Search in sources :

Example 1 with PolicyMappingsExtension

use of sun.security.x509.PolicyMappingsExtension in project jdk8u_jdk by JetBrains.

the class PolicyChecker method processPolicyMappings.

/**
     * Processes policy mappings in the certificate.
     *
     * @param currCert the Certificate to be processed
     * @param certIndex the index of the current certificate
     * @param policyMapping an integer which indicates if policy
     * mapping is inhibited
     * @param rootNode the root node of the valid policy tree
     * @param policiesCritical a boolean indicating if the certificate policies
     * extension is critical
     * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
     * Set if there are no qualifiers associated with ANY-POLICY
     * @return the root node of the valid policy tree after modification
     * @exception CertPathValidatorException exception thrown if an error
     * occurs while processing policy mappings
     */
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
    PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
    if (polMappingsExt == null)
        return rootNode;
    if (debug != null)
        debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
    List<CertificatePolicyMap> maps = null;
    try {
        maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException("Exception while checking " + "mapping", e);
    }
    boolean childDeleted = false;
    for (CertificatePolicyMap polMap : maps) {
        String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
        String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
        if (debug != null) {
            debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
            debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
        }
        if (issuerDomain.equals(ANY_POLICY)) {
            throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
        }
        if (subjectDomain.equals(ANY_POLICY)) {
            throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
        }
        Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
        if (!validNodes.isEmpty()) {
            for (PolicyNodeImpl curNode : validNodes) {
                if ((policyMapping > 0) || (policyMapping == -1)) {
                    curNode.addExpectedPolicy(subjectDomain);
                } else if (policyMapping == 0) {
                    PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
                }
            }
        } else {
            // no node of depth i has a valid policy
            if ((policyMapping > 0) || (policyMapping == -1)) {
                Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
                for (PolicyNodeImpl curAnyNode : validAnyNodes) {
                    PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
                    Set<String> expPols = new HashSet<>();
                    expPols.add(subjectDomain);
                    PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
                }
            }
        }
    }
    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            if (debug != null)
                debug.println("setting rootNode to null");
            rootNode = null;
        }
    }
    return rootNode;
}
Also used : CertPathValidatorException(java.security.cert.CertPathValidatorException) PolicyMappingsExtension(sun.security.x509.PolicyMappingsExtension) IOException(java.io.IOException) CertificatePolicyMap(sun.security.x509.CertificatePolicyMap)

Aggregations

IOException (java.io.IOException)1 CertPathValidatorException (java.security.cert.CertPathValidatorException)1 CertificatePolicyMap (sun.security.x509.CertificatePolicyMap)1 PolicyMappingsExtension (sun.security.x509.PolicyMappingsExtension)1