pkixcertpathvalidatorspi.java
来自「内容:基于jdk1.4的加密算法的具体实现」· Java 代码 · 共 1,799 行 · 第 1/5 页
JAVA
1,799 行
// (d) (3) // for (int j = (i - 1); j >= 0; j--) { List nodes = policyNodes[j]; for (int k = 0; k < nodes.size(); k++) { PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); if (!node.hasChildren()) { validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node); if (validPolicyTree == null) { break; } } } } // // d (4) // Set criticalExtensionOids = cert.getCriticalExtensionOIDs(); if (criticalExtensionOids != null) { boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES); List nodes = policyNodes[i]; for (int j = 0; j < nodes.size(); j++) { PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(j); node.setCritical(critical); } } } // // (e) // if (certPolicies == null) { validPolicyTree = null; } // // (f) // if (explicitPolicy <= 0 && validPolicyTree == null) { throw new CertPathValidatorException("No valid policy tree found when one expected."); } // // 6.1.4 // if (i != n) { if (cert != null && cert.getVersion() == 1) { throw new CertPathValidatorException( "Version 1 certs can't be used as CA ones"); } // // // (a) check the policy mappings // DERObject pm = getExtensionValue(cert, POLICY_MAPPINGS); if (pm != null) { ASN1Sequence mappings = (ASN1Sequence)pm; for (int j = 0; j < mappings.size(); j++) { ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); DERObjectIdentifier issuerDomainPolicy = (DERObjectIdentifier)mapping.getObjectAt(0); DERObjectIdentifier subjectDomainPolicy = (DERObjectIdentifier)mapping.getObjectAt(1); if (ANY_POLICY.equals(issuerDomainPolicy.getId())) { throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy"); } if (ANY_POLICY.equals(subjectDomainPolicy.getId())) { throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy"); } } } // (b) // if (pm != null) { ASN1Sequence mappings = (ASN1Sequence)pm; Map m_idp = new HashMap(); Set s_idp = new HashSet(); for (int j = 0; j < mappings.size(); j++) { ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId(); String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId(); Set tmp; if (!m_idp.containsKey(id_p)) { tmp = new HashSet(); tmp.add(sd_p); m_idp.put(id_p, tmp); s_idp.add(id_p); } else { tmp = (Set)m_idp.get(id_p); tmp.add(sd_p); } } Iterator it_idp = s_idp.iterator(); while (it_idp.hasNext()) { String id_p = (String)it_idp.next(); // // (1) // if (policyMapping > 0) { boolean idp_found = false; Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (node.getValidPolicy().equals(id_p)) { idp_found = true; node.expectedPolicies = (Set)m_idp.get(id_p); break; } } if (!idp_found) { nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (ANY_POLICY.equals(node.getValidPolicy())) { Set pq = null; ASN1Sequence policies = (ASN1Sequence)getExtensionValue( cert, CERTIFICATE_POLICIES); Enumeration e = policies.getObjects(); while (e.hasMoreElements()) { PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement()); if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) { pq = getQualifierSet(pinfo.getPolicyQualifiers()); break; } } boolean ci = false; if (cert.getCriticalExtensionOIDs() != null) { ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES); } PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); if (ANY_POLICY.equals(p_node.getValidPolicy())) { PKIXPolicyNode c_node = new PKIXPolicyNode( new ArrayList(), i, (Set)m_idp.get(id_p), p_node, pq, id_p, ci); p_node.addChild(c_node); policyNodes[i].add(c_node); } break; } } } // // (2) // } else if (policyMapping <= 0) { Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (node.getValidPolicy().equals(id_p)) { PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); p_node.removeChild(node); nodes_i.remove(); for (int k = (i - 1); k >= 0; k--) { List nodes = policyNodes[k]; for (int l = 0; l < nodes.size(); l++) { PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); if (!node2.hasChildren()) { validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2); if (validPolicyTree == null) { break; } } } } } } } } } // // (g) handle the name constraints extension // ASN1Sequence ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS); if (ncSeq != null) { NameConstraints nc = new NameConstraints(ncSeq); // // (g) (1) permitted subtrees // ASN1Sequence permitted = nc.getPermittedSubtrees(); if (permitted != null) { Enumeration e = permitted.getObjects(); while (e.hasMoreElements()) { GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); GeneralName base = subtree.getBase(); switch(base.getTagNo()) { case 1: permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); break; case 4: permittedSubtreesDN = intersectDN(permittedSubtreesDN, (ASN1Sequence)base.getName()); break; case 7: permittedSubtreesIP = intersectIP(permittedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); break; } } } // // (g) (2) excluded subtrees // ASN1Sequence excluded = nc.getExcludedSubtrees(); if (excluded != null) { Enumeration e = excluded.getObjects(); while (e.hasMoreElements()) { GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); GeneralName base = subtree.getBase(); switch(base.getTagNo()) { case 1: excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); break; case 4: excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName()); break; case 7: excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); break; } } } } // // (h) // if (!isSelfIssued(cert)) { // // (1) // if (explicitPolicy != 0) { explicitPolicy--; } // // (2) // if (policyMapping != 0) { policyMapping--; } // // (3) // if (inhibitAnyPolicy != 0) { inhibitAnyPolicy--; } } // // (i) // ASN1Sequence pc = (ASN1Sequence)getExtensionValue(cert, POLICY_CONSTRAINTS); if (pc != null) { Enumeration policyConstraints = pc.getObjects(); while (policyConstraints.hasMoreElements()) { ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); switch (constraint.getTagNo()) { case 0: tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); if (tmpInt < explicitPolicy) { explicitPolicy = tmpInt; } break; case 1: tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); if (tmpInt < policyMapping) { policyMapping = tmpInt; } break; } } } // // (j) // DERInteger iap = (DERInteger)getExtensionValue(cert, INHIBIT_ANY_POLICY); if (iap != null) { int _inhibitAnyPolicy = iap.getValue().intValue();⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?