Java 类sun.security.x509.PolicyConstraintsExtension 实例源码

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

public static void main(String [] args) throws Exception {
    PolicyConstraintsExtension pce = new PolicyConstraintsExtension(-1,-1);
    if (!pce.isCritical()) {
        throw new Exception("PolicyConstraintsExtension should be " +
                            "critical by default");
    }

    PolicyMappingsExtension pme = new PolicyMappingsExtension();
    if (!pme.isCritical()) {
        throw new Exception("PolicyMappingsExtension should be " +
                            "critical by default");
    }

    System.out.println("Test passed.");
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

public static void main(String [] args) throws Exception {
    PolicyConstraintsExtension pce = new PolicyConstraintsExtension(-1,-1);
    if (!pce.isCritical()) {
        throw new Exception("PolicyConstraintsExtension should be " +
                            "critical by default");
    }

    PolicyMappingsExtension pme = new PolicyMappingsExtension();
    if (!pme.isCritical()) {
        throw new Exception("PolicyMappingsExtension should be " +
                            "critical by default");
    }

    System.out.println("Test passed.");
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require =
            polConstExt.get(PolicyConstraintsExtension.REQUIRE).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit =
            polConstExt.get(PolicyConstraintsExtension.INHIBIT).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (IOException e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}

/**
 * Merges the specified explicitPolicy value with the
 * requireExplicitPolicy field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. An explicitPolicy
 * value of -1 implies no constraint.
 *
 * @param explicitPolicy an integer which indicates if a non-null
 * valid policy tree is required
 * @param currCert the Certificate to be processed
 * @param finalCert a boolean indicating whether currCert is
 * the final cert in the cert path
 * @return returns the new explicitPolicy value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergeExplicitPolicy(int explicitPolicy, X509CertImpl currCert,
    boolean finalCert) throws CertPathValidatorException
{
    if ((explicitPolicy > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        explicitPolicy--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return explicitPolicy;
        int require = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.REQUIRE)).intValue();
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy() "
               + "require Index from cert = " + require);
        }
        if (!finalCert) {
            if (require != -1) {
                if ((explicitPolicy == -1) || (require < explicitPolicy)) {
                    explicitPolicy = require;
                }
            }
        } else {
            if (require == 0)
                explicitPolicy = require;
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergeExplicitPolicy "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return explicitPolicy;
}

/**
 * Merges the specified policyMapping value with the
 * inhibitPolicyMapping field of the <code>PolicyConstraints</code>
 * extension obtained from the certificate. A policyMapping
 * value of -1 implies no constraint.
 *
 * @param policyMapping an integer which indicates if policy mapping
 * is inhibited
 * @param currCert the Certificate to be processed
 * @return returns the new policyMapping value
 * @exception CertPathValidatorException Exception thrown if an error
 * occurs
 */
static int mergePolicyMapping(int policyMapping, X509CertImpl currCert)
    throws CertPathValidatorException
{
    if ((policyMapping > 0) && !X509CertImpl.isSelfIssued(currCert)) {
        policyMapping--;
    }

    try {
        PolicyConstraintsExtension polConstExt
            = currCert.getPolicyConstraintsExtension();
        if (polConstExt == null)
            return policyMapping;

        int inhibit = ((Integer)
            polConstExt.get(PolicyConstraintsExtension.INHIBIT)).intValue();
        if (debug != null)
            debug.println("PolicyChecker.mergePolicyMapping() "
                + "inhibit Index from cert = " + inhibit);

        if (inhibit != -1) {
            if ((policyMapping == -1) || (inhibit < policyMapping)) {
                policyMapping = inhibit;
            }
        }
    } catch (Exception e) {
        if (debug != null) {
            debug.println("PolicyChecker.mergePolicyMapping "
                          + "unexpected exception");
            e.printStackTrace();
        }
        throw new CertPathValidatorException(e);
    }

    return policyMapping;
}