use of com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCertD.
protected static PKIXPolicyNode processCertD(CertPath certPath, int index, Set acceptablePolicies, PKIXPolicyNode validPolicyTree, List[] policyNodes, int inhibitAnyPolicy, boolean isForCRLCheck) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
//
// (d) policy Information checking against initial policy and
// policy mapping
//
ASN1Sequence certPolicies = null;
try {
certPolicies = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
}
if (certPolicies != null && validPolicyTree != null) {
//
// (d) (1)
//
Enumeration e = certPolicies.getObjects();
Set pols = new HashSet();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier();
pols.add(pOid.getId());
if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId())) {
Set pq = null;
try {
pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex, certPath, index);
}
boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq);
if (!match) {
CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq);
}
}
}
if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY)) {
acceptablePolicies.clear();
acceptablePolicies.addAll(pols);
} else {
Iterator it = acceptablePolicies.iterator();
Set t1 = new HashSet();
while (it.hasNext()) {
Object o = it.next();
if (pols.contains(o)) {
t1.add(o);
}
}
acceptablePolicies.clear();
acceptablePolicies.addAll(t1);
}
//
if ((inhibitAnyPolicy > 0) || ((i < n || isForCRLCheck) && CertPathValidatorUtilities.isSelfIssued(cert))) {
e = certPolicies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers());
List _nodes = policyNodes[i - 1];
for (int k = 0; k < _nodes.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
Iterator _policySetIter = _node.getExpectedPolicies().iterator();
while (_policySetIter.hasNext()) {
Object _tmp = _policySetIter.next();
String _policy;
if (_tmp instanceof String) {
_policy = (String) _tmp;
} else if (_tmp instanceof ASN1ObjectIdentifier) {
_policy = ((ASN1ObjectIdentifier) _tmp).getId();
} else {
continue;
}
boolean _found = false;
Iterator _childrenIter = _node.getChildren();
while (_childrenIter.hasNext()) {
PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
if (_policy.equals(_child.getValidPolicy())) {
_found = true;
}
}
if (!_found) {
Set _newChildExpectedPolicies = new HashSet();
_newChildExpectedPolicies.add(_policy);
PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
_node.addChild(_newChild);
policyNodes[i].add(_newChild);
}
}
}
break;
}
}
}
PKIXPolicyNode _validPolicyTree = validPolicyTree;
//
for (int j = (i - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
_validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, node);
if (_validPolicyTree == null) {
break;
}
}
}
}
//
// d (4)
//
Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
if (criticalExtensionOids != null) {
boolean critical = criticalExtensionOids.contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
List nodes = policyNodes[i];
for (int j = 0; j < nodes.size(); j++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
node.setCritical(critical);
}
}
return _validPolicyTree;
}
return null;
}
use of com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method processCertE.
protected static PKIXPolicyNode processCertE(CertPath certPath, int index, PKIXPolicyNode validPolicyTree) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (e)
//
ASN1Sequence certPolicies = null;
try {
certPolicies = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index);
}
if (certPolicies == null) {
validPolicyTree = null;
}
return validPolicyTree;
}
use of com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method prepareNextCertJ.
protected static int prepareNextCertJ(CertPath certPath, int index, int inhibitAnyPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (j)
//
ASN1Integer iap = null;
try {
iap = ASN1Integer.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath, index);
}
if (iap != null) {
int _inhibitAnyPolicy = iap.intValueExact();
if (_inhibitAnyPolicy < inhibitAnyPolicy) {
return _inhibitAnyPolicy;
}
}
return inhibitAnyPolicy;
}
use of com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method prepareNextCertO.
protected static void prepareNextCertO(CertPath certPath, int index, Set criticalExtensions, List pathCheckers) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (o)
//
Iterator tmpIter;
tmpIter = pathCheckers.iterator();
while (tmpIter.hasNext()) {
try {
((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions);
} catch (CertPathValidatorException e) {
throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
}
}
if (!criticalExtensions.isEmpty()) {
throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath, index);
}
}
use of com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException in project LinLong-Java by zhenwei1108.
the class RFC3280CertPathUtilities method wrapupCertB.
protected static int wrapupCertB(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (b)
//
int tmpInt;
ASN1Sequence pc = null;
try {
pc = ASN1Sequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index);
}
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
switch(constraint.getTagNo()) {
case 0:
try {
tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, index);
}
if (tmpInt == 0) {
return 0;
}
break;
}
}
}
return explicitPolicy;
}
Aggregations