📄 rfc3280certpathutilities.java
字号:
{ PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); if (!node2.hasChildren()) { _validPolicyTree = CertPathValidatorUtilities.removePolicyNode( _validPolicyTree, policyNodes, node2); if (_validPolicyTree == null) { break; } } } } } } } } } return _validPolicyTree; } protected static void prepareNextCertA( CertPath certPath, int index) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // // (a) check the policy mappings // ASN1Sequence pm = null; try { pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.POLICY_MAPPINGS)); } catch (AnnotatedException ex) { throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, index); } if (pm != null) { ASN1Sequence mappings = pm; for (int j = 0; j < mappings.size(); j++) { DERObjectIdentifier issuerDomainPolicy = null; DERObjectIdentifier subjectDomainPolicy = null; try { ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j)); issuerDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(0)); subjectDomainPolicy = DERObjectIdentifier.getInstance(mapping.getObjectAt(1)); } catch (Exception e) { throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", e, certPath, index); } if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) { throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index); } if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) { throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index); } } } } protected static void processCertF( CertPath certPath, int index, PKIXPolicyNode validPolicyTree, int explicitPolicy) throws CertPathValidatorException { // // (f) // if (explicitPolicy <= 0 && validPolicyTree == null) { throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath, index); } } protected static PKIXPolicyNode processCertE( CertPath certPath, int index, PKIXPolicyNode validPolicyTree) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); // // (e) // ASN1Sequence certPolicies = null; try { certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES)); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index); } if (certPolicies == null) { validPolicyTree = null; } return validPolicyTree; } protected static void processCertBC( CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int n = certs.size(); // i as defined in the algorithm description int i = n - index; // // (b), (c) permitted and excluded subtree checking. // if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) { X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert); ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded()); ASN1Sequence dns; try { dns = DERSequence.getInstance(aIn.readObject()); } catch (Exception e) { throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index); } try { nameConstraintValidator.checkPermittedDN(dns); nameConstraintValidator.checkExcludedDN(dns); } catch (PKIXNameConstraintValidatorException e) { throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index); } GeneralNames altName = null; try { altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME)); } catch (Exception e) { throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index); } Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress); for (Enumeration e = emails.elements(); e.hasMoreElements();) { String email = (String)e.nextElement(); GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email); try { nameConstraintValidator.checkPermitted(emailAsGeneralName); nameConstraintValidator.checkExcluded(emailAsGeneralName); } catch (PKIXNameConstraintValidatorException ex) { throw new CertPathValidatorException( "Subtree check for certificate subject alternative email failed.", ex, certPath, index); } } if (altName != null) { GeneralName[] genNames = null; try { genNames = altName.getNames(); } catch (Exception e) { throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index); } for (int j = 0; j < genNames.length; j++) { try { nameConstraintValidator.checkPermitted(genNames[j]); nameConstraintValidator.checkExcluded(genNames[j]); } catch (PKIXNameConstraintValidatorException e) { throw new CertPathValidatorException( "Subtree check for certificate subject alternative name failed.", e, certPath, index); } } } } } protected static PKIXPolicyNode processCertD( CertPath certPath, int index, Set acceptablePolicies, PKIXPolicyNode validPolicyTree, List[] policyNodes, int inhibitAnyPolicy) throws CertPathValidatorException { List certs = certPath.getCertificates(); X509Certificate cert = (X509Certificate)certs.get(index); int n = certs.size(); // i as defined in the algorithm description int i = n - index; // // (d) policy Information checking against initial policy and // policy mapping // ASN1Sequence certPolicies = null; try { certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.CERTIFICATE_POLICIES)); } catch (AnnotatedException e) { throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", e, certPath, index); } if (certPolicies != null && validPolicyTree != null) { // // (d) (1) // Enumeration e = certPolicies.getObjects(); Set pols = new HashSet(); while (e.hasMoreElements()) { PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); DERObjectIdentifier pOid = pInfo.getPolicyIdentifier(); pols.add(pOid.getId()); if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId())) { Set pq = null; try { pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); } catch (CertPathValidatorException ex) { throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex, certPath, index); } boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq); if (!match) { CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq); } } } if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY)) { acceptablePolicies.clear(); acceptablePolicies.addAll(pols); } else { Iterator it = acceptablePolicies.iterator(); Set t1 = new HashSet(); while (it.hasNext()) { Object o = it.next(); if (pols.contains(o)) { t1.add(o); } } acceptablePolicies.clear(); acceptablePolicies.addAll(t1); } // // (d) (2) // if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert))) { e = certPolicies.getObjects(); while (e.hasMoreElements()) { PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) { Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); List _nodes = policyNodes[i - 1]; for (int k = 0; k < _nodes.size(); k++) { PKIXPolicyNode _node = (PKIXPolicyNode)_nodes.get(k); Iterator _policySetIter = _node.getExpectedPolicies().iterator(); while (_policySetIter.hasNext()) { Object _tmp = _policySetIter.next(); String _policy; if (_tmp instanceof String) { _policy = (String)_tmp; } else if (_tmp instanceof DERObjectIdentifier) { _policy = ((DERObjectIdentifier)_tmp).getId(); } else⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -