protected static void processAttrCert3(
     X509Certificate acIssuerCert, ExtendedPKIXParameters pkixParams)
     throws CertPathValidatorException {
   if (acIssuerCert.getKeyUsage() != null
       && (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1])) {
     throw new CertPathValidatorException(
         "Attribute certificate issuer public key cannot be used to validate digital signatures.");
   }
   if (acIssuerCert.getBasicConstraints() != -1) {
     throw new CertPathValidatorException(
         "Attribute certificate issuer is also a public key certificate issuer.");
   }
 }
Esempio n. 2
0
 private static boolean checkSignerKeyUsage(X509Certificate paramX509Certificate, Set paramSet)
     throws CertificateException, IOException {
   paramSet.remove("2.5.29.15");
   boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
   if ((arrayOfBoolean != null) && ((arrayOfBoolean.length < 6) || (arrayOfBoolean[5] == 0))) {
     Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.lengthandbit");
     return false;
   }
   List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
   Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
   if ((localList != null)
       && ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
     paramSet.remove("2.5.29.37");
     if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
       Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.keyusage");
       return false;
     }
   }
   return true;
 }
Esempio n. 3
0
 private static boolean checkLeafKeyUsageForCodeSigning(
     X509Certificate paramX509Certificate, Set paramSet, boolean paramBoolean)
     throws CertificateException, IOException {
   paramSet.remove("2.5.29.15");
   boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
   if (arrayOfBoolean != null) {
     if (arrayOfBoolean.length == 0) {
       Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.length");
       return false;
     }
     int i = arrayOfBoolean[0];
     if (i == 0) {
       Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.digitalsignature");
       return false;
     }
   }
   List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
   Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
   if ((localList != null)
       && ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
     paramSet.remove("2.5.29.37");
     if (paramBoolean) {
       if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.8"))) {
         Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.tsaextkeyusageinfo");
         return false;
       }
     } else if ((!localList.contains("2.5.29.37.0"))
         && (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
       Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.extkeyusageinfo");
       return false;
     }
   }
   if ((paramX509Certificate.getExtensionValue("2.16.840.1.113730.1.1") != null)
       && (!getNetscapeCertTypeBit(paramX509Certificate, "object_signing"))) {
     Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.certtypebit");
     return false;
   }
   return true;
 }
Esempio n. 4
0
 private static boolean checkKeyUsage(X509Certificate paramX509Certificate, int paramInt) {
   boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
   if (arrayOfBoolean == null) return true;
   return (arrayOfBoolean.length > paramInt) && (arrayOfBoolean[paramInt] != 0);
 }