Package org.bouncycastle.pkix.jcajce

Class X509RevocationChecker

  • All Implemented Interfaces:
    java.lang.Cloneable, java.security.cert.CertPathChecker
    public class X509RevocationChecker
extends java.security.cert.PKIXCertPathChecker
    X.509 Certificate Revocation Checker - still lacks OCSP support and support for delta CRLs.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static int CHAIN_VALIDITY_MODEL
      This model uses the following validity model.
      protected static java.lang.String[] crlReasons  
      static int PKIX_VALIDITY_MODEL
      This is the default PKIX validity model.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void check​(java.security.cert.Certificate certificate, java.util.Collection<java.lang.String> collection)  
      protected void checkCRLs​(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams, java.util.Date currentDate, java.util.Date validityDate, java.security.cert.X509Certificate cert, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.List certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper)
      Checks a certificate if it is revoked.
      java.lang.Object clone()  
      java.util.Set<java.lang.String> getSupportedExtensions()  
      void init​(boolean forward)  
      boolean isForwardCheckingSupported()  

      • Methods inherited from class java.security.cert.PKIXCertPathChecker

        check

      • Methods inherited from class java.lang.Object

        equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • PKIX_VALIDITY_MODEL

        public static final int PKIX_VALIDITY_MODEL
        This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the time of signing. Both are indirectly chosen with the PKIXParameters.setDate(Date) method, so this methods sets the Date when all certificates must have been valid.
        See Also:
        Constant Field Values

      • CHAIN_VALIDITY_MODEL

        public static final int CHAIN_VALIDITY_MODEL
        This model uses the following validity model. Each certificate must have been valid at the moment where is was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid, when the CA certificate was signed and so on. So the PKIXParameters.setDate(Date) method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.
        See Also:
        Constant Field Values

      • crlReasons

        protected static final java.lang.String[] crlReasons

    • Method Detail

      • init

        public void init​(boolean forward)
          throws java.security.cert.CertPathValidatorException
        Specified by:
        init in interface java.security.cert.CertPathChecker
        Specified by:
        init in class java.security.cert.PKIXCertPathChecker
        Throws:
        java.security.cert.CertPathValidatorException

      • isForwardCheckingSupported

        public boolean isForwardCheckingSupported()
        Specified by:
        isForwardCheckingSupported in interface java.security.cert.CertPathChecker
        Specified by:
        isForwardCheckingSupported in class java.security.cert.PKIXCertPathChecker

      • getSupportedExtensions

        public java.util.Set<java.lang.String> getSupportedExtensions()
        Specified by:
        getSupportedExtensions in class java.security.cert.PKIXCertPathChecker

      • check

        public void check​(java.security.cert.Certificate certificate,
                  java.util.Collection<java.lang.String> collection)
           throws java.security.cert.CertPathValidatorException
        Specified by:
        check in class java.security.cert.PKIXCertPathChecker
        Throws:
        java.security.cert.CertPathValidatorException

      • checkCRLs

        protected void checkCRLs​(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams,
                         java.util.Date currentDate,
                         java.util.Date validityDate,
                         java.security.cert.X509Certificate cert,
                         java.security.cert.X509Certificate sign,
                         java.security.PublicKey workingPublicKey,
                         java.util.List certPathCerts,
                         org.bouncycastle.jcajce.util.JcaJceHelper helper)
                  throws org.bouncycastle.pkix.jcajce.AnnotatedException,
                         java.security.cert.CertPathValidatorException
        Checks a certificate if it is revoked.
        Parameters:
        pkixParams - PKIX parameters.
        cert - Certificate to check if it is revoked.
        validDate - The date when the certificate revocation status should be checked.
        sign - The issuer certificate of the certificate cert.
        workingPublicKey - The public key of the issuer certificate sign.
        certPathCerts - The certificates of the certification path.
        Throws:
        org.bouncycastle.pkix.jcajce.AnnotatedException - if the certificate is revoked or the status cannot be checked or some error occurs.
        java.security.cert.CertPathValidatorException

      • clone

        public java.lang.Object clone()
        Overrides:
        clone in class java.security.cert.PKIXCertPathChecker