CertificatePolicy.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */
  20. package org.openspcoop2.utils.certificate;

  22. import java.security.cert.CertificateEncodingException;
  23. import java.security.cert.CertificateParsingException;
  24. import java.security.cert.X509Certificate;
  25. import java.util.ArrayList;
  26. import java.util.List;

  28. import org.bouncycastle.asn1.ASN1Encodable;
  29. import org.bouncycastle.asn1.ASN1ObjectIdentifier;
  30. import org.bouncycastle.asn1.x509.Extensions;
  31. import org.bouncycastle.asn1.x509.PolicyInformation;

  33. /**
  34.  * CertificatePolicy
  35.  *
  36.  * @author Poli Andrea (apoli@link.it)
  37.  * @author $Author$
  38.  * @version $Rev$, $Date$
  39.  */
  40. public class CertificatePolicy {

  42.     private static final String PARAM_OID_UNDEFINED = "Param oid undefined";
  43.     
  44.     private ASN1ObjectIdentifier asn1ObjectIdentifier;
  45.     private List<CertificatePolicyEntry> qualifiers = new ArrayList<>();
  46.     public ASN1ObjectIdentifier getAsn1ObjectIdentifier() {
  47.         return this.asn1ObjectIdentifier;
  48.     }
  49.     public String getOID() {
  50.         return this.asn1ObjectIdentifier!=null ? this.asn1ObjectIdentifier.getId() : null;
  51.     }
  52.     
  53.     public List<CertificatePolicyEntry> getQualifiers() {
  54.         return this.qualifiers;
  55.     }
  56.     public CertificatePolicyEntry getQualifier(int index) {
  57.         return this.qualifiers!=null ? this.qualifiers.get(index) : null;
  58.     }
  59.     
  60.     public CertificatePolicyEntry getQualifier(String oid) throws CertificateParsingException {
  61.         return getQualifierByOID(oid);
  62.     }
  63.     public CertificatePolicyEntry getQualifierByOID(String oid) throws CertificateParsingException {
  64.         if(oid==null) {
  65.             throw new CertificateParsingException(PARAM_OID_UNDEFINED);
  66.         }
  67.         if(this.qualifiers!=null && !this.qualifiers.isEmpty()) {
  68.             for (CertificatePolicyEntry certificatePolicyQualifier : this.qualifiers) {
  69.                 if(oid.equals(certificatePolicyQualifier.getOID())) {
  70.                     return certificatePolicyQualifier;
  71.                 }
  72.             }
  73.         }
  74.         return null;
  75.     }
  76.     public boolean hasCertificatePolicyQualifier(String oid) throws CertificateParsingException {
  77.         if(oid==null) {
  78.             throw new CertificateParsingException(PARAM_OID_UNDEFINED);
  79.         }
  80.         return this.getQualifierByOID(oid)!=null;
  81.     }
  82.     
  83.     
  84.     public static boolean existsCertificatePolicy(X509Certificate x509, String oid) throws CertificateParsingException, CertificateEncodingException {
  85.         if(oid==null) {
  86.             throw new CertificateParsingException(PARAM_OID_UNDEFINED);
  87.         }
  88.         List<CertificatePolicy> list = CertificatePolicy.getCertificatePolicies(x509.getEncoded());
  89.         if(!list.isEmpty()) {
  90.             for (CertificatePolicy certificatePolicy : list) {
  91.                 if(oid.equals(certificatePolicy.getOID())) {
  92.                     return true;
  93.                 }
  94.             }
  95.         }
  96.         return false;
  97.     }
  98.     
  99.     @Override
  100.     public String toString() {
  101.         StringBuilder sb = new StringBuilder();
  102.         if(this.asn1ObjectIdentifier!=null) {
  103.             sb.append("OID:");
  104.             sb.append(this.asn1ObjectIdentifier.getId());
  105.         }
  106.         if(this.qualifiers!=null && !this.qualifiers.isEmpty()) {
  107.             int index = 0;
  108.             for (CertificatePolicyEntry o : this.qualifiers) {
  109.                 if(sb.length()>0) {
  110.                     sb.append("\n");
  111.                 }
  112.                 sb.append("Qualifier["+index+"]{\n");
  113.                 sb.append(o.toString("\t"));
  114.                 sb.append("}");
  115.                 index++;
  116.             }
  117.         }
  118.         return sb.toString();
  119.     }
  120.     
  121.     public static List<CertificatePolicy> getCertificatePolicies(byte[]encoded) {
  122.         
  123.         List<CertificatePolicy> l = new ArrayList<>();
  124.         
  125.         org.bouncycastle.asn1.x509.Certificate c =org.bouncycastle.asn1.x509.Certificate.getInstance(encoded);
  126.         Extensions exts = c.getTBSCertificate().getExtensions();
  127.         if (exts != null){
  128.             org.bouncycastle.asn1.x509.CertificatePolicies certPolicies = org.bouncycastle.asn1.x509.CertificatePolicies.fromExtensions(exts);
  129.             if(certPolicies!=null) {
  130.                 PolicyInformation [] pi = certPolicies.getPolicyInformation();
  131.                 if(pi!=null && pi.length>0) {
  132.                     read(pi, l);
  133.                 }
  134.             }
  135.         }
  136.         return l;
  137.         
  138.     }
  139.     private static void read(PolicyInformation [] pi, List<CertificatePolicy> l) {
  140.         for (PolicyInformation policyInformation : pi) {
  141.             CertificatePolicy cp = new CertificatePolicy();
  142.             cp.asn1ObjectIdentifier = policyInformation.getPolicyIdentifier();
  143.             if(policyInformation.getPolicyQualifiers()!=null) {
  144.                 for (int i = 0; i < policyInformation.getPolicyQualifiers().size(); i++) {
  145.                     ASN1Encodable e = policyInformation.getPolicyQualifiers().getObjectAt(i);
  146.                     if(e instanceof org.bouncycastle.asn1.DLSequence) {
  147.                         org.bouncycastle.asn1.DLSequence dl = (org.bouncycastle.asn1.DLSequence) e;
  148.                         CertificatePolicyEntry cpe = new CertificatePolicyEntry(dl);
  149.                         cp.qualifiers.add(cpe);
  150.                     }                               
  151.                 }
  152.             }
  153.             l.add(cp);
  154.              
  155.             /**System.out.println("======================");
  156.             System.out.println("PolicyInformation '"+policyInformation.toString()+"'");
  157.             System.out.println("Id '"+policyInformation.getPolicyIdentifier()+"'");
  158.             System.out.println("Qual '"+policyInformation.getPolicyQualifiers()+"'");
  159.             System.out.println("======================");*/
  160.         }
  161.     }
  162. }
Created with JaCoCo 0.8.8.202204050719