Package org.bouncycastle.asn1.x509

Examples of org.bouncycastle.asn1.x509.IssuingDistributionPoint

        DistributionPoint dp,
        Object cert,
        X509CRL crl)
        throws AnnotatedException
        IssuingDistributionPoint idp = null;
            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
        // (b) (2) (i)
        // distribution point name is present
        if (idp != null)
            if (idp.getDistributionPoint() != null)
                // make list of names
                DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
                List names = new ArrayList();

                if (dpName.getType() == DistributionPointName.FULL_NAME)
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    for (int j = 0; j < genNames.length; j++)
                if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                        Enumeration e = ASN1Sequence.getInstance(
                        while (e.hasMoreElements())
                    catch (IOException e)
                        throw new AnnotatedException("Could not read CRL issuer.", e);
                    names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
                boolean matches = false;
                // verify that one of the names in the IDP matches one
                // of the names in the DP.
                if (dp.getDistributionPoint() != null)
                    dpName = dp.getDistributionPoint();
                    GeneralName[] genNames = null;
                    if (dpName.getType() == DistributionPointName.FULL_NAME)
                        genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
                        if (dp.getCRLIssuer() != null)
                            genNames = dp.getCRLIssuer().getNames();
                            genNames = new GeneralName[1];
                                genNames[0] = new GeneralName(new X509Name(
                            catch (IOException e)
                                throw new AnnotatedException("Could not read certificate issuer.", e);
                        for (int j = 0; j < genNames.length; j++)
                            Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
                            ASN1EncodableVector vec = new ASN1EncodableVector();
                            while (e.hasMoreElements())
                            genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
                    if (genNames != null)
                        for (int j = 0; j < genNames.length; j++)
                            if (names.contains(genNames[j]))
                                matches = true;
                    if (!matches)
                        throw new AnnotatedException(
                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                // verify that one of the names in
                // the IDP matches one of the names in the cRLIssuer field of
                // the DP
                    if (dp.getCRLIssuer() == null)
                        throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must "
                            + "be contained in DistributionPoint.");
                    GeneralName[] genNames = dp.getCRLIssuer().getNames();
                    for (int j = 0; j < genNames.length; j++)
                        if (names.contains(genNames[j]))
                            matches = true;
                    if (!matches)
                        throw new AnnotatedException(
                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
            BasicConstraints bc = null;
                bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension)cert,
            catch (Exception e)
                throw new AnnotatedException("Basic constraints extension could not be decoded.", e);

            if (cert instanceof X509Certificate)
                // (b) (2) (ii)
                if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                    throw new AnnotatedException("CA Cert CRL only contains user certificates.");

                // (b) (2) (iii)
                if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                    throw new AnnotatedException("End CRL only contains CA certificates.");

            // (b) (2) (iv)
            if (idp.onlyContainsAttributeCerts())
                throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
View Full Code Here

    protected static ReasonsMask processCRLD(
        X509CRL crl,
        DistributionPoint dp)
        throws AnnotatedException
        IssuingDistributionPoint idp = null;
            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
        // (d) (1)
        if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null)
            return new ReasonsMask(dp.getReasons().intValue()).intersect(new ReasonsMask(idp.getOnlySomeReasons()
        // (d) (4)
        if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null)
            return ReasonsMask.allReasons;
        // (d) (2) and (d)(3)
        return (dp.getReasons() == null
            ? ReasonsMask.allReasons
            : new ReasonsMask(dp.getReasons().intValue())).intersect(idp == null
            ? ReasonsMask.allReasons
            : new ReasonsMask(idp.getOnlySomeReasons().intValue()));

View Full Code Here

        if (deltaCRL == null)
        IssuingDistributionPoint completeidp = null;
            completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
                completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);

        if (pkixParams.isUseDeltasEnabled())
            // (c) (1)
            if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal()))
                throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");

            // (c) (2)
            IssuingDistributionPoint deltaidp = null;
                deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
                    deltaCRL, ISSUING_DISTRIBUTION_POINT));
View Full Code Here


            if (idp != null)
                IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                BasicConstraints bc = null;
                    bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
                catch (AnnotatedException ae)
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError");
                    throw new CertPathReviewerException(msg,ae);
                if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert");
                    throw new CertPathReviewerException(msg);
                if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert");
                    throw new CertPathReviewerException(msg);
                if (p.onlyContainsAttributeCerts())
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyAttrCert");
                    throw new CertPathReviewerException(msg);
View Full Code Here


                        if (idp != null)
                            IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                            BasicConstraints    bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
                            if (p.onlyContainsUserCerts() && (bc == null || bc.isCA()))
                                throw new CertPathValidatorException("CA Cert CRL only contains user certificates");
                            if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                                throw new CertPathValidatorException("End CRL only contains CA certificates");
                            if (p.onlyContainsAttributeCerts())
                                throw new CertPathValidatorException("onlyContainsAttributeCerts boolean is asserted");
View Full Code Here


            if (idp != null)
                IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                BasicConstraints bc = null;
                    bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS));
                catch (AnnotatedException ae)
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError");
                    throw new CertPathReviewerException(msg,ae);
                if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert");
                    throw new CertPathReviewerException(msg);
                if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert");
                    throw new CertPathReviewerException(msg);
                if (p.onlyContainsAttributeCerts())
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyAttrCert");
                    throw new CertPathReviewerException(msg);
View Full Code Here

                if (idp != null)
                    IssuingDistributionPoint    p = IssuingDistributionPoint.getInstance(idp);
                    BasicConstraints    bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, BASIC_CONSTRAINTS));
                    if (p.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                        throw new AnnotatedException("CA Cert CRL only contains user certificates");
                    if (p.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                        throw new AnnotatedException("End CRL only contains CA certificates");
                    if (p.onlyContainsAttributeCerts())
                        throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted");
View Full Code Here

        DistributionPoint dp,
        Object cert,
        X509CRL crl)
        throws AnnotatedException
        IssuingDistributionPoint idp = null;
            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
        // (b) (2) (i)
        // distribution point name is present
        if (idp != null)
            if (idp.getDistributionPoint() != null)
                // make list of names
                DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint();
                List names = new ArrayList();

                if (dpName.getType() == DistributionPointName.FULL_NAME)
                    GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    for (int j = 0; j < genNames.length; j++)
                if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
                    ASN1EncodableVector vec = new ASN1EncodableVector();
                        Enumeration e = ASN1Sequence.getInstance(
                        while (e.hasMoreElements())
                    catch (IOException e)
                        throw new AnnotatedException("Could not read CRL issuer.", e);
                    names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec))));
                boolean matches = false;
                // verify that one of the names in the IDP matches one
                // of the names in the DP.
                if (dp.getDistributionPoint() != null)
                    dpName = dp.getDistributionPoint();
                    GeneralName[] genNames = null;
                    if (dpName.getType() == DistributionPointName.FULL_NAME)
                        genNames = GeneralNames.getInstance(dpName.getName()).getNames();
                    if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER)
                        if (dp.getCRLIssuer() != null)
                            genNames = dp.getCRLIssuer().getNames();
                            genNames = new GeneralName[1];
                                genNames[0] = new GeneralName(new X509Name(
                            catch (IOException e)
                                throw new AnnotatedException("Could not read certificate issuer.", e);
                        for (int j = 0; j < genNames.length; j++)
                            Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().getDERObject()).getObjects();
                            ASN1EncodableVector vec = new ASN1EncodableVector();
                            while (e.hasMoreElements())
                            genNames[j] = new GeneralName(new X509Name(new DERSequence(vec)));
                    if (genNames != null)
                        for (int j = 0; j < genNames.length; j++)
                            if (names.contains(genNames[j]))
                                matches = true;
                    if (!matches)
                        throw new AnnotatedException(
                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
                // verify that one of the names in
                // the IDP matches one of the names in the cRLIssuer field of
                // the DP
                    if (dp.getCRLIssuer() == null)
                        throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must "
                            + "be contained in DistributionPoint.");
                    GeneralName[] genNames = dp.getCRLIssuer().getNames();
                    for (int j = 0; j < genNames.length; j++)
                        if (names.contains(genNames[j]))
                            matches = true;
                    if (!matches)
                        throw new AnnotatedException(
                            "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point.");
            BasicConstraints bc = null;
                bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension)cert,
            catch (Exception e)
                throw new AnnotatedException("Basic constraints extension could not be decoded.", e);

            if (cert instanceof X509Certificate)
                // (b) (2) (ii)
                if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA()))
                    throw new AnnotatedException("CA Cert CRL only contains user certificates.");

                // (b) (2) (iii)
                if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA()))
                    throw new AnnotatedException("End CRL only contains CA certificates.");

            // (b) (2) (iv)
            if (idp.onlyContainsAttributeCerts())
                throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted.");
View Full Code Here

    protected static ReasonsMask processCRLD(
        X509CRL crl,
        DistributionPoint dp)
        throws AnnotatedException
        IssuingDistributionPoint idp = null;
            idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl,
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);
        // (d) (1)
        if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null)
            return new ReasonsMask(dp.getReasons().intValue()).intersect(new ReasonsMask(idp.getOnlySomeReasons()
        // (d) (4)
        if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null)
            return ReasonsMask.allReasons;
        // (d) (2) and (d)(3)
        return (dp.getReasons() == null
            ? ReasonsMask.allReasons
            : new ReasonsMask(dp.getReasons().intValue())).intersect(idp == null
            ? ReasonsMask.allReasons
            : new ReasonsMask(idp.getOnlySomeReasons().intValue()));

View Full Code Here

        if (deltaCRL == null)
        IssuingDistributionPoint completeidp = null;
            completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
                completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT));
        catch (Exception e)
            throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e);

        if (pkixParams.isUseDeltasEnabled())
            // (c) (1)
            if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal()))
                throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer.");

            // (c) (2)
            IssuingDistributionPoint deltaidp = null;
                deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(
                    deltaCRL, ISSUING_DISTRIBUTION_POINT));
View Full Code Here


Related Classes of org.bouncycastle.asn1.x509.IssuingDistributionPoint

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact