/** * returns the ICP-BRASIL Level Certificate(A1, A2, A3, A4, S1, S2, S3, S4).<br> * DOC-ICP-04 Returns the <b>null</b> value if the CertificatePolicies is NOT present. * * @return String */ public String getNivelCertificado() { try { DERSequence seq = (DERSequence) getExtensionValue(X509Extensions.CertificatePolicies.getId()); if (seq == null) { return null; } for (int pos = 0; pos < seq.size(); pos++) { ASN1ObjectIdentifier o = (ASN1ObjectIdentifier) seq.getObjectAt(pos); PolicyInformation pol = new PolicyInformation(o); // new PolicyInformation( // PolicyInformation pol = new PolicyInformation((DERSequence) // seq.getObjectAt(pos)); String id = pol.getPolicyIdentifier().getId(); if (id == null) { continue; } if (id.startsWith(OID_A1_CERTIFICATE)) { return "A1"; } if (id.startsWith(OID_A2_CERTIFICATE)) { return "A2"; } if (id.startsWith(OID_A3_CERTIFICATE)) { return "A3"; } if (id.startsWith(OID_A4_CERTIFICATE)) { return "A4"; } if (id.startsWith(OID_S1_CERTIFICATE)) { return "S1"; } if (id.startsWith(OID_S2_CERTIFICATE)) { return "S2"; } if (id.startsWith(OID_S3_CERTIFICATE)) { return "S3"; } if (id.startsWith(OID_S4_CERTIFICATE)) { return "S4"; } } return null; } catch (Exception e) { e.printStackTrace(); } return null; }
protected static void prepareNextCertB1( int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException { boolean idp_found = false; Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next(); if (node.getValidPolicy().equals(id_p)) { idp_found = true; node.expectedPolicies = (Set) m_idp.get(id_p); break; } } if (!idp_found) { nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode) nodes_i.next(); if (ANY_POLICY.equals(node.getValidPolicy())) { Set pq = null; ASN1Sequence policies = (ASN1Sequence) getExtensionValue(cert, CERTIFICATE_POLICIES); Enumeration e = policies.getObjects(); while (e.hasMoreElements()) { PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement()); if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) { pq = getQualifierSet(pinfo.getPolicyQualifiers()); break; } } boolean ci = false; if (cert.getCriticalExtensionOIDs() != null) { ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES); } PKIXPolicyNode p_node = (PKIXPolicyNode) node.getParent(); if (ANY_POLICY.equals(p_node.getValidPolicy())) { PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set) m_idp.get(id_p), p_node, pq, id_p, ci); p_node.addChild(c_node); policyNodes[i].add(c_node); } break; } } } }
private static boolean certHasPolicy(X509Certificate cert, String sOid) { try { if (m_logger.isDebugEnabled()) m_logger.debug("Read cert policies: " + cert.getSerialNumber().toString()); ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded()); ASN1InputStream aIn = new ASN1InputStream(bIn); ASN1Sequence seq = (ASN1Sequence) aIn.readObject(); X509CertificateStructure obj = new X509CertificateStructure(seq); TBSCertificateStructure tbsCert = obj.getTBSCertificate(); if (tbsCert.getVersion() == 3) { X509Extensions ext = tbsCert.getExtensions(); if (ext != null) { Enumeration en = ext.oids(); while (en.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier) en.nextElement(); X509Extension extVal = ext.getExtension(oid); ASN1OctetString oct = extVal.getValue(); ASN1InputStream extIn = new ASN1InputStream(new ByteArrayInputStream(oct.getOctets())); // if (oid.equals(X509Extensions.CertificatePolicies)) { // bc 146 ja jdk 1.6 puhul - // X509Extension.certificatePolicies if (oid.equals(X509Extension.certificatePolicies)) { // bc 146 ja jdk 1.6 puhul - // X509Extension.certificatePolicies ASN1Sequence cp = (ASN1Sequence) extIn.readObject(); for (int i = 0; i != cp.size(); i++) { PolicyInformation pol = PolicyInformation.getInstance(cp.getObjectAt(i)); DERObjectIdentifier dOid = pol.getPolicyIdentifier(); String soid2 = dOid.getId(); if (m_logger.isDebugEnabled()) m_logger.debug("Policy: " + soid2); if (soid2.startsWith(sOid)) return true; } } } } } } catch (Exception ex) { m_logger.error("Error reading cert policies: " + ex); } return false; }