List of usage examples for org.bouncycastle.x509 CertPathReviewerException CertPathReviewerException
public CertPathReviewerException(ErrorBundle errorMessage, Throwable throwable)
From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer.java
License:Open Source License
private void checkCriticalExtensions() { // /*from w w w . ja v a2 s. com*/ // initialise CertPathChecker's // List pathCheckers = pkixParams.getCertPathCheckers(); Iterator certIter = pathCheckers.iterator(); try { try { while (certIter.hasNext()) { ((PKIXCertPathChecker) certIter.next()).init(false); } } catch (CertPathValidatorException cpve) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certPathCheckerError", new Object[] { cpve.getMessage(), cpve, cpve.getClass().getName() }); throw new CertPathReviewerException(msg, cpve); } // // process critical extesions for each certificate // X509Certificate cert = null; int index; for (index = certs.size() - 1; index >= 0; index--) { cert = (X509Certificate) certs.get(index); Set criticalExtensions = cert.getCriticalExtensionOIDs(); if (criticalExtensions == null || criticalExtensions.isEmpty()) { continue; } // remove already processed extensions criticalExtensions.remove(KEY_USAGE); criticalExtensions.remove(CERTIFICATE_POLICIES); criticalExtensions.remove(POLICY_MAPPINGS); criticalExtensions.remove(INHIBIT_ANY_POLICY); criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); criticalExtensions.remove(DELTA_CRL_INDICATOR); criticalExtensions.remove(POLICY_CONSTRAINTS); criticalExtensions.remove(BASIC_CONSTRAINTS); criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); criticalExtensions.remove(NAME_CONSTRAINTS); // process qcStatements extension if (criticalExtensions.contains(QC_STATEMENT)) { if (processQcStatements(cert, index)) { criticalExtensions.remove(QC_STATEMENT); } } Iterator tmpIter = pathCheckers.iterator(); while (tmpIter.hasNext()) { try { ((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions); } catch (CertPathValidatorException e) { ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.criticalExtensionError", new Object[] { e.getMessage(), e, e.getClass().getName() }); throw new CertPathReviewerException(msg, e.getCause(), certPath, index); } } if (!criticalExtensions.isEmpty()) { ErrorBundle msg; Iterator it = criticalExtensions.iterator(); while (it.hasNext()) { msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.unknownCriticalExt", new Object[] { new ASN1ObjectIdentifier((String) it.next()) }); addError(msg, index); } } } } catch (CertPathReviewerException cpre) { addError(cpre.getErrorMessage(), cpre.getIndex()); } }