protected static void processAttrCert3(
X509Certificate acIssuerCert, ExtendedPKIXParameters pkixParams)
throws CertPathValidatorException {
if (acIssuerCert.getKeyUsage() != null
&& (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1])) {
throw new CertPathValidatorException(
"Attribute certificate issuer public key cannot be used to validate digital signatures.");
}
if (acIssuerCert.getBasicConstraints() != -1) {
throw new CertPathValidatorException(
"Attribute certificate issuer is also a public key certificate issuer.");
}
}
private static boolean checkSignerKeyUsage(X509Certificate paramX509Certificate, Set paramSet)
throws CertificateException, IOException {
paramSet.remove("2.5.29.15");
boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
if ((arrayOfBoolean != null) && ((arrayOfBoolean.length < 6) || (arrayOfBoolean[5] == 0))) {
Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.lengthandbit");
return false;
}
List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
if ((localList != null)
&& ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
paramSet.remove("2.5.29.37");
if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.keyusage");
return false;
}
}
return true;
}
private static boolean checkLeafKeyUsageForCodeSigning(
X509Certificate paramX509Certificate, Set paramSet, boolean paramBoolean)
throws CertificateException, IOException {
paramSet.remove("2.5.29.15");
boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
if (arrayOfBoolean != null) {
if (arrayOfBoolean.length == 0) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.length");
return false;
}
int i = arrayOfBoolean[0];
if (i == 0) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.digitalsignature");
return false;
}
}
List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
if ((localList != null)
&& ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
paramSet.remove("2.5.29.37");
if (paramBoolean) {
if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.8"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.tsaextkeyusageinfo");
return false;
}
} else if ((!localList.contains("2.5.29.37.0"))
&& (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.extkeyusageinfo");
return false;
}
}
if ((paramX509Certificate.getExtensionValue("2.16.840.1.113730.1.1") != null)
&& (!getNetscapeCertTypeBit(paramX509Certificate, "object_signing"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.certtypebit");
return false;
}
return true;
}
private static boolean checkKeyUsage(X509Certificate paramX509Certificate, int paramInt) {
boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
if (arrayOfBoolean == null) return true;
return (arrayOfBoolean.length > paramInt) && (arrayOfBoolean[paramInt] != 0);
}