List of usage examples for org.bouncycastle.asn1.x509 CertPolicyId getId
public String getId()
From source file:org.xipki.ca.qa.impl.X509CertprofileQAImpl.java
License:Open Source License
private void checkExtensionPolicyMappings(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestExtensions, final ExtensionControl extControl) { QaPolicyMappingsOption conf = policyMappings; if (conf == null) { byte[] expected = getExpectedExtValue(Extension.policyMappings, requestExtensions, extControl); if (Arrays.equals(expected, extensionValue) == false) { failureMsg.append("extension valus is '" + hex(extensionValue) + "' but expected '" + (expected == null ? "not present" : hex(expected)) + "'"); failureMsg.append("; "); }//w w w . j a v a 2 s . c o m return; } ASN1Sequence iPolicyMappings = DERSequence.getInstance(extensionValue); Map<String, String> iMap = new HashMap<>(); int size = iPolicyMappings.size(); for (int i = 0; i < size; i++) { ASN1Sequence seq = (ASN1Sequence) iPolicyMappings.getObjectAt(i); CertPolicyId issuerDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(0)); CertPolicyId subjectDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(1)); iMap.put(issuerDomainPolicy.getId(), subjectDomainPolicy.getId()); } Set<String> eIssuerDomainPolicies = conf.getIssuerDomainPolicies(); for (String eIssuerDomainPolicy : eIssuerDomainPolicies) { String eSubjectDomainPolicy = conf.getSubjectDomainPolicy(eIssuerDomainPolicy); String iSubjectDomainPolicy = iMap.remove(eIssuerDomainPolicy); if (iSubjectDomainPolicy == null) { failureMsg.append("issuerDomainPolicy '").append(eIssuerDomainPolicy) .append("' is absent but is required"); failureMsg.append("; "); } else if (iSubjectDomainPolicy.equals(eSubjectDomainPolicy) == false) { failureMsg.append("subjectDomainPolicy for issuerDomainPolicy is '" + iSubjectDomainPolicy + "' but expected '" + eSubjectDomainPolicy + "'"); failureMsg.append("; "); } } if (CollectionUtil.isNotEmpty(iMap)) { failureMsg.append("issuerDomainPolicies '" + iMap.keySet() + "' are present but not expected"); failureMsg.append("; "); } }
From source file:org.xipki.pki.ca.qa.ExtensionsChecker.java
License:Open Source License
private void checkExtensionPolicyMappings(final StringBuilder failureMsg, final byte[] extensionValue, final Extensions requestedExtensions, final ExtensionControl extControl) { QaPolicyMappingsOption conf = policyMappings; if (conf == null) { byte[] expected = getExpectedExtValue(Extension.policyMappings, requestedExtensions, extControl); if (!Arrays.equals(expected, extensionValue)) { addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected)); }//from w w w . ja va2 s. co m return; } ASN1Sequence isPolicyMappings = DERSequence.getInstance(extensionValue); Map<String, String> isMap = new HashMap<>(); int size = isPolicyMappings.size(); for (int i = 0; i < size; i++) { ASN1Sequence seq = ASN1Sequence.getInstance(isPolicyMappings.getObjectAt(i)); CertPolicyId issuerDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(0)); CertPolicyId subjectDomainPolicy = CertPolicyId.getInstance(seq.getObjectAt(1)); isMap.put(issuerDomainPolicy.getId(), subjectDomainPolicy.getId()); } Set<String> expIssuerDomainPolicies = conf.getIssuerDomainPolicies(); for (String expIssuerDomainPolicy : expIssuerDomainPolicies) { String expSubjectDomainPolicy = conf.getSubjectDomainPolicy(expIssuerDomainPolicy); String isSubjectDomainPolicy = isMap.remove(expIssuerDomainPolicy); if (isSubjectDomainPolicy == null) { failureMsg.append("issuerDomainPolicy '").append(expIssuerDomainPolicy) .append("' is absent but is required; "); } else if (!isSubjectDomainPolicy.equals(expSubjectDomainPolicy)) { addViolation(failureMsg, "subjectDomainPolicy for issuerDomainPolicy", isSubjectDomainPolicy, expSubjectDomainPolicy); } } if (CollectionUtil.isNonEmpty(isMap)) { failureMsg.append("issuerDomainPolicies '").append(isMap.keySet()); failureMsg.append("' are present but not expected; "); } }