Package eu.emi.security.authn.x509.helpers.pkipath.bc

Class FixedBCPKIXCertPathReviewer

  • public class FixedBCPKIXCertPathReviewer
extends org.bouncycastle.x509.PKIXCertPathReviewer
    PKIXCertPathReviewer
    Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. Copy note: unfortunately a lot of code can not be inherited, as too many methods are private + are very long :-(

    • Constructor Summary

      Constructors 
      Constructor Description
      FixedBCPKIXCertPathReviewer​(java.security.cert.CertPath certPath, ExtPKIXParameters2 params)
      Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void addError​(SimpleValidationErrorException msg, int index)  
      protected void checkRevocation​(ExtPKIXParameters2 paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey)  
      protected void doChecks()  
      protected static java.util.Collection findCertificates​(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0, java.util.List arg1)  
      protected static java.util.Collection findCertificates​(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, java.util.List arg1)  
      protected static java.util.Collection findCertificates​(org.bouncycastle.x509.X509CertStoreSelector arg0, java.util.List arg1)  
      protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier​(java.security.PublicKey arg0)  
      protected static void getCertStatus​(java.util.Date arg0, java.security.cert.X509CRL arg1, java.lang.Object arg2, org.bouncycastle.x509.CertStatus arg3)  
      protected java.util.Vector getCRLDistUrls​(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)  
      protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal​(java.lang.Object arg0)  
      protected static org.bouncycastle.asn1.ASN1Primitive getExtensionValue​(java.security.cert.X509Extension arg0, java.lang.String arg1)  
      protected static javax.security.auth.x500.X500Principal getIssuerPrincipal​(java.security.cert.X509CRL arg0)  
      protected static java.security.PublicKey getNextWorkingKey​(java.util.List arg0, int arg1)  
      protected static java.util.Set getQualifierSet​(org.bouncycastle.asn1.ASN1Sequence arg0)  
      protected static javax.security.auth.x500.X500Principal getSubjectPrincipal​(java.security.cert.X509Certificate arg0)  
      protected static java.util.Date getValidDate​(java.security.cert.PKIXParameters arg0)  
      protected static java.util.Date getValidityDate​(java.security.cert.PKIXParameters paramsPKIX, java.util.Date currentDate)  
      void init​(java.security.cert.CertPath certPath, ExtPKIXParameters2 params)
      Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
      protected static boolean isAnyPolicy​(java.util.Set arg0)  
      protected static boolean isSelfIssued​(java.security.cert.X509Certificate arg0)  
      protected static void prepareNextCertB1​(int arg0, java.util.List[] arg1, java.lang.String arg2, java.util.Map arg3, java.security.cert.X509Certificate arg4)  
      protected static org.bouncycastle.jce.provider.PKIXPolicyNode prepareNextCertB2​(int arg0, java.util.List[] arg1, java.lang.String arg2, org.bouncycastle.jce.provider.PKIXPolicyNode arg3)  
      protected static boolean processCertD1i​(int arg0, java.util.List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, java.util.Set arg3)  
      protected static void processCertD1ii​(int arg0, java.util.List[] arg1, org.bouncycastle.asn1.ASN1ObjectIdentifier arg2, java.util.Set arg3)  
      protected static org.bouncycastle.jce.provider.PKIXPolicyNode removePolicyNode​(org.bouncycastle.jce.provider.PKIXPolicyNode arg0, java.util.List[] arg1, org.bouncycastle.jce.provider.PKIXPolicyNode arg2)  
      protected static void verifyX509Certificate​(java.security.cert.X509Certificate arg0, java.security.PublicKey arg1, java.lang.String arg2)  

      • Methods inherited from class org.bouncycastle.x509.PKIXCertPathReviewer

        addError, addError, addNotification, addNotification, checkCRLs, checkRevocation, getCertPath, getCertPathSize, getErrors, getErrors, getNotifications, getNotifications, getOCSPUrls, getPolicyTree, getSubjectPublicKey, getTrustAnchor, getTrustAnchors, init, isValidCertPath

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • CERTIFICATE_POLICIES

        protected static final java.lang.String CERTIFICATE_POLICIES

      • BASIC_CONSTRAINTS

        protected static final java.lang.String BASIC_CONSTRAINTS

      • POLICY_MAPPINGS

        protected static final java.lang.String POLICY_MAPPINGS

      • SUBJECT_ALTERNATIVE_NAME

        protected static final java.lang.String SUBJECT_ALTERNATIVE_NAME

      • NAME_CONSTRAINTS

        protected static final java.lang.String NAME_CONSTRAINTS

      • KEY_USAGE

        protected static final java.lang.String KEY_USAGE

      • INHIBIT_ANY_POLICY

        protected static final java.lang.String INHIBIT_ANY_POLICY

      • ISSUING_DISTRIBUTION_POINT

        protected static final java.lang.String ISSUING_DISTRIBUTION_POINT

      • DELTA_CRL_INDICATOR

        protected static final java.lang.String DELTA_CRL_INDICATOR

      • POLICY_CONSTRAINTS

        protected static final java.lang.String POLICY_CONSTRAINTS

      • CRL_NUMBER

        protected static final java.lang.String CRL_NUMBER

      • crlReasons

        protected static final java.lang.String[] crlReasons

    • Constructor Detail

      • FixedBCPKIXCertPathReviewer

        public FixedBCPKIXCertPathReviewer​(java.security.cert.CertPath certPath,
                                   ExtPKIXParameters2 params)
                            throws org.bouncycastle.x509.CertPathReviewerException
        Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params
        Parameters:
        certPath - the CertPath to validate
        params - the PKIXParameters to use
        Throws:
        org.bouncycastle.x509.CertPathReviewerException - if the certPath is empty

    • Method Detail

      • init

        public void init​(java.security.cert.CertPath certPath,
                 ExtPKIXParameters2 params)
          throws org.bouncycastle.x509.CertPathReviewerException
        Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
        Parameters:
        certPath - the CertPath to validate
        params - the PKIXParameters to use
        Throws:
        org.bouncycastle.x509.CertPathReviewerException - if the certPath is empty
        java.lang.IllegalStateException - if the PKIXCertPathReviewer is already initialized

      • getValidityDate

        protected static java.util.Date getValidityDate​(java.security.cert.PKIXParameters paramsPKIX,
                                                java.util.Date currentDate)

      • doChecks

        protected void doChecks()
        Overrides:
        doChecks in class org.bouncycastle.x509.PKIXCertPathReviewer

      • getCRLDistUrls

        protected java.util.Vector getCRLDistUrls​(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoints)
        Overrides:
        getCRLDistUrls in class org.bouncycastle.x509.PKIXCertPathReviewer

      • getEncodedIssuerPrincipal

        protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal​(java.lang.Object arg0)

      • getValidDate

        protected static java.util.Date getValidDate​(java.security.cert.PKIXParameters arg0)

      • getSubjectPrincipal

        protected static javax.security.auth.x500.X500Principal getSubjectPrincipal​(java.security.cert.X509Certificate arg0)

      • isSelfIssued

        protected static boolean isSelfIssued​(java.security.cert.X509Certificate arg0)

      • getExtensionValue

        protected static org.bouncycastle.asn1.ASN1Primitive getExtensionValue​(java.security.cert.X509Extension arg0,
                                                                       java.lang.String arg1)
                                                                throws org.bouncycastle.jce.provider.AnnotatedException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException

      • getIssuerPrincipal

        protected static javax.security.auth.x500.X500Principal getIssuerPrincipal​(java.security.cert.X509CRL arg0)

      • getAlgorithmIdentifier

        protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier​(java.security.PublicKey arg0)
                                                                                throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException

      • getQualifierSet

        protected static final java.util.Set getQualifierSet​(org.bouncycastle.asn1.ASN1Sequence arg0)
                                              throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException

      • removePolicyNode

        protected static org.bouncycastle.jce.provider.PKIXPolicyNode removePolicyNode​(org.bouncycastle.jce.provider.PKIXPolicyNode arg0,
                                                                               java.util.List[] arg1,
                                                                               org.bouncycastle.jce.provider.PKIXPolicyNode arg2)

      • processCertD1i

        protected static boolean processCertD1i​(int arg0,
                                        java.util.List[] arg1,
                                        org.bouncycastle.asn1.ASN1ObjectIdentifier arg2,
                                        java.util.Set arg3)

      • processCertD1ii

        protected static void processCertD1ii​(int arg0,
                                      java.util.List[] arg1,
                                      org.bouncycastle.asn1.ASN1ObjectIdentifier arg2,
                                      java.util.Set arg3)

      • prepareNextCertB1

        protected static void prepareNextCertB1​(int arg0,
                                        java.util.List[] arg1,
                                        java.lang.String arg2,
                                        java.util.Map arg3,
                                        java.security.cert.X509Certificate arg4)
                                 throws org.bouncycastle.jce.provider.AnnotatedException,
                                        java.security.cert.CertPathValidatorException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException
        java.security.cert.CertPathValidatorException

      • prepareNextCertB2

        protected static org.bouncycastle.jce.provider.PKIXPolicyNode prepareNextCertB2​(int arg0,
                                                                                java.util.List[] arg1,
                                                                                java.lang.String arg2,
                                                                                org.bouncycastle.jce.provider.PKIXPolicyNode arg3)

      • isAnyPolicy

        protected static boolean isAnyPolicy​(java.util.Set arg0)

      • findCertificates

        protected static java.util.Collection findCertificates​(org.bouncycastle.x509.X509CertStoreSelector arg0,
                                                       java.util.List arg1)
                                                throws org.bouncycastle.jce.provider.AnnotatedException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException

      • findCertificates

        protected static java.util.Collection findCertificates​(org.bouncycastle.jcajce.PKIXCertStoreSelector arg0,
                                                       java.util.List arg1)
                                                throws org.bouncycastle.jce.provider.AnnotatedException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException

      • findCertificates

        protected static java.util.Collection findCertificates​(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0,
                                                       java.util.List arg1)
                                                throws org.bouncycastle.jce.provider.AnnotatedException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException

      • getCertStatus

        protected static void getCertStatus​(java.util.Date arg0,
                                    java.security.cert.X509CRL arg1,
                                    java.lang.Object arg2,
                                    org.bouncycastle.x509.CertStatus arg3)
                             throws org.bouncycastle.jce.provider.AnnotatedException
        Throws:
        org.bouncycastle.jce.provider.AnnotatedException

      • getNextWorkingKey

        protected static java.security.PublicKey getNextWorkingKey​(java.util.List arg0,
                                                           int arg1)
                                                    throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException

      • verifyX509Certificate

        protected static void verifyX509Certificate​(java.security.cert.X509Certificate arg0,
                                            java.security.PublicKey arg1,
                                            java.lang.String arg2)
                                     throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException