Java 类sun.security.x509.CertificatePoliciesExtension 实例源码

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @return the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @return the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = (List<PolicyInformation>)
            currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = (List<PolicyInformation>)
            currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = (List<PolicyInformation>)
            currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}

/**
 * Removes those nodes which do not intersect with the initial policies
 * specified by the user.
 *
 * @param rootNode the root node of the valid policy tree
 * @param certIndex the index of the certificate being processed
 * @param initPolicies the Set of policies required by the user
 * @param currCertPolicies the CertificatePoliciesExtension of the
 * certificate being processed
 * @returns the root node of the valid policy tree after modification
 * @exception CertPathValidatorException Exception thrown if error occurs.
 */
private static PolicyNodeImpl removeInvalidNodes(PolicyNodeImpl rootNode,
    int certIndex, Set<String> initPolicies,
    CertificatePoliciesExtension currCertPolicies)
    throws CertPathValidatorException
{
    List<PolicyInformation> policyInfo = null;
    try {
        policyInfo = (List<PolicyInformation>)
            currCertPolicies.get(CertificatePoliciesExtension.POLICIES);
    } catch (IOException ioe) {
        throw new CertPathValidatorException("Exception while "
            + "retrieving policyOIDs", ioe);
    }

    boolean childDeleted = false;
    for (PolicyInformation curPolInfo : policyInfo) {
        String curPolicy =
            curPolInfo.getPolicyIdentifier().getIdentifier().toString();

        if (debug != null)
            debug.println("PolicyChecker.processPolicies() "
                          + "processing policy second time: " + curPolicy);

        Set<PolicyNodeImpl> validNodes =
                    rootNode.getPolicyNodesValid(certIndex, curPolicy);
        for (PolicyNodeImpl curNode : validNodes) {
            PolicyNodeImpl parentNode = (PolicyNodeImpl)curNode.getParent();
            if (parentNode.getValidPolicy().equals(ANY_POLICY)) {
                if ((!initPolicies.contains(curPolicy)) &&
                    (!curPolicy.equals(ANY_POLICY))) {
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "before deleting: policy tree = " + rootNode);
                    parentNode.deleteChild(curNode);
                    childDeleted = true;
                    if (debug != null)
                        debug.println("PolicyChecker.processPolicies() "
                            + "after deleting: policy tree = " + rootNode);
                }
            }
        }
    }

    if (childDeleted) {
        rootNode.prune(certIndex);
        if (!rootNode.getChildren().hasNext()) {
            rootNode = null;
        }
    }

    return rootNode;
}