Search in sources :

Example 11 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class PKIXCertPathReviewer method processQcStatements.

private boolean processQcStatements(X509Certificate cert, int index) {
    try {
        boolean unknownStatement = false;
        ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert, QC_STATEMENT);
        for (int j = 0; j < qcSt.size(); j++) {
            QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j));
            if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) {
                // process statement - just write a notification that the certificate contains this statement
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcEuCompliance");
                addNotification(msg, index);
            } else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) {
            // process statement - just recognize the statement
            } else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) {
                // process statement - just write a notification that the certificate contains this statement
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcSSCD");
                addNotification(msg, index);
            } else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) {
                // process statement - write a notification containing the limit value
                MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo());
                Iso4217CurrencyCode currency = limit.getCurrency();
                double value = limit.getAmount().doubleValue() * Math.pow(10, limit.getExponent().doubleValue());
                ErrorBundle msg;
                if (limit.getCurrency().isAlphabetic()) {
                    msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueAlpha", new Object[] { limit.getCurrency().getAlphabetic(), new TrustedInput(new Double(value)), limit });
                } else {
                    msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcLimitValueNum", new Object[] { Integers.valueOf(limit.getCurrency().getNumeric()), new TrustedInput(new Double(value)), limit });
                }
                addNotification(msg, index);
            } else {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcUnknownStatement", new Object[] { stmt.getStatementId(), new UntrustedInput(stmt) });
                addNotification(msg, index);
                unknownStatement = true;
            }
        }
        return !unknownStatement;
    } catch (AnnotatedException ae) {
        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.QcStatementExtError");
        addError(msg, index);
    }
    return false;
}
Also used : ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) QCStatement(com.github.zhenwei.core.asn1.x509.qualified.QCStatement) ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle) MonetaryValue(com.github.zhenwei.core.asn1.x509.qualified.MonetaryValue) TrustedInput(com.github.zhenwei.core.i18n.filter.TrustedInput) ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) UntrustedInput(com.github.zhenwei.core.i18n.filter.UntrustedInput) Iso4217CurrencyCode(com.github.zhenwei.core.asn1.x509.qualified.Iso4217CurrencyCode) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 12 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class PKIXCertPathReviewer method checkPathLength.

/*
   * checks: - path length constraints and reports - total path length
   */
private void checkPathLength() {
    // init
    int maxPathLength = n;
    int totalPathLength = 0;
    X509Certificate cert = null;
    int i;
    for (int index = certs.size() - 1; index > 0; index--) {
        i = n - index;
        cert = (X509Certificate) certs.get(index);
        if (!isSelfIssued(cert)) {
            if (maxPathLength <= 0) {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.pathLengthExtended");
                addError(msg);
            }
            maxPathLength--;
            totalPathLength++;
        }
        // m)
        BasicConstraints bc;
        try {
            bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
        } catch (AnnotatedException ae) {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.processLengthConstError");
            addError(msg, index);
            bc = null;
        }
        if (bc != null) {
            BigInteger _pathLengthConstraint = bc.getPathLenConstraint();
            if (_pathLengthConstraint != null) {
                int _plc = _pathLengthConstraint.intValue();
                if (_plc < maxPathLength) {
                    maxPathLength = _plc;
                }
            }
        }
    }
    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.totalPathLength", new Object[] { Integers.valueOf(totalPathLength) });
    addNotification(msg);
}
Also used : ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle) BigInteger(java.math.BigInteger) BasicConstraints(com.github.zhenwei.core.asn1.x509.BasicConstraints) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) X509Certificate(java.security.cert.X509Certificate) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 13 with AnnotatedException

use of com.github.zhenwei.provider.jce.provider.AnnotatedException in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method findCertificates.

/**
 * Return a Collection of all certificates or attribute certificates found in the X509Store's that
 * are matching the certSelect criteriums.
 *
 * @param certSelect a {@link Selector} object that will be used to select the certificates
 * @param certStores a List containing only {@link X509Store} objects. These are used to search
 *                   for certificates.
 * @return a Collection of all found {@link X509Certificate} or {@link
 * com.github.zhenwei.provider.x509.X509AttributeCertificate} objects. May be empty but never
 * <code>null</code>.
 */
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException {
    Set certs = new HashSet();
    Iterator iter = certStores.iterator();
    com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory certFact = new com.github.zhenwei.provider.jcajce.provider.asymmetric.x509.CertificateFactory();
    while (iter.hasNext()) {
        Object obj = iter.next();
        if (obj instanceof Store) {
            Store certStore = (Store) obj;
            try {
                for (Iterator it = certStore.getMatches(certSelect).iterator(); it.hasNext(); ) {
                    Object cert = it.next();
                    if (cert instanceof Encodable) {
                        certs.add(certFact.engineGenerateCertificate(new ByteArrayInputStream(((Encodable) cert).getEncoded())));
                    } else if (cert instanceof Certificate) {
                        certs.add(cert);
                    } else {
                        throw new AnnotatedException("Unknown object found in certificate store.");
                    }
                }
            } catch (StoreException e) {
                throw new AnnotatedException("Problem while picking certificates from X.509 store.", e);
            } catch (IOException e) {
                throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
            } catch (CertificateException e) {
                throw new AnnotatedException("Problem while extracting certificates from X.509 store.", e);
            }
        } else {
            CertStore certStore = (CertStore) obj;
            try {
                certs.addAll(certStore.getCertificates(certSelect));
            } catch (CertStoreException e) {
                throw new AnnotatedException("Problem while picking certificates from certificate store.", e);
            }
        }
    }
    return certs;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) CertStoreException(java.security.cert.CertStoreException) Store(com.github.zhenwei.core.util.Store) CertStore(java.security.cert.CertStore) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) CertStoreException(java.security.cert.CertStoreException) StoreException(com.github.zhenwei.core.util.StoreException) ByteArrayInputStream(java.io.ByteArrayInputStream) Iterator(java.util.Iterator) Encodable(com.github.zhenwei.core.util.Encodable) ASN1Encodable(com.github.zhenwei.core.asn1.ASN1Encodable) CertStore(java.security.cert.CertStore) HashSet(java.util.HashSet) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Aggregations

AnnotatedException (com.github.zhenwei.provider.jce.provider.AnnotatedException)13 Iterator (java.util.Iterator)8 IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)7 StoreException (com.github.zhenwei.core.util.StoreException)7 IOException (java.io.IOException)7 CertStoreException (java.security.cert.CertStoreException)7 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)6 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)6 ErrorBundle (com.github.zhenwei.core.i18n.ErrorBundle)6 CertPathValidatorException (java.security.cert.CertPathValidatorException)6 ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)5 GeneralSecurityException (java.security.GeneralSecurityException)5 X509Certificate (java.security.cert.X509Certificate)5 HashSet (java.util.HashSet)5 Set (java.util.Set)5 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)4 UntrustedInput (com.github.zhenwei.core.i18n.filter.UntrustedInput)4 CertificateException (java.security.cert.CertificateException)4 X500Principal (javax.security.auth.x500.X500Principal)4 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)3