Example 36 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertA.
protected static void prepareNextCertA(CertPath certPath, int index) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
//
// (a) check the policy mappings
//
ASN1Sequence pm = null;
try {
pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS));
} catch (AnnotatedException ex) {
throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index);
}
if (pm != null) {
ASN1Sequence mappings = pm;
for (int j = 0; j < mappings.size(); j++) {
DERObjectIdentifier issuerDomainPolicy = null;
DERObjectIdentifier subjectDomainPolicy = null;
try {
ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0));
subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) {
throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) {
throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
}
}
}
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 37 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method wrapupCertG.
protected static PKIXPolicyNode wrapupCertG(CertPath certPath, ExtendedPKIXParameters paramsPKIX, Set userInitialPolicySet, int index, List[] policyNodes, PKIXPolicyNode validPolicyTree, Set acceptablePolicies) throws CertPathValidatorException {
int n = certPath.getCertificates().size();
//
// (g)
//
PKIXPolicyNode intersection;
//
if (validPolicyTree == null) {
if (paramsPKIX.isExplicitPolicyRequired()) {
throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, index);
}
intersection = null;
} else if (// (g)
CertPathValidatorUtilities.isAnyPolicy(userInitialPolicySet)) // (ii)
{
if (paramsPKIX.isExplicitPolicyRequired()) {
if (acceptablePolicies.isEmpty()) {
throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, certPath, index);
} else {
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
_validPolicyNodeSet.add(_iter.next());
}
}
}
}
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!acceptablePolicies.contains(_validPolicy)) {
// validPolicyTree =
// removePolicyNode(validPolicyTree, policyNodes,
// _node);
}
}
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
}
}
intersection = validPolicyTree;
} else {
//
// (g) (iii)
//
// This implementation is not exactly same as the one described in
// RFC3280.
// However, as far as the validation result is concerned, both
// produce
// adequate result. The only difference is whether AnyPolicy is
// remain
// in the policy tree or not.
//
// (g) (iii) 1
//
Set _validPolicyNodeSet = new HashSet();
for (int j = 0; j < policyNodes.length; j++) {
List _nodeDepth = policyNodes[j];
for (int k = 0; k < _nodeDepth.size(); k++) {
PKIXPolicyNode _node = (PKIXPolicyNode) _nodeDepth.get(k);
if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) {
Iterator _iter = _node.getChildren();
while (_iter.hasNext()) {
PKIXPolicyNode _c_node = (PKIXPolicyNode) _iter.next();
if (!RFC3280CertPathUtilities.ANY_POLICY.equals(_c_node.getValidPolicy())) {
_validPolicyNodeSet.add(_c_node);
}
}
}
}
}
//
// (g) (iii) 2
//
Iterator _vpnsIter = _validPolicyNodeSet.iterator();
while (_vpnsIter.hasNext()) {
PKIXPolicyNode _node = (PKIXPolicyNode) _vpnsIter.next();
String _validPolicy = _node.getValidPolicy();
if (!userInitialPolicySet.contains(_validPolicy)) {
validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, _node);
}
}
//
if (validPolicyTree != null) {
for (int j = (n - 1); j >= 0; j--) {
List nodes = policyNodes[j];
for (int k = 0; k < nodes.size(); k++) {
PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k);
if (!node.hasChildren()) {
validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node);
}
}
}
}
intersection = validPolicyTree;
}
return intersection;
}
Also used :
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Set(java.util.Set)
HashSet(java.util.HashSet)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
HashSet(java.util.HashSet)
Example 38 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertI1.
protected static int prepareNextCertI1(CertPath certPath, int index, int explicitPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (i)
//
ASN1Sequence pc = null;
try {
pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_CONSTRAINTS));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, index);
}
int tmpInt;
if (pc != null) {
Enumeration policyConstraints = pc.getObjects();
while (policyConstraints.hasMoreElements()) {
try {
ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement());
if (constraint.getTagNo() == 0) {
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
if (tmpInt < explicitPolicy) {
return tmpInt;
}
break;
}
} catch (IllegalArgumentException e) {
throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", e, certPath, index);
}
}
}
return explicitPolicy;
}
Also used :
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
Enumeration(java.util.Enumeration)
ASN1TaggedObject(org.bouncycastle.asn1.ASN1TaggedObject)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Example 39 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertJ.
protected static int prepareNextCertJ(CertPath certPath, int index, int inhibitAnyPolicy) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (j)
//
DERInteger iap = null;
try {
iap = DERInteger.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.INHIBIT_ANY_POLICY));
} catch (Exception e) {
throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath, index);
}
if (iap != null) {
int _inhibitAnyPolicy = iap.getValue().intValue();
if (_inhibitAnyPolicy < inhibitAnyPolicy) {
return _inhibitAnyPolicy;
}
}
return inhibitAnyPolicy;
}
Also used :
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
IssuingDistributionPoint(org.bouncycastle.asn1.x509.IssuingDistributionPoint)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
DERInteger(org.bouncycastle.asn1.DERInteger)
Example 40 with ExtCertPathValidatorException
use of org.bouncycastle.jce.exception.ExtCertPathValidatorException in project robovm by robovm.
the class RFC3280CertPathUtilities method prepareNextCertN.
protected static void prepareNextCertN(CertPath certPath, int index) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN]) {
throw new ExtCertPathValidatorException("Issuer certificate keyusage extension is critical and does not permit key signing.", null, certPath, index);
}
}
Also used :
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
ExtCertPathValidatorException (org.bouncycastle.jce.exception.ExtCertPathValidatorException)42
ArrayList (java.util.ArrayList)38
List (java.util.List)36
X509Certificate (java.security.cert.X509Certificate)34
CertPathValidatorException (java.security.cert.CertPathValidatorException)30
IOException (java.io.IOException)24
GeneralSecurityException (java.security.GeneralSecurityException)24
CertificateExpiredException (java.security.cert.CertificateExpiredException)20
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)20
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)19
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)19
IssuingDistributionPoint (org.bouncycastle.asn1.x509.IssuingDistributionPoint)19
CertPathBuilderException (java.security.cert.CertPathBuilderException)18
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)18
Enumeration (java.util.Enumeration)15
Iterator (java.util.Iterator)14
HashSet (java.util.HashSet)12
Set (java.util.Set)12
ASN1TaggedObject (org.bouncycastle.asn1.ASN1TaggedObject)8
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)8
