Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.bouncycastle.jce.provider
Class CertPathValidatorUtilities

java.lang.Object
  extended by org.bouncycastle.jce.provider.CertPathValidatorUtilities
Direct Known Subclasses:
PKIXCertPathReviewer, RFC3281CertPathUtilities
public class CertPathValidatorUtilities
extends java.lang.Object

Field Summary
protected static java.lang.String ANY_POLICY
           
protected static java.lang.String AUTHORITY_KEY_IDENTIFIER
           
protected static java.lang.String BASIC_CONSTRAINTS
           
protected static java.lang.String CERTIFICATE_POLICIES
           
protected static java.lang.String CRL_DISTRIBUTION_POINTS
           
protected static java.lang.String CRL_NUMBER
           
protected static int CRL_SIGN
           
protected static java.lang.String[] crlReasons
           
protected static java.lang.String DELTA_CRL_INDICATOR
           
protected static java.lang.String FRESHEST_CRL
           
protected static java.lang.String INHIBIT_ANY_POLICY
           
protected static java.lang.String ISSUING_DISTRIBUTION_POINT
           
protected static int KEY_CERT_SIGN
           
protected static java.lang.String KEY_USAGE
           
protected static java.lang.String NAME_CONSTRAINTS
           
protected static java.lang.String POLICY_CONSTRAINTS
           
protected static java.lang.String POLICY_MAPPINGS
           
protected static java.lang.String SUBJECT_ALTERNATIVE_NAME
           
 
Constructor Summary
CertPathValidatorUtilities()
           
 
Method Summary
protected static void addAdditionalStoreFromLocation(java.lang.String location, ExtendedPKIXParameters pkixParams)
           
protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
           
protected static java.util.Collection findCertificates(java.security.cert.CertSelector certSelect, java.util.List certStores)
          Return a Collection of all certificates found in the CertStore's that are matching the certSelect criteriums.
protected static java.util.Collection findCertificates(Selector certSelect, java.util.List certStores)
          Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
protected static java.util.Collection findCRLs(java.security.cert.X509CRLSelector crlSelect, java.util.List crlStores)
          Return a Collection of all CRLs found in the CertStore's that are matching the crlSelect criteriums.
protected static java.util.Collection findCRLs(X509CRLStoreSelector crlSelect, java.util.List crlStores)
          Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
protected static java.security.cert.TrustAnchor findTrustAnchor(java.security.cert.X509Certificate cert, java.security.cert.CertPath certPath, int index, java.util.Set trustAnchors)
          Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.
protected static AlgorithmIdentifier getAlgorithmIdentifier(java.security.PublicKey key)
           
protected static void getCertStatus(java.util.Date validDate, java.security.cert.X509CRL crl, java.math.BigInteger serialNumber, CertStatus certStatus)
           
protected static java.util.Set getCompleteCRLs(DistributionPoint dp, java.lang.Object cert, java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX)
          Fetches complete CRLs according to RFC 3280.
protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp, java.util.Collection issuerPrincipals, X509CRLStoreSelector selector, ExtendedPKIXParameters pkixParams)
          Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.
protected static java.util.Set getDeltaCRLs(java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509CRL completeCRL)
          Fetches delta CRLs according to RFC 3280 section 5.2.4.
protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal(java.lang.Object cert)
          Returns the issuer of an attribute certificate or certificate.
protected static DERObject getExtensionValue(java.security.cert.X509Extension ext, java.lang.String oid)
          extract the value of the given extension, if it exists.
protected static javax.security.auth.x500.X500Principal getIssuerPrincipal(java.security.cert.X509CRL crl)
           
protected static java.security.PublicKey getNextWorkingKey(java.security.cert.X509Certificate cert, java.util.List certs, int index)
          Return the next working key inheriting DSA parameters if necessary.
private static DERObject getObject(java.lang.String oid, byte[] ext)
           
protected static java.util.Set getQualifierSet(ASN1Sequence qualifiers)
           
protected static javax.security.auth.x500.X500Principal getSubjectPrincipal(java.security.cert.X509Certificate cert)
           
protected static java.util.Date getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX, java.security.cert.CertPath certPath, int index)
           
protected static java.util.Date getValidDate(java.security.cert.PKIXParameters paramsPKIX)
           
protected static boolean isAnyPolicy(java.util.Set policySet)
           
protected static boolean isSelfIssued(java.security.cert.X509Certificate cert)
           
protected static void prepareNextCertB1(int i, java.util.List[] policyNodes, java.lang.String id_p, java.util.Map m_idp, java.security.cert.X509Certificate cert)
           
protected static PKIXPolicyNode prepareNextCertB2(int i, java.util.List[] policyNodes, java.lang.String id_p, PKIXPolicyNode validPolicyTree)
           
protected static boolean processCertD1i(int index, java.util.List[] policyNodes, DERObjectIdentifier pOid, java.util.Set pq)
           
protected static void processCertD1ii(int index, java.util.List[] policyNodes, DERObjectIdentifier _poid, java.util.Set _pq)
           
protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode validPolicyTree, java.util.List[] policyNodes, PKIXPolicyNode _node)
           
private static void removePolicyNodeRecurse(java.util.List[] policyNodes, PKIXPolicyNode _node)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CERTIFICATE_POLICIES

protected static final java.lang.String CERTIFICATE_POLICIES

BASIC_CONSTRAINTS

protected static final java.lang.String BASIC_CONSTRAINTS

POLICY_MAPPINGS

protected static final java.lang.String POLICY_MAPPINGS

SUBJECT_ALTERNATIVE_NAME

protected static final java.lang.String SUBJECT_ALTERNATIVE_NAME

NAME_CONSTRAINTS

protected static final java.lang.String NAME_CONSTRAINTS

KEY_USAGE

protected static final java.lang.String KEY_USAGE

INHIBIT_ANY_POLICY

protected static final java.lang.String INHIBIT_ANY_POLICY

ISSUING_DISTRIBUTION_POINT

protected static final java.lang.String ISSUING_DISTRIBUTION_POINT

DELTA_CRL_INDICATOR

protected static final java.lang.String DELTA_CRL_INDICATOR

POLICY_CONSTRAINTS

protected static final java.lang.String POLICY_CONSTRAINTS

FRESHEST_CRL

protected static final java.lang.String FRESHEST_CRL

CRL_DISTRIBUTION_POINTS

protected static final java.lang.String CRL_DISTRIBUTION_POINTS

AUTHORITY_KEY_IDENTIFIER

protected static final java.lang.String AUTHORITY_KEY_IDENTIFIER

ANY_POLICY

protected static final java.lang.String ANY_POLICY
See Also:
Constant Field Values

CRL_NUMBER

protected static final java.lang.String CRL_NUMBER

KEY_CERT_SIGN

protected static final int KEY_CERT_SIGN
See Also:
Constant Field Values

CRL_SIGN

protected static final int CRL_SIGN
See Also:
Constant Field Values

crlReasons

protected static final java.lang.String[] crlReasons
Constructor Detail

CertPathValidatorUtilities

public CertPathValidatorUtilities()
Method Detail

findTrustAnchor

protected static final java.security.cert.TrustAnchor findTrustAnchor(java.security.cert.X509Certificate cert,
                                                                      java.security.cert.CertPath certPath,
                                                                      int index,
                                                                      java.util.Set trustAnchors)
                                                               throws java.security.cert.CertPathValidatorException
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.

Parameters:
cert - the X509 certificate
trustAnchors - a Set of TrustAnchor's
Returns:
the TrustAnchor object if found or null if not.
Throws:
java.security.cert.CertPathValidatorException - if a TrustAnchor was found but the signature verification on the given certificate has thrown an exception. This Exception can be obtainted with getCause() method.

getEncodedIssuerPrincipal

protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal(java.lang.Object cert)
Returns the issuer of an attribute certificate or certificate.

Parameters:
cert - The attribute certificate or certificate.
Returns:
The issuer as X500Principal.

getValidDate

protected static java.util.Date getValidDate(java.security.cert.PKIXParameters paramsPKIX)

getSubjectPrincipal

protected static javax.security.auth.x500.X500Principal getSubjectPrincipal(java.security.cert.X509Certificate cert)

isSelfIssued

protected static boolean isSelfIssued(java.security.cert.X509Certificate cert)

getExtensionValue

protected static DERObject getExtensionValue(java.security.cert.X509Extension ext,
                                             java.lang.String oid)
                                      throws AnnotatedException
extract the value of the given extension, if it exists.

Throws:
AnnotatedException

getObject

private static DERObject getObject(java.lang.String oid,
                                   byte[] ext)
                            throws AnnotatedException
Throws:
AnnotatedException

getIssuerPrincipal

protected static javax.security.auth.x500.X500Principal getIssuerPrincipal(java.security.cert.X509CRL crl)

getAlgorithmIdentifier

protected static AlgorithmIdentifier getAlgorithmIdentifier(java.security.PublicKey key)
                                                     throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

findCRLs

protected static final java.util.Collection findCRLs(java.security.cert.X509CRLSelector crlSelect,
                                                     java.util.List crlStores)
                                              throws AnnotatedException
Return a Collection of all CRLs found in the CertStore's that are matching the crlSelect criteriums.

Parameters:
crlSelect - a CertSelector object that will be used to select the CRLs
crlStores - a List containing only CertStore objects. These are used to search for CRLs
Returns:
a Collection of all found CRL objects. May be empty but never null.
Throws:
AnnotatedException

findCRLs

protected static final java.util.Collection findCRLs(X509CRLStoreSelector crlSelect,
                                                     java.util.List crlStores)
                                              throws AnnotatedException
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.

Parameters:
crlSelect - a X509CRLStoreSelector object that will be used to select the CRLs
crlStores - a List containing only X509Store objects. These are used to search for CRLs
Returns:
a Collection of all found X509CRL objects. May be empty but never null.
Throws:
AnnotatedException

getQualifierSet

protected static final java.util.Set getQualifierSet(ASN1Sequence qualifiers)
                                              throws java.security.cert.CertPathValidatorException
Throws:
java.security.cert.CertPathValidatorException

removePolicyNode

protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode validPolicyTree,
                                                 java.util.List[] policyNodes,
                                                 PKIXPolicyNode _node)

removePolicyNodeRecurse

private static void removePolicyNodeRecurse(java.util.List[] policyNodes,
                                            PKIXPolicyNode _node)

processCertD1i

protected static boolean processCertD1i(int index,
                                        java.util.List[] policyNodes,
                                        DERObjectIdentifier pOid,
                                        java.util.Set pq)

processCertD1ii

protected static void processCertD1ii(int index,
                                      java.util.List[] policyNodes,
                                      DERObjectIdentifier _poid,
                                      java.util.Set _pq)

prepareNextCertB1

protected static void prepareNextCertB1(int i,
                                        java.util.List[] policyNodes,
                                        java.lang.String id_p,
                                        java.util.Map m_idp,
                                        java.security.cert.X509Certificate cert)
                                 throws AnnotatedException,
                                        java.security.cert.CertPathValidatorException
Throws:
AnnotatedException
java.security.cert.CertPathValidatorException

prepareNextCertB2

protected static PKIXPolicyNode prepareNextCertB2(int i,
                                                  java.util.List[] policyNodes,
                                                  java.lang.String id_p,
                                                  PKIXPolicyNode validPolicyTree)

isAnyPolicy

protected static boolean isAnyPolicy(java.util.Set policySet)

addAdditionalStoreFromLocation

protected static void addAdditionalStoreFromLocation(java.lang.String location,
                                                     ExtendedPKIXParameters pkixParams)

findCertificates

protected static java.util.Collection findCertificates(java.security.cert.CertSelector certSelect,
                                                       java.util.List certStores)
                                                throws AnnotatedException
Return a Collection of all certificates found in the CertStore's that are matching the certSelect criteriums.

Parameters:
certSelect - a CertSelector object that will be used to select the certificates
certStores - a List containing only CertStore objects. These are used to search for certificates
Returns:
a Collection of all found Certificate objects. May be empty but never null.
Throws:
AnnotatedException

findCertificates

protected static java.util.Collection findCertificates(Selector certSelect,
                                                       java.util.List certStores)
                                                throws AnnotatedException
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.

Parameters:
certSelect - a Selector object that will be used to select the certificates
certStores - a List containing only X509Store objects. These are used to search for certificates.
Returns:
a Collection of all found X509Certificate or X509AttributeCertificate objects. May be empty but never null.
Throws:
AnnotatedException

addAdditionalStoresFromCRLDistributionPoint

protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp,
                                                                  ExtendedPKIXParameters pkixParams)
                                                           throws AnnotatedException
Throws:
AnnotatedException

getCRLIssuersFromDistributionPoint

protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp,
                                                         java.util.Collection issuerPrincipals,
                                                         X509CRLStoreSelector selector,
                                                         ExtendedPKIXParameters pkixParams)
                                                  throws AnnotatedException
Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.

The issuerPrincipals are a collection with a single X500Principal for X509Certificates. For X509AttributeCertificates the issuer may contain more than one X500Principal.

Parameters:
dp - The distribution point.
issuerPrincipals - The issuers of the certificate or atribute certificate which contains the distribution point.
selector - The CRL selector.
pkixParams - The PKIX parameters containing the cert stores.
Throws:
AnnotatedException - if an exception occurs while processing.
java.lang.ClassCastException - if issuerPrincipals does not contain only X500Principals.

getCertStatus

protected static void getCertStatus(java.util.Date validDate,
                                    java.security.cert.X509CRL crl,
                                    java.math.BigInteger serialNumber,
                                    CertStatus certStatus)
                             throws AnnotatedException
Throws:
AnnotatedException

getDeltaCRLs

protected static java.util.Set getDeltaCRLs(java.util.Date currentDate,
                                            ExtendedPKIXParameters paramsPKIX,
                                            java.security.cert.X509CRL completeCRL)
                                     throws AnnotatedException
Fetches delta CRLs according to RFC 3280 section 5.2.4.

Parameters:
currentDate - The date for which the delta CRLs must be valid.
paramsPKIX - The extended PKIX parameters.
completeCRL - The complete CRL the delta CRL is for.
Returns:
A Set of X509CRLs with delta CRLs.
Throws:
AnnotatedException - if an exception occurs while picking the delta CRLs or no delta CRLs are found.

getCompleteCRLs

protected static java.util.Set getCompleteCRLs(DistributionPoint dp,
                                               java.lang.Object cert,
                                               java.util.Date currentDate,
                                               ExtendedPKIXParameters paramsPKIX)
                                        throws AnnotatedException
Fetches complete CRLs according to RFC 3280.

Parameters:
dp - The distribution point for which the complete CRL
cert - The X509Certificate or X509AttributeCertificate for which the CRL should be searched.
currentDate - The date for which the delta CRLs must be valid.
paramsPKIX - The extended PKIX parameters.
Returns:
A Set of X509CRLs with complete CRLs.
Throws:
AnnotatedException - if an exception occurs while picking the CRLs or no CRLs are found.

getValidCertDateFromValidityModel

protected static java.util.Date getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX,
                                                                  java.security.cert.CertPath certPath,
                                                                  int index)
                                                           throws AnnotatedException
Throws:
AnnotatedException

getNextWorkingKey

protected static java.security.PublicKey getNextWorkingKey(java.security.cert.X509Certificate cert,
                                                           java.util.List certs,
                                                           int index)
                                                    throws java.security.cert.CertPathValidatorException
Return the next working key inheriting DSA parameters if necessary.

This methods inherits DSA parameters from the indexed certificate or previous certificates in the certificate chain to the returned PublicKey. The list is searched upwards, meaning the end certificate is at position 0 and previous certificates are following.

If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.

Parameters:
certs - The certification path.
index - The index of the certificate which contains the public key which should be extended with DSA parameters.
Returns:
The public key of the certificate in list position index extended with DSA parameters if applicable.
Throws:
AnnotatedException - if DSA parameters cannot be inherited.
java.security.cert.CertPathValidatorException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD