Java Examples for sun.security.x509.CertificatePolicyMap
The following java examples will help you to understand the usage of sun.security.x509.CertificatePolicyMap. These source code samples are taken from different open source projects.
Example 1
Project: ikvm-openjdk-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (int j = 0; j < maps.size(); j++) { CertificatePolicyMap polMap = maps.get(j); String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY"); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY"); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<String>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 2
Project: j2objc-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (CertificatePolicyMap polMap : maps) { String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 3
Project: barchart-udt-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (int j = 0; j < maps.size(); j++) { CertificatePolicyMap polMap = maps.get(j); String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY"); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY"); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<String>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 4
Project: jdk7u-jdk-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (int j = 0; j < maps.size(); j++) { CertificatePolicyMap polMap = maps.get(j); String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<String>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 5
Project: openjdk8-jdk-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (CertificatePolicyMap polMap : maps) { String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 6
Project: openjdk-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (CertificatePolicyMap polMap : maps) { String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 7
Project: ManagedRuntimeInitiative-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (int j = 0; j < maps.size(); j++) { CertificatePolicyMap polMap = maps.get(j); String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY"); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY"); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<String>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }
Example 8
Project: classlib6-master File: PolicyChecker.java View source code |
/** * Processes policy mappings in the certificate. * * @param currCert the Certificate to be processed * @param certIndex the index of the current certificate * @param policyMapping an integer which indicates if policy * mapping is inhibited * @param rootNode the root node of the valid policy tree * @param policiesCritical a boolean indicating if the certificate policies * extension is critical * @param anyQuals the qualifiers associated with ANY-POLICY, or an empty * Set if there are no qualifiers associated with ANY-POLICY * @return the root node of the valid policy tree after modification * @exception CertPathValidatorException exception thrown if an error * occurs while processing policy mappings */ private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException { PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension(); if (polMappingsExt == null) return rootNode; if (debug != null) debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check"); List<CertificatePolicyMap> maps = null; try { maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP); } catch (IOException e) { if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception"); e.printStackTrace(); } throw new CertPathValidatorException("Exception while checking " + "mapping", e); } boolean childDeleted = false; for (int j = 0; j < maps.size(); j++) { CertificatePolicyMap polMap = maps.get(j); String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString(); String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString(); if (debug != null) { debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain); debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain); } if (issuerDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY"); } if (subjectDomain.equals(ANY_POLICY)) { throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY"); } Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain); if (!validNodes.isEmpty()) { for (PolicyNodeImpl curNode : validNodes) { if ((policyMapping > 0) || (policyMapping == -1)) { curNode.addExpectedPolicy(subjectDomain); } else if (policyMapping == 0) { PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent(); if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode); parentNode.deleteChild(curNode); childDeleted = true; if (debug != null) debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode); } } } else { // no node of depth i has a valid policy if ((policyMapping > 0) || (policyMapping == -1)) { Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY); for (PolicyNodeImpl curAnyNode : validAnyNodes) { PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent(); Set<String> expPols = new HashSet<String>(); expPols.add(subjectDomain); PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true); } } } } if (childDeleted) { rootNode.prune(certIndex); if (!rootNode.getChildren().hasNext()) { if (debug != null) debug.println("setting rootNode to null"); rootNode = null; } } return rootNode; }