Example 6 with AnnotatedException
use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method findCertificates.
protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store certStore = (X509Store) obj;
try {
certs.addAll(certStore.getMatches(certSelect));
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
}
}
}
return certs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
StoreException(com.github.zhenwei.core.util.StoreException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 7 with AnnotatedException
use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method getCertStatus.
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws AnnotatedException {
X509CRLEntry crl_entry = null;
boolean isIndirect;
try {
isIndirect = isIndirectCRL(crl);
} catch (CRLException exception) {
throw new AnnotatedException("Failed check for indirect CRL.", exception);
}
if (isIndirect) {
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (crl_entry == null) {
return;
}
X500Principal certIssuer = crl_entry.getCertificateIssuer();
if (certIssuer == null) {
certIssuer = getIssuerPrincipal(crl);
}
if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) {
return;
}
} else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) {
// not for our issuer, ignore
return;
} else {
crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
if (crl_entry == null) {
return;
}
}
ASN1Enumerated reasonCode = null;
if (crl_entry.hasExtensions()) {
try {
reasonCode = ASN1Enumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extension.reasonCode.getId()));
} catch (Exception e) {
throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
}
}
int reasonCodeValue = (null == reasonCode) ? CRLReason.unspecified : reasonCode.intValueExact();
// for reason keyCompromise, caCompromise, aACompromise or unspecified
if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCodeValue == CRLReason.unspecified || reasonCodeValue == CRLReason.keyCompromise || reasonCodeValue == CRLReason.cACompromise || reasonCodeValue == CRLReason.aACompromise) {
// (i) or (j)
certStatus.setCertStatus(reasonCodeValue);
certStatus.setRevocationDate(crl_entry.getRevocationDate());
}
}
Also used :
X509CRLEntry(java.security.cert.X509CRLEntry)
ASN1Enumerated(com.github.zhenwei.core.asn1.ASN1Enumerated)
X500Principal(javax.security.auth.x500.X500Principal)
CRLException(java.security.cert.CRLException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 8 with AnnotatedException
use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method prepareNextCertB1.
protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
boolean idp_found = false;
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (node.getValidPolicy().equals(id_p)) {
idp_found = true;
node.setExpectedPolicies((Set) m_idp.get(id_p));
break;
}
}
if (!idp_found) {
nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext()) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
if (ANY_POLICY.equals(node.getValidPolicy())) {
Set pq = null;
ASN1Sequence policies = null;
try {
policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
} catch (Exception e) {
throw new AnnotatedException("Certificate policies cannot be decoded.", e);
}
Enumeration e = policies.getObjects();
while (e.hasMoreElements()) {
PolicyInformation pinfo = null;
try {
pinfo = PolicyInformation.getInstance(e.nextElement());
} catch (Exception ex) {
throw new AnnotatedException("Policy information cannot be decoded.", ex);
}
if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
try {
pq = getQualifierSet(pinfo.getPolicyQualifiers());
} catch (CertPathValidatorException ex) {
throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
}
break;
}
}
boolean ci = false;
if (cert.getCriticalExtensionOIDs() != null) {
ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
}
PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
if (ANY_POLICY.equals(p_node.getValidPolicy())) {
PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
p_node.addChild(c_node);
policyNodes[i].add(c_node);
}
break;
}
}
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
Set(java.util.Set)
HashSet(java.util.HashSet)
ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence)
Enumeration(java.util.Enumeration)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
CertStoreException(java.security.cert.CertStoreException)
ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException)
CRLException(java.security.cert.CRLException)
StoreException(com.github.zhenwei.core.util.StoreException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 9 with AnnotatedException
use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.
the class CertPathValidatorUtilities method findCertificates.
protected static Collection findCertificates(PKIXCertStoreSelector certSelect, List certStores) throws AnnotatedException {
Set certs = new HashSet();
Iterator iter = certStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof Store) {
Store certStore = (Store) obj;
try {
certs.addAll(certStore.getMatches(certSelect));
} catch (StoreException e) {
throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
}
} else {
CertStore certStore = (CertStore) obj;
try {
certs.addAll(PKIXCertStoreSelector.getCertificates(certSelect, certStore));
} catch (CertStoreException e) {
throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
}
}
}
return certs;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
Store(com.github.zhenwei.core.util.Store)
CertStore(java.security.cert.CertStore)
CertStore(java.security.cert.CertStore)
HashSet(java.util.HashSet)
CertStoreException(java.security.cert.CertStoreException)
StoreException(com.github.zhenwei.core.util.StoreException)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
Example 10 with AnnotatedException
use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.
the class PKIXCRLUtil method findCRLs.
/**
* Add to a HashSet any and all CRLs found in the X509Store's that are matching the crlSelect
* criteria.
*
* @param crls the {@link HashSet} to add the CRLs to.
* @param crlSelect a {@link X509CRLStoreSelector} object that will be used to select the CRLs
* @param crlStores a List containing only {@link com.github.zhenwei.provider.x509.X509Store
* X509Store} objects. These are used to search for CRLs
*/
private static void findCRLs(HashSet crls, X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException {
AnnotatedException lastException = null;
boolean foundValidStore = false;
Iterator iter = crlStores.iterator();
while (iter.hasNext()) {
Object obj = iter.next();
if (obj instanceof X509Store) {
X509Store store = (X509Store) obj;
try {
crls.addAll(store.getMatches(crlSelect));
foundValidStore = true;
} catch (StoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
} else {
CertStore store = (CertStore) obj;
try {
crls.addAll(store.getCRLs(crlSelect));
foundValidStore = true;
} catch (CertStoreException e) {
lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
}
}
}
if (!foundValidStore && lastException != null) {
throw lastException;
}
}
Also used :
CertStoreException(java.security.cert.CertStoreException)
Iterator(java.util.Iterator)
CertStore(java.security.cert.CertStore)
AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)
StoreException(com.github.zhenwei.core.util.StoreException)
CertStoreException(java.security.cert.CertStoreException)
Aggregations
AnnotatedException (com.github.zhenwei.provider.jce.provider.AnnotatedException)13
Iterator (java.util.Iterator)8
IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)7
StoreException (com.github.zhenwei.core.util.StoreException)7
IOException (java.io.IOException)7
CertStoreException (java.security.cert.CertStoreException)7
CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)6
DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)6
ErrorBundle (com.github.zhenwei.core.i18n.ErrorBundle)6
CertPathValidatorException (java.security.cert.CertPathValidatorException)6
ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)5
GeneralSecurityException (java.security.GeneralSecurityException)5
X509Certificate (java.security.cert.X509Certificate)5
HashSet (java.util.HashSet)5
Set (java.util.Set)5
ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)4
UntrustedInput (com.github.zhenwei.core.i18n.filter.UntrustedInput)4
CertificateException (java.security.cert.CertificateException)4
X500Principal (javax.security.auth.x500.X500Principal)4
ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3
