Search in sources :

Example 1 with PKIXPolicyNode

use of com.github.zhenwei.provider.jce.provider.PKIXPolicyNode in project LinLong-Java by zhenwei1108.

the class PKIXCertPathReviewer method checkPolicy.

private void checkPolicy() {
    // 
    // 6.1.1 Inputs
    // 
    // c) Initial Policy Set
    Set userInitialPolicySet = pkixParams.getInitialPolicies();
    // e) f) g) are part of pkixParams
    // 
    // 6.1.2 Initialization
    // 
    // a) valid policy tree
    List[] policyNodes = new ArrayList[n + 1];
    for (int j = 0; j < policyNodes.length; j++) {
        policyNodes[j] = new ArrayList();
    }
    Set policySet = new HashSet();
    policySet.add(ANY_POLICY);
    PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), ANY_POLICY, false);
    policyNodes[0].add(validPolicyTree);
    // d) explicit policy
    int explicitPolicy;
    if (pkixParams.isExplicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        explicitPolicy = n + 1;
    }
    // e) inhibit any policy
    int inhibitAnyPolicy;
    if (pkixParams.isAnyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = n + 1;
    }
    // f) policy mapping
    int policyMapping;
    if (pkixParams.isPolicyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = n + 1;
    }
    Set acceptablePolicies = null;
    // 
    // 6.1.3 Basic Certificate processing
    // 
    X509Certificate cert = null;
    int index;
    int i;
    try {
        for (index = certs.size() - 1; index >= 0; index--) {
            // i as defined in the algorithm description
            i = n - index;
            // set certificate to be checked in this round
            cert = (X509Certificate) certs.get(index);
            // d) process policy information
            ASN1Sequence certPolicies;
            try {
                certPolicies = (ASN1Sequence) getExtensionValue(cert, CERTIFICATE_POLICIES);
            } catch (AnnotatedException ae) {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
                throw new CertPathReviewerException(msg, ae, certPath, index);
            }
            if (certPolicies != null && validPolicyTree != null) {
                // d) 1)
                Enumeration e = certPolicies.getObjects();
                Set pols = new HashSet();
                while (e.hasMoreElements()) {
                    PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
                    ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier();
                    pols.add(pOid.getId());
                    if (!ANY_POLICY.equals(pOid.getId())) {
                        Set pq;
                        try {
                            pq = getQualifierSet(pInfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException cpve) {
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
                            throw new CertPathReviewerException(msg, cpve, certPath, index);
                        }
                        boolean match = processCertD1i(i, policyNodes, pOid, pq);
                        if (!match) {
                            processCertD1ii(i, policyNodes, pOid, pq);
                        }
                    }
                }
                if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) {
                    acceptablePolicies = pols;
                } else {
                    Iterator it = acceptablePolicies.iterator();
                    Set t1 = new HashSet();
                    while (it.hasNext()) {
                        Object o = it.next();
                        if (pols.contains(o)) {
                            t1.add(o);
                        }
                    }
                    acceptablePolicies = t1;
                }
                if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert))) {
                    e = certPolicies.getObjects();
                    while (e.hasMoreElements()) {
                        PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement());
                        if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) {
                            Set _apq;
                            try {
                                _apq = getQualifierSet(pInfo.getPolicyQualifiers());
                            } catch (CertPathValidatorException cpve) {
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
                                throw new CertPathReviewerException(msg, cpve, certPath, index);
                            }
                            List _nodes = policyNodes[i - 1];
                            for (int k = 0; k < _nodes.size(); k++) {
                                PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k);
                                Iterator _policySetIter = _node.getExpectedPolicies().iterator();
                                while (_policySetIter.hasNext()) {
                                    Object _tmp = _policySetIter.next();
                                    String _policy;
                                    if (_tmp instanceof String) {
                                        _policy = (String) _tmp;
                                    } else if (_tmp instanceof ASN1ObjectIdentifier) {
                                        _policy = ((ASN1ObjectIdentifier) _tmp).getId();
                                    } else {
                                        continue;
                                    }
                                    boolean _found = false;
                                    Iterator _childrenIter = _node.getChildren();
                                    while (_childrenIter.hasNext()) {
                                        PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next();
                                        if (_policy.equals(_child.getValidPolicy())) {
                                            _found = true;
                                        }
                                    }
                                    if (!_found) {
                                        Set _newChildExpectedPolicies = new HashSet();
                                        _newChildExpectedPolicies.add(_policy);
                                        PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, _newChildExpectedPolicies, _node, _apq, _policy, false);
                                        _node.addChild(_newChild);
                                        policyNodes[i].add(_newChild);
                                    }
                                }
                            }
                            break;
                        }
                    }
                }
                // 
                for (int j = (i - 1); j >= 0; j--) {
                    List nodes = policyNodes[j];
                    for (int k = 0; k < nodes.size(); k++) {
                        PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                        if (!node.hasChildren()) {
                            validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
                            if (validPolicyTree == null) {
                                break;
                            }
                        }
                    }
                }
                // 
                // d (4)
                // 
                Set criticalExtensionOids = cert.getCriticalExtensionOIDs();
                if (criticalExtensionOids != null) {
                    boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES);
                    List nodes = policyNodes[i];
                    for (int j = 0; j < nodes.size(); j++) {
                        PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j);
                        node.setCritical(critical);
                    }
                }
            }
            if (certPolicies == null) {
                validPolicyTree = null;
            }
            if (explicitPolicy <= 0 && validPolicyTree == null) {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.noValidPolicyTree");
                throw new CertPathReviewerException(msg);
            }
            if (i != n) {
                // a)
                ASN1Primitive pm;
                try {
                    pm = getExtensionValue(cert, POLICY_MAPPINGS);
                } catch (AnnotatedException ae) {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyMapExtError");
                    throw new CertPathReviewerException(msg, ae, certPath, index);
                }
                if (pm != null) {
                    ASN1Sequence mappings = (ASN1Sequence) pm;
                    for (int j = 0; j < mappings.size(); j++) {
                        ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
                        ASN1ObjectIdentifier ip_id = (ASN1ObjectIdentifier) mapping.getObjectAt(0);
                        ASN1ObjectIdentifier sp_id = (ASN1ObjectIdentifier) mapping.getObjectAt(1);
                        if (ANY_POLICY.equals(ip_id.getId())) {
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
                            throw new CertPathReviewerException(msg, certPath, index);
                        }
                        if (ANY_POLICY.equals(sp_id.getId())) {
                            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicyMapping");
                            throw new CertPathReviewerException(msg, certPath, index);
                        }
                    }
                }
                if (pm != null) {
                    ASN1Sequence mappings = (ASN1Sequence) pm;
                    Map m_idp = new HashMap();
                    Set s_idp = new HashSet();
                    for (int j = 0; j < mappings.size(); j++) {
                        ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
                        String id_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(0)).getId();
                        String sd_p = ((ASN1ObjectIdentifier) mapping.getObjectAt(1)).getId();
                        Set tmp;
                        if (!m_idp.containsKey(id_p)) {
                            tmp = new HashSet();
                            tmp.add(sd_p);
                            m_idp.put(id_p, tmp);
                            s_idp.add(id_p);
                        } else {
                            tmp = (Set) m_idp.get(id_p);
                            tmp.add(sd_p);
                        }
                    }
                    Iterator it_idp = s_idp.iterator();
                    while (it_idp.hasNext()) {
                        String id_p = (String) it_idp.next();
                        // 
                        if (policyMapping > 0) {
                            try {
                                prepareNextCertB1(i, policyNodes, id_p, m_idp, cert);
                            } catch (AnnotatedException ae) {
                                // error processing certificate policies extension
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyExtError");
                                throw new CertPathReviewerException(msg, ae, certPath, index);
                            } catch (CertPathValidatorException cpve) {
                                // error building qualifier set
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyQualifierError");
                                throw new CertPathReviewerException(msg, cpve, certPath, index);
                            }
                        // 
                        // (2)
                        // 
                        } else if (policyMapping <= 0) {
                            validPolicyTree = prepareNextCertB2(i, policyNodes, id_p, validPolicyTree);
                        }
                    }
                }
                if (!isSelfIssued(cert)) {
                    // (1)
                    if (explicitPolicy != 0) {
                        explicitPolicy--;
                    }
                    // (2)
                    if (policyMapping != 0) {
                        policyMapping--;
                    }
                    // (3)
                    if (inhibitAnyPolicy != 0) {
                        inhibitAnyPolicy--;
                    }
                }
                try {
                    ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
                    if (pc != null) {
                        Enumeration policyConstraints = pc.getObjects();
                        while (policyConstraints.hasMoreElements()) {
                            ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
                            int tmpInt;
                            switch(constraint.getTagNo()) {
                                case 0:
                                    tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
                                    if (tmpInt < explicitPolicy) {
                                        explicitPolicy = tmpInt;
                                    }
                                    break;
                                case 1:
                                    tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
                                    if (tmpInt < policyMapping) {
                                        policyMapping = tmpInt;
                                    }
                                    break;
                            }
                        }
                    }
                } catch (AnnotatedException ae) {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
                    throw new CertPathReviewerException(msg, certPath, index);
                }
                try {
                    ASN1Integer iap = (ASN1Integer) getExtensionValue(cert, INHIBIT_ANY_POLICY);
                    if (iap != null) {
                        int _inhibitAnyPolicy = iap.intValueExact();
                        if (_inhibitAnyPolicy < inhibitAnyPolicy) {
                            inhibitAnyPolicy = _inhibitAnyPolicy;
                        }
                    }
                } catch (AnnotatedException ae) {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyInhibitExtError");
                    throw new CertPathReviewerException(msg, certPath, index);
                }
            }
        }
        if (!isSelfIssued(cert) && explicitPolicy > 0) {
            explicitPolicy--;
        }
        try {
            ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS);
            if (pc != null) {
                Enumeration policyConstraints = pc.getObjects();
                while (policyConstraints.hasMoreElements()) {
                    ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement();
                    switch(constraint.getTagNo()) {
                        case 0:
                            int tmpInt = ASN1Integer.getInstance(constraint, false).intValueExact();
                            if (tmpInt == 0) {
                                explicitPolicy = 0;
                            }
                            break;
                    }
                }
            }
        } catch (AnnotatedException e) {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.policyConstExtError");
            throw new CertPathReviewerException(msg, certPath, index);
        }
        // 
        // (g)
        // 
        PKIXPolicyNode intersection;
        // 
        if (validPolicyTree == null) {
            if (pkixParams.isExplicitPolicyRequired()) {
                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
                throw new CertPathReviewerException(msg, certPath, index);
            }
            intersection = null;
        } else if (// (g) (ii)
        isAnyPolicy(userInitialPolicySet)) {
            if (pkixParams.isExplicitPolicyRequired()) {
                if (acceptablePolicies.isEmpty()) {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.explicitPolicy");
                    throw new CertPathReviewerException(msg, certPath, index);
                } else {
                    Set _validPolicyNodeSet = new HashSet();
                    for (int j = 0; j < policyNodes.length; j++) {
                        List _nodeDepth = policyNodes[j];
                        for (int k = 0; k < _nodeDepth.size(); k++) {
                            PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
                            if (ANY_POLICY.equals(_node.getValidPolicy())) {
                                Iterator _iter = _node.getChildren();
                                while (_iter.hasNext()) {
                                    _validPolicyNodeSet.add(_iter.next());
                                }
                            }
                        }
                    }
                    Iterator _vpnsIter = _validPolicyNodeSet.iterator();
                    while (_vpnsIter.hasNext()) {
                        PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
                        String _validPolicy = _node.getValidPolicy();
                        if (!acceptablePolicies.contains(_validPolicy)) {
                        // validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
                        }
                    }
                    if (validPolicyTree != null) {
                        for (int j = (n - 1); j >= 0; j--) {
                            List nodes = policyNodes[j];
                            for (int k = 0; k < nodes.size(); k++) {
                                PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                                if (!node.hasChildren()) {
                                    validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
                                }
                            }
                        }
                    }
                }
            }
            intersection = validPolicyTree;
        } else {
            // 
            // (g) (iii)
            // 
            // This implementation is not exactly same as the one described in RFC3280.
            // However, as far as the validation result is concerned, both produce
            // adequate result. The only difference is whether AnyPolicy is remain
            // in the policy tree or not.
            // 
            // (g) (iii) 1
            // 
            Set _validPolicyNodeSet = new HashSet();
            for (int j = 0; j < policyNodes.length; j++) {
                List _nodeDepth = policyNodes[j];
                for (int k = 0; k < _nodeDepth.size(); k++) {
                    PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
                    if (ANY_POLICY.equals(_node.getValidPolicy())) {
                        Iterator _iter = _node.getChildren();
                        while (_iter.hasNext()) {
                            PKIXPolicyNode _c_node = (PKIXPolicyNode) _iter.next();
                            if (!ANY_POLICY.equals(_c_node.getValidPolicy())) {
                                _validPolicyNodeSet.add(_c_node);
                            }
                        }
                    }
                }
            }
            // 
            // (g) (iii) 2
            // 
            Iterator _vpnsIter = _validPolicyNodeSet.iterator();
            while (_vpnsIter.hasNext()) {
                PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
                String _validPolicy = _node.getValidPolicy();
                if (!userInitialPolicySet.contains(_validPolicy)) {
                    validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node);
                }
            }
            // 
            if (validPolicyTree != null) {
                for (int j = (n - 1); j >= 0; j--) {
                    List nodes = policyNodes[j];
                    for (int k = 0; k < nodes.size(); k++) {
                        PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
                        if (!node.hasChildren()) {
                            validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node);
                        }
                    }
                }
            }
            intersection = validPolicyTree;
        }
        if ((explicitPolicy <= 0) && (intersection == null)) {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.invalidPolicy");
            throw new CertPathReviewerException(msg);
        }
        validPolicyTree = intersection;
    } catch (CertPathReviewerException cpre) {
        addError(cpre.getErrorMessage(), cpre.getIndex());
        validPolicyTree = null;
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation) HashMap(java.util.HashMap) ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) ArrayList(java.util.ArrayList) ASN1OctetString(com.github.zhenwei.core.asn1.ASN1OctetString) DEROctetString(com.github.zhenwei.core.asn1.DEROctetString) LocaleString(com.github.zhenwei.core.i18n.LocaleString) ASN1IA5String(com.github.zhenwei.core.asn1.ASN1IA5String) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode) HashSet(java.util.HashSet) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException) Enumeration(java.util.Enumeration) ASN1Integer(com.github.zhenwei.core.asn1.ASN1Integer) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) CRLDistPoint(com.github.zhenwei.core.asn1.x509.CRLDistPoint) DistributionPoint(com.github.zhenwei.core.asn1.x509.DistributionPoint) X509Certificate(java.security.cert.X509Certificate) CertPathValidatorException(java.security.cert.CertPathValidatorException) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) ErrorBundle(com.github.zhenwei.core.i18n.ErrorBundle) ASN1TaggedObject(com.github.zhenwei.core.asn1.ASN1TaggedObject) ASN1Primitive(com.github.zhenwei.core.asn1.ASN1Primitive) Map(java.util.Map) HashMap(java.util.HashMap) ASN1ObjectIdentifier(com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)

Example 2 with PKIXPolicyNode

use of com.github.zhenwei.provider.jce.provider.PKIXPolicyNode in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.setExpectedPolicies((Set) m_idp.get(id_p));
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(com.github.zhenwei.core.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) PolicyInformation(com.github.zhenwei.core.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException) CertStoreException(java.security.cert.CertStoreException) ExtCertPathValidatorException(com.github.zhenwei.provider.jce.exception.ExtCertPathValidatorException) CRLException(java.security.cert.CRLException) StoreException(com.github.zhenwei.core.util.StoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) AnnotatedException(com.github.zhenwei.provider.jce.provider.AnnotatedException)

Example 3 with PKIXPolicyNode

use of com.github.zhenwei.provider.jce.provider.PKIXPolicyNode in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method processCertD1i.

protected static boolean processCertD1i(int index, List[] policyNodes, ASN1ObjectIdentifier pOid, Set pq) {
    List policyNodeVec = policyNodes[index - 1];
    for (int j = 0; j < policyNodeVec.size(); j++) {
        PKIXPolicyNode node = (PKIXPolicyNode) policyNodeVec.get(j);
        Set expectedPolicies = node.getExpectedPolicies();
        if (expectedPolicies.contains(pOid.getId())) {
            Set childExpectedPolicies = new HashSet();
            childExpectedPolicies.add(pOid.getId());
            PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(), index, childExpectedPolicies, node, pq, pOid.getId(), false);
            node.addChild(child);
            policyNodes[index].add(child);
            return true;
        }
    }
    return false;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint) HashSet(java.util.HashSet)

Example 4 with PKIXPolicyNode

use of com.github.zhenwei.provider.jce.provider.PKIXPolicyNode in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method removePolicyNodeRecurse.

private static void removePolicyNodeRecurse(List[] policyNodes, PKIXPolicyNode _node) {
    policyNodes[_node.getDepth()].remove(_node);
    if (_node.hasChildren()) {
        Iterator _iter = _node.getChildren();
        while (_iter.hasNext()) {
            PKIXPolicyNode _child = (PKIXPolicyNode) _iter.next();
            removePolicyNodeRecurse(policyNodes, _child);
        }
    }
}
Also used : Iterator(java.util.Iterator) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode)

Example 5 with PKIXPolicyNode

use of com.github.zhenwei.provider.jce.provider.PKIXPolicyNode in project LinLong-Java by zhenwei1108.

the class CertPathValidatorUtilities method prepareNextCertB2.

protected static PKIXPolicyNode prepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree) {
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
            p_node.removeChild(node);
            nodes_i.remove();
            for (int k = (i - 1); k >= 0; k--) {
                List nodes = policyNodes[k];
                for (int l = 0; l < nodes.size(); l++) {
                    PKIXPolicyNode node2 = (PKIXPolicyNode) nodes.get(l);
                    if (!node2.hasChildren()) {
                        validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2);
                        if (validPolicyTree == null) {
                            break;
                        }
                    }
                }
            }
        }
    }
    return validPolicyTree;
}
Also used : Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) PKIXPolicyNode(com.github.zhenwei.provider.jce.provider.PKIXPolicyNode) IssuingDistributionPoint(com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)

Aggregations

PKIXPolicyNode (com.github.zhenwei.provider.jce.provider.PKIXPolicyNode)7 ArrayList (java.util.ArrayList)6 IssuingDistributionPoint (com.github.zhenwei.core.asn1.x509.IssuingDistributionPoint)5 HashSet (java.util.HashSet)4 Iterator (java.util.Iterator)4 List (java.util.List)4 Set (java.util.Set)4 ASN1Sequence (com.github.zhenwei.core.asn1.ASN1Sequence)2 PolicyInformation (com.github.zhenwei.core.asn1.x509.PolicyInformation)2 AnnotatedException (com.github.zhenwei.provider.jce.provider.AnnotatedException)2 CertPathValidatorException (java.security.cert.CertPathValidatorException)2 Enumeration (java.util.Enumeration)2 ASN1IA5String (com.github.zhenwei.core.asn1.ASN1IA5String)1 ASN1Integer (com.github.zhenwei.core.asn1.ASN1Integer)1 ASN1ObjectIdentifier (com.github.zhenwei.core.asn1.ASN1ObjectIdentifier)1 ASN1OctetString (com.github.zhenwei.core.asn1.ASN1OctetString)1 ASN1Primitive (com.github.zhenwei.core.asn1.ASN1Primitive)1 ASN1TaggedObject (com.github.zhenwei.core.asn1.ASN1TaggedObject)1 DEROctetString (com.github.zhenwei.core.asn1.DEROctetString)1 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)1