예제 #1
0
  private Set getExtensionOIDs(boolean critical) {
    X509Extensions extensions = cert.getAcinfo().getExtensions();

    if (extensions != null) {
      Set set = new HashSet();
      Enumeration e = extensions.oids();

      while (e.hasMoreElements()) {
        DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
        X509Extension ext = extensions.getExtension(oid);

        if (ext.isCritical() == critical) {
          set.add(oid.getId());
        }
      }

      return set;
    }

    return null;
  }
예제 #2
0
  private static GSIConstants.CertificateType processCN(
      X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava)
      throws CertificateException {
    X509Extension ext;
    String value = ((DERString) ava.getObjectAt(1)).getString();
    GSIConstants.CertificateType certType = type;
    if (value.equalsIgnoreCase("proxy")) {
      certType = GSIConstants.CertificateType.GSI_2_PROXY;
    } else if (value.equalsIgnoreCase("limited proxy")) {
      certType = GSIConstants.CertificateType.GSI_2_LIMITED_PROXY;
    } else if (extensions != null) {
      boolean gsi4 = true;
      // GSI_4
      ext = extensions.getExtension(ProxyCertInfo.OID);
      if (ext == null) {
        // GSI_3
        ext = extensions.getExtension(ProxyCertInfo.OLD_OID);
        gsi4 = false;
      }
      if (ext != null) {
        if (ext.isCritical()) {
          certType = processCriticalExtension(ext, gsi4);
        } else {
          String err = "proxyCertCritical";
          throw new CertificateException(err);
        }
      }
    }

    /**
     * FIXME: this looks like validation if (ProxyCertificateUtil.isProxy(type)) { X509NameHelper
     * iss = new X509NameHelper(crt.getIssuer());
     * iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry)); X509Name issuer = iss.getAsName(); if
     * (!issuer.equals(subject)) { String err = i18n.getMessage("proxyDNErr"); throw new
     * CertificateException(err); } }
     */
    return certType;
  }