Search in sources :

Example 41 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class PolicyInformationTableCellRend method getTableCellRendererComponent.

/**
 * Returns the rendered cell.
 *
 * @param jtPolicyInformation The JTable
 * @param value               The value to assign to the cell
 * @param isSelected          True if cell is selected
 * @param row                 The row of the cell to render
 * @param col                 The column of the cell to render
 * @param hasFocus            If true, render cell appropriately
 * @return The renderered cell
 */
@Override
public Component getTableCellRendererComponent(JTable jtPolicyInformation, Object value, boolean isSelected, boolean hasFocus, int row, int col) {
    JLabel cell = (JLabel) super.getTableCellRendererComponent(jtPolicyInformation, value, isSelected, hasFocus, row, col);
    PolicyInformation policyInformation = (PolicyInformation) value;
    try {
        String policyInformationStr = PolicyInformationUtil.toString(policyInformation);
        cell.setText(policyInformationStr);
        cell.setToolTipText(policyInformationStr);
    } catch (IOException ex) {
        // We build this data so should not
        throw new RuntimeException(ex);
    // happen
    }
    cell.setHorizontalAlignment(LEFT);
    cell.setBorder(new EmptyBorder(0, 5, 0, 5));
    return cell;
}
Also used : PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) JLabel(javax.swing.JLabel) IOException(java.io.IOException) EmptyBorder(javax.swing.border.EmptyBorder)

Example 42 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project xipki by xipki.

the class A2gChecker method checkExtnCertificatePolicies.

// method checkExtnBiometricInfo
void checkExtnCertificatePolicies(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns, ExtensionControl extnControl) {
    CertificatePolicies certificatePolicies = caller.getCertificatePolicies();
    if (certificatePolicies == null) {
        caller.checkConstantExtnValue(Extension.certificatePolicies, failureMsg, extnValue, requestedExtns, extnControl);
        return;
    }
    Map<String, CertificatePolicyInformationType> expPoliciesMap = new HashMap<>();
    for (CertificatePolicyInformationType cp : caller.getCertificatePolicies().getCertificatePolicyInformations()) {
        expPoliciesMap.put(cp.getPolicyIdentifier().getOid(), cp);
    }
    Set<String> expPolicyIds = new HashSet<>(expPoliciesMap.keySet());
    org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(extnValue);
    PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();
    for (PolicyInformation isPolicyInformation : isPolicyInformations) {
        ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
        expPolicyIds.remove(isPolicyId.getId());
        CertificatePolicyInformationType expCp = expPoliciesMap.get(isPolicyId.getId());
        if (expCp == null) {
            failureMsg.append("certificate policy '").append(isPolicyId).append("' is not expected; ");
            continue;
        }
        List<PolicyQualifier> expCpPq = expCp.getPolicyQualifiers();
        if (isEmpty(expCpPq)) {
            continue;
        }
        ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
        List<String> isCpsUris = new LinkedList<>();
        List<String> isUserNotices = new LinkedList<>();
        int size = isPolicyQualifiers.size();
        for (int i = 0; i < size; i++) {
            PolicyQualifierInfo isPolicyQualifierInfo = PolicyQualifierInfo.getInstance(isPolicyQualifiers.getObjectAt(i));
            ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
            ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
            if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
                String isCpsUri = DERIA5String.getInstance(isQualifier).getString();
                isCpsUris.add(isCpsUri);
            } else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
                UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
                if (isUserNotice.getExplicitText() != null) {
                    isUserNotices.add(isUserNotice.getExplicitText().getString());
                }
            }
        }
        for (PolicyQualifier qualifierInfo : expCpPq) {
            String value = qualifierInfo.getValue();
            switch(qualifierInfo.getType()) {
                case cpsUri:
                    if (!isCpsUris.contains(value)) {
                        failureMsg.append("CPSUri '").append(value).append("' is absent but is required; ");
                    }
                    continue;
                case userNotice:
                    if (!isUserNotices.contains(value)) {
                        failureMsg.append("userNotice '").append(value).append("' is absent but is required; ");
                    }
                    continue;
                default:
                    throw new IllegalStateException("should not reach here");
            }
        }
    }
    for (String policyId : expPolicyIds) {
        failureMsg.append("certificate policy '").append(policyId).append("' is absent but is required; ");
    }
}
Also used : PolicyQualifier(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier) org.bouncycastle.asn1.x509(org.bouncycastle.asn1.x509) CertificatePolicyInformationType(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType) CertificatePolicies(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies)

Example 43 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project xipki by xipki.

the class CertificatePolicies method toXiCertificatePolicies.

public org.bouncycastle.asn1.x509.CertificatePolicies toXiCertificatePolicies() {
    List<CertificatePolicyInformationType> policyPairs = getCertificatePolicyInformations();
    List<CertificatePolicyInformation> policyInfos = new ArrayList<>(policyPairs.size());
    for (CertificatePolicyInformationType policyPair : policyPairs) {
        List<CertificatePolicyQualifier> qualifiers = null;
        List<PolicyQualifier> policyQualifiers = policyPair.getPolicyQualifiers();
        if (!policyQualifiers.isEmpty()) {
            qualifiers = new ArrayList<>(policyQualifiers.size());
            for (PolicyQualifier m : policyQualifiers) {
                CertificatePolicyQualifier qualifier = m.getType() == PolicyQualfierType.cpsUri ? CertificatePolicyQualifier.getInstanceForCpsUri(m.getValue()) : CertificatePolicyQualifier.getInstanceForUserNotice(m.getValue());
                qualifiers.add(qualifier);
            }
        }
        CertificatePolicyInformation cpi = new CertificatePolicyInformation(policyPair.getPolicyIdentifier().getOid(), qualifiers);
        policyInfos.add(cpi);
    }
    int size = policyInfos.size();
    PolicyInformation[] infos = new PolicyInformation[size];
    int idx = 0;
    for (CertificatePolicyInformation policyInfo : policyInfos) {
        String policyId = policyInfo.getCertPolicyId();
        List<CertificatePolicyQualifier> qualifiers = policyInfo.getQualifiers();
        ASN1Sequence policyQualifiers = null;
        if (CollectionUtil.isNotEmpty(qualifiers)) {
            policyQualifiers = createPolicyQualifiers(qualifiers);
        }
        ASN1ObjectIdentifier policyOid = new ASN1ObjectIdentifier(policyId);
        infos[idx++] = (policyQualifiers == null) ? new PolicyInformation(policyOid) : new PolicyInformation(policyOid, policyQualifiers);
    }
    return new org.bouncycastle.asn1.x509.CertificatePolicies(infos);
}
Also used : CertificatePolicyInformation(org.xipki.ca.certprofile.xijson.CertificatePolicyInformation) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) ArrayList(java.util.ArrayList) CertificatePolicyQualifier(org.xipki.ca.certprofile.xijson.CertificatePolicyQualifier) CertificatePolicyQualifier(org.xipki.ca.certprofile.xijson.CertificatePolicyQualifier) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) CertificatePolicyInformation(org.xipki.ca.certprofile.xijson.CertificatePolicyInformation) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 44 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project j2objc by google.

the class PolicyChecker method removeInvalidNodes.

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode, int certIndex, Set<String> initPolicies, CertificatePoliciesExtension currCertPolicies) throws CertPathValidatorException {
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
    }
    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
        if (debug != null)
            debug.println("PolicyChecker.processPolicies() " + "processing policy second time: " + curPolicy);
        Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) && (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() " + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() " + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }
    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }
    return rootNode;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) PolicyInformation(sun.security.x509.PolicyInformation) IOException(java.io.IOException)

Example 45 with PolicyInformation

use of com.github.zhenwei.core.asn1.x509.PolicyInformation in project dcache by dCache.

the class X509Plugin method listPolicies.

private List<String> listPolicies(X509Certificate eec) throws AuthenticationException {
    byte[] encoded;
    try {
        encoded = getExtensionBytes(eec, OID_CERTIFICATE_POLICIES);
    } catch (IOException e) {
        LOG.warn("Malformed policy extension {}: {}", eec.getIssuerX500Principal().getName(), e.getMessage());
        return Collections.emptyList();
    }
    if (encoded == null) {
        // has no Certificate Policies extension.
        return Collections.emptyList();
    }
    Enumeration<ASN1Encodable> asn1EncodedPolicies = ASN1Sequence.getInstance(encoded).getObjects();
    List<String> policies = new ArrayList<>();
    while (asn1EncodedPolicies.hasMoreElements()) {
        ASN1Encodable asn1EncodedPolicy = asn1EncodedPolicies.nextElement();
        if (asn1EncodedPolicy.equals(ANY_POLICY)) {
            continue;
        }
        PolicyInformation policy = PolicyInformation.getInstance(asn1EncodedPolicy);
        policies.add(policy.getPolicyIdentifier().getId());
    }
    return policies;
}
Also used : PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) ArrayList(java.util.ArrayList) IOException(java.io.IOException) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)

Aggregations

IOException (java.io.IOException)24 PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)23 ArrayList (java.util.ArrayList)19 CertPathValidatorException (java.security.cert.CertPathValidatorException)17 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)14 HashSet (java.util.HashSet)12 Enumeration (java.util.Enumeration)11 Iterator (java.util.Iterator)11 Set (java.util.Set)11 X509Certificate (java.security.cert.X509Certificate)9 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)9 List (java.util.List)8 GeneralSecurityException (java.security.GeneralSecurityException)7 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7 PolicyInformation (sun.security.x509.PolicyInformation)7 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)5 PolicyInformation (com.github.zhenwei.core.asn1.x509.PolicyInformation)5 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)4