Example 1 with CertificatePolicies
use of org.xipki.ca.certprofile.xijson.conf.CertificatePolicies in project xipki by xipki.
the class A2gChecker method checkExtnCertificatePolicies.
// method checkExtnBiometricInfo
void checkExtnCertificatePolicies(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns, ExtensionControl extnControl) {
CertificatePolicies certificatePolicies = caller.getCertificatePolicies();
if (certificatePolicies == null) {
caller.checkConstantExtnValue(Extension.certificatePolicies, failureMsg, extnValue, requestedExtns, extnControl);
return;
}
Map<String, CertificatePolicyInformationType> expPoliciesMap = new HashMap<>();
for (CertificatePolicyInformationType cp : caller.getCertificatePolicies().getCertificatePolicyInformations()) {
expPoliciesMap.put(cp.getPolicyIdentifier().getOid(), cp);
}
Set<String> expPolicyIds = new HashSet<>(expPoliciesMap.keySet());
org.bouncycastle.asn1.x509.CertificatePolicies asn1 = org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(extnValue);
PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();
for (PolicyInformation isPolicyInformation : isPolicyInformations) {
ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
expPolicyIds.remove(isPolicyId.getId());
CertificatePolicyInformationType expCp = expPoliciesMap.get(isPolicyId.getId());
if (expCp == null) {
failureMsg.append("certificate policy '").append(isPolicyId).append("' is not expected; ");
continue;
}
List<PolicyQualifier> expCpPq = expCp.getPolicyQualifiers();
if (isEmpty(expCpPq)) {
continue;
}
ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
List<String> isCpsUris = new LinkedList<>();
List<String> isUserNotices = new LinkedList<>();
int size = isPolicyQualifiers.size();
for (int i = 0; i < size; i++) {
PolicyQualifierInfo isPolicyQualifierInfo = PolicyQualifierInfo.getInstance(isPolicyQualifiers.getObjectAt(i));
ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
String isCpsUri = DERIA5String.getInstance(isQualifier).getString();
isCpsUris.add(isCpsUri);
} else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
if (isUserNotice.getExplicitText() != null) {
isUserNotices.add(isUserNotice.getExplicitText().getString());
}
}
}
for (PolicyQualifier qualifierInfo : expCpPq) {
String value = qualifierInfo.getValue();
switch(qualifierInfo.getType()) {
case cpsUri:
if (!isCpsUris.contains(value)) {
failureMsg.append("CPSUri '").append(value).append("' is absent but is required; ");
}
continue;
case userNotice:
if (!isUserNotices.contains(value)) {
failureMsg.append("userNotice '").append(value).append("' is absent but is required; ");
}
continue;
default:
throw new IllegalStateException("should not reach here");
}
}
}
for (String policyId : expPolicyIds) {
failureMsg.append("certificate policy '").append(policyId).append("' is absent but is required; ");
}
}
Also used :
PolicyQualifier(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)
org.bouncycastle.asn1.x509(org.bouncycastle.asn1.x509)
CertificatePolicyInformationType(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)
CertificatePolicies(org.xipki.ca.certprofile.xijson.conf.CertificatePolicies)
Aggregations
org.bouncycastle.asn1.x509 (org.bouncycastle.asn1.x509)1
CertificatePolicies (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies)1
CertificatePolicyInformationType (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.CertificatePolicyInformationType)1
PolicyQualifier (org.xipki.ca.certprofile.xijson.conf.CertificatePolicies.PolicyQualifier)1
