private static boolean checkSignerKeyUsage(X509Certificate paramX509Certificate, Set paramSet)
throws CertificateException, IOException {
paramSet.remove("2.5.29.15");
boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
if ((arrayOfBoolean != null) && ((arrayOfBoolean.length < 6) || (arrayOfBoolean[5] == 0))) {
Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.lengthandbit");
return false;
}
List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
if ((localList != null)
&& ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
paramSet.remove("2.5.29.37");
if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
Trace.msgSecurityPrintln("trustdecider.check.signerkeyusage.keyusage");
return false;
}
}
return true;
}
private static boolean checkLeafKeyUsageForCodeSigning(
X509Certificate paramX509Certificate, Set paramSet, boolean paramBoolean)
throws CertificateException, IOException {
paramSet.remove("2.5.29.15");
boolean[] arrayOfBoolean = paramX509Certificate.getKeyUsage();
if (arrayOfBoolean != null) {
if (arrayOfBoolean.length == 0) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.length");
return false;
}
int i = arrayOfBoolean[0];
if (i == 0) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.digitalsignature");
return false;
}
}
List localList = X509Util.getExtendedKeyUsage(paramX509Certificate);
Set localSet = paramX509Certificate.getNonCriticalExtensionOIDs();
if ((localList != null)
&& ((paramSet.contains("2.5.29.37")) || (localSet.contains("2.5.29.37")))) {
paramSet.remove("2.5.29.37");
if (paramBoolean) {
if ((!localList.contains("2.5.29.37.0")) && (!localList.contains("1.3.6.1.5.5.7.3.8"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.tsaextkeyusageinfo");
return false;
}
} else if ((!localList.contains("2.5.29.37.0"))
&& (!localList.contains("1.3.6.1.5.5.7.3.3"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.extkeyusageinfo");
return false;
}
}
if ((paramX509Certificate.getExtensionValue("2.16.840.1.113730.1.1") != null)
&& (!getNetscapeCertTypeBit(paramX509Certificate, "object_signing"))) {
Trace.msgSecurityPrintln("trustdecider.check.leafkeyusage.certtypebit");
return false;
}
return true;
}
/** @tests java.security.cert.X509Certificate#getExtensionValue(java.lang.String) */
public void test_getExtensionValueLjava_lang_String() throws Exception {
InputStream is = Support_Resources.getResourceStream("hyts_certificate_PEM.txt");
CertificateFactory certFact = CertificateFactory.getInstance("X509");
X509Certificate pemCert = (X509Certificate) certFact.generateCertificate(is);
Vector<String> extensionOids = new Vector<String>();
extensionOids.addAll(pemCert.getCriticalExtensionOIDs());
extensionOids.addAll(pemCert.getNonCriticalExtensionOIDs());
Iterator i = extensionOids.iterator();
while (i.hasNext()) {
String oid = (String) i.next();
byte[] value = pemCert.getExtensionValue(oid);
if (value != null && value.length > 0) {
// check that it is an encoded as a OCTET STRING
assertEquals(
"The extension value for the oid " + oid + " was not encoded as an OCTET STRING",
0x04,
value[0]);
}
}
}
