Search in sources :

Example 21 with PolicyRequiredException

use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.

the class ValidatePanel method validateCert.

private void validateCert() {
    reportText.setText("");
    final File certFile = certFileField.getFile();
    final File policyFile = policyFileField.getFile();
    if (!certFile.exists()) {
        JOptionPane.showMessageDialog(this, "Certificate file does not exist or cannot be found.", "Invalid Cert File", JOptionPane.ERROR_MESSAGE);
        return;
    }
    InputStream policyInput = null;
    if (!feedMode) {
        if (!policyFile.exists()) {
            JOptionPane.showMessageDialog(this, "Policy file does not exist or cannot be found.", "Invalid Policy File", JOptionPane.ERROR_MESSAGE);
            return;
        }
        try {
            // load the policy as an input stream
            policyInput = FileUtils.openInputStream(policyFile);
        } catch (Exception e) {
            JOptionPane.showMessageDialog(this, "Could not load policy from file: " + e.getMessage(), "Invalid Policy File", JOptionPane.ERROR_MESSAGE);
            return;
        }
    } else {
        try {
            final int length = feed.getLength();
            policyInput = IOUtils.toInputStream(feed.getText(0, length));
        } catch (Exception e) {
            JOptionPane.showMessageDialog(this, "Could not load policy: " + e.getMessage(), "Invalid Policy", JOptionPane.ERROR_MESSAGE);
            return;
        }
    }
    // load the certificate
    X509Certificate cert = null;
    try {
        cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(FileUtils.openInputStream(certFile));
    } catch (Exception e) {
        JOptionPane.showMessageDialog(this, "Could not load certificate from file: " + e.getMessage(), "Invalid Cert File", JOptionPane.ERROR_MESSAGE);
        return;
    }
    final DateFormat dateFormat = new SimpleDateFormat("EEE, MMM d yyyy HH:mm:ss", Locale.getDefault());
    final StringBuilder reportTextBuilder = new StringBuilder("Validation run at " + dateFormat.format(Calendar.getInstance(Locale.getDefault()).getTime()) + "\r\n\r\n");
    try {
        final PolicyLexiconParser parser = (feedMode) ? PolicyLexiconParserFactory.getInstance(feedLexicon) : PolicyLexiconParserFactory.getInstance(PolicyLexicon.XML);
        final PolicyExpression policyExpression = parser.parse(policyInput);
        final org.nhindirect.policy.Compiler compiler = new StackMachineCompiler();
        compiler.setReportModeEnabled(true);
        final PolicyFilter filter = PolicyFilterFactory.getInstance(compiler);
        if (filter.isCompliant(cert, policyExpression) && compiler.getCompilationReport().isEmpty())
            reportTextBuilder.append("Certificate is compliant with the provided policy.");
        else {
            reportTextBuilder.append("Certificate is NOT compliant with the provided policy.\r\n\r\n");
            final Collection<String> report = compiler.getCompilationReport();
            if (!report.isEmpty()) {
                for (String reportEntry : report) reportTextBuilder.append(reportEntry + "\r\n");
            }
        }
    } catch (PolicyRequiredException e) {
        reportTextBuilder.append("Validation Successful\r\nCertificate is missing a required field\r\n\t" + e.getMessage());
    } catch (PolicyGrammarException e) {
        reportTextBuilder.append("Validation Failed\r\nError compiling policy\r\n\t" + e.getMessage());
    } catch (Exception e) {
        final ByteArrayOutputStream str = new ByteArrayOutputStream();
        final PrintStream printStr = new PrintStream(str);
        e.printStackTrace();
        e.printStackTrace(printStr);
        final String stackTrace = new String(str.toByteArray());
        reportTextBuilder.append("Validation Failed\r\nError compiling or proccessing policy\r\n\t" + e.getMessage() + "\r\n" + stackTrace);
    } finally {
        reportText.setText(reportTextBuilder.toString());
        IOUtils.closeQuietly(policyInput);
    }
}
Also used : PrintStream(java.io.PrintStream) PolicyGrammarException(org.nhindirect.policy.PolicyGrammarException) PolicyFilter(org.nhindirect.policy.PolicyFilter) InputStream(java.io.InputStream) PolicyExpression(org.nhindirect.policy.PolicyExpression) StackMachineCompiler(org.nhindirect.policy.impl.machine.StackMachineCompiler) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PolicyGrammarException(org.nhindirect.policy.PolicyGrammarException) PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) X509Certificate(java.security.cert.X509Certificate) PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) SimpleDateFormat(java.text.SimpleDateFormat) DateFormat(java.text.DateFormat) PolicyLexiconParser(org.nhindirect.policy.PolicyLexiconParser) File(java.io.File) SimpleDateFormat(java.text.SimpleDateFormat)

Example 22 with PolicyRequiredException

use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.

the class AuthorityInfoAccessExtentionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> coll = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(coll);
            return;
        }
    }
    final AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(exValue);
    final Collection<String> retVal = new ArrayList<String>();
    for (AccessDescription accessDescription : aia.getAccessDescriptions()) {
        final String accessMethod = AuthorityInfoAccessMethodIdentifier.fromId(accessDescription.getAccessMethod().toString()).getName();
        retVal.add(accessMethod + ":" + accessDescription.getAccessLocation().getName().toString());
    }
    if (retVal.isEmpty() && isRequired())
        throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) AuthorityInformationAccess(org.bouncycastle.asn1.x509.AuthorityInformationAccess) DERObject(org.bouncycastle.asn1.DERObject) AccessDescription(org.bouncycastle.asn1.x509.AccessDescription) ArrayList(java.util.ArrayList)

Example 23 with PolicyRequiredException

use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.

the class IssuerAttributeField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    if (rdnAttributeId.equals(RDNAttributeIdentifier.DISTINGUISHED_NAME)) {
        final Collection<String> str = Arrays.asList(certificate.getIssuerX500Principal().getName(X500Principal.RFC2253));
        this.policyValue = PolicyValueFactory.getInstance(str);
        return;
    }
    DERObject tbsValue = null;
    try {
        tbsValue = this.getDERObject(certificate.getTBSCertificate());
    }///CLOVER:OFF
     catch (Exception e) {
        throw new PolicyProcessException("Exception parsing TBS certificate fields.", e);
    }
    ///CLOVER:ON
    final TBSCertificateStructure tbsStruct = TBSCertificateStructure.getInstance(tbsValue);
    final X509Name x509Name = getX509Name(tbsStruct);
    @SuppressWarnings("unchecked") final Vector<String> values = x509Name.getValues(new DERObjectIdentifier(getRDNAttributeFieldId().getId()));
    if (values.isEmpty() && this.isRequired())
        throw new PolicyRequiredException(getFieldName() + " field attribute " + rdnAttributeId.getName() + " is marked as required but is not present.");
    final Collection<String> retVal = values;
    this.policyValue = PolicyValueFactory.getInstance(retVal);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) DERObject(org.bouncycastle.asn1.DERObject) X509Name(org.bouncycastle.asn1.x509.X509Name) TBSCertificateStructure(org.bouncycastle.asn1.x509.TBSCertificateStructure) DERObjectIdentifier(org.bouncycastle.asn1.DERObjectIdentifier) PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException) PolicyProcessException(org.nhindirect.policy.PolicyProcessException)

Example 24 with PolicyRequiredException

use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.

the class SubjectAltNameExtensionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            final Collection<String> emptyList = Collections.emptyList();
            this.policyValue = PolicyValueFactory.getInstance(emptyList);
            return;
        }
    }
    final Collection<String> names = new ArrayList<String>();
    final GeneralNames generalNames = GeneralNames.getInstance(exValue);
    for (GeneralName name : generalNames.getNames()) {
        final GeneralNameType type = GeneralNameType.fromTag(name.getTagNo());
        if (type != null) {
            names.add(type.getDisplay() + ":" + name.getName().toString());
        }
    }
    this.policyValue = PolicyValueFactory.getInstance(names);
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) DERObject(org.bouncycastle.asn1.DERObject) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) ArrayList(java.util.ArrayList) GeneralName(org.bouncycastle.asn1.x509.GeneralName)

Example 25 with PolicyRequiredException

use of org.nhindirect.policy.PolicyRequiredException in project nhin-d by DirectProject.

the class AuthorityKeyIdentifierKeyIdExtensionField method injectReferenceValue.

/**
	 * {@inheritDoc}
	 */
@Override
public void injectReferenceValue(X509Certificate value) throws PolicyProcessException {
    this.certificate = value;
    final DERObject exValue = getExtensionValue(value);
    if (exValue == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            this.policyValue = PolicyValueFactory.getInstance("");
            return;
        }
    }
    final AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance(exValue);
    byte[] keyId = aki.getKeyIdentifier();
    ///CLOVER:OFF
    if (keyId == null) {
        if (isRequired())
            throw new PolicyRequiredException("Extention " + getExtentionIdentifier().getDisplay() + " is marked as required by is not present.");
        else {
            this.policyValue = PolicyValueFactory.getInstance("");
            return;
        }
    }
    ///CLOVER:ON
    this.policyValue = PolicyValueFactory.getInstance(PolicyUtils.createByteStringRep(keyId));
}
Also used : PolicyRequiredException(org.nhindirect.policy.PolicyRequiredException) DERObject(org.bouncycastle.asn1.DERObject) AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)

Aggregations

PolicyRequiredException (org.nhindirect.policy.PolicyRequiredException)31 X509Certificate (java.security.cert.X509Certificate)19 DERObject (org.bouncycastle.asn1.DERObject)12 ArrayList (java.util.ArrayList)7 PolicyExpression (org.nhindirect.policy.PolicyExpression)4 PolicyFilter (org.nhindirect.policy.PolicyFilter)3 KeyUsageExtensionField (org.nhindirect.policy.x509.KeyUsageExtensionField)3 InternetAddress (javax.mail.internet.InternetAddress)2 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)2 DEREncodable (org.bouncycastle.asn1.DEREncodable)2 DERObjectIdentifier (org.bouncycastle.asn1.DERObjectIdentifier)2 AccessDescription (org.bouncycastle.asn1.x509.AccessDescription)2 AuthorityInformationAccess (org.bouncycastle.asn1.x509.AuthorityInformationAccess)2 GeneralName (org.bouncycastle.asn1.x509.GeneralName)2 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)2 PolicyInformation (org.bouncycastle.asn1.x509.PolicyInformation)2 PolicyProcessException (org.nhindirect.policy.PolicyProcessException)2 PolicyResolver (org.nhindirect.stagent.policy.PolicyResolver)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1