Exemplo n.º 1
0
  /**
   * Reads the value of the <code>CertificatePolicies</code> extension field of the certificate.
   *
   * @return List of certificate policies defined on certificate or null if the certificate does not
   *     define the field.
   */
  public List<PolicyInformation> readCertificatePolicies() {
    final ASN1Encodable data = read(ExtensionType.CertificatePolicies);
    if (data == null) {
      return null;
    }

    final ASN1Sequence sequence = ASN1Sequence.getInstance(data);
    final List<PolicyInformation> list = new ArrayList<>(sequence.size());
    for (int i = 0; i < sequence.size(); i++) {
      list.add(PolicyInformation.getInstance(sequence.getObjectAt(i)));
    }
    return list;
  }
  protected static void prepareNextCertB1(
      int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert)
      throws AnnotatedException, CertPathValidatorException {
    boolean idp_found = false;
    Iterator nodes_i = policyNodes[i].iterator();
    while (nodes_i.hasNext()) {
      PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
      if (node.getValidPolicy().equals(id_p)) {
        idp_found = true;
        node.expectedPolicies = (Set) m_idp.get(id_p);
        break;
      }
    }

    if (!idp_found) {
      nodes_i = policyNodes[i].iterator();
      while (nodes_i.hasNext()) {
        PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next();
        if (ANY_POLICY.equals(node.getValidPolicy())) {
          Set pq = null;
          ASN1Sequence policies = (ASN1Sequence) getExtensionValue(cert, CERTIFICATE_POLICIES);
          Enumeration e = policies.getObjects();
          while (e.hasMoreElements()) {
            PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement());
            if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) {
              pq = getQualifierSet(pinfo.getPolicyQualifiers());
              break;
            }
          }
          boolean ci = false;
          if (cert.getCriticalExtensionOIDs() != null) {
            ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
          }

          PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent();
          if (ANY_POLICY.equals(p_node.getValidPolicy())) {
            PKIXPolicyNode c_node =
                new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci);
            p_node.addChild(c_node);
            policyNodes[i].add(c_node);
          }
          break;
        }
      }
    }
  }
Exemplo n.º 3
0
 private static boolean certHasPolicy(X509Certificate cert, String sOid) {
   try {
     if (m_logger.isDebugEnabled())
       m_logger.debug("Read cert policies: " + cert.getSerialNumber().toString());
     ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
     ASN1InputStream aIn = new ASN1InputStream(bIn);
     ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
     X509CertificateStructure obj = new X509CertificateStructure(seq);
     TBSCertificateStructure tbsCert = obj.getTBSCertificate();
     if (tbsCert.getVersion() == 3) {
       X509Extensions ext = tbsCert.getExtensions();
       if (ext != null) {
         Enumeration en = ext.oids();
         while (en.hasMoreElements()) {
           DERObjectIdentifier oid = (DERObjectIdentifier) en.nextElement();
           X509Extension extVal = ext.getExtension(oid);
           ASN1OctetString oct = extVal.getValue();
           ASN1InputStream extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets()));
           // if (oid.equals(X509Extensions.CertificatePolicies)) { // bc 146 ja jdk 1.6 puhul -
           // X509Extension.certificatePolicies
           if (oid.equals(X509Extension.certificatePolicies)) { // bc 146 ja jdk 1.6 puhul -
             // X509Extension.certificatePolicies
             ASN1Sequence cp = (ASN1Sequence) extIn.readObject();
             for (int i = 0; i != cp.size(); i++) {
               PolicyInformation pol = PolicyInformation.getInstance(cp.getObjectAt(i));
               DERObjectIdentifier dOid = pol.getPolicyIdentifier();
               String soid2 = dOid.getId();
               if (m_logger.isDebugEnabled()) m_logger.debug("Policy: " + soid2);
               if (soid2.startsWith(sOid)) return true;
             }
           }
         }
       }
     }
   } catch (Exception ex) {
     m_logger.error("Error reading cert policies: " + ex);
   }
   return false;
 }