Java Examples for sun.security.x509.CertificatePolicyMap
The following java examples will help you to understand the usage of sun.security.x509.CertificatePolicyMap. These source code samples are taken from different open source projects.
Example 1
| Project: ikvm-openjdk-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (int j = 0; j < maps.size(); j++) {
CertificatePolicyMap polMap = maps.get(j);
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<String>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 2
| Project: j2objc-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 3
| Project: barchart-udt-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (int j = 0; j < maps.size(); j++) {
CertificatePolicyMap polMap = maps.get(j);
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<String>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 4
| Project: jdk7u-jdk-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (int j = 0; j < maps.size(); j++) {
CertificatePolicyMap polMap = maps.get(j);
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<String>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 5
| Project: openjdk8-jdk-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 6
| Project: openjdk-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (CertificatePolicyMap polMap : maps) {
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY", null, null, -1, PKIXReason.INVALID_POLICY);
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 7
| Project: ManagedRuntimeInitiative-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (int j = 0; j < maps.size(); j++) {
CertificatePolicyMap polMap = maps.get(j);
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<String>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}Example 8
| Project: classlib6-master File: PolicyChecker.java View source code |
/**
* Processes policy mappings in the certificate.
*
* @param currCert the Certificate to be processed
* @param certIndex the index of the current certificate
* @param policyMapping an integer which indicates if policy
* mapping is inhibited
* @param rootNode the root node of the valid policy tree
* @param policiesCritical a boolean indicating if the certificate policies
* extension is critical
* @param anyQuals the qualifiers associated with ANY-POLICY, or an empty
* Set if there are no qualifiers associated with ANY-POLICY
* @return the root node of the valid policy tree after modification
* @exception CertPathValidatorException exception thrown if an error
* occurs while processing policy mappings
*/
private static PolicyNodeImpl processPolicyMappings(X509CertImpl currCert, int certIndex, int policyMapping, PolicyNodeImpl rootNode, boolean policiesCritical, Set<PolicyQualifierInfo> anyQuals) throws CertPathValidatorException {
PolicyMappingsExtension polMappingsExt = currCert.getPolicyMappingsExtension();
if (polMappingsExt == null)
return rootNode;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings() " + "inside policyMapping check");
List<CertificatePolicyMap> maps = null;
try {
maps = (List<CertificatePolicyMap>) polMappingsExt.get(PolicyMappingsExtension.MAP);
} catch (IOException e) {
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "mapping exception");
e.printStackTrace();
}
throw new CertPathValidatorException("Exception while checking " + "mapping", e);
}
boolean childDeleted = false;
for (int j = 0; j < maps.size(); j++) {
CertificatePolicyMap polMap = maps.get(j);
String issuerDomain = polMap.getIssuerIdentifier().getIdentifier().toString();
String subjectDomain = polMap.getSubjectIdentifier().getIdentifier().toString();
if (debug != null) {
debug.println("PolicyChecker.processPolicyMappings() " + "issuerDomain = " + issuerDomain);
debug.println("PolicyChecker.processPolicyMappings() " + "subjectDomain = " + subjectDomain);
}
if (issuerDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered an issuerDomainPolicy of ANY_POLICY");
}
if (subjectDomain.equals(ANY_POLICY)) {
throw new CertPathValidatorException("encountered a subjectDomainPolicy of ANY_POLICY");
}
Set<PolicyNodeImpl> validNodes = rootNode.getPolicyNodesValid(certIndex, issuerDomain);
if (!validNodes.isEmpty()) {
for (PolicyNodeImpl curNode : validNodes) {
if ((policyMapping > 0) || (policyMapping == -1)) {
curNode.addExpectedPolicy(subjectDomain);
} else if (policyMapping == 0) {
PolicyNodeImpl parentNode = (PolicyNodeImpl) curNode.getParent();
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() before deleting: policy tree = " + rootNode);
parentNode.deleteChild(curNode);
childDeleted = true;
if (debug != null)
debug.println("PolicyChecker.processPolicyMappings" + "() after deleting: policy tree = " + rootNode);
}
}
} else {
// no node of depth i has a valid policy
if ((policyMapping > 0) || (policyMapping == -1)) {
Set<PolicyNodeImpl> validAnyNodes = rootNode.getPolicyNodesValid(certIndex, ANY_POLICY);
for (PolicyNodeImpl curAnyNode : validAnyNodes) {
PolicyNodeImpl curAnyNodeParent = (PolicyNodeImpl) curAnyNode.getParent();
Set<String> expPols = new HashSet<String>();
expPols.add(subjectDomain);
PolicyNodeImpl curNode = new PolicyNodeImpl(curAnyNodeParent, issuerDomain, anyQuals, policiesCritical, expPols, true);
}
}
}
}
if (childDeleted) {
rootNode.prune(certIndex);
if (!rootNode.getChildren().hasNext()) {
if (debug != null)
debug.println("setting rootNode to null");
rootNode = null;
}
}
return rootNode;
}