Class FixedBCPKIXCertPathReviewer
- java.lang.Object
-
- org.bouncycastle.x509.PKIXCertPathReviewer
-
- eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer
-
public class FixedBCPKIXCertPathReviewer extends org.bouncycastle.x509.PKIXCertPathReviewerPKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. Copy note: unfortunately a lot of code can not be inherited, as too many methods are private + are very long :-(
-
-
Field Summary
Fields Modifier and Type Field Description protected static StringANY_POLICYprotected static StringAUTHORITY_KEY_IDENTIFIERprotected static StringBASIC_CONSTRAINTSprotected static StringCERTIFICATE_POLICIESprotected static StringCRL_DISTRIBUTION_POINTSprotected static StringCRL_NUMBERprotected static intCRL_SIGNprotected static org.bouncycastle.x509.PKIXCRLUtilCRL_UTILprotected static String[]crlReasonsprotected static StringDELTA_CRL_INDICATORprotected static StringFRESHEST_CRLprotected static StringINHIBIT_ANY_POLICYprotected static StringISSUING_DISTRIBUTION_POINTprotected static intKEY_CERT_SIGNprotected static StringKEY_USAGEprotected static StringNAME_CONSTRAINTSprotected ExtPKIXParameters2pkixParamsprotected static StringPOLICY_CONSTRAINTSprotected static StringPOLICY_MAPPINGSstatic StringRESOURCE_NAMEprotected static StringSUBJECT_ALTERNATIVE_NAME
-
Constructor Summary
Constructors Constructor Description FixedBCPKIXCertPathReviewer(CertPath certPath, ExtPKIXParameters2 params)Creates a PKIXCertPathReviewer and initializes it with the givenCertPathandPKIXParametersparams
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidaddError(SimpleValidationErrorException msg, int index)protected voidcheckRevocation(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey)protected voiddoChecks()protected static CollectionfindCertificates(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0, List arg1)protected static CollectionfindCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, List arg1)protected static CollectionfindCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0, List arg1)protected static org.bouncycastle.asn1.x509.AlgorithmIdentifiergetAlgorithmIdentifier(PublicKey arg0)protected static voidgetCertStatus(Date arg0, X509CRL arg1, Object arg2, org.bouncycastle.x509.CertStatus arg3)protected VectorgetCRLDistUrls(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)protected static X500PrincipalgetEncodedIssuerPrincipal(Object arg0)protected static org.bouncycastle.asn1.ASN1PrimitivegetExtensionValue(X509Extension arg0, String arg1)protected static X500PrincipalgetIssuerPrincipal(X509CRL arg0)protected static PublicKeygetNextWorkingKey(List arg0, int arg1)protected static SetgetQualifierSet(org.bouncycastle.asn1.ASN1Sequence arg0)protected static X500PrincipalgetSubjectPrincipal(X509Certificate arg0)protected static DategetValidDate(PKIXParameters arg0)voidinit(CertPath certPath, ExtPKIXParameters2 params)Initializes the PKIXCertPathReviewer with the givenCertPathandPKIXParametersparamsprotected static booleanisAnyPolicy(Set arg0)protected static booleanisSelfIssued(X509Certificate arg0)protected static voidprepareNextCertB1(int arg0, List[] arg1, String arg2, Map arg3, X509Certificate arg4)protected static org.bouncycastle.jce.provider.PKIXPolicyNodeprepareNextCertB2(int arg0, List[] arg1, String arg2, org.bouncycastle.jce.provider.PKIXPolicyNode arg3)protected static booleanprocessCertD1i(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)protected static voidprocessCertD1ii(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)protected static org.bouncycastle.jce.provider.PKIXPolicyNoderemovePolicyNode(org.bouncycastle.jce.provider.PKIXPolicyNode arg0, List[] arg1, org.bouncycastle.jce.provider.PKIXPolicyNode arg2)protected static voidverifyX509Certificate(X509Certificate arg0, PublicKey arg1, String arg2)-
Methods inherited from class org.bouncycastle.x509.PKIXCertPathReviewer
addError, addError, addNotification, addNotification, checkCRLs, checkRevocation, getCertPath, getCertPathSize, getErrors, getErrors, getNotifications, getNotifications, getOCSPUrls, getPolicyTree, getSubjectPublicKey, getTrustAnchor, getTrustAnchors, init, isValidCertPath
-
-
-
-
Field Detail
-
RESOURCE_NAME
public static final String RESOURCE_NAME
- See Also:
- Constant Field Values
-
pkixParams
protected ExtPKIXParameters2 pkixParams
-
CRL_UTIL
protected static final org.bouncycastle.x509.PKIXCRLUtil CRL_UTIL
-
CERTIFICATE_POLICIES
protected static final String CERTIFICATE_POLICIES
-
BASIC_CONSTRAINTS
protected static final String BASIC_CONSTRAINTS
-
POLICY_MAPPINGS
protected static final String POLICY_MAPPINGS
-
SUBJECT_ALTERNATIVE_NAME
protected static final String SUBJECT_ALTERNATIVE_NAME
-
NAME_CONSTRAINTS
protected static final String NAME_CONSTRAINTS
-
KEY_USAGE
protected static final String KEY_USAGE
-
INHIBIT_ANY_POLICY
protected static final String INHIBIT_ANY_POLICY
-
ISSUING_DISTRIBUTION_POINT
protected static final String ISSUING_DISTRIBUTION_POINT
-
DELTA_CRL_INDICATOR
protected static final String DELTA_CRL_INDICATOR
-
POLICY_CONSTRAINTS
protected static final String POLICY_CONSTRAINTS
-
FRESHEST_CRL
protected static final String FRESHEST_CRL
-
CRL_DISTRIBUTION_POINTS
protected static final String CRL_DISTRIBUTION_POINTS
-
AUTHORITY_KEY_IDENTIFIER
protected static final String AUTHORITY_KEY_IDENTIFIER
-
ANY_POLICY
protected static final String ANY_POLICY
- See Also:
- Constant Field Values
-
CRL_NUMBER
protected static final String CRL_NUMBER
-
KEY_CERT_SIGN
protected static final int KEY_CERT_SIGN
- See Also:
- Constant Field Values
-
CRL_SIGN
protected static final int CRL_SIGN
- See Also:
- Constant Field Values
-
crlReasons
protected static final String[] crlReasons
-
-
Constructor Detail
-
FixedBCPKIXCertPathReviewer
public FixedBCPKIXCertPathReviewer(CertPath certPath, ExtPKIXParameters2 params) throws org.bouncycastle.x509.CertPathReviewerException
Creates a PKIXCertPathReviewer and initializes it with the givenCertPathandPKIXParametersparams- Parameters:
certPath- theCertPathto validateparams- thePKIXParametersto use- Throws:
org.bouncycastle.x509.CertPathReviewerException- if the certPath is empty
-
-
Method Detail
-
init
public void init(CertPath certPath, ExtPKIXParameters2 params) throws org.bouncycastle.x509.CertPathReviewerException
Initializes the PKIXCertPathReviewer with the givenCertPathandPKIXParametersparams- Parameters:
certPath- theCertPathto validateparams- thePKIXParametersto use- Throws:
org.bouncycastle.x509.CertPathReviewerException- if the certPath is emptyIllegalStateException- if thePKIXCertPathRevieweris already initialized
-
addError
protected void addError(SimpleValidationErrorException msg, int index)
-
doChecks
protected void doChecks()
- Overrides:
doChecksin classorg.bouncycastle.x509.PKIXCertPathReviewer
-
checkRevocation
protected void checkRevocation(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey) throws SimpleValidationErrorException
- Throws:
SimpleValidationErrorException
-
getCRLDistUrls
protected Vector getCRLDistUrls(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)
- Overrides:
getCRLDistUrlsin classorg.bouncycastle.x509.PKIXCertPathReviewer
-
getEncodedIssuerPrincipal
protected static X500Principal getEncodedIssuerPrincipal(Object arg0)
-
getValidDate
protected static Date getValidDate(PKIXParameters arg0)
-
getSubjectPrincipal
protected static X500Principal getSubjectPrincipal(X509Certificate arg0)
-
isSelfIssued
protected static boolean isSelfIssued(X509Certificate arg0)
-
getExtensionValue
protected static org.bouncycastle.asn1.ASN1Primitive getExtensionValue(X509Extension arg0, String arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getIssuerPrincipal
protected static X500Principal getIssuerPrincipal(X509CRL arg0)
-
getAlgorithmIdentifier
protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(PublicKey arg0) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
getQualifierSet
protected static final Set getQualifierSet(org.bouncycastle.asn1.ASN1Sequence arg0) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
removePolicyNode
protected static org.bouncycastle.jce.provider.PKIXPolicyNode removePolicyNode(org.bouncycastle.jce.provider.PKIXPolicyNode arg0, List[] arg1, org.bouncycastle.jce.provider.PKIXPolicyNode arg2)
-
processCertD1i
protected static boolean processCertD1i(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
-
processCertD1ii
protected static void processCertD1ii(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
-
prepareNextCertB1
protected static void prepareNextCertB1(int arg0, List[] arg1, String arg2, Map arg3, X509Certificate arg4) throws org.bouncycastle.jce.provider.AnnotatedException, CertPathValidatorException- Throws:
org.bouncycastle.jce.provider.AnnotatedExceptionCertPathValidatorException
-
prepareNextCertB2
protected static org.bouncycastle.jce.provider.PKIXPolicyNode prepareNextCertB2(int arg0, List[] arg1, String arg2, org.bouncycastle.jce.provider.PKIXPolicyNode arg3)
-
isAnyPolicy
protected static boolean isAnyPolicy(Set arg0)
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getCertStatus
protected static void getCertStatus(Date arg0, X509CRL arg1, Object arg2, org.bouncycastle.x509.CertStatus arg3) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getNextWorkingKey
protected static PublicKey getNextWorkingKey(List arg0, int arg1) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
verifyX509Certificate
protected static void verifyX509Certificate(X509Certificate arg0, PublicKey arg1, String arg2) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-