Examples with PolicyQualifierInfo java.security.cert.PolicyQualifierInfo used on opensource projects
Example 11 with PolicyQualifierInfo
use of java.security.cert.PolicyQualifierInfo in project robovm by robovm.
the class PolicyQualifierInfoTest method testGetPolicyQualifierId.
/**
* Test for <code>getPolicyQualifierId()</code> method
* Assertion: Returns the <code>policyQualifierId</code>
* field of this <code>PolicyQualifierInfo</code>.
* The <code>policyQualifierId</code> is an Object Identifier (OID)
* represented by a set of nonnegative integers separated by periods
*
* @throws IOException
*/
public final void testGetPolicyQualifierId() throws IOException {
// get valid encoding
byte[] encoding = getDerEncoding();
// pass valid array
PolicyQualifierInfo i = new PolicyQualifierInfo(encoding);
// get OID as String and check it
assertEquals("1.3.6.1.5.5.7.2.1", i.getPolicyQualifierId());
// get valid encoding
encoding = getDerEncoding();
// change OID to 1.3.98437.82818.1
encoding[5] = (byte) 0x86;
encoding[6] = (byte) 0x81;
encoding[8] = (byte) 0x85;
encoding[9] = (byte) 0x87;
i = new PolicyQualifierInfo(encoding);
// get OID as String and check it
assertEquals("1.3.98437.82818.1", i.getPolicyQualifierId());
}
Also used :
PolicyQualifierInfo(java.security.cert.PolicyQualifierInfo)
Example 12 with PolicyQualifierInfo
use of java.security.cert.PolicyQualifierInfo in project jdk8u_jdk by JetBrains.
the class PolicyChecker method processPolicies.
/**
* Processes certificate policies in the certificate.
*
* @param certIndex the index of the certificate
* @param initPolicies the initial policies required by the user
* @param explicitPolicy an integer which indicates if a non-null
* valid policy tree is required
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param inhibitAnyPolicy an integer which indicates whether
* "any-policy" is considered a match
* @param rejectPolicyQualifiers a boolean indicating whether the
* user wants to reject policies that have qualifiers
* @param origRootNode the root node of the valid policy tree
* @param currCert the Certificate to be processed
* @param finalCert a boolean indicating whether currCert is the final
* cert in the cert path
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException Exception thrown if an
* error occurs while processing policies.
*/
static PolicyNodeImpl processPolicies(int certIndex, Set<String> initPolicies, int explicitPolicy, int policyMapping, int inhibitAnyPolicy, boolean rejectPolicyQualifiers, PolicyNodeImpl origRootNode, X509CertImpl currCert, boolean finalCert) throws CertPathValidatorException {
boolean policiesCritical = false;
List<PolicyInformation> policyInfo;
PolicyNodeImpl rootNode = null;
Set<PolicyQualifierInfo> anyQuals = new HashSet<>();
if (origRootNode == null)
rootNode = null;
else
rootNode = origRootNode.copyTree();
// retrieve policyOIDs from currCert
CertificatePoliciesExtension currCertPolicies = currCert.getCertificatePoliciesExtension();
// PKIX: Section 6.1.3: Step (d)
if ((currCertPolicies != null) && (rootNode != null)) {
policiesCritical = currCertPolicies.isCritical();
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "policiesCritical = " + policiesCritical);
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
}
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "rejectPolicyQualifiers = " + rejectPolicyQualifiers);
boolean foundAnyPolicy = false;
// process each policy in cert
for (PolicyInformation curPolInfo : policyInfo) {
String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
if (curPolicy.equals(ANY_POLICY)) {
foundAnyPolicy = true;
anyQuals = curPolInfo.getPolicyQualifiers();
} else {
// PKIX: Section 6.1.3: Step (d)(1)
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "processing policy: " + curPolicy);
// retrieve policy qualifiers from cert
Set<PolicyQualifierInfo> pQuals = curPolInfo.getPolicyQualifiers();
// the policyQualifiersRejected flag is set in the params
if (!pQuals.isEmpty() && rejectPolicyQualifiers && policiesCritical) {
throw new CertPathValidatorException("critical policy qualifiers present in certificate", null, null, -1, PKIXReason.INVALID_POLICY);
}
// PKIX: Section 6.1.3: Step (d)(1)(i)
boolean foundMatch = processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, false);
if (!foundMatch) {
// PKIX: Section 6.1.3: Step (d)(1)(ii)
processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, true);
}
}
}
// PKIX: Section 6.1.3: Step (d)(2)
if (foundAnyPolicy) {
if ((inhibitAnyPolicy > 0) || (!finalCert && X509CertImpl.isSelfIssued(currCert))) {
if (debug != null) {
debug.println("PolicyChecker.processPolicies() " + "processing policy: " + ANY_POLICY);
}
processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, ANY_POLICY, anyQuals, true);
}
}
// PKIX: Section 6.1.3: Step (d)(3)
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
rootNode = null;
}
} else if (currCertPolicies == null) {
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "no policies present in cert");
// PKIX: Section 6.1.3: Step (e)
rootNode = null;
}
// resulting in a null tree
if (rootNode != null) {
if (!finalCert) {
// PKIX: Section 6.1.4: Steps (a)-(b)
rootNode = processPolicyMappings(currCert, certIndex, policyMapping, rootNode, policiesCritical, anyQuals);
}
}
if ((rootNode != null) && (!initPolicies.contains(ANY_POLICY)) && (currCertPolicies != null)) {
rootNode = removeInvalidNodes(rootNode, certIndex, initPolicies, currCertPolicies);
// PKIX: Section 6.1.5: Step (g)(iii)
if ((rootNode != null) && finalCert) {
// rewrite anyPolicy leaf nodes (see method comments)
rootNode = rewriteLeafNodes(certIndex, initPolicies, rootNode);
}
}
if (finalCert) {
// PKIX: Section 6.1.5: Steps (a) and (b)
explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCert, finalCert);
}
if ((explicitPolicy == 0) && (rootNode == null)) {
throw new CertPathValidatorException("non-null policy tree required and policy tree is null", null, null, -1, PKIXReason.INVALID_POLICY);
}
return rootNode;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyInformation(sun.security.x509.PolicyInformation)
PolicyQualifierInfo(java.security.cert.PolicyQualifierInfo)
CertificatePoliciesExtension(sun.security.x509.CertificatePoliciesExtension)
IOException(java.io.IOException)
Aggregations
PolicyQualifierInfo (java.security.cert.PolicyQualifierInfo)12
IOException (java.io.IOException)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
Enumeration (java.util.Enumeration)2
HashSet (java.util.HashSet)2
Set (java.util.Set)2
ASN1OutputStream (org.bouncycastle.asn1.ASN1OutputStream)2
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)2
DerOutputStream (sun.security.util.DerOutputStream)2
CertPathValidatorException (java.security.cert.CertPathValidatorException)1
CertificatePoliciesExtension (sun.security.x509.CertificatePoliciesExtension)1
PolicyInformation (sun.security.x509.PolicyInformation)1
