public class PKIXCertPathReviewer extends Object
Modifier and Type | Field and Description |
---|---|
protected static String |
ANY_POLICY |
protected static String |
AUTHORITY_KEY_IDENTIFIER |
protected static String |
BASIC_CONSTRAINTS |
protected static String |
CERTIFICATE_POLICIES |
protected CertPath |
certPath |
protected List |
certs |
protected static String |
CRL_DISTRIBUTION_POINTS |
protected static String |
CRL_NUMBER |
protected static int |
CRL_SIGN |
protected static org.bouncycastle.x509.PKIXCRLUtil |
CRL_UTIL |
protected static String[] |
crlReasons |
protected static String |
DELTA_CRL_INDICATOR |
protected List[] |
errors |
protected static String |
FRESHEST_CRL |
protected static String |
INHIBIT_ANY_POLICY |
protected static String |
ISSUING_DISTRIBUTION_POINT |
protected static int |
KEY_CERT_SIGN |
protected static String |
KEY_USAGE |
protected int |
n |
protected static String |
NAME_CONSTRAINTS |
protected List[] |
notifications |
protected PKIXParameters |
pkixParams |
protected static String |
POLICY_CONSTRAINTS |
protected static String |
POLICY_MAPPINGS |
protected PolicyNode |
policyTree |
protected static String |
SUBJECT_ALTERNATIVE_NAME |
protected PublicKey |
subjectPublicKey |
protected TrustAnchor |
trustAnchor |
protected Date |
validDate |
Constructor and Description |
---|
PKIXCertPathReviewer()
Creates an empty PKIXCertPathReviewer.
|
PKIXCertPathReviewer(CertPath certPath,
PKIXParameters params)
Creates a PKIXCertPathReviewer and initializes it with the given
CertPath and PKIXParameters params |
Modifier and Type | Method and Description |
---|---|
protected void |
addError(ErrorBundle msg) |
protected void |
addError(ErrorBundle msg,
int index) |
protected void |
addNotification(ErrorBundle msg) |
protected void |
addNotification(ErrorBundle msg,
int index) |
protected void |
checkCRLs(PKIXParameters paramsPKIX,
X509Certificate cert,
Date validDate,
X509Certificate sign,
PublicKey workingPublicKey,
Vector crlDistPointUrls,
int index) |
protected void |
checkRevocation(PKIXParameters paramsPKIX,
X509Certificate cert,
Date validDate,
X509Certificate sign,
PublicKey workingPublicKey,
Vector crlDistPointUrls,
Vector ocspUrls,
int index) |
protected void |
doChecks() |
protected static Collection |
findCertificates(PKIXCertStoreSelector certSelect,
List certStores) |
protected static Collection |
findCertificates(X509AttributeCertStoreSelector certSelect,
List certStores) |
protected static Collection |
findCertificates(X509CertStoreSelector certSelect,
List certStores)
Return a Collection of all certificates or attribute certificates found
in the X509Store's that are matching the certSelect criteriums.
|
protected static AlgorithmIdentifier |
getAlgorithmIdentifier(PublicKey key) |
CertPath |
getCertPath() |
int |
getCertPathSize() |
protected static void |
getCertStatus(Date validDate,
X509CRL crl,
Object cert,
org.bouncycastle.x509.CertStatus certStatus) |
protected Vector |
getCRLDistUrls(CRLDistPoint crlDistPoints) |
protected static X500Principal |
getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.
|
List[] |
getErrors()
Returns an Array of Lists which contains a List of global error messages
and a List of error messages for each certificate in the path.
|
List |
getErrors(int index)
Returns an List of error messages for the certificate at the given index in the CertPath.
|
protected static ASN1Primitive |
getExtensionValue(X509Extension ext,
String oid)
Extract the value of the given extension, if it exists.
|
protected static X500Principal |
getIssuerPrincipal(X509CRL crl) |
protected static PublicKey |
getNextWorkingKey(List certs,
int index)
Return the next working key inheriting DSA parameters if necessary.
|
List[] |
getNotifications()
Returns an Array of Lists which contains a List of global notification messages
and a List of botification messages for each certificate in the path.
|
List |
getNotifications(int index)
Returns an List of notification messages for the certificate at the given index in the CertPath.
|
protected Vector |
getOCSPUrls(AuthorityInformationAccess authInfoAccess) |
PolicyNode |
getPolicyTree() |
protected static Set |
getQualifierSet(ASN1Sequence qualifiers) |
protected static X500Principal |
getSubjectPrincipal(X509Certificate cert) |
PublicKey |
getSubjectPublicKey() |
TrustAnchor |
getTrustAnchor() |
protected Collection |
getTrustAnchors(X509Certificate cert,
Set trustanchors) |
protected static Date |
getValidDate(PKIXParameters paramsPKIX) |
void |
init(CertPath certPath,
PKIXParameters params)
Initializes the PKIXCertPathReviewer with the given
CertPath and PKIXParameters params |
protected static boolean |
isAnyPolicy(Set policySet) |
protected static boolean |
isSelfIssued(X509Certificate cert) |
boolean |
isValidCertPath() |
protected static void |
prepareNextCertB1(int i,
List[] policyNodes,
String id_p,
Map m_idp,
X509Certificate cert) |
protected static PKIXPolicyNode |
prepareNextCertB2(int i,
List[] policyNodes,
String id_p,
PKIXPolicyNode validPolicyTree) |
protected static boolean |
processCertD1i(int index,
List[] policyNodes,
ASN1ObjectIdentifier pOid,
Set pq) |
protected static void |
processCertD1ii(int index,
List[] policyNodes,
ASN1ObjectIdentifier _poid,
Set _pq) |
protected static PKIXPolicyNode |
removePolicyNode(PKIXPolicyNode validPolicyTree,
List[] policyNodes,
PKIXPolicyNode _node) |
protected static void |
verifyX509Certificate(X509Certificate cert,
PublicKey publicKey,
String sigProvider) |
protected CertPath certPath
protected PKIXParameters pkixParams
protected Date validDate
protected List certs
protected int n
protected List[] notifications
protected List[] errors
protected TrustAnchor trustAnchor
protected PublicKey subjectPublicKey
protected PolicyNode policyTree
protected static final org.bouncycastle.x509.PKIXCRLUtil CRL_UTIL
protected static final String CERTIFICATE_POLICIES
protected static final String BASIC_CONSTRAINTS
protected static final String POLICY_MAPPINGS
protected static final String SUBJECT_ALTERNATIVE_NAME
protected static final String NAME_CONSTRAINTS
protected static final String KEY_USAGE
protected static final String INHIBIT_ANY_POLICY
protected static final String ISSUING_DISTRIBUTION_POINT
protected static final String DELTA_CRL_INDICATOR
protected static final String POLICY_CONSTRAINTS
protected static final String FRESHEST_CRL
protected static final String CRL_DISTRIBUTION_POINTS
protected static final String AUTHORITY_KEY_IDENTIFIER
protected static final String ANY_POLICY
protected static final String CRL_NUMBER
protected static final int KEY_CERT_SIGN
protected static final int CRL_SIGN
protected static final String[] crlReasons
public PKIXCertPathReviewer(CertPath certPath, PKIXParameters params) throws CertPathReviewerException
CertPath
and PKIXParameters
paramscertPath
- the CertPath
to validateparams
- the PKIXParameters
to useCertPathReviewerException
- if the certPath is emptypublic PKIXCertPathReviewer()
public void init(CertPath certPath, PKIXParameters params) throws CertPathReviewerException
CertPath
and PKIXParameters
paramscertPath
- the CertPath
to validateparams
- the PKIXParameters
to useCertPathReviewerException
- if the certPath is emptyIllegalStateException
- if the PKIXCertPathReviewer
is already initializedpublic CertPath getCertPath()
public int getCertPathSize()
public List[] getErrors()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic List getErrors(int index)
index
- the index of the certificate in the CertPathIllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic List[] getNotifications()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic List getNotifications(int index)
index
- the index of the certificate in the CertPathIllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic PolicyNode getPolicyTree()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic PublicKey getSubjectPublicKey()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic TrustAnchor getTrustAnchor()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedpublic boolean isValidCertPath()
IllegalStateException
- if the PKIXCertPathReviewer
was not initializedprotected void addNotification(ErrorBundle msg)
protected void addNotification(ErrorBundle msg, int index)
protected void addError(ErrorBundle msg)
protected void addError(ErrorBundle msg, int index)
protected void doChecks()
protected void checkRevocation(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, Vector ocspUrls, int index) throws CertPathReviewerException
CertPathReviewerException
protected void checkCRLs(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, int index) throws CertPathReviewerException
CertPathReviewerException
protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints)
protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
CertPathReviewerException
protected static X500Principal getEncodedIssuerPrincipal(Object cert)
cert
- The attribute certificate or certificate.X500Principal
.protected static Date getValidDate(PKIXParameters paramsPKIX)
protected static X500Principal getSubjectPrincipal(X509Certificate cert)
protected static boolean isSelfIssued(X509Certificate cert)
protected static ASN1Primitive getExtensionValue(X509Extension ext, String oid) throws AnnotatedException
ext
- The extension object.oid
- The object identifier to obtain.AnnotatedException
- if the extension cannot be read.protected static X500Principal getIssuerPrincipal(X509CRL crl)
protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key) throws CertPathValidatorException
CertPathValidatorException
protected static final Set getQualifierSet(ASN1Sequence qualifiers) throws CertPathValidatorException
CertPathValidatorException
protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node)
protected static boolean processCertD1i(int index, List[] policyNodes, ASN1ObjectIdentifier pOid, Set pq)
protected static void processCertD1ii(int index, List[] policyNodes, ASN1ObjectIdentifier _poid, Set _pq)
protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) throws AnnotatedException, CertPathValidatorException
protected static PKIXPolicyNode prepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree)
protected static boolean isAnyPolicy(Set policySet)
protected static Collection findCertificates(X509CertStoreSelector certSelect, List certStores) throws AnnotatedException
certSelect
- a Selector
object that will be used to select
the certificatescertStores
- a List containing only X509Store
objects. These
are used to search for certificates.X509Certificate
or
X509AttributeCertificate
objects.
May be empty but never null
.AnnotatedException
protected static Collection findCertificates(PKIXCertStoreSelector certSelect, List certStores) throws AnnotatedException
AnnotatedException
protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, List certStores) throws AnnotatedException
AnnotatedException
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, org.bouncycastle.x509.CertStatus certStatus) throws AnnotatedException
AnnotatedException
protected static PublicKey getNextWorkingKey(List certs, int index) throws CertPathValidatorException
This methods inherits DSA parameters from the indexed certificate or
previous certificates in the certificate chain to the returned
PublicKey
. The list is searched upwards, meaning the end
certificate is at position 0 and previous certificates are following.
If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.
certs
- The certification path.index
- The index of the certificate which contains the public key
which should be extended with DSA parameters.index
extended with DSA parameters if applicable.CertPathValidatorException
- if DSA parameters cannot be inherited.protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey, String sigProvider) throws GeneralSecurityException
GeneralSecurityException
Copyright © 2020 BouncyCastle.org. All rights reserved.