Search in sources :

Example 6 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method findCertificates.

protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, List certStores) throws AnnotatedException {
    Set certs = new HashSet();
    Iterator iter = certStores.iterator();
    while (iter.hasNext()) {
        Object obj = iter.next();
        if (obj instanceof X509Store) {
            X509Store certStore = (X509Store) obj;
            try {
                certs.addAll(certStore.getMatches(certSelect));
            } catch (StoreException e) {
                throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
            }
        }
    }
    return certs;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) HashSet(java.util.HashSet) CertStoreException(java.security.cert.CertStoreException) StoreException(com.github.zhenwei.core.util.StoreException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 7 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method getCertStatus.

protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws AnnotatedException {
    X509CRLEntry crl_entry = null;
    boolean isIndirect;
    try {
        isIndirect = isIndirectCRL(crl);
    } catch (CRLException exception) {
        throw new AnnotatedException("Failed check for indirect CRL.", exception);
    }
    if (isIndirect) {
        crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
        if (crl_entry == null) {
            return;
        }
        X500Principal certIssuer = crl_entry.getCertificateIssuer();
        if (certIssuer == null) {
            certIssuer = getIssuerPrincipal(crl);
        }
        if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) {
            return;
        }
    } else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) {
        // not for our issuer, ignore
        return;
    } else {
        crl_entry = crl.getRevokedCertificate(getSerialNumber(cert));
        if (crl_entry == null) {
            return;
        }
    }
    ASN1Enumerated reasonCode = null;
    if (crl_entry.hasExtensions()) {
        try {
            reasonCode = ASN1Enumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extension.reasonCode.getId()));
        } catch (Exception e) {
            throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e);
        }
    }
    int reasonCodeValue = (null == reasonCode) ? CRLReason.unspecified : reasonCode.intValueExact();
    // for reason keyCompromise, caCompromise, aACompromise or unspecified
    if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) || reasonCodeValue == CRLReason.unspecified || reasonCodeValue == CRLReason.keyCompromise || reasonCodeValue == CRLReason.cACompromise || reasonCodeValue == CRLReason.aACompromise) {
        // (i) or (j)
        certStatus.setCertStatus(reasonCodeValue);
        certStatus.setRevocationDate(crl_entry.getRevocationDate());
    }
}
Also used : X509CRLEntry(java.security.cert.X509CRLEntry) ASN1Enumerated(com.github.zhenwei.core.asn1.ASN1Enumerated) X500Principal(javax.security.auth.x500.X500Principal) CRLException(java.security.cert.CRLException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException) CertStoreException(java.security.cert.CertStoreException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 8 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.setExpectedPolicies((Set) m_idp.get(id_p));
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException) CertStoreException(java.security.cert.CertStoreException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 9 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method findCertificates.

protected static Collection findCertificates(PKIXCertStoreSelector certSelect, List certStores) throws AnnotatedException {
    Set certs = new HashSet();
    Iterator iter = certStores.iterator();
    while (iter.hasNext()) {
        Object obj = iter.next();
        if (obj instanceof Store) {
            Store certStore = (Store) obj;
            try {
                certs.addAll(certStore.getMatches(certSelect));
            } catch (StoreException e) {
                throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
            }
        } else {
            CertStore certStore = (CertStore) obj;
            try {
                certs.addAll(PKIXCertStoreSelector.getCertificates(certSelect, certStore));
            } catch (CertStoreException e) {
                throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
            }
        }
    }
    return certs;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) CertStoreException(java.security.cert.CertStoreException) Iterator(java.util.Iterator) Store(com.github.zhenwei.core.util.Store) CertStore(java.security.cert.CertStore) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) CertStoreException(java.security.cert.CertStoreException) StoreException(com.github.zhenwei.core.util.StoreException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 10 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class PKIXCRLUtil method findCRLs.

/**
 * Add to a HashSet any and all CRLs found in the X509Store's that are matching the crlSelect
 * criteria.
 *
 * @param crls      the {@link HashSet} to add the CRLs to.
 * @param crlSelect a {@link X509CRLStoreSelector} object that will be used to select the CRLs
 * @param crlStores a List containing only {@link com.github.zhenwei.provider.x509.X509Store
 *                  X509Store} objects. These are used to search for CRLs
 */
private static void findCRLs(HashSet crls, X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException {
    AnnotatedException lastException = null;
    boolean foundValidStore = false;
    Iterator iter = crlStores.iterator();
    while (iter.hasNext()) {
        Object obj = iter.next();
        if (obj instanceof X509Store) {
            X509Store store = (X509Store) obj;
            try {
                crls.addAll(store.getMatches(crlSelect));
                foundValidStore = true;
            } catch (StoreException e) {
                lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
            }
        } else {
            CertStore store = (CertStore) obj;
            try {
                crls.addAll(store.getCRLs(crlSelect));
                foundValidStore = true;
            } catch (CertStoreException e) {
                lastException = new AnnotatedException("Exception searching in X.509 CRL store.", e);
            }
        }
    }
    if (!foundValidStore && lastException != null) {
        throw lastException;
    }
}
Also used : CertStoreException(java.security.cert.CertStoreException) Iterator(java.util.Iterator) CertStore(java.security.cert.CertStore) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException) StoreException(com.github.zhenwei.core.util.StoreException) CertStoreException(java.security.cert.CertStoreException)

Aggregations

AnnotatedException (com.github.zhenwei.provider.jce.provider.AnnotatedException)13 Iterator (java.util.Iterator)8 IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)7 StoreException (com.github.zhenwei.core.util.StoreException)7 IOException (java.io.IOException)7 CertStoreException (java.security.cert.CertStoreException)7 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)6 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)6 ErrorBundle (com.github.zhenwei.core.i18n.ErrorBundle)6 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)5 GeneralSecurityException (java.security.GeneralSecurityException)5 X509Certificate (java.security.cert.X509Certificate)5 HashSet (java.util.HashSet)5 Set (java.util.Set)5 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)4 UntrustedInput (com.github.zhenwei.core.i18n.filter.UntrustedInput)4 CertificateException (java.security.cert.CertificateException)4 X500Principal (javax.security.auth.x500.X500Principal)4 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3