Search in sources :

Example 11 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project Bytecoder by mirkosertic.

the class PolicyChecker method removeInvalidNodes.

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @return the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode, int certIndex, Set<String> initPolicies, CertificatePoliciesExtension currCertPolicies) throws CertPathValidatorException {
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
    }
    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
        if (debug != null)
            debug.println("PolicyChecker.processPolicies() " + "processing policy second time: " + curPolicy);
        Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) && (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() " + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() " + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }
    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }
    return rootNode;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) PolicyInformation(sun.security.x509.PolicyInformation) IOException(java.io.IOException)

Example 12 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project Bytecoder by mirkosertic.

the class PolicyChecker method processPolicies.

/**
 * Processes certificate policies in the certificate.
 *
 * @param certIndex the index of the certificate
 * @param initPolicies the initial policies required by the user
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param policyMapping an integer which indicates if policy
 * mapping is inhibited
 * @param inhibitAnyPolicy an integer which indicates whether
 * "any-policy" is considered a match
 * @param rejectPolicyQualifiers a boolean indicating whether the
 * user wants to reject policies that have qualifiers
 * @param origRootNode the root node of the valid policy tree
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is the final
 * cert in the cert path
 * @return the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if an
 * error occurs while processing policies.
 */
static PolicyNodeImpl processPolicies(int certIndex, Set<String> initPolicies, int explicitPolicy, int policyMapping, int inhibitAnyPolicy, boolean rejectPolicyQualifiers, PolicyNodeImpl origRootNode, X509CertImpl currCert, boolean finalCert) throws CertPathValidatorException {
    boolean policiesCritical = false;
    List<PolicyInformation> policyInfo;
    PolicyNodeImpl rootNode = null;
    Set<PolicyQualifierInfo> anyQuals = new HashSet<>();
    if (origRootNode == null)
        rootNode = null;
    else
        rootNode = origRootNode.copyTree();
    // retrieve policyOIDs from currCert
    CertificatePoliciesExtension currCertPolicies = currCert.getCertificatePoliciesExtension();
    // PKIX: Section 6.1.3: Step (d)
    if ((currCertPolicies != null) && (rootNode != null)) {
        policiesCritical = currCertPolicies.isCritical();
        if (debug != null)
            debug.println("PolicyChecker.processPolicies() " + "policiesCritical = " + policiesCritical);
        try {
            policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
        } catch (IOException ioe) {
            throw new CertPathValidatorException("Exception while " + "retrieving policyOIDs", ioe);
        }
        if (debug != null)
            debug.println("PolicyChecker.processPolicies() " + "rejectPolicyQualifiers = " + rejectPolicyQualifiers);
        boolean foundAnyPolicy = false;
        // process each policy in cert
        for (PolicyInformation curPolInfo : policyInfo) {
            String curPolicy = curPolInfo.getPolicyIdentifier().getIdentifier().toString();
            if (curPolicy.equals(ANY_POLICY)) {
                foundAnyPolicy = true;
                anyQuals = curPolInfo.getPolicyQualifiers();
            } else {
                // PKIX: Section 6.1.3: Step (d)(1)
                if (debug != null)
                    debug.println("PolicyChecker.processPolicies() " + "processing policy: " + curPolicy);
                // retrieve policy qualifiers from cert
                Set<PolicyQualifierInfo> pQuals = curPolInfo.getPolicyQualifiers();
                // the policyQualifiersRejected flag is set in the params
                if (!pQuals.isEmpty() && rejectPolicyQualifiers && policiesCritical) {
                    throw new CertPathValidatorException("critical policy qualifiers present in certificate", null, null, -1, PKIXReason.INVALID_POLICY);
                }
                // PKIX: Section 6.1.3: Step (d)(1)(i)
                boolean foundMatch = processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, false);
                if (!foundMatch) {
                    // PKIX: Section 6.1.3: Step (d)(1)(ii)
                    processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, curPolicy, pQuals, true);
                }
            }
        }
        // PKIX: Section 6.1.3: Step (d)(2)
        if (foundAnyPolicy) {
            if ((inhibitAnyPolicy > 0) || (!finalCert && X509CertImpl.isSelfIssued(currCert))) {
                if (debug != null) {
                    debug.println("PolicyChecker.processPolicies() " + "processing policy: " + ANY_POLICY);
                }
                processParents(certIndex, policiesCritical, rejectPolicyQualifiers, rootNode, ANY_POLICY, anyQuals, true);
            }
        }
        // PKIX: Section 6.1.3: Step (d)(3)
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    } else if (currCertPolicies == null) {
        if (debug != null)
            debug.println("PolicyChecker.processPolicies() " + "no policies present in cert");
        // PKIX: Section 6.1.3: Step (e)
        rootNode = null;
    }
    // resulting in a null tree
    if (rootNode != null) {
        if (!finalCert) {
            // PKIX: Section 6.1.4: Steps (a)-(b)
            rootNode = processPolicyMappings(currCert, certIndex, policyMapping, rootNode, policiesCritical, anyQuals);
        }
    }
    if ((rootNode != null) && (!initPolicies.contains(ANY_POLICY)) && (currCertPolicies != null)) {
        rootNode = removeInvalidNodes(rootNode, certIndex, initPolicies, currCertPolicies);
        // PKIX: Section 6.1.5: Step (g)(iii)
        if ((rootNode != null) && finalCert) {
            // rewrite anyPolicy leaf nodes (see method comments)
            rootNode = rewriteLeafNodes(certIndex, initPolicies, rootNode);
        }
    }
    if (finalCert) {
        // PKIX: Section 6.1.5: Steps (a) and (b)
        explicitPolicy = mergeExplicitPolicy(explicitPolicy, currCert, finalCert);
    }
    if ((explicitPolicy == 0) && (rootNode == null)) {
        throw new CertPathValidatorException("non-null policy tree required and policy tree is null", null, null, -1, PKIXReason.INVALID_POLICY);
    }
    return rootNode;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) PolicyInformation(sun.security.x509.PolicyInformation) PolicyQualifierInfo(java.security.cert.PolicyQualifierInfo) CertificatePoliciesExtension(sun.security.x509.CertificatePoliciesExtension) IOException(java.io.IOException)

Example 13 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class DCertificatePolicies method prepopulateWithValue.

private void prepopulateWithValue(byte[] value) throws IOException {
    CertificatePolicies certificatePolicies = CertificatePolicies.getInstance(value);
    List<PolicyInformation> accessDescriptionList = new ArrayList<PolicyInformation>(Arrays.asList(certificatePolicies.getPolicyInformation()));
    jpiCertificatePolicies.setPolicyInformation(accessDescriptionList);
}
Also used : CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) JPolicyInformation(org.kse.gui.crypto.policyinformation.JPolicyInformation) ArrayList(java.util.ArrayList)

Example 14 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project keystore-explorer by kaikramer.

the class DCertificatePolicies method okPressed.

private void okPressed() {
    List<PolicyInformation> policyInformation = jpiCertificatePolicies.getPolicyInformation();
    if (policyInformation.size() == 0) {
        JOptionPane.showMessageDialog(this, res.getString("DCertificatePolicies.ValueReq.message"), getTitle(), JOptionPane.WARNING_MESSAGE);
        return;
    }
    CertificatePolicies certificatePolicies = new CertificatePolicies(policyInformation.toArray(new PolicyInformation[policyInformation.size()]));
    try {
        value = certificatePolicies.getEncoded(ASN1Encoding.DER);
    } catch (IOException ex) {
        DError dError = new DError(this, ex);
        dError.setLocationRelativeTo(this);
        dError.setVisible(true);
        return;
    }
    closeDialog();
}
Also used : PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) JPolicyInformation(org.kse.gui.crypto.policyinformation.JPolicyInformation) CertificatePolicies(org.bouncycastle.asn1.x509.CertificatePolicies) IOException(java.io.IOException) DError(org.kse.gui.error.DError)

Example 15 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project signer by demoiselle.

the class BasicCertificate method getCertificateLevel.

/**
 * returns the ICP-BRASIL Certificate Level(A1, A2, A3, A4, S1, S2, S3,
 * S4).<br>
 * DOC-ICP-04 Returns the <b>null</b> value if the CertificatePolicies is
 * NOT present.
 *
 * @return String Certificate level
 */
public String getCertificateLevel() {
    try {
        DLSequence sequence = (DLSequence) getExtensionValue(Extension.certificatePolicies.getId());
        if (sequence != null) {
            for (int pos = 0; pos < sequence.size(); pos++) {
                DLSequence sequence2 = (DLSequence) sequence.getObjectAt(pos);
                ASN1ObjectIdentifier policyIdentifier = (ASN1ObjectIdentifier) sequence2.getObjectAt(0);
                PolicyInformation policyInformation = new PolicyInformation(policyIdentifier);
                String id = policyInformation.getPolicyIdentifier().getId();
                if (id == null) {
                    continue;
                }
                if (id.startsWith(OID_A1_CERTIFICATE)) {
                    return "A1";
                }
                if (id.startsWith(OID_A2_CERTIFICATE)) {
                    return "A2";
                }
                if (id.startsWith(OID_A3_CERTIFICATE)) {
                    return "A3";
                }
                if (id.startsWith(OID_A4_CERTIFICATE)) {
                    return "A4";
                }
                if (id.startsWith(OID_S1_CERTIFICATE)) {
                    return "S1";
                }
                if (id.startsWith(OID_S2_CERTIFICATE)) {
                    return "S2";
                }
                if (id.startsWith(OID_S3_CERTIFICATE)) {
                    return "S3";
                }
                if (id.startsWith(OID_S4_CERTIFICATE)) {
                    return "S4";
                }
            }
        }
        return null;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}
Also used : DLSequence(org.bouncycastle.asn1.DLSequence) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException)

Aggregations

PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)20 IOException (java.io.IOException)16 ArrayList (java.util.ArrayList)11 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)11 CertPathValidatorException (java.security.cert.CertPathValidatorException)10 HashSet (java.util.HashSet)7 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7 Enumeration (java.util.Enumeration)6 Iterator (java.util.Iterator)6 List (java.util.List)6 Set (java.util.Set)6 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6 X509Certificate (java.security.cert.X509Certificate)5 PolicyInformation (sun.security.x509.PolicyInformation)5 GeneralSecurityException (java.security.GeneralSecurityException)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)4 DError (org.kse.gui.error.DError)4 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)3