sun.security.x509.PolicyConstraintsExtension Java Examples

The following examples show how to use sun.security.x509.PolicyConstraintsExtension. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PolicyChecker.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #2
Source File: PolicyChecker.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #3
Source File: PolicyChecker.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #4
Source File: PolicyChecker.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #5
Source File: PolicyChecker.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #6
Source File: PolicyChecker.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #7
Source File: PolicyChecker.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #8
Source File: PolicyChecker.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #9
Source File: PolicyChecker.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #10
Source File: PolicyChecker.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #11
Source File: PolicyChecker.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #12
Source File: PolicyChecker.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #13
Source File: PolicyChecker.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #14
Source File: PolicyChecker.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #15
Source File: PolicyChecker.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #16
Source File: PolicyChecker.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #17
Source File: PolicyChecker.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #18
Source File: DefaultCriticality.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String [] args) throws Exception {
    PolicyConstraintsExtension pce = new PolicyConstraintsExtension(-1,-1);
    if (!pce.isCritical()) {
        throw new Exception("PolicyConstraintsExtension should be " +
                            "critical by default");
    }

    PolicyMappingsExtension pme = new PolicyMappingsExtension();
    if (!pme.isCritical()) {
        throw new Exception("PolicyMappingsExtension should be " +
                            "critical by default");
    }

    System.out.println("Test passed.");
}
 
Example #19
Source File: PolicyChecker.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #20
Source File: PolicyChecker.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #21
Source File: PolicyChecker.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #22
Source File: PolicyChecker.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #23
Source File: PolicyChecker.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #24
Source File: PolicyChecker.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #25
Source File: PolicyChecker.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #26
Source File: PolicyChecker.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #27
Source File: PolicyChecker.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #28
Source File: PolicyChecker.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}
 
Example #29
Source File: PolicyChecker.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}
 
Example #30
Source File: PolicyChecker.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}