Example 1 with QaPolicyMappingsOption
use of org.xipki.ca.qa.internal.QaPolicyMappingsOption in project xipki by xipki.
the class ExtensionsChecker method checkExtensionPolicyMappings.
// method checkExtensionCertificatePolicies
private void checkExtensionPolicyMappings(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
QaPolicyMappingsOption conf = policyMappings;
if (conf == null) {
byte[] expected = getExpectedExtValue(Extension.policyMappings, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
}
return;
}
ASN1Sequence isPolicyMappings = DERSequence.getInstance(extensionValue);
Map<String, String> isMap = new HashMap<>();
int size = isPolicyMappings.size();
for (int i = 0; i < size; i++) {
ASN1Sequence seq = ASN1Sequence.getInstance(isPolicyMappings.getObjectAt(i));
CertPolicyId issuerDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(0));
CertPolicyId subjectDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(1));
isMap.put(issuerDomainPolicy.getId(), subjectDomainPolicy.getId());
}
Set<String> expIssuerDomainPolicies = conf.getIssuerDomainPolicies();
for (String expIssuerDomainPolicy : expIssuerDomainPolicies) {
String expSubjectDomainPolicy = conf.addSubjectDomainPolicy(expIssuerDomainPolicy);
String isSubjectDomainPolicy = isMap.remove(expIssuerDomainPolicy);
if (isSubjectDomainPolicy == null) {
failureMsg.append("issuerDomainPolicy '").append(expIssuerDomainPolicy).append("' is absent but is required; ");
} else if (!isSubjectDomainPolicy.equals(expSubjectDomainPolicy)) {
addViolation(failureMsg, "subjectDomainPolicy for issuerDomainPolicy", isSubjectDomainPolicy, expSubjectDomainPolicy);
}
}
if (CollectionUtil.isNonEmpty(isMap)) {
failureMsg.append("issuerDomainPolicies '").append(isMap.keySet()).append("' are present but not expected; ");
}
}
Also used :
CertPolicyId(org.bouncycastle.asn1.x509.CertPolicyId)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
HashMap(java.util.HashMap)
QaPolicyMappingsOption(org.xipki.ca.qa.internal.QaPolicyMappingsOption)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DERBMPString(org.bouncycastle.asn1.DERBMPString)
DERPrintableString(org.bouncycastle.asn1.DERPrintableString)
DERUTF8String(org.bouncycastle.asn1.DERUTF8String)
ASN1String(org.bouncycastle.asn1.ASN1String)
DirectoryString(org.bouncycastle.asn1.x500.DirectoryString)
QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
DERT61String(org.bouncycastle.asn1.DERT61String)
CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint)
DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint)
Aggregations
HashMap (java.util.HashMap)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1
ASN1String (org.bouncycastle.asn1.ASN1String)1
DERBMPString (org.bouncycastle.asn1.DERBMPString)1
DERIA5String (org.bouncycastle.asn1.DERIA5String)1
DEROctetString (org.bouncycastle.asn1.DEROctetString)1
DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1
DERT61String (org.bouncycastle.asn1.DERT61String)1
DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1
DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1
CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)1
CertPolicyId (org.bouncycastle.asn1.x509.CertPolicyId)1
DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)1
QaDirectoryString (org.xipki.ca.qa.internal.QaDirectoryString)1
QaPolicyMappingsOption (org.xipki.ca.qa.internal.QaPolicyMappingsOption)1
