/*
* Parses the data in the given input stream as a sequence of DER encoded
* X.509 CRLs (in binary or base 64 encoded format) OR as a single PKCS#7
* encoded blob (in binary or base 64 encoded format).
*/
private Collection<? extends java.security.cert.CRL> parseX509orPKCS7CRL(InputStream is)
throws CRLException, IOException {
Collection<X509CRLImpl> coll = new ArrayList<>();
byte[] data = readOneBlock(is);
if (data == null) {
return new ArrayList<>(0);
}
try {
PKCS7 pkcs7 = new PKCS7(data);
X509CRL[] crls = pkcs7.getCRLs();
// CRLs are optional in PKCS #7
if (crls != null) {
return Arrays.asList(crls);
} else {
// no crls provided
return new ArrayList<>(0);
}
} catch (ParsingException e) {
while (data != null) {
coll.add(new X509CRLImpl(data));
data = readOneBlock(is);
}
}
return coll;
}
private X509Certificate[] doBuild(X509Certificate[] chain, Collection otherCerts)
throws CertificateException {
try {
PKIXBuilderParameters params = (PKIXBuilderParameters) parameterTemplate.clone();
setDate(params);
// setup target constraints
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(chain[0]);
params.setTargetCertConstraints(selector);
// setup CertStores
Collection certs = new ArrayList();
certs.addAll(Arrays.asList(chain));
if (otherCerts != null) {
certs.addAll(otherCerts);
}
CertStore store =
CertStore.getInstance("Collection", new CollectionCertStoreParameters(certs));
params.addCertStore(store);
// do the build
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);
return toArray(result.getCertPath(), result.getTrustAnchor());
} catch (GeneralSecurityException e) {
throw new ValidatorException("PKIX path building failed: " + e.toString(), e);
}
}
boolean commit(List rows, long updateStamp) {
checkAllPermission();
synchronized (lock) {
if (updateStamp != timeStamp) return false;
SecurityRow[] newRows = new SecurityRow[rows.size()];
Collection names = new ArrayList();
for (int i = 0; i < newRows.length; i++) {
Object rowObj = rows.get(i);
if (!(rowObj instanceof ConditionalPermissionInfo))
throw new IllegalStateException(
"Invalid type \""
+ rowObj.getClass().getName()
+ "\" at row: "
+ i); //$NON-NLS-1$//$NON-NLS-2$
ConditionalPermissionInfo infoBaseRow = (ConditionalPermissionInfo) rowObj;
String name = infoBaseRow.getName();
if (name == null) name = generateName();
if (names.contains(name))
throw new IllegalStateException(
"Duplicate name \"" + name + "\" at row: " + i); // $NON-NLS-1$//$NON-NLS-2$
newRows[i] =
new SecurityRow(
this,
name,
infoBaseRow.getConditionInfos(),
infoBaseRow.getPermissionInfos(),
infoBaseRow.getAccessDecision());
}
condAdminTable = new SecurityTable(this, newRows);
try {
permissionStorage.saveConditionalPermissionInfos(condAdminTable.getEncodedRows());
} catch (IOException e) {
// TODO log
e.printStackTrace();
}
timeStamp += 1;
return true;
}
}
PKIXValidator(String variant, Collection trustedCerts) {
super(TYPE_PKIX, variant);
if (trustedCerts instanceof Set) {
this.trustedCerts = (Set) trustedCerts;
} else {
this.trustedCerts = new HashSet(trustedCerts);
}
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (Iterator t = trustedCerts.iterator(); t.hasNext(); ) {
X509Certificate cert = (X509Certificate) t.next();
trustAnchors.add(new TrustAnchor(cert, null));
}
try {
parameterTemplate = new PKIXBuilderParameters(trustAnchors, null);
} catch (InvalidAlgorithmParameterException e) {
throw new RuntimeException("Unexpected error: " + e.toString(), e);
}
setDefaultParameters(variant);
initCommon();
}