Example 6 with ErrorBundle
use of com.github.zhenwei.core.i18n.ErrorBundle in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkCRLs.
protected void checkCRLs(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, int index) throws CertPathReviewerException {
X509CRLStoreSelector crlselect;
crlselect = new X509CRLStoreSelector();
try {
crlselect.addIssuerName(getEncodedIssuerPrincipal(cert).getEncoded());
} catch (IOException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlIssuerException");
throw new CertPathReviewerException(msg, e);
}
crlselect.setCertificateChecking(cert);
Iterator crl_iter;
try {
Collection crl_coll = PKIXCRLUtil.findCRLs(crlselect, paramsPKIX);
crl_iter = crl_coll.iterator();
if (crl_coll.isEmpty()) {
// notification - no local crls found
crl_coll = PKIXCRLUtil.findCRLs(new X509CRLStoreSelector(), paramsPKIX);
Iterator it = crl_coll.iterator();
List nonMatchingCrlNames = new ArrayList();
while (it.hasNext()) {
nonMatchingCrlNames.add(((X509CRL) it.next()).getIssuerX500Principal());
}
int numbOfCrls = nonMatchingCrlNames.size();
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCrlInCertstore", new Object[] { new UntrustedInput(crlselect.getIssuerNames()), new UntrustedInput(nonMatchingCrlNames), Integers.valueOf(numbOfCrls) });
addNotification(msg, index);
}
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlExtractionError", new Object[] { ae.getCause().getMessage(), ae.getCause(), ae.getCause().getClass().getName() });
addError(msg, index);
crl_iter = new ArrayList().iterator();
}
boolean validCrlFound = false;
X509CRL crl = null;
while (crl_iter.hasNext()) {
crl = (X509CRL) crl_iter.next();
Date thisUpdate = crl.getThisUpdate();
Date nextUpdate = crl.getNextUpdate();
Object[] arguments = new Object[] { new TrustedInput(thisUpdate), new TrustedInput(nextUpdate) };
if (nextUpdate == null || validDate.before(nextUpdate)) {
validCrlFound = true;
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.localValidCRL", arguments);
addNotification(msg, index);
break;
}
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.localInvalidCRL", arguments);
addNotification(msg, index);
}
// crl distribution point
if (!validCrlFound) {
X500Principal certIssuer = cert.getIssuerX500Principal();
X509CRL onlineCRL = null;
Iterator urlIt = crlDistPointUrls.iterator();
while (urlIt.hasNext()) {
try {
String location = (String) urlIt.next();
onlineCRL = getCRL(location);
if (onlineCRL != null) {
X500Principal crlIssuer = onlineCRL.getIssuerX500Principal();
// check if crl issuer is correct
if (!certIssuer.equals(crlIssuer)) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineCRLWrongCA", new Object[] { new UntrustedInput(crlIssuer.getName()), new UntrustedInput(certIssuer.getName()), new UntrustedUrlInput(location) });
addNotification(msg, index);
continue;
}
Date thisUpdate = onlineCRL.getThisUpdate();
Date nextUpdate = onlineCRL.getNextUpdate();
Object[] arguments = new Object[] { new TrustedInput(thisUpdate), new TrustedInput(nextUpdate), new UntrustedUrlInput(location) };
if (nextUpdate == null || validDate.before(nextUpdate)) {
validCrlFound = true;
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineValidCRL", arguments);
addNotification(msg, index);
crl = onlineCRL;
break;
}
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.onlineInvalidCRL", arguments);
addNotification(msg, index);
}
} catch (CertPathReviewerException cpre) {
addNotification(cpre.getErrorMessage(), index);
}
}
}
// check the crl
X509CRLEntry crl_entry;
if (crl != null) {
if (sign != null) {
boolean[] keyUsage = sign.getKeyUsage();
if (keyUsage != null && (keyUsage.length <= CRL_SIGN || !keyUsage[CRL_SIGN])) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noCrlSigningPermited");
throw new CertPathReviewerException(msg);
}
}
if (workingPublicKey != null) {
try {
crl.verify(workingPublicKey, "WeGoo");
} catch (Exception e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlVerifyFailed");
throw new CertPathReviewerException(msg, e);
}
} else // issuer public key not known
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlNoIssuerPublicKey");
throw new CertPathReviewerException(msg);
}
crl_entry = crl.getRevokedCertificate(cert.getSerialNumber());
if (crl_entry != null) {
String reason = null;
if (crl_entry.hasExtensions()) {
ASN1Enumerated reasonCode;
try {
reasonCode = ASN1Enumerated.getInstance(getExtensionValue(crl_entry, Extension.reasonCode.getId()));
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlReasonExtError");
throw new CertPathReviewerException(msg, ae);
}
if (reasonCode != null) {
reason = crlReasons[reasonCode.intValueExact()];
}
}
if (reason == null) {
// unknown
reason = crlReasons[7];
}
// i18n reason
LocaleString ls = new LocaleString(RESOURCE_NAME, reason);
if (!validDate.before(crl_entry.getRevocationDate())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certRevoked", new Object[] { new TrustedInput(crl_entry.getRevocationDate()), ls });
throw new CertPathReviewerException(msg);
} else // cert was revoked after validation date
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.revokedAfterValidation", new Object[] { new TrustedInput(crl_entry.getRevocationDate()), ls });
addNotification(msg, index);
}
} else // cert is not revoked
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.notRevoked");
addNotification(msg, index);
}
//
// warn if a new crl is available
//
Date nextUpdate = crl.getNextUpdate();
if (!(nextUpdate == null || validDate.before(nextUpdate))) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlUpdateAvailable", new Object[] { new TrustedInput(nextUpdate) });
addNotification(msg, index);
}
//
// check the DeltaCRL indicator, base point and the issuing distribution point
//
ASN1Primitive idp;
try {
idp = getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.distrPtExtError");
throw new CertPathReviewerException(msg);
}
ASN1Primitive dci;
try {
dci = getExtensionValue(crl, DELTA_CRL_INDICATOR);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.deltaCrlExtError");
throw new CertPathReviewerException(msg);
}
if (dci != null) {
X509CRLStoreSelector baseSelect = new X509CRLStoreSelector();
try {
baseSelect.addIssuerName(getIssuerPrincipal(crl).getEncoded());
} catch (IOException e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlIssuerException");
throw new CertPathReviewerException(msg, e);
}
baseSelect.setMinCRLNumber(((ASN1Integer) dci).getPositiveValue());
try {
baseSelect.setMaxCRLNumber(((ASN1Integer) getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1)));
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlNbrExtError");
throw new CertPathReviewerException(msg, ae);
}
boolean foundBase = false;
Iterator it;
try {
it = PKIXCRLUtil.findCRLs(baseSelect, paramsPKIX).iterator();
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlExtractionError");
throw new CertPathReviewerException(msg, ae);
}
while (it.hasNext()) {
X509CRL base = (X509CRL) it.next();
ASN1Primitive baseIdp;
try {
baseIdp = getExtensionValue(base, ISSUING_DISTRIBUTION_POINT);
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.distrPtExtError");
throw new CertPathReviewerException(msg, ae);
}
if (Objects.areEqual(idp, baseIdp)) {
foundBase = true;
break;
}
}
if (!foundBase) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noBaseCRL");
throw new CertPathReviewerException(msg);
}
}
if (idp != null) {
IssuingDistributionPoint p = IssuingDistributionPoint.getInstance(idp);
BasicConstraints bc = null;
try {
bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlBCExtError");
throw new CertPathReviewerException(msg, ae);
}
if (p.onlyContainsUserCerts() && (bc != null && bc.isCA())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyUserCert");
throw new CertPathReviewerException(msg);
}
if (p.onlyContainsCACerts() && (bc == null || !bc.isCA())) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyCaCert");
throw new CertPathReviewerException(msg);
}
if (p.onlyContainsAttributeCerts()) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.crlOnlyAttrCert");
throw new CertPathReviewerException(msg);
}
}
}
if (!validCrlFound) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noValidCrlFound");
throw new CertPathReviewerException(msg);
}
}
Also used :
X509CRL(java.security.cert.X509CRL)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
ArrayList(java.util.ArrayList)
ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString)
DEROctetString(com.github.zhenwei.core.asn1.DEROctetString)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String)
UntrustedUrlInput(com.github.zhenwei.core.i18n.filter.UntrustedUrlInput)
X509CRLEntry(java.security.cert.X509CRLEntry)
ASN1Enumerated(com.github.zhenwei.core.asn1.ASN1Enumerated)
Iterator(java.util.Iterator)
TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput)
List(java.util.List)
ArrayList(java.util.ArrayList)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
LocaleString(com.github.zhenwei.core.i18n.LocaleString)
IOException(java.io.IOException)
ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
Date(java.util.Date)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
SignatureException(java.security.SignatureException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
PKIXNameConstraintValidatorException(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)
IOException(java.io.IOException)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
Collection(java.util.Collection)
X500Principal(javax.security.auth.x500.X500Principal)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
Example 7 with ErrorBundle
use of com.github.zhenwei.core.i18n.ErrorBundle in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method getCRL.
private X509CRL getCRL(String location) throws CertPathReviewerException {
X509CRL result = null;
try {
URL url = new URL(location);
if (url.getProtocol().equals("http") || url.getProtocol().equals("https")) {
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setUseCaches(false);
// conn.setConnectTimeout(2000);
conn.setDoInput(true);
conn.connect();
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
CertificateFactory cf = CertificateFactory.getInstance("X.509", "WeGoo");
result = (X509CRL) cf.generateCRL(conn.getInputStream());
} else {
throw new Exception(conn.getResponseMessage());
}
}
} catch (Exception e) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.loadCrlDistPointError", new Object[] { new UntrustedInput(location), e.getMessage(), e, e.getClass().getName() });
throw new CertPathReviewerException(msg);
}
return result;
}
Also used :
X509CRL(java.security.cert.X509CRL)
HttpURLConnection(java.net.HttpURLConnection)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
CertificateFactory(java.security.cert.CertificateFactory)
URL(java.net.URL)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
SignatureException(java.security.SignatureException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
PKIXNameConstraintValidatorException(com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)
IOException(java.io.IOException)
Example 8 with ErrorBundle
use of com.github.zhenwei.core.i18n.ErrorBundle in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method processQcStatements.
private boolean processQcStatements(X509Certificate cert, int index) {
try {
boolean unknownStatement = false;
ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert, QC_STATEMENT);
for (int j = 0; j < qcSt.size(); j++) {
QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j));
if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) {
// process statement - just write a notification that the certificate contains this statement
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance");
addNotification(msg, index);
} else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) {
// process statement - just recognize the statement
} else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) {
// process statement - just write a notification that the certificate contains this statement
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcSSCD");
addNotification(msg, index);
} else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) {
// process statement - write a notification containing the limit value
MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo());
Iso4217CurrencyCode currency = limit.getCurrency();
double value = limit.getAmount().doubleValue() * Math.pow(10, limit.getExponent().doubleValue());
ErrorBundle msg;
if (limit.getCurrency().isAlphabetic()) {
msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", new Object[] { limit.getCurrency().getAlphabetic(), new TrustedInput(new Double(value)), limit });
} else {
msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[] { Integers.valueOf(limit.getCurrency().getNumeric()), new TrustedInput(new Double(value)), limit });
}
addNotification(msg, index);
} else {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[] { stmt.getStatementId(), new UntrustedInput(stmt) });
addNotification(msg, index);
unknownStatement = true;
}
}
return !unknownStatement;
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError");
addError(msg, index);
}
return false;
}
Also used :
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
QCStatement(com.github.zhenwei.core.asn1.x509.qualified.QCStatement)
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
MonetaryValue(com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue)
TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput)
ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject)
UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput)
Iso4217CurrencyCode(com.github.zhenwei.core.asn1.x509.qualified.Iso4217CurrencyCode)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 9 with ErrorBundle
use of com.github.zhenwei.core.i18n.ErrorBundle in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method init.
/**
* Initializes the PKIXCertPathReviewer with the given {@link CertPath} and {@link PKIXParameters}
* params
*
* @param certPath the {@link CertPath} to validate
* @param params the {@link PKIXParameters} to use
* @throws CertPathReviewerException if the certPath is empty
* @throws IllegalStateException if the {@link PKIXCertPathReviewer} is already initialized
*/
public void init(CertPath certPath, PKIXParameters params) throws CertPathReviewerException {
if (initialized) {
throw new IllegalStateException("object is already initialized!");
}
initialized = true;
// check input parameters
if (certPath == null) {
throw new NullPointerException("certPath was null");
}
this.certPath = certPath;
certs = certPath.getCertificates();
n = certs.size();
if (certs.isEmpty()) {
throw new CertPathReviewerException(new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.emptyCertPath"));
}
pkixParams = (PKIXParameters) params.clone();
// 6.1.1 - Inputs
// a) done
// b)
currentDate = new Date();
validDate = getValidityDate(pkixParams, currentDate);
// c) part of pkixParams
// d) done at the beginning of checkSignatures
// e) f) g) part of pkixParams
// initialize output parameters
notifications = null;
errors = null;
trustAnchor = null;
subjectPublicKey = null;
policyTree = null;
}
Also used :
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
Date(java.util.Date)
Example 10 with ErrorBundle
use of com.github.zhenwei.core.i18n.ErrorBundle in project LinLong-Java by zhenwei1108.
the class PKIXCertPathReviewer method checkPathLength.
/*
* checks: - path length constraints and reports - total path length
*/
private void checkPathLength() {
// init
int maxPathLength = n;
int totalPathLength = 0;
X509Certificate cert = null;
int i;
for (int index = certs.size() - 1; index > 0; index--) {
i = n - index;
cert = (X509Certificate) certs.get(index);
if (!isSelfIssued(cert)) {
if (maxPathLength <= 0) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.pathLengthExtended");
addError(msg);
}
maxPathLength--;
totalPathLength++;
}
// m)
BasicConstraints bc;
try {
bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
} catch (AnnotatedException ae) {
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.processLengthConstError");
addError(msg, index);
bc = null;
}
if (bc != null) {
BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
if (_pathLengthConstraint != null) {
int _plc = _pathLengthConstraint.intValue();
if (_plc < maxPathLength) {
maxPathLength = _plc;
}
}
}
}
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.totalPathLength", new Object[] { Integers.valueOf(totalPathLength) });
addNotification(msg);
}
Also used :
ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle)
BigInteger(java.math.BigInteger)
BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint)
DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint)
X509Certificate(java.security.cert.X509Certificate)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Aggregations
ErrorBundle (com.github.zhenwei.core.i18n.ErrorBundle)10
ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)7
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)7
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)7
IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)7
AnnotatedException (com.github.zhenwei.provider.jce.provider.AnnotatedException)7
UntrustedInput (com.github.zhenwei.core.i18n.filter.UntrustedInput)5
IOException (java.io.IOException)5
CertPathValidatorException (java.security.cert.CertPathValidatorException)5
X509Certificate (java.security.cert.X509Certificate)5
Iterator (java.util.Iterator)5
PKIXNameConstraintValidatorException (com.github.zhenwei.provider.jce.provider.PKIXNameConstraintValidatorException)4
ArrayList (java.util.ArrayList)4
X500Principal (javax.security.auth.x500.X500Principal)4
ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)3
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3
ASN1Primitive (com.github.zhenwei.core.asn1.ASN1Primitive)3
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)3
BasicConstraints (com.github.zhenwei.core.asn1.x509.BasicConstraints)3
LocaleString (com.github.zhenwei.core.i18n.LocaleString)3
