private Set getExtensionOIDs(boolean critical) {
X509Extensions extensions = cert.getAcinfo().getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement();
X509Extension ext = extensions.getExtension(oid);
if (ext.isCritical() == critical) {
set.add(oid.getId());
}
}
return set;
}
return null;
}
private static GSIConstants.CertificateType processCN(
X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava)
throws CertificateException {
X509Extension ext;
String value = ((DERString) ava.getObjectAt(1)).getString();
GSIConstants.CertificateType certType = type;
if (value.equalsIgnoreCase("proxy")) {
certType = GSIConstants.CertificateType.GSI_2_PROXY;
} else if (value.equalsIgnoreCase("limited proxy")) {
certType = GSIConstants.CertificateType.GSI_2_LIMITED_PROXY;
} else if (extensions != null) {
boolean gsi4 = true;
// GSI_4
ext = extensions.getExtension(ProxyCertInfo.OID);
if (ext == null) {
// GSI_3
ext = extensions.getExtension(ProxyCertInfo.OLD_OID);
gsi4 = false;
}
if (ext != null) {
if (ext.isCritical()) {
certType = processCriticalExtension(ext, gsi4);
} else {
String err = "proxyCertCritical";
throw new CertificateException(err);
}
}
}
/**
* FIXME: this looks like validation if (ProxyCertificateUtil.isProxy(type)) { X509NameHelper
* iss = new X509NameHelper(crt.getIssuer());
* iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry)); X509Name issuer = iss.getAsName(); if
* (!issuer.equals(subject)) { String err = i18n.getMessage("proxyDNErr"); throw new
* CertificateException(err); } }
*/
return certType;
}
