org.bouncycastle.asn1.x509.PolicyQualifierId Java Examples

The following examples show how to use org.bouncycastle.asn1.x509.PolicyQualifierId. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DSSASN1Utils.java    From dss with GNU Lesser General Public License v2.1 5 votes vote down vote up 
public static List<CertificatePolicy> getCertificatePolicies(final CertificateToken certToken) {
	List<CertificatePolicy> certificatePolicies = new ArrayList<>();
	final byte[] certificatePoliciesBinaries = certToken.getCertificate().getExtensionValue(Extension.certificatePolicies.getId());
	if (Utils.isArrayNotEmpty(certificatePoliciesBinaries)) {
		try {
			ASN1Sequence seq = getAsn1SequenceFromDerOctetString(certificatePoliciesBinaries);
			for (int ii = 0; ii < seq.size(); ii++) {
				CertificatePolicy cp = new CertificatePolicy();
				final PolicyInformation policyInfo = PolicyInformation.getInstance(seq.getObjectAt(ii));
				cp.setOid(policyInfo.getPolicyIdentifier().getId());
				ASN1Sequence policyQualifiersSeq = policyInfo.getPolicyQualifiers();
				if (policyQualifiersSeq != null) {
					for (int jj = 0; jj < policyQualifiersSeq.size(); jj++) {
						PolicyQualifierInfo pqi = PolicyQualifierInfo.getInstance(policyQualifiersSeq.getObjectAt(jj));
						if (PolicyQualifierId.id_qt_cps.equals(pqi.getPolicyQualifierId())) {
							cp.setCpsUrl(getString(pqi.getQualifier()));
						}
					}
				}
				certificatePolicies.add(cp);
			}
		} catch (Exception e) {
			LOG.warn("Unable to parse the certificatePolicies extension '{}' : {}", Utils.toBase64(certificatePoliciesBinaries), e.getMessage(), e);
		}
	}
	return certificatePolicies;
}
Example #2
Source File: ExtensionsChecker.java    From xipki with Apache License 2.0 4 votes vote down vote up 
private void checkExtnCertificatePolicies(StringBuilder failureMsg, byte[] extensionValue,
    Extensions requestedExtns, ExtensionControl extControl) {
  CertificatePolicies conf = certificatePolicies;
  if (conf == null) {
    checkConstantExtnValue(Extension.certificatePolicies, failureMsg, extensionValue,
        requestedExtns, extControl);
    return;
  }

  Map<String, CertificatePolicyInformationType> expPoliciesMap = new HashMap<>();
  for (CertificatePolicyInformationType cp : conf.getCertificatePolicyInformations()) {
    expPoliciesMap.put(cp.getPolicyIdentifier().getOid(), cp);
  }
  Set<String> expPolicyIds = new HashSet<>(expPoliciesMap.keySet());

  org.bouncycastle.asn1.x509.CertificatePolicies asn1 =
      org.bouncycastle.asn1.x509.CertificatePolicies.getInstance(extensionValue);
  PolicyInformation[] isPolicyInformations = asn1.getPolicyInformation();

  for (PolicyInformation isPolicyInformation : isPolicyInformations) {
    ASN1ObjectIdentifier isPolicyId = isPolicyInformation.getPolicyIdentifier();
    expPolicyIds.remove(isPolicyId.getId());
    CertificatePolicyInformationType expCp = expPoliciesMap.get(isPolicyId.getId());
    if (expCp == null) {
      failureMsg.append("certificate policy '").append(isPolicyId).append("' is not expected; ");
      continue;
    }

    List<PolicyQualifier> expCpPq = expCp.getPolicyQualifiers();
    if (CollectionUtil.isEmpty(expCpPq)) {
      continue;
    }

    ASN1Sequence isPolicyQualifiers = isPolicyInformation.getPolicyQualifiers();
    List<String> isCpsUris = new LinkedList<>();
    List<String> isUserNotices = new LinkedList<>();

    int size = isPolicyQualifiers.size();
    for (int i = 0; i < size; i++) {
      PolicyQualifierInfo isPolicyQualifierInfo =
          PolicyQualifierInfo.getInstance(isPolicyQualifiers.getObjectAt(i));
      ASN1ObjectIdentifier isPolicyQualifierId = isPolicyQualifierInfo.getPolicyQualifierId();
      ASN1Encodable isQualifier = isPolicyQualifierInfo.getQualifier();
      if (PolicyQualifierId.id_qt_cps.equals(isPolicyQualifierId)) {
        String isCpsUri = DERIA5String.getInstance(isQualifier).getString();
        isCpsUris.add(isCpsUri);
      } else if (PolicyQualifierId.id_qt_unotice.equals(isPolicyQualifierId)) {
        UserNotice isUserNotice = UserNotice.getInstance(isQualifier);
        if (isUserNotice.getExplicitText() != null) {
          isUserNotices.add(isUserNotice.getExplicitText().getString());
        }
      }
    }

    for (PolicyQualifier qualifierInfo : expCpPq) {
      String value = qualifierInfo.getValue();
      switch (qualifierInfo.getType()) {
        case cpsUri:
          if (!isCpsUris.contains(value)) {
            failureMsg.append("CPSUri '").append(value).append("' is absent but is required; ");
          }
          continue;
        case userNotice:
          if (!isUserNotices.contains(value)) {
            failureMsg.append("userNotice '").append(value)
              .append("' is absent but is required; ");
          }
          continue;
        default:
          throw new IllegalStateException("should not reach here");
      }
    }
  }

  for (String policyId : expPolicyIds) {
    failureMsg.append("certificate policy '").append(policyId)
      .append("' is absent but is required; ");
  }
}