Package org.bouncycastle.jce.provider

Examples of org.bouncycastle.jce.provider.PKIXNameConstraints

        // Setup
        // (b)  and (c)
        PKIXNameConstraints nameConstraints = new PKIXNameConstraints();

        // process each certificate except the last in the path
        int index;
        int i;
            for (index = certs.size()-1; index>0; index--)
                i = n - index;
                // certificate processing
                cert = (X509Certificate) certs.get(index);
                // b),c)
                if (!isSelfIssued(cert))
                    X500Principal principal = getSubjectPrincipal(cert);
                    ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded()));
                    ASN1Sequence    dns;
                        dns = (ASN1Sequence)aIn.readObject();
                    catch (IOException e)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncSubjectNameError",
                                new Object[] {new UntrustedInput(principal)});
                        throw new CertPathReviewerException(msg,e,certPath,index);
                    catch (CertPathValidatorException cpve)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
                                new Object[] {new UntrustedInput(principal.getName())});
                        throw new CertPathReviewerException(msg,cpve,certPath,index);
                    catch (CertPathValidatorException cpve)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
                                new Object[] {new UntrustedInput(principal.getName())});
                        throw new CertPathReviewerException(msg,cpve,certPath,index);
                    ASN1Sequence altName;
                        altName = (ASN1Sequence)getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME);
                    catch (AnnotatedException ae)
                        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.subjAltNameExtError");
                        throw new CertPathReviewerException(msg,ae,certPath,index);
                    if (altName != null)
                        for (int j = 0; j < altName.size(); j++)
                            GeneralName name = GeneralName.getInstance(altName.getObjectAt(j));

                            catch (CertPathValidatorException cpve)
                                ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
                                        new Object[] {new UntrustedInput(name)});
                                throw new CertPathReviewerException(msg,cpve,certPath,index);
//                            switch(o.getTagNo())            TODO - move resources to PKIXNameConstraints
//                            {
//                            case 1:
//                                String email = DERIA5String.getInstance(o, true).getString();
//                                try
//                                {
//                                    checkPermittedEmail(permittedSubtreesEmail, email);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail",
//                                            new Object[] {new UntrustedInput(email)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedEmail(excludedSubtreesEmail, email);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail",
//                                            new Object[] {new UntrustedInput(email)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                break;
//                            case 4:
//                                ASN1Sequence altDN = ASN1Sequence.getInstance(o, true);
//                                try
//                                {
//                                    checkPermittedDN(permittedSubtreesDN, altDN);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    X509Name altDNName = new X509Name(altDN);
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN",
//                                            new Object[] {new UntrustedInput(altDNName)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedDN(excludedSubtreesDN, altDN);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    X509Name altDNName = new X509Name(altDN);
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN",
//                                            new Object[] {new UntrustedInput(altDNName)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                break;
//                            case 7:
//                                byte[] ip = ASN1OctetString.getInstance(o, true).getOctets();
//                                try
//                                {
//                                    checkPermittedIP(permittedSubtreesIP, ip);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP",
//                                            new Object[] {IPtoString(ip)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                                try
//                                {
//                                    checkExcludedIP(excludedSubtreesIP, ip);
//                                }
//                                catch (CertPathValidatorException cpve)
//                                {
//                                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP",
//                                            new Object[] {IPtoString(ip)});
//                                    throw new CertPathReviewerException(msg,cpve,certPath,index);
//                                }
//                            }
                // prepare for next certificate
                // (g) handle the name constraints extension
                ASN1Sequence ncSeq;
                    ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS);
                catch (AnnotatedException ae)
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncExtError");
                    throw new CertPathReviewerException(msg,ae,certPath,index);
                if (ncSeq != null)
                    NameConstraints nc = new NameConstraints(ncSeq);

                    // (g) (1) permitted subtrees
                    ASN1Sequence permitted = nc.getPermittedSubtrees();
                    if (permitted != null)
                        Enumeration e = permitted.getObjects();
                        while (e.hasMoreElements())
                            GeneralSubtree  subtree = GeneralSubtree.getInstance(e.nextElement());

                    // (g) (2) excluded subtrees
                    ASN1Sequence excluded = nc.getExcludedSubtrees();
                    if (excluded != null)
                        Enumeration e = excluded.getObjects();
                        while (e.hasMoreElements())
                            GeneralSubtree  subtree = GeneralSubtree.getInstance(e.nextElement());

            } // for
View Full Code Here


Related Classes of org.bouncycastle.jce.provider.PKIXNameConstraints

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact