Search in sources :

Example 16 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project open-ecard by ecsec.

the class ListCertificates method matchesPolicy.

private boolean matchesPolicy(String policy, List<X509Certificate> certChain) throws CertificateException, ParameterInvalid {
    try {
        ASN1ObjectIdentifier policyId = new ASN1ObjectIdentifier(policy);
        X509Certificate cert = certChain.get(0);
        byte[] encodedPolicy = cert.getExtensionValue(Extension.certificatePolicies.getId());
        if (encodedPolicy != null) {
            encodedPolicy = ASN1OctetString.getInstance(encodedPolicy).getOctets();
            try {
                // extract policy object
                CertificatePolicies certPolicies = CertificatePolicies.getInstance(encodedPolicy);
                // see if any of the policies matches
                PolicyInformation targetPolicy = certPolicies.getPolicyInformation(policyId);
                return targetPolicy != null;
            } catch (IllegalArgumentException ex) {
                throw new CertificateException("Certificate contains invalid policy.");
            }
        } else {
            // no policy defined in certificate, so no match
            return false;
        }
    } catch (IllegalArgumentException ex) {
        throw new ParameterInvalid("Requested policy filter is not an OID.");
    }
}
Also used : CertificatePolicies(org.openecard.bouncycastle.asn1.x509.CertificatePolicies) PolicyInformation(org.openecard.bouncycastle.asn1.x509.PolicyInformation) CertificateException(java.security.cert.CertificateException) ParameterInvalid(org.openecard.addons.cg.ex.ParameterInvalid) ASN1ObjectIdentifier(org.openecard.bouncycastle.asn1.ASN1ObjectIdentifier) X509Certificate(java.security.cert.X509Certificate)

Example 17 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project XobotOS by xamarin.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.expectedPolicies = (Set) m_idp.get(id_p);
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException)

Example 18 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method prepareCertB.

protected static PKIXPolicyNode prepareCertB(CertPath certPath, int index, List[] policyNodes, PKIXPolicyNode validPolicyTree, int policyMapping) throws CertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    int n = certs.size();
    // i as defined in the algorithm description
    int i = n - index;
    // (b)
    //
    ASN1Sequence pm = null;
    try {
        pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
    } catch (AnnotatedException ex) {
        throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
    }
    PKIXPolicyNode _validPolicyTree = validPolicyTree;
    if (pm != null) {
        ASN1Sequence mappings = (ASN1Sequence) pm;
        Map m_idp = new HashMap();
        Set s_idp = new HashSet();
        for (int j = 0; j < mappings.size(); j++) {
            ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j);
            String id_p = ((DERObjectIdentifier) mapping.getObjectAt(0)).getId();
            String sd_p = ((DERObjectIdentifier) mapping.getObjectAt(1)).getId();
            Set tmp;
            if (!m_idp.containsKey(id_p)) {
                tmp = new HashSet();
                tmp.add(sd_p);
                m_idp.put(id_p, tmp);
                s_idp.add(id_p);
            } else {
                tmp = (Set) m_idp.get(id_p);
                tmp.add(sd_p);
            }
        }
        Iterator it_idp = s_idp.iterator();
        while (it_idp.hasNext()) {
            String id_p = (String) it_idp.next();
            //
            if (policyMapping > 0) {
                boolean idp_found = false;
                Iterator nodes_i = policyNodes[i].iterator();
                while (nodes_i.hasNext()) {
                    PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
                    if (node.getValidPolicy().equals(id_p)) {
                        idp_found = true;
                        node.expectedPolicies = (Set) m_idp.get(id_p);
                        break;
                    }
                }
                if (!idp_found) {
                    nodes_i = policyNodes[i].iterator();
                    while (nodes_i.hasNext()) {
                        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
                        if (RFC3280CertPathUtilities.ANY_POLICY.equals(node.getValidPolicy())) {
                            Set pq = null;
                            ASN1Sequence policies = null;
                            try {
                                policies = (ASN1Sequence) CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
                            } catch (AnnotatedException e) {
                                throw new ExtCertPathValidatorException("Certificate policies extension could not be decoded.", e, certPath, index);
                            }
                            Enumeration e = policies.getObjects();
                            while (e.hasMoreElements()) {
                                PolicyInformation pinfo = null;
                                try {
                                    pinfo = PolicyInformation.getInstance(e.nextElement());
                                } catch (Exception ex) {
                                    throw new CertPathValidatorException("Policy information could not be decoded.", ex, certPath, index);
                                }
                                if (RFC3280CertPathUtilities.ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                                    try {
                                        pq = CertPathValidatorUtilities.getQualifierSet(pinfo.getPolicyQualifiers());
                                    } catch (CertPathValidatorException ex) {
                                        throw new ExtCertPathValidatorException("Policy qualifier info set could not be decoded.", ex, certPath, index);
                                    }
                                    break;
                                }
                            }
                            boolean ci = false;
                            if (cert.getCriticalExtensionOIDs() != null) {
                                ci = cert.getCriticalExtensionOIDs().contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
                            }
                            PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                            if (RFC3280CertPathUtilities.ANY_POLICY.equals(p_node.getValidPolicy())) {
                                PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                                p_node.addChild(c_node);
                                policyNodes[i].add(c_node);
                            }
                            break;
                        }
                    }
                }
            //
            // (2)
            //
            } else if (policyMapping <= 0) {
                Iterator nodes_i = policyNodes[i].iterator();
                while (nodes_i.hasNext()) {
                    PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
                    if (node.getValidPolicy().equals(id_p)) {
                        PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                        p_node.removeChild(node);
                        nodes_i.remove();
                        for (int k = (i - 1); k >= 0; k--) {
                            List nodes = policyNodes[k];
                            for (int l = 0; l < nodes.size(); l++) {
                                PKIXPolicyNode node2 = (PKIXPolicyNode) nodes.get(l);
                                if (!node2.hasChildren()) {
                                    _validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, node2);
                                    if (_validPolicyTree == null) {
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    return _validPolicyTree;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Enumeration(java.util.Enumeration) HashMap(java.util.HashMap) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) ArrayList(java.util.ArrayList) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) X509Certificate(java.security.cert.X509Certificate) IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) CertificateExpiredException(java.security.cert.CertificateExpiredException) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertPathBuilderException(java.security.cert.CertPathBuilderException) IOException(java.io.IOException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 19 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project robovm by robovm.

the class CertPathValidatorUtilities method prepareNextCertB1.

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (node.getValidPolicy().equals(id_p)) {
            idp_found = true;
            node.expectedPolicies = (Set) m_idp.get(id_p);
            break;
        }
    }
    if (!idp_found) {
        nodes_i = policyNodes[i].iterator();
        while (nodes_i.hasNext()) {
            PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
            if (ANY_POLICY.equals(node.getValidPolicy())) {
                Set pq = null;
                ASN1Sequence policies = null;
                try {
                    policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES));
                } catch (Exception e) {
                    throw new AnnotatedException("Certificate policies cannot be decoded.", e);
                }
                Enumeration e = policies.getObjects();
                while (e.hasMoreElements()) {
                    PolicyInformation pinfo = null;
                    try {
                        pinfo = PolicyInformation.getInstance(e.nextElement());
                    } catch (Exception ex) {
                        throw new AnnotatedException("Policy information cannot be decoded.", ex);
                    }
                    if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
                        try {
                            pq = getQualifierSet(pinfo.getPolicyQualifiers());
                        } catch (CertPathValidatorException ex) {
                            throw new ExtCertPathValidatorException("Policy qualifier info set could not be built.", ex);
                        }
                        break;
                    }
                }
                boolean ci = false;
                if (cert.getCriticalExtensionOIDs() != null) {
                    ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
                }
                PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
                if (ANY_POLICY.equals(p_node.getValidPolicy())) {
                    PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
                    p_node.addChild(c_node);
                    policyNodes[i].add(c_node);
                }
                break;
            }
        }
    }
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) Set(java.util.Set) HashSet(java.util.HashSet) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Enumeration(java.util.Enumeration) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) PolicyInformation(org.bouncycastle.asn1.x509.PolicyInformation) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) GeneralSecurityException(java.security.GeneralSecurityException) CertPathValidatorException(java.security.cert.CertPathValidatorException) ParseException(java.text.ParseException) ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException) CertStoreException(java.security.cert.CertStoreException) CRLException(java.security.cert.CRLException) CertificateParsingException(java.security.cert.CertificateParsingException) StoreException(org.bouncycastle.util.StoreException) IOException(java.io.IOException)

Example 20 with PolicyInformation

use of org.apache.harmony.security.x509.PolicyInformation in project jdk8u_jdk by JetBrains.

the class X509CertSelectorTest method testPolicy.

/*
     * Tests matching on the policy constraints extension contained in the
     * certificate.
     */
private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);
    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}
Also used : PolicyInformation(sun.security.x509.PolicyInformation) X509CertSelector(java.security.cert.X509CertSelector) DerInputStream(sun.security.util.DerInputStream) CertificatePoliciesExtension(sun.security.x509.CertificatePoliciesExtension) HashSet(java.util.HashSet)

Aggregations

PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)20 IOException (java.io.IOException)16 ArrayList (java.util.ArrayList)11 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)11 CertPathValidatorException (java.security.cert.CertPathValidatorException)10 HashSet (java.util.HashSet)7 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)7 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)7 Enumeration (java.util.Enumeration)6 Iterator (java.util.Iterator)6 List (java.util.List)6 Set (java.util.Set)6 ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)6 X509Certificate (java.security.cert.X509Certificate)5 PolicyInformation (sun.security.x509.PolicyInformation)5 GeneralSecurityException (java.security.GeneralSecurityException)4 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)4 IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)4 DError (org.kse.gui.error.DError)4 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)3