Example 21 with PolicyRequiredException
use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.
the class ValidatePanel method validateCert.
private void validateCert() {
reportText.setText("");
final File certFile = certFileField.getFile();
final File policyFile = policyFileField.getFile();
if (!certFile.exists()) {
JOptionPane.showMessageDialog(this, "Certificate file does not exist or cannot be found.", "Invalid Cert File", JOptionPane.ERROR_MESSAGE);
return;
}
InputStream policyInput = null;
if (!feedMode) {
if (!policyFile.exists()) {
JOptionPane.showMessageDialog(this, "Policy file does not exist or cannot be found.", "Invalid Policy File", JOptionPane.ERROR_MESSAGE);
return;
}
try {
// load the policy as an input stream
policyInput = FileUtils.openInputStream(policyFile);
} catch (Exception e) {
JOptionPane.showMessageDialog(this, "Could not load policy from file: " + e.getMessage(), "Invalid Policy File", JOptionPane.ERROR_MESSAGE);
return;
}
} else {
try {
final int length = feed.getLength();
policyInput = IOUtils.toInputStream(feed.getText(0, length));
} catch (Exception e) {
JOptionPane.showMessageDialog(this, "Could not load policy: " + e.getMessage(), "Invalid Policy", JOptionPane.ERROR_MESSAGE);
return;
}
}
// load the certificate
X509Certificate cert = null;
try {
cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(FileUtils.openInputStream(certFile));
} catch (Exception e) {
JOptionPane.showMessageDialog(this, "Could not load certificate from file: " + e.getMessage(), "Invalid Cert File", JOptionPane.ERROR_MESSAGE);
return;
}
final DateFormat dateFormat = new SimpleDateFormat("EEE, MMM d yyyy HH:mm:ss", Locale.getDefault());
final StringBuilder reportTextBuilder = new StringBuilder("Validation run at " + dateFormat.format(Calendar.getInstance(Locale.getDefault()).getTime()) + "\r\n\r\n");
try {
final PolicyLexiconParser parser = (feedMode) ? PolicyLexiconParserFactory.getInstance(feedLexicon) : PolicyLexiconParserFactory.getInstance(PolicyLexicon.XML);
final PolicyExpression policyExpression = parser.parse(policyInput);
final org.nhindirect.policy.Compiler compiler = new StackMachineCompiler();
compiler.setReportModeEnabled(true);
final PolicyFilter filter = PolicyFilterFactory.getInstance(compiler);
if (filter.isCompliant(cert, policyExpression) && compiler.getCompilationReport().isEmpty())
reportTextBuilder.append("Certificate is compliant with the provided policy.");
else {
reportTextBuilder.append("Certificate is NOT compliant with the provided policy.\r\n\r\n");
final Collection<String> report = compiler.getCompilationReport();
if (!report.isEmpty()) {
for (String reportEntry : report) reportTextBuilder.append(reportEntry + "\r\n");
}
}
} catch (PolicyRequiredException e) {
reportTextBuilder.append("Validation Successful\r\nCertificate is missing a required field\r\n\t" + e.getMessage());
} catch (PolicyGrammarException e) {
reportTextBuilder.append("Validation Failed\r\nError compiling policy\r\n\t" + e.getMessage());
} catch (Exception e) {
final ByteArrayOutputStream str = new ByteArrayOutputStream();
final PrintStream printStr = new PrintStream(str);
e.printStackTrace();
e.printStackTrace(printStr);
final String stackTrace = new String(str.toByteArray());
reportTextBuilder.append("Validation Failed\r\nError compiling or proccessing policy\r\n\t" + e.getMessage() + "\r\n" + stackTrace);
} finally {
reportText.setText(reportTextBuilder.toString());
IOUtils.closeQuietly(policyInput);
}
}
Also used :
PrintStream(java.io.PrintStream)
PolicyGrammarException(org.nhindirect.policy.PolicyGrammarException)
PolicyFilter(org.nhindirect.policy.PolicyFilter)
InputStream(java.io.InputStream)
PolicyExpression(org.nhindirect.policy.PolicyExpression)
StackMachineCompiler(org.nhindirect.policy.impl.machine.StackMachineCompiler)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
PolicyGrammarException(org.nhindirect.policy.PolicyGrammarException)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
X509Certificate(java.security.cert.X509Certificate)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
SimpleDateFormat(java.text.SimpleDateFormat)
DateFormat(java.text.DateFormat)
PolicyLexiconParser(org.nhindirect.policy.PolicyLexiconParser)
File(java.io.File)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 22 with PolicyRequiredException
use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.
the class AuthorityInfoAccessExtentionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> coll = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(coll);
return;
}
}
final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
final Collection<String> retVal = new ArrayList<String>();
for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
final String accessMethod = AuthorityInfoAccessMethodIdentifier.fromId(accessDescription.getAccessMethod().toString()).getName();
retVal.add(accessMethod + ":" + accessDescription.getAccessLocation().getName().toString());
}
if (retVal.isEmpty() && isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess)
DERObject(org.bouncycastle.asn1.DERObject)
AccessDescription(org.bouncycastle.asn1.x509.AccessDescription)
ArrayList(java.util.ArrayList)
Example 23 with PolicyRequiredException
use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.
the class IssuerAttributeField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
if (rdnAttributeId.equals(RDNAttributeIdentifier.DISTINGUISHED_NAME)) {
final Collection<String> str = Arrays.asList(certificate.getIssuerX500Principal().getName(X500Principal.RFC2253));
this.policyValue = PolicyValueFactory.getInstance(str);
return;
}
DERObject tbsValue = null;
try {
tbsValue = this.getDERObject(certificate.getTBSCertificate());
}///CLOVER:OFF
catch (Exception e) {
throw new PolicyProcessException("Exception parsing TBS certificate fields.", e);
}
///CLOVER:ON
final TBSCertificateStructure tbsStruct = TBSCertificateStructure.getInstance(tbsValue);
final X509Name x509Name = getX509Name(tbsStruct);
@SuppressWarnings("unchecked") final Vector<String> values = x509Name.getValues(new DERObjectIdentifier(getRDNAttributeFieldId().getId()));
if (values.isEmpty() && this.isRequired())
throw new PolicyRequiredException(getFieldName() + " field attribute " + rdnAttributeId.getName() + " is marked as required but is not present.");
final Collection<String> retVal = values;
this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
X509Name(org.bouncycastle.asn1.x509.X509Name)
TBSCertificateStructure(org.bouncycastle.asn1.x509.TBSCertificateStructure)
DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier)
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
PolicyProcessException(org.nhindirect.policy.PolicyProcessException)
Example 24 with PolicyRequiredException
use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.
the class SubjectAltNameExtensionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
final Collection<String> emptyList = Collections.emptyList();
this.policyValue = PolicyValueFactory.getInstance(emptyList);
return;
}
}
final Collection<String> names = new ArrayList<String>();
final GeneralNames generalNames = GeneralNames.getInstance(exValue);
for (GeneralName name : generalNames.getNames()) {
final GeneralNameType type = GeneralNameType.fromTag(name.getTagNo());
if (type != null) {
names.add(type.getDisplay() + ":" + name.getName().toString());
}
}
this.policyValue = PolicyValueFactory.getInstance(names);
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
ArrayList(java.util.ArrayList)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 25 with PolicyRequiredException
use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.
the class AuthorityKeyIdentifierKeyIdExtensionField method injectReferenceValue.
/**
* {@inheritDoc}
*/
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
this.certificate = value;
final DERObject exValue = getExtensionValue(value);
if (exValue == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
this.policyValue = PolicyValueFactory.getInstance("");
return;
}
}
final AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(exValue);
byte[] keyId = aki.getKeyIdentifier();
///CLOVER:OFF
if (keyId == null) {
if (isRequired())
throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
else {
this.policyValue = PolicyValueFactory.getInstance("");
return;
}
}
///CLOVER:ON
this.policyValue = PolicyValueFactory.getInstance(PolicyUtils.createByteStringRep(keyId));
}
Also used :
PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException)
DERObject(org.bouncycastle.asn1.DERObject)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
Aggregations
PolicyRequiredException (org.nhindirect.policy.PolicyRequiredException)31
X509Certificate (java.security.cert.X509Certificate)19
DERObject (org.bouncycastle.asn1.DERObject)12
ArrayList (java.util.ArrayList)7
PolicyExpression (org.nhindirect.policy.PolicyExpression)4
PolicyFilter (org.nhindirect.policy.PolicyFilter)3
KeyUsageExtensionField (org.nhindirect.policy.x509.KeyUsageExtensionField)3
InternetAddress (javax.mail.internet.InternetAddress)2
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2
DEREncodable (org.bouncycastle.asn1.DEREncodable)2
DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)2
AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)2
AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)2
GeneralName (org.bouncycastle.asn1.x509.GeneralName)2
GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)2
PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)2
PolicyProcessException (org.nhindirect.policy.PolicyProcessException)2
PolicyResolver (org.nhindirect.stagent.policy.PolicyResolver)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
File (java.io.File)1
