt < policyMapping) {
policyMapping = tmpInt;
}
break;
}
}
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
try {
ASN1Integer iap = (ASN1Integer) getExtensionValue(cert, INHIBIT_ANY_POLICY);
if (iap != null) {
int _inhibitAnyPolicy = iap.intValueExact();
if (_inhibitAnyPolicy < inhibitAnyPolicy) {
inhibitAnyPolicy = _inhibitAnyPolicy;
}
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyInhibitExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
}
}
if (!isSelfIssued(cert) && explicitPolicy > 0) {
explicitPolicy--;
}
try {
ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
switch(constraint.getTagNo()) {
case 0:
int tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
if (tmpInt == 0) {
explicitPolicy = 0;
}
break;
}
}
}
} catch (AnnotatedException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
throw new CertPathReviewerException(msg, certPath, index);
}
//
// (g)
//
PKIXPolicyNode intersection;
//
if (validPolicyTree == null) {
if (pkixParams.isExplicitPolicyRequired()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
throw new CertPathReviewerException(msg, certPath, index);
}
intersection = null;
} else if (// (g) (ii)
isAnyPolicy(userInitialPolicySet)) {
if (pkixParams.isExplicitPolicyRequired()) {
if (acceptablePolicies.isEmpty()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
throw new CertPathReviewerException(msg, certPath, index);
} else {
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
_validPolicyNodeSet.add(_iter.next());
}
}
}
}
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!acceptablePolicies.contains(_validPolicy)) {
// validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
}
}
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
}
}
intersection = validPolicyTree;
} else {
//
// (g) (iii)
//
// This implementation is not exactly same as the one described in RFC3280.
// However, as far as the validation result is concerned, both produce
// adequate result. The only difference is whether AnyPolicy is remain
// in the policy tree or not.
//
// (g) (iii) 1
//
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
PKIXPolicyNode _c_node = (PKIXPolicyNode) _iter.next();
if (!ANY_POLICY.equals(_c_node.getValidPolicy())) {
_validPolicyNodeSet.add(_c_node);
}
}
}
}
}
//
// (g) (iii) 2
//
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!userInitialPolicySet.contains(_validPolicy)) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
}
}
//
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
intersection = validPolicyTree;
}
if ((explicitPolicy <= 0) && (intersection == null)) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicy");
throw new CertPathReviewerException(msg);
}
validPolicyTree = intersection;
} catch (CertPathReviewerException cpre) {
addError(cpre.getErrorMessage(), cpre.getIndex());
validPolicyTree = null;
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation)
HashMap(java.util.HashMap)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
ArrayList(java.util.ArrayList)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode)
HashSet(java.util.HashSet)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Enumeration(java.util.Enumeration)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
Map(java.util.Map)
HashMap(java.util.HashMap)
ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)
Example 23 with PolicyInformation
use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method prepareNextCertB1.
protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
boolean idp_found = false;
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (node.getValidPolicy().equals(id_p)) {
idp_found = true;
node.setExpectedPolicies((Set) m_idp.get(id_p));
break;
}
}
if (!idp_found) {
nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (ANY_POLICY.equals(node.getValidPolicy())) {
Set pq = null;
ASN1Sequence policies = null;
try {
policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
} catch (Exception e) {
throw new AnnotatedException("Certificate policies cannot be decoded.", e);
}
Enumeration e = policies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pinfo = null;
try {
pinfo = PolicyInformation.getInstance(e.nextElement());
} catch (Exception ex) {
throw new AnnotatedException("Policy information cannot be decoded.", ex);
}
if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
try {
pq = getQualifierSet(pinfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
}
break;
}
}
boolean ci = false;
if (cert.getCriticalExtensionOIDs() != null) {
ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
}
PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
if (ANY_POLICY.equals(p_node.getValidPolicy())) {
PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
p_node.addChild(c_node);
policyNodes[i].add(c_node);
}
break;
}
}
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
Set(java.util.Set)
HashSet(java.util.HashSet)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
Enumeration(java.util.Enumeration)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 24 with PolicyInformation
use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project LinLong-Java by zhenwei1108.
the class OtherSigningCertificate method toASN1Primitive.
/**
* The definition of OtherSigningCertificate is
* <pre>
* OtherSigningCertificate ::= SEQUENCE {
* certs SEQUENCE OF OtherCertID,
* policies SEQUENCE OF PolicyInformation OPTIONAL
* }
* </pre>
* id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549)
* pkcs(1) pkcs9(9) smime(16) id-aa(2) 19 }
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(certs);
if (policies != null) {
v.add(policies);
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Example 25 with PolicyInformation
use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project LinLong-Java by zhenwei1108.
the class SigningCertificate method toASN1Primitive.
/**
* The definition of SigningCertificate is
* <pre>
* SigningCertificate ::= SEQUENCE {
* certs SEQUENCE OF ESSCertID,
* policies SEQUENCE OF PolicyInformation OPTIONAL
* }
* </pre>
* id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549)
* pkcs(1) pkcs9(9) smime(16) id-aa(2) 12 }
*/
public ASN1Primitive toASN1Primitive() {
ASN1EncodableVector v = new ASN1EncodableVector(2);
v.add(certs);
if (policies != null) {
v.add(policies);
}
return new DERSequence(v);
}
Also used :
DERSequence(com.github.zhenwei.core.asn1.DERSequence)
ASN1EncodableVector(com.github.zhenwei.core.asn1.ASN1EncodableVector)
Aggregations
IOException (java.io.IOException)24
PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)23
ArrayList (java.util.ArrayList)19
CertPathValidatorException (java.security.cert.CertPathValidatorException)17
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14
HashSet (java.util.HashSet)12
Enumeration (java.util.Enumeration)11
Iterator (java.util.Iterator)11
Set (java.util.Set)11
X509Certificate (java.security.cert.X509Certificate)9
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9
List (java.util.List)8
GeneralSecurityException (java.security.GeneralSecurityException)7
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7
PolicyInformation (sun.security.x509.PolicyInformation)7
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)5
PolicyInformation (com.github.zhenwei.core.asn1.x509.PolicyInformation)5
ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4
