reverseCertList.add(0, c);
}
boolean policyMappingFound = false;
for (X509Certificate cpListCert : reverseCertList) {
X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert);
PolicyMappingsExtension policyMappingsExt =
cpListCertImpl.getPolicyMappingsExtension();
if (policyMappingsExt != null) {
policyMappingFound = true;
}
if (debug != null)
debug.println("policyMappingFound = " + policyMappingFound);
if (cert.equals(cpListCert)){
if ((buildParams.isPolicyMappingInhibited()) ||
(!policyMappingFound)){
if (debug != null)
debug.println("loop detected!!");
throw new CertPathValidatorException("loop detected");
}
}
}
}
/* check if target cert */
boolean finalCert = cert.getSubjectX500Principal().equals(targetSubjectDN);
/* check if CA cert */
boolean caCert = (cert.getBasicConstraints() != -1 ? true : false);
/* if there are more certs to follow, verify certain constraints */
if (!finalCert) {
/* check if CA cert */
if (!caCert)
throw new CertPathValidatorException("cert is NOT a CA cert");
/* If the certificate was not self-issued, verify that
* remainingCerts is greater than zero
*/
if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) {
throw new CertPathValidatorException
("pathLenConstraint violated, path too long");
}
/*
* Check keyUsage extension (only if CA cert and not final cert)
*/
KeyChecker.verifyCAKeyUsage(cert);
} else {
/*
* If final cert, check that it satisfies specified target
* constraints
*/
if (targetCertConstraints.match(cert) == false) {
throw new CertPathValidatorException("target certificate " +
"constraints check failed");
}
}
/*
* Check revocation.
*/
if (buildParams.isRevocationEnabled()) {
currentState.crlChecker.check(cert,
currentState.pubKey,
currentState.crlSign);
}
/* Check name constraints if this is not a self-issued cert */
if (finalCert || !X509CertImpl.isSelfIssued(cert)){
if (currentState.nc != null){
try {
if (!currentState.nc.verify(cert)){
throw new CertPathValidatorException
("name constraints check failed");
}
} catch (IOException ioe){
throw new CertPathValidatorException(ioe);
}
}
}
/*
* Check policy
*/
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
currentState.rootNode = PolicyChecker.processPolicies
(currentState.certIndex, initPolicies,
currentState.explicitPolicy, currentState.policyMapping,
currentState.inhibitAnyPolicy,
buildParams.getPolicyQualifiersRejected(), currentState.rootNode,