use of org.apache.harmony.security.x509.PolicyInformation in project Bytecoder by mirkosertic.
the class PolicyChecker method removeInvalidNodes.
/**
* Removes those nodes which do not intersect with the initial policies
* specified by the user.
*
* @param rootNode the root node of the valid policy tree
* @param certIndex the index of the certificate being processed
* @param initPolicies the Set of policies required by the user
* @param currCertPolicies the CertificatePoliciesExtension of the
* certificate being processed
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException Exception thrown if error occurs.
*/
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode, int certIndex, Set<String> initPolicies, CertificatePoliciesExtension currCertPolicies) throws CertPathValidatorException {
List<PolicyInformation> policyInfo = null;
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
}
boolean childDeleted = false;
for (PolicyInformation curPolInfo : policyInfo) {
String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "processing policy second time: " + curPolicy);
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, curPolicy);
for (PolicyNodeImpl curNode : validNodes) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
if ((!initPolicies.contains(curPolicy)) && (!curPolicy.equals(ANY_POLICY))) {
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "after deleting: policy tree = " + rootNode);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
rootNode = null;
}
}
return rootNode;
}
use of org.apache.harmony.security.x509.PolicyInformation in project Bytecoder by mirkosertic.
the class PolicyChecker method processPolicies.
/**
* Processes certificate policies in the certificate.
*
* @param certIndex the index of the certificate
* @param initPolicies the initial policies required by the user
* @param explicitPolicy an integer which indicates if a non-null
* valid policy tree is required
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param inhibitAnyPolicy an integer which indicates whether
* "any-policy" is considered a match
* @param rejectPolicyQualifiers a boolean indicating whether the
* user wants to reject policies that have qualifiers
* @param origRootNode the root node of the valid policy tree
* @param currCert the Certificate to be processed
* @param finalCert a boolean indicating whether currCert is the final
* cert in the cert path
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException Exception thrown if an
* error occurs while processing policies.
*/
static PolicyNodeImpl processPolicies(int certIndex, Set<String> initPolicies, int explicitPolicy, int policyMapping, int inhibitAnyPolicy, boolean rejectPolicyQualifiers, PolicyNodeImpl origRootNode, X509CertImpl currCert, boolean finalCert) throws CertPathValidatorException {
boolean policiesCritical = false;
List<PolicyInformation> policyInfo;
PolicyNodeImpl rootNode = null;
Set<PolicyQualifierInfo> anyQuals = new HashSet<>();
if (origRootNode == null)
rootNode = null;
else
rootNode = origRootNode.copyTree();
// retrieve policyOIDs from currCert
CertificatePoliciesExtension currCertPolicies = currCert.getCertificatePoliciesExtension();
// PKIX: Section 6.1.3: Step (d)
if ((currCertPolicies != null) && (rootNode != null)) {
policiesCritical = currCertPolicies.isCritical();
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "policiesCritical = " + policiesCritical);
try {
policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
} catch (IOException ioe) {
throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
}
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "rejectPolicyQualifiers = " + rejectPolicyQualifiers);
boolean foundAnyPolicy = false;
// process each policy in cert
for (PolicyInformation curPolInfo : policyInfo) {
String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
if (curPolicy.equals(ANY_POLICY)) {
foundAnyPolicy = true;
anyQuals = curPolInfo.getPolicyQualifiers();
} else {
// PKIX: Section 6.1.3: Step (d)(1)
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "processing policy: " + curPolicy);
// retrieve policy qualifiers from cert
Set<PolicyQualifierInfo> pQuals = curPolInfo.getPolicyQualifiers();
// the policyQualifiersRejected flag is set in the params
if (!pQuals.isEmpty() && rejectPolicyQualifiers && policiesCritical) {
throw new CertPathValidatorException("critical policy qualifiers present in certificate", null, null, -1, PKIXReason.INVALID_POLICY);
}
// PKIX: Section 6.1.3: Step (d)(1)(i)
boolean foundMatch = processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, false);
if (!foundMatch) {
// PKIX: Section 6.1.3: Step (d)(1)(ii)
processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, true);
}
}
}
// PKIX: Section 6.1.3: Step (d)(2)
if (foundAnyPolicy) {
if ((inhibitAnyPolicy > 0) || (!finalCert && X509CertImpl.isSelfIssued(currCert))) {
if (debug != null) {
debug.println("PolicyChecker.processPolicies() " + "processing policy: " + ANY_POLICY);
}
processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, ANY_POLICY, anyQuals, true);
}
}
// PKIX: Section 6.1.3: Step (d)(3)
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
rootNode = null;
}
} else if (currCertPolicies == null) {
if (debug != null)
debug.println("PolicyChecker.processPolicies() " + "no policies present in cert");
// PKIX: Section 6.1.3: Step (e)
rootNode = null;
}
// resulting in a null tree
if (rootNode != null) {
if (!finalCert) {
// PKIX: Section 6.1.4: Steps (a)-(b)
rootNode = processPolicyMappings(currCert, certIndex, policyMapping, rootNode, policiesCritical, anyQuals);
}
}
if ((rootNode != null) && (!initPolicies.contains(ANY_POLICY)) && (currCertPolicies != null)) {
rootNode = removeInvalidNodes(rootNode, certIndex, initPolicies, currCertPolicies);
// PKIX: Section 6.1.5: Step (g)(iii)
if ((rootNode != null) && finalCert) {
// rewrite anyPolicy leaf nodes (see method comments)
rootNode = rewriteLeafNodes(certIndex, initPolicies, rootNode);
}
}
if (finalCert) {
// PKIX: Section 6.1.5: Steps (a) and (b)
explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCert, finalCert);
}
if ((explicitPolicy == 0) && (rootNode == null)) {
throw new CertPathValidatorException("non-null policy tree required and policy tree is null", null, null, -1, PKIXReason.INVALID_POLICY);
}
return rootNode;
}
use of org.apache.harmony.security.x509.PolicyInformation in project keystore-explorer by kaikramer.
the class DCertificatePolicies method prepopulateWithValue.
private void prepopulateWithValue(byte[] value) throws IOException {
CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);
List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>(Arrays.asList(certificatePolicies.getPolicyInformation()));
jpiCertificatePolicies.setPolicyInformation(accessDescriptionList);
}
use of org.apache.harmony.security.x509.PolicyInformation in project keystore-explorer by kaikramer.
the class DCertificatePolicies method okPressed.
private void okPressed() {
List<PolicyInformation> policyInformation = jpiCertificatePolicies.getPolicyInformation();
if (policyInformation.size() == 0) {
JOptionPane.showMessageDialog(this, res.getString("DCertificatePolicies.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
return;
}
CertificatePolicies certificatePolicies = new CertificatePolicies(policyInformation.toArray(new PolicyInformation[policyInformation.size()]));
try {
value = certificatePolicies.getEncoded(ASN1Encoding.DER);
} catch (IOException ex) {
DError dError = new DError(this, ex);
dError.setLocationRelativeTo(this);
dError.setVisible(true);
return;
}
closeDialog();
}
use of org.apache.harmony.security.x509.PolicyInformation in project signer by demoiselle.
the class BasicCertificate method getCertificateLevel.
/**
* returns the ICP-BRASIL Certificate Level(A1, A2, A3, A4, S1, S2, S3,
* S4).<br>
* DOC-ICP-04 Returns the <b>null</b> value if the CertificatePolicies is
* NOT present.
*
* @return String Certificate level
*/
public String getCertificateLevel() {
try {
DLSequence sequence = (DLSequence) getExtensionValue(Extension.certificatePolicies.getId());
if (sequence != null) {
for (int pos = 0; pos < sequence.size(); pos++) {
DLSequence sequence2 = (DLSequence) sequence.getObjectAt(pos);
ASN1ObjectIdentifier policyIdentifier = (ASN1ObjectIdentifier) sequence2.getObjectAt(0);
PolicyInformation policyInformation = new PolicyInformation(policyIdentifier);
String id = policyInformation.getPolicyIdentifier().getId();
if (id == null) {
continue;
}
if (id.startsWith(OID_A1_CERTIFICATE)) {
return "A1";
}
if (id.startsWith(OID_A2_CERTIFICATE)) {
return "A2";
}
if (id.startsWith(OID_A3_CERTIFICATE)) {
return "A3";
}
if (id.startsWith(OID_A4_CERTIFICATE)) {
return "A4";
}
if (id.startsWith(OID_S1_CERTIFICATE)) {
return "S1";
}
if (id.startsWith(OID_S2_CERTIFICATE)) {
return "S2";
}
if (id.startsWith(OID_S3_CERTIFICATE)) {
return "S3";
}
if (id.startsWith(OID_S4_CERTIFICATE)) {
return "S4";
}
}
}
return null;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Aggregations