Class FixedBCPKIXCertPathReviewer
- java.lang.Object
-
- org.bouncycastle.x509.PKIXCertPathReviewer
-
- eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer
-
public class FixedBCPKIXCertPathReviewer extends org.bouncycastle.x509.PKIXCertPathReviewer
PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. Copy note: unfortunately a lot of code can not be inherited, as too many methods are private + are very long :-(
-
-
Field Summary
Fields Modifier and Type Field Description protected static String
ANY_POLICY
protected static String
AUTHORITY_KEY_IDENTIFIER
protected static String
BASIC_CONSTRAINTS
protected static String
CERTIFICATE_POLICIES
protected static String
CRL_DISTRIBUTION_POINTS
protected static String
CRL_NUMBER
protected static int
CRL_SIGN
protected static org.bouncycastle.x509.PKIXCRLUtil
CRL_UTIL
protected static String[]
crlReasons
protected static String
DELTA_CRL_INDICATOR
protected static String
FRESHEST_CRL
protected static String
INHIBIT_ANY_POLICY
protected static String
ISSUING_DISTRIBUTION_POINT
protected static int
KEY_CERT_SIGN
protected static String
KEY_USAGE
protected static String
NAME_CONSTRAINTS
protected ExtPKIXParameters2
pkixParams
protected static String
POLICY_CONSTRAINTS
protected static String
POLICY_MAPPINGS
static String
RESOURCE_NAME
protected static String
SUBJECT_ALTERNATIVE_NAME
-
Constructor Summary
Constructors Constructor Description FixedBCPKIXCertPathReviewer(CertPath certPath, ExtPKIXParameters2 params)
Creates a PKIXCertPathReviewer and initializes it with the givenCertPath
andPKIXParameters
params
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
addError(SimpleValidationErrorException msg, int index)
protected void
checkRevocation(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey)
protected void
doChecks()
protected static Collection
findCertificates(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0, List arg1)
protected static Collection
findCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, List arg1)
protected static Collection
findCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0, List arg1)
protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier
getAlgorithmIdentifier(PublicKey arg0)
protected static void
getCertStatus(Date arg0, X509CRL arg1, Object arg2, org.bouncycastle.x509.CertStatus arg3)
protected Vector
getCRLDistUrls(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)
protected static X500Principal
getEncodedIssuerPrincipal(Object arg0)
protected static org.bouncycastle.asn1.ASN1Primitive
getExtensionValue(X509Extension arg0, String arg1)
protected static X500Principal
getIssuerPrincipal(X509CRL arg0)
protected static PublicKey
getNextWorkingKey(List arg0, int arg1)
protected static Set
getQualifierSet(org.bouncycastle.asn1.ASN1Sequence arg0)
protected static X500Principal
getSubjectPrincipal(X509Certificate arg0)
protected static Date
getValidDate(PKIXParameters arg0)
void
init(CertPath certPath, ExtPKIXParameters2 params)
Initializes the PKIXCertPathReviewer with the givenCertPath
andPKIXParameters
paramsprotected static boolean
isAnyPolicy(Set arg0)
protected static boolean
isSelfIssued(X509Certificate arg0)
protected static void
prepareNextCertB1(int arg0, List[] arg1, String arg2, Map arg3, X509Certificate arg4)
protected static org.bouncycastle.jce.provider.PKIXPolicyNode
prepareNextCertB2(int arg0, List[] arg1, String arg2, org.bouncycastle.jce.provider.PKIXPolicyNode arg3)
protected static boolean
processCertD1i(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
protected static void
processCertD1ii(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
protected static org.bouncycastle.jce.provider.PKIXPolicyNode
removePolicyNode(org.bouncycastle.jce.provider.PKIXPolicyNode arg0, List[] arg1, org.bouncycastle.jce.provider.PKIXPolicyNode arg2)
protected static void
verifyX509Certificate(X509Certificate arg0, PublicKey arg1, String arg2)
-
Methods inherited from class org.bouncycastle.x509.PKIXCertPathReviewer
addError, addError, addNotification, addNotification, checkCRLs, checkRevocation, getCertPath, getCertPathSize, getErrors, getErrors, getNotifications, getNotifications, getOCSPUrls, getPolicyTree, getSubjectPublicKey, getTrustAnchor, getTrustAnchors, init, isValidCertPath
-
-
-
-
Field Detail
-
RESOURCE_NAME
public static final String RESOURCE_NAME
- See Also:
- Constant Field Values
-
pkixParams
protected ExtPKIXParameters2 pkixParams
-
CRL_UTIL
protected static final org.bouncycastle.x509.PKIXCRLUtil CRL_UTIL
-
CERTIFICATE_POLICIES
protected static final String CERTIFICATE_POLICIES
-
BASIC_CONSTRAINTS
protected static final String BASIC_CONSTRAINTS
-
POLICY_MAPPINGS
protected static final String POLICY_MAPPINGS
-
SUBJECT_ALTERNATIVE_NAME
protected static final String SUBJECT_ALTERNATIVE_NAME
-
NAME_CONSTRAINTS
protected static final String NAME_CONSTRAINTS
-
KEY_USAGE
protected static final String KEY_USAGE
-
INHIBIT_ANY_POLICY
protected static final String INHIBIT_ANY_POLICY
-
ISSUING_DISTRIBUTION_POINT
protected static final String ISSUING_DISTRIBUTION_POINT
-
DELTA_CRL_INDICATOR
protected static final String DELTA_CRL_INDICATOR
-
POLICY_CONSTRAINTS
protected static final String POLICY_CONSTRAINTS
-
FRESHEST_CRL
protected static final String FRESHEST_CRL
-
CRL_DISTRIBUTION_POINTS
protected static final String CRL_DISTRIBUTION_POINTS
-
AUTHORITY_KEY_IDENTIFIER
protected static final String AUTHORITY_KEY_IDENTIFIER
-
ANY_POLICY
protected static final String ANY_POLICY
- See Also:
- Constant Field Values
-
CRL_NUMBER
protected static final String CRL_NUMBER
-
KEY_CERT_SIGN
protected static final int KEY_CERT_SIGN
- See Also:
- Constant Field Values
-
CRL_SIGN
protected static final int CRL_SIGN
- See Also:
- Constant Field Values
-
crlReasons
protected static final String[] crlReasons
-
-
Constructor Detail
-
FixedBCPKIXCertPathReviewer
public FixedBCPKIXCertPathReviewer(CertPath certPath, ExtPKIXParameters2 params) throws org.bouncycastle.x509.CertPathReviewerException
Creates a PKIXCertPathReviewer and initializes it with the givenCertPath
andPKIXParameters
params- Parameters:
certPath
- theCertPath
to validateparams
- thePKIXParameters
to use- Throws:
org.bouncycastle.x509.CertPathReviewerException
- if the certPath is empty
-
-
Method Detail
-
init
public void init(CertPath certPath, ExtPKIXParameters2 params) throws org.bouncycastle.x509.CertPathReviewerException
Initializes the PKIXCertPathReviewer with the givenCertPath
andPKIXParameters
params- Parameters:
certPath
- theCertPath
to validateparams
- thePKIXParameters
to use- Throws:
org.bouncycastle.x509.CertPathReviewerException
- if the certPath is emptyIllegalStateException
- if thePKIXCertPathReviewer
is already initialized
-
addError
protected void addError(SimpleValidationErrorException msg, int index)
-
doChecks
protected void doChecks()
- Overrides:
doChecks
in classorg.bouncycastle.x509.PKIXCertPathReviewer
-
checkRevocation
protected void checkRevocation(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey) throws SimpleValidationErrorException
- Throws:
SimpleValidationErrorException
-
getCRLDistUrls
protected Vector getCRLDistUrls(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)
- Overrides:
getCRLDistUrls
in classorg.bouncycastle.x509.PKIXCertPathReviewer
-
getEncodedIssuerPrincipal
protected static X500Principal getEncodedIssuerPrincipal(Object arg0)
-
getValidDate
protected static Date getValidDate(PKIXParameters arg0)
-
getSubjectPrincipal
protected static X500Principal getSubjectPrincipal(X509Certificate arg0)
-
isSelfIssued
protected static boolean isSelfIssued(X509Certificate arg0)
-
getExtensionValue
protected static org.bouncycastle.asn1.ASN1Primitive getExtensionValue(X509Extension arg0, String arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getIssuerPrincipal
protected static X500Principal getIssuerPrincipal(X509CRL arg0)
-
getAlgorithmIdentifier
protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier(PublicKey arg0) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
getQualifierSet
protected static final Set getQualifierSet(org.bouncycastle.asn1.ASN1Sequence arg0) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
removePolicyNode
protected static org.bouncycastle.jce.provider.PKIXPolicyNode removePolicyNode(org.bouncycastle.jce.provider.PKIXPolicyNode arg0, List[] arg1, org.bouncycastle.jce.provider.PKIXPolicyNode arg2)
-
processCertD1i
protected static boolean processCertD1i(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
-
processCertD1ii
protected static void processCertD1ii(int arg0, List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, Set arg3)
-
prepareNextCertB1
protected static void prepareNextCertB1(int arg0, List[] arg1, String arg2, Map arg3, X509Certificate arg4) throws org.bouncycastle.jce.provider.AnnotatedException, CertPathValidatorException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
CertPathValidatorException
-
prepareNextCertB2
protected static org.bouncycastle.jce.provider.PKIXPolicyNode prepareNextCertB2(int arg0, List[] arg1, String arg2, org.bouncycastle.jce.provider.PKIXPolicyNode arg3)
-
isAnyPolicy
protected static boolean isAnyPolicy(Set arg0)
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
findCertificates
protected static Collection findCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, List arg1) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getCertStatus
protected static void getCertStatus(Date arg0, X509CRL arg1, Object arg2, org.bouncycastle.x509.CertStatus arg3) throws org.bouncycastle.jce.provider.AnnotatedException
- Throws:
org.bouncycastle.jce.provider.AnnotatedException
-
getNextWorkingKey
protected static PublicKey getNextWorkingKey(List arg0, int arg1) throws CertPathValidatorException
- Throws:
CertPathValidatorException
-
verifyX509Certificate
protected static void verifyX509Certificate(X509Certificate arg0, PublicKey arg1, String arg2) throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-