Example 16 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class ForwardState method updateState.
/**
* Update the state with the next certificate added to the path.
*
* @param cert the certificate which is used to update the state
*/
@Override
public void updateState(X509Certificate cert) throws CertificateException, IOException, CertPathValidatorException {
if (cert == null)
return;
X509CertImpl icert = X509CertImpl.toImpl(cert);
/* see if certificate key has null parameters */
if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
keyParamsNeededFlag = true;
}
/* update certificate */
this.cert = icert;
/* update issuer DN */
issuerDN = cert.getIssuerX500Principal();
if (!X509CertImpl.isSelfIssued(cert)) {
/*
* update traversedCACerts only if this is a non-self-issued
* intermediate CA cert
*/
if (!init && cert.getBasicConstraints() != -1) {
traversedCACerts++;
}
}
/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)) {
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt = icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected " + "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
GeneralNames(sun.security.x509.GeneralNames)
SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension)
X509CertImpl(sun.security.x509.X509CertImpl)
X500Principal(javax.security.auth.x500.X500Principal)
GeneralName(sun.security.x509.GeneralName)
IOException(java.io.IOException)
Example 17 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class PolicyChecker method processPolicyMappings.
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyMappingsExtension(sun.security.x509.PolicyMappingsExtension)
IOException(java.io.IOException)
CertificatePolicyMap(sun.security.x509.CertificatePolicyMap)
Example 18 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class PolicyChecker method mergeExplicitPolicy.
/**
* Merges the specified explicitPolicy value with the
* requireExplicitPolicy field of the <code>PolicyConstraints</code>
* extension obtained from the certificate. An explicitPolicy
* value of -1 implies no constraint.
*
* @param explicitPolicy an integer which indicates if a non-null
* valid policy tree is required
* @param currCert the Certificate to be processed
* @param finalCert a boolean indicating whether currCert is
* the final cert in the cert path
* @return returns the new explicitPolicy value
* @exception CertPathValidatorException Exception thrown if an error
* occurs
*/
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert, boolean finalCert) throws CertPathValidatorException {
if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
explicitPolicy--;
}
try {
PolicyConstraintsExtension polConstExt = currCert.getPolicyConstraintsExtension();
if (polConstExt == null)
return explicitPolicy;
int require = polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy() " + "require Index from cert = " + require);
}
if (!finalCert) {
if (require != -1) {
if ((explicitPolicy == -1) || (require < explicitPolicy)) {
explicitPolicy = require;
}
}
} else {
if (require == 0)
explicitPolicy = require;
}
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.mergeExplicitPolicy " + "unexpected exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
return explicitPolicy;
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
PolicyConstraintsExtension(sun.security.x509.PolicyConstraintsExtension)
IOException(java.io.IOException)
Example 19 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class OCSP method check.
public static RevocationStatus check(X509Certificate cert, URI responderURI, TrustAnchor anchor, X509Certificate issuerCert, X509Certificate responderCert, Date date, List<Extension> extensions, String variant) throws IOException, CertPathValidatorException {
CertId certId;
try {
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
certId = new CertId(issuerCert, certImpl.getSerialNumberObject());
} catch (CertificateException | IOException e) {
throw new CertPathValidatorException("Exception while encoding OCSPRequest", e);
}
OCSPResponse ocspResponse = check(Collections.singletonList(certId), responderURI, new OCSPResponse.IssuerInfo(anchor, issuerCert), responderCert, date, extensions, variant);
return (RevocationStatus) ocspResponse.getSingleResponse(certId);
}
Also used :
CertPathValidatorException(java.security.cert.CertPathValidatorException)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Example 20 with X509CertImpl
use of sun.security.x509.X509CertImpl in project jdk8u_jdk by JetBrains.
the class X509CertificatePair method parse.
/* Parse the encoded bytes */
private void parse(DerValue val) throws IOException, CertificateException {
if (val.tag != DerValue.tag_Sequence) {
throw new IOException("Sequence tag missing for X509CertificatePair");
}
while (val.data != null && val.data.available() != 0) {
DerValue opt = val.data.getDerValue();
short tag = (byte) (opt.tag & 0x01f);
switch(tag) {
case TAG_FORWARD:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (forward != null) {
throw new IOException("Duplicate forward " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
forward = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
case TAG_REVERSE:
if (opt.isContextSpecific() && opt.isConstructed()) {
if (reverse != null) {
throw new IOException("Duplicate reverse " + "certificate in X509CertificatePair");
}
opt = opt.data.getDerValue();
reverse = X509Factory.intern(new X509CertImpl(opt.toByteArray()));
}
break;
default:
throw new IOException("Invalid encoding of " + "X509CertificatePair");
}
}
if (forward == null && reverse == null) {
throw new CertificateException("at least one of certificate pair " + "must be non-null");
}
}
Also used :
DerValue(sun.security.util.DerValue)
X509CertImpl(sun.security.x509.X509CertImpl)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Aggregations
X509CertImpl (sun.security.x509.X509CertImpl)38
CertificateException (java.security.cert.CertificateException)16
IOException (java.io.IOException)15
CertPathValidatorException (java.security.cert.CertPathValidatorException)10
X500Name (sun.security.x509.X500Name)8
X509CertInfo (sun.security.x509.X509CertInfo)8
CertificateFactory (java.security.cert.CertificateFactory)7
X509Certificate (java.security.cert.X509Certificate)7
BigInteger (java.math.BigInteger)6
AlgorithmId (sun.security.x509.AlgorithmId)6
CertificateAlgorithmId (sun.security.x509.CertificateAlgorithmId)6
CertificateSerialNumber (sun.security.x509.CertificateSerialNumber)5
CertificateValidity (sun.security.x509.CertificateValidity)5
CertificateVersion (sun.security.x509.CertificateVersion)5
CertificateX509Key (sun.security.x509.CertificateX509Key)5
CRLException (java.security.cert.CRLException)4
DerValue (sun.security.util.DerValue)4
CertificateIssuerName (sun.security.x509.CertificateIssuerName)4
CertificateSubjectName (sun.security.x509.CertificateSubjectName)4
GeneralName (sun.security.x509.GeneralName)4
