Example usage for org.bouncycastle.x509 CertPathReviewerException CertPathReviewerException

List of usage examples for org.bouncycastle.x509 CertPathReviewerException CertPathReviewerException

  1. HOME
  2. Java
  3. org.bouncycastle
  4. org.bouncycastle.x509.*
  5. CertPathReviewerException
  6. CertPathReviewerException

Introduction

In this page you can find the example usage for org.bouncycastle.x509 CertPathReviewerException CertPathReviewerException.

Prototype

public CertPathReviewerException(ErrorBundle errorMessage, Throwable throwable)

Source Link

Usage

From source file:eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer.java

License:Open Source License

private void checkCriticalExtensions() {
    //      /*from   w  w  w . ja v a2  s.  com*/
    // initialise CertPathChecker's
    //
    List pathCheckers = pkixParams.getCertPathCheckers();
    Iterator certIter = pathCheckers.iterator();

    try {
        try {
            while (certIter.hasNext()) {
                ((PKIXCertPathChecker) certIter.next()).init(false);
            }
        } catch (CertPathValidatorException cpve) {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.certPathCheckerError",
                    new Object[] { cpve.getMessage(), cpve, cpve.getClass().getName() });
            throw new CertPathReviewerException(msg, cpve);
        }

        //
        // process critical extesions for each certificate
        //

        X509Certificate cert = null;

        int index;

        for (index = certs.size() - 1; index >= 0; index--) {
            cert = (X509Certificate) certs.get(index);

            Set criticalExtensions = cert.getCriticalExtensionOIDs();
            if (criticalExtensions == null || criticalExtensions.isEmpty()) {
                continue;
            }
            // remove already processed extensions
            criticalExtensions.remove(KEY_USAGE);
            criticalExtensions.remove(CERTIFICATE_POLICIES);
            criticalExtensions.remove(POLICY_MAPPINGS);
            criticalExtensions.remove(INHIBIT_ANY_POLICY);
            criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT);
            criticalExtensions.remove(DELTA_CRL_INDICATOR);
            criticalExtensions.remove(POLICY_CONSTRAINTS);
            criticalExtensions.remove(BASIC_CONSTRAINTS);
            criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME);
            criticalExtensions.remove(NAME_CONSTRAINTS);

            // process qcStatements extension
            if (criticalExtensions.contains(QC_STATEMENT)) {
                if (processQcStatements(cert, index)) {
                    criticalExtensions.remove(QC_STATEMENT);
                }
            }

            Iterator tmpIter = pathCheckers.iterator();
            while (tmpIter.hasNext()) {
                try {
                    ((PKIXCertPathChecker) tmpIter.next()).check(cert, criticalExtensions);
                } catch (CertPathValidatorException e) {
                    ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.criticalExtensionError",
                            new Object[] { e.getMessage(), e, e.getClass().getName() });
                    throw new CertPathReviewerException(msg, e.getCause(), certPath, index);
                }
            }
            if (!criticalExtensions.isEmpty()) {
                ErrorBundle msg;
                Iterator it = criticalExtensions.iterator();
                while (it.hasNext()) {
                    msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.unknownCriticalExt",
                            new Object[] { new ASN1ObjectIdentifier((String) it.next()) });
                    addError(msg, index);
                }
            }
        }
    } catch (CertPathReviewerException cpre) {
        addError(cpre.getErrorMessage(), cpre.getIndex());
    }
}