📄 rfc3280certpathutilities.java
字号:
try { crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded()); } catch (IOException e) { throw new AnnotatedException("Cannot extract issuer from CRL." + e, e); } crlselect.setCompleteCRLEnabled(true); // get complete CRL(s) try { completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getAdditionalStores())); completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getStores())); completeSet.addAll(CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores())); } catch (AnnotatedException e) { throw new AnnotatedException("Exception obtaining complete CRLs.", e); } if (paramsPKIX.isUseDeltasEnabled()) { // get delta CRL(s) try { deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl)); } catch (AnnotatedException e) { throw new AnnotatedException("Exception obtaining delta CRLs.", e); } } return new Set[] { completeSet, deltaSet}; } /** * If use-deltas is set, verify the issuer and scope of the delta CRL. * * @param deltaCRL The delta CRL. * @param completeCRL The complete CRL. * @param pkixParams The PKIX paramaters. * @throws AnnotatedException if an exception occurs. */ protected static void processCRLC( X509CRL deltaCRL, X509CRL completeCRL, ExtendedPKIXParameters pkixParams) throws AnnotatedException { if (deltaCRL == null) { return; } IssuingDistributionPoint completeidp = null; try { completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue( completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); } catch (Exception e) { throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e); } if (pkixParams.isUseDeltasEnabled()) { // (c) (1) if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal())) { throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer."); } // (c) (2) IssuingDistributionPoint deltaidp = null; try { deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue( deltaCRL, ISSUING_DISTRIBUTION_POINT)); } catch (Exception e) { throw new AnnotatedException( "Issuing distribution point extension from delta CRL could not be decoded.", e); } boolean match = false; if (completeidp == null) { if (deltaidp == null) { match = true; } } else { if (completeidp.equals(deltaidp)) { match = true; } } if (!match) { throw new AnnotatedException( "Issuing distribution point extension from delta CRL and complete CRL does not match."); } // (c) (3) DERObject completeKeyIdentifier = null; try { completeKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( completeCRL, AUTHORITY_KEY_IDENTIFIER); } catch (AnnotatedException e) { throw new AnnotatedException( "Authority key identifier extension could not be extracted from complete CRL.", e); } DERObject deltaKeyIdentifier = null; try { deltaKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( deltaCRL, AUTHORITY_KEY_IDENTIFIER); } catch (AnnotatedException e) { throw new AnnotatedException( "Authority key identifier extension could not be extracted from delta CRL.", e); } if (completeKeyIdentifier == null) { throw new AnnotatedException("CRL authority key identifier is null."); } if (deltaKeyIdentifier == null) { throw new AnnotatedException("Delta CRL authority key identifier is null."); } if (!completeKeyIdentifier.equals(deltaKeyIdentifier)) { throw new AnnotatedException( "Delta CRL authority key identifier does not match complete CRL authority key identifier."); } } } protected static void processCRLI( Date validDate, X509CRL deltacrl, Object cert, CertStatus certStatus, ExtendedPKIXParameters pkixParams) throws AnnotatedException { if (pkixParams.isUseDeltasEnabled() && deltacrl != null) { CertPathValidatorUtilities.getCertStatus(validDate, deltacrl, cert, certStatus); } } protected static void processCRLJ( Date validDate, X509CRL completecrl, Object cert, CertStatus certStatus) throws AnnotatedException { if (certStatus.getCertStatus() == CertStatus.UNREVOKED) { CertPathValidatorUtilities.getCertStatus(validDate, completecrl, cert, certStatus); } } protected static PKIXPolicyNode prepareCertB( CertPath certPath, int index, List[] policyNodes, PKIXPolicyNode validPolicyTree, int policyMapping) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int n = certs.size(); // i as defined in the algorithm description int i = n - index; // (b) // ASN1Sequence pm = null; try { pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS)); } catch (AnnotatedException ex) { throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index); } PKIXPolicyNode _validPolicyTree = validPolicyTree; if (pm != null) { ASN1Sequence mappings = (ASN1Sequence)pm; Map m_idp = new HashMap(); Set s_idp = new HashSet(); for (int j = 0; j < mappings.size(); j++) { ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId(); String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId(); Set tmp; if (!m_idp.containsKey(id_p)) { tmp = new HashSet(); tmp.add(sd_p); m_idp.put(id_p, tmp); s_idp.add(id_p); } else { tmp = (Set)m_idp.get(id_p); tmp.add(sd_p); } } Iterator it_idp = s_idp.iterator(); while (it_idp.hasNext()) { String id_p = (String)it_idp.next(); // // (1) // if (policyMapping > 0) { boolean idp_found = false; Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (node.getValidPolicy().equals(id_p)) { idp_found = true; node.expectedPolicies = (Set)m_idp.get(id_p); break; } } if (!idp_found) { nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (RFC3280CertPathUtilities.ANY_POLICY.equals(node.getValidPolicy())) { Set pq = null; ASN1Sequence policies = null; try { policies = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException( "Certificate policies extension could not be decoded.", e, certPath, index); } Enumeration e = policies.getObjects(); while (e.hasMoreElements()) { PolicyInformation pinfo = null; try { pinfo = PolicyInformation.getInstance(e.nextElement()); } catch (Exception ex) { throw new CertPathValidatorException( "Policy information could not be decoded.", ex, certPath, index); } if (RFC3280CertPathUtilities.ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) { try { pq = CertPathValidatorUtilities .getQualifierSet(pinfo.getPolicyQualifiers()); } catch (CertPathValidatorException ex) { throw new ExtCertPathValidatorException( "Policy qualifier info set could not be decoded.", ex, certPath, index); } break; } } boolean ci = false; if (cert.getCriticalExtensionOIDs() != null) { ci = cert.getCriticalExtensionOIDs().contains( RFC3280CertPathUtilities.CERTIFICATE_POLICIES); } PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); if (RFC3280CertPathUtilities.ANY_POLICY.equals(p_node.getValidPolicy())) { PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set)m_idp .get(id_p), p_node, pq, id_p, ci); p_node.addChild(c_node); policyNodes[i].add(c_node); } break; } } } // // (2) // } else if (policyMapping <= 0) { Iterator nodes_i = policyNodes[i].iterator(); while (nodes_i.hasNext()) { PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); if (node.getValidPolicy().equals(id_p)) { PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); p_node.removeChild(node); nodes_i.remove(); for (int k = (i - 1); k >= 0; k--) { List nodes = policyNodes[k]; for (int l = 0; l < nodes.size(); l++)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -