Search in sources :

Example 36 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project xipki by xipki.

the class ExtensionsChecker method checkExtensionCertificatePolicies.

// method checkExtensionTlsFeature
private void checkExtensionCertificatePolicies(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QaCertificatePolicies conf = certificatePolicies;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(Extension.certificatePolicies, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(extensionValue);
    PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();
    for (PolicyInformation isPolicyInformation : isPolicyInformations) {
        ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
        QaCertificatePolicyInformation expCp = conf.getPolicyInformation(isPolicyId.getId());
        if (expCp == null) {
            failureMsg.append("certificate policy '").append(isPolicyId).append("' is not expected; ");
            continue;
        }
        QaPolicyQualifiers expCpPq = expCp.getPolicyQualifiers();
        if (expCpPq == null) {
            continue;
        }
        ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
        List<String> isCpsUris = new LinkedList<>();
        List<String> isUserNotices = new LinkedList<>();
        int size = isPolicyQualifiers.size();
        for (int i = 0; i < size; i++) {
            PolicyQualifierInfo isPolicyQualifierInfo = (PolicyQualifierInfo) isPolicyQualifiers.getObjectAt(i);
            ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
            ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
            if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
                String isCpsUri = ((DERIA5String) isQualifier).getString();
                isCpsUris.add(isCpsUri);
            } else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
                UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
                if (isUserNotice.getExplicitText() != null) {
                    isUserNotices.add(isUserNotice.getExplicitText().getString());
                }
            }
        }
        List<QaPolicyQualifierInfo> qualifierInfos = expCpPq.getPolicyQualifiers();
        for (QaPolicyQualifierInfo qualifierInfo : qualifierInfos) {
            if (qualifierInfo instanceof QaCpsUriPolicyQualifier) {
                String value = ((QaCpsUriPolicyQualifier) qualifierInfo).getCpsUri();
                if (!isCpsUris.contains(value)) {
                    failureMsg.append("CPSUri '").append(value).append("' is absent but is required; ");
                }
            } else if (qualifierInfo instanceof QaUserNoticePolicyQualifierInfo) {
                String value = ((QaUserNoticePolicyQualifierInfo) qualifierInfo).getUserNotice();
                if (!isUserNotices.contains(value)) {
                    failureMsg.append("userNotice '").append(value).append("' is absent but is required; ");
                }
            } else {
                throw new RuntimeException("should not reach here");
            }
        }
    }
    for (QaCertificatePolicyInformation cp : conf.getPolicyInformations()) {
        boolean present = false;
        for (PolicyInformation isPolicyInformation : isPolicyInformations) {
            if (isPolicyInformation.getPolicyIdentifier().getId().equals(cp.getPolicyId())) {
                present = true;
                break;
            }
        }
        if (present) {
            continue;
        }
        failureMsg.append("certificate policy '").append(cp.getPolicyId()).append("' is absent but is required; ");
    }
}
Also used : PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) QaCertificatePolicyInformation(org.xipki.ca.qa.internal.QaCertificatePolicies.QaCertificatePolicyInformation) UserNotice(org.bouncycastle.asn1.x509.UserNotice) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) DERIA5String(org.bouncycastle.asn1.DERIA5String) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) QaPolicyQualifiers(org.xipki.ca.qa.internal.QaPolicyQualifiers) QaPolicyQualifierInfo(org.xipki.ca.qa.internal.QaPolicyQualifierInfo) QaUserNoticePolicyQualifierInfo(org.xipki.ca.qa.internal.QaPolicyQualifierInfo.QaUserNoticePolicyQualifierInfo) PolicyQualifierInfo(org.bouncycastle.asn1.x509.PolicyQualifierInfo) QaCertificatePolicyInformation(org.xipki.ca.qa.internal.QaCertificatePolicies.QaCertificatePolicyInformation) LinkedList(java.util.LinkedList) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) QaPolicyQualifierInfo(org.xipki.ca.qa.internal.QaPolicyQualifierInfo) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QaUserNoticePolicyQualifierInfo(org.xipki.ca.qa.internal.QaPolicyQualifierInfo.QaUserNoticePolicyQualifierInfo) QaCertificatePolicies(org.xipki.ca.qa.internal.QaCertificatePolicies) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) QaCpsUriPolicyQualifier(org.xipki.ca.qa.internal.QaPolicyQualifierInfo.QaCpsUriPolicyQualifier)

Example 37 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class PolicyInformationUtil method toString.

/**
 * Get string representation of policy information.
 *
 * @param policyInformation Policy information
 * @return String representation of policy information
 * @throws IOException If policy information is invalid
 */
public static String toString(PolicyInformation policyInformation) throws IOException {
    StringBuilder sbPolicyInformation = new StringBuilder();
    ASN1ObjectIdentifier policyIdentifier = policyInformation.getPolicyIdentifier();
    sbPolicyInformation.append(MessageFormat.format(res.getString("PolicyInformationUtil.PolicyIdentifier"), policyIdentifier.getId()));
    ASN1Sequence policyQualifiers = policyInformation.getPolicyQualifiers();
    if (policyQualifiers != null) {
        sbPolicyInformation.append(", ");
        StringBuilder sbPolicyQualifiers = new StringBuilder();
        for (int i = 0; i < policyQualifiers.size(); i++) {
            PolicyQualifierInfo policyQualifierInfo = PolicyQualifierInfo.getInstance(policyQualifiers.getObjectAt(i));
            sbPolicyQualifiers.append(toString(policyQualifierInfo));
            if ((i + 1) < policyQualifiers.size()) {
                sbPolicyQualifiers.append(", ");
            }
        }
        sbPolicyInformation.append(MessageFormat.format(res.getString("PolicyInformationUtil.PolicyQualifiers"), sbPolicyQualifiers));
    }
    return sbPolicyInformation.toString();
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) PolicyQualifierInfo(org.bouncycastle.asn1.x509.PolicyQualifierInfo) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 38 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class DPolicyInformationChooser method populate.

private void populate(PolicyInformation policyInformation) throws IOException {
    if (policyInformation != null) {
        joiPolicyIdentifier.setObjectId(policyInformation.getPolicyIdentifier());
        ASN1Sequence policyQualifierInfoSeq = policyInformation.getPolicyQualifiers();
        if (policyQualifierInfoSeq != null) {
            List<PolicyQualifierInfo> policyQualifierInfo = new ArrayList<>();
            for (int i = 0; i < policyQualifierInfoSeq.size(); i++) {
                PolicyQualifierInfo policyQualInfo = PolicyQualifierInfo.getInstance(policyQualifierInfoSeq.getObjectAt(i));
                policyQualifierInfo.add(policyQualInfo);
            }
            jpqPolicyQualifiers.setPolicyQualifierInfo(policyQualifierInfo);
        }
    }
}
Also used : ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ArrayList(java.util.ArrayList) PolicyQualifierInfo(org.bouncycastle.asn1.x509.PolicyQualifierInfo)

Example 39 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class JPolicyInformation method editSelectedPolicyInformation.

private void editSelectedPolicyInformation() {
    int selectedRow = jtPolicyInformation.getSelectedRow();
    if (selectedRow != -1) {
        PolicyInformation policyInfo = (PolicyInformation) jtPolicyInformation.getValueAt(selectedRow, 0);
        Container container = getTopLevelAncestor();
        try {
            DPolicyInformationChooser dPolicyNameChooser = null;
            if (container instanceof JDialog) {
                dPolicyNameChooser = new DPolicyInformationChooser((JDialog) container, title, policyInfo);
            } else {
                dPolicyNameChooser = new DPolicyInformationChooser((JFrame) container, title, policyInfo);
            }
            dPolicyNameChooser.setLocationRelativeTo(container);
            dPolicyNameChooser.setVisible(true);
            PolicyInformation newPolicyInfo = dPolicyNameChooser.getPolicyInformation();
            if (newPolicyInfo == null) {
                return;
            }
            policyInformation.remove(policyInfo);
            policyInformation.add(newPolicyInfo);
            populate();
            selectPolicyInformationInTable(newPolicyInfo);
        } catch (IOException ex) {
            DError dError = null;
            if (container instanceof JDialog) {
                dError = new DError((JDialog) container, ex);
            } else {
                dError = new DError((JFrame) container, ex);
            }
            dError.setLocationRelativeTo(container);
            dError.setVisible(true);
        }
    }
}
Also used : Container(java.awt.Container) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) JFrame(javax.swing.JFrame) IOException(java.io.IOException) Point(java.awt.Point) JDialog(javax.swing.JDialog) DError(org.kse.gui.error.DError)

Example 40 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class JPolicyInformation method addPressed.

private void addPressed() {
    Container container = getTopLevelAncestor();
    try {
        DPolicyInformationChooser dPolicyInformationChooser = null;
        if (container instanceof JDialog) {
            dPolicyInformationChooser = new DPolicyInformationChooser((JDialog) container, title, null);
        } else {
            dPolicyInformationChooser = new DPolicyInformationChooser((JFrame) container, title, null);
        }
        dPolicyInformationChooser.setLocationRelativeTo(container);
        dPolicyInformationChooser.setVisible(true);
        PolicyInformation newPolicyInfo = dPolicyInformationChooser.getPolicyInformation();
        if (newPolicyInfo == null) {
            return;
        }
        policyInformation.add(newPolicyInfo);
        populate();
        selectPolicyInformationInTable(newPolicyInfo);
    } catch (IOException ex) {
        DError dError = null;
        if (container instanceof JDialog) {
            dError = new DError((JDialog) container, ex);
        } else {
            dError = new DError((JFrame) container, ex);
        }
        dError.setLocationRelativeTo(container);
        dError.setVisible(true);
    }
}
Also used : Container(java.awt.Container) JFrame(javax.swing.JFrame) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) IOException(java.io.IOException) JDialog(javax.swing.JDialog) DError(org.kse.gui.error.DError)

Aggregations

IOException (java.io.IOException)24 PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)23 ArrayList (java.util.ArrayList)19 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 HashSet (java.util.HashSet)12 Enumeration (java.util.Enumeration)11 Iterator (java.util.Iterator)11 Set (java.util.Set)11 X509Certificate (java.security.cert.X509Certificate)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 List (java.util.List)8 GeneralSecurityException (java.security.GeneralSecurityException)7 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7 PolicyInformation (sun.security.x509.PolicyInformation)7 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)5 PolicyInformation (com.github.zhenwei.core.asn1.x509.PolicyInformation)5 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4