org.bouncycastle.jce.provider
Class RFC3281CertPathUtilities

java.lang.Object
  org.bouncycastle.jce.provider.CertPathValidatorUtilities
      org.bouncycastle.jce.provider.RFC3281CertPathUtilities

 class RFC3281CertPathUtilities
extends CertPathValidatorUtilities

Field Summary

private static java.lang.String	AUTHORITY_INFO_ACCESS
private static java.lang.String	NO_REV_AVAIL
private static java.lang.String	TARGET_INFORMATION

Fields inherited from class org.bouncycastle.jce.provider.CertPathValidatorUtilities

ANY_POLICY, AUTHORITY_KEY_IDENTIFIER, BASIC_CONSTRAINTS, CERTIFICATE_POLICIES, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_SIGN, crlReasons, DELTA_CRL_INDICATOR, FRESHEST_CRL, INHIBIT_ANY_POLICY, ISSUING_DISTRIBUTION_POINT, KEY_CERT_SIGN, KEY_USAGE, NAME_CONSTRAINTS, POLICY_CONSTRAINTS, POLICY_MAPPINGS, SUBJECT_ALTERNATIVE_NAME

Constructor Summary

RFC3281CertPathUtilities()

Method Summary

protected static void	additionalChecks(X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams)
private static void	checkCRL(DistributionPoint dp, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate defaultCRLSignCert, java.security.PublicKey defaultCRLSignKey, CertStatus certStatus, ReasonsMask reasonMask, java.util.List certPathCerts) Checks a distribution point for revocation information for the certificate cert.
private static void	checkCRL(DistributionPoint dp, X509AttributeCertificate attrCert, ExtendedPKIXParameters paramsPKIX, java.util.Date validDate, java.security.cert.X509Certificate issuerCert, CertStatus certStatus, ReasonsMask reasonMask) Checks a distribution point for revocation information for the certificate cert.
private static void	checkCRLs(ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.List certPathCerts) Checks a certificate if it is revoked.
protected static void	checkCRLs(X509AttributeCertificate attrCert, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate issuerCert, java.util.Date validDate) Checks if an attribute certificate is revoked.
protected static java.security.cert.CertPath	processAttrCert1(X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams) Searches for a holder public key certificate and verifies its certification path.
protected static java.security.cert.CertPathValidatorResult	processAttrCert2(java.security.cert.CertPath certPath, ExtendedPKIXParameters pkixParams)
protected static void	processAttrCert3(java.security.cert.X509Certificate acIssuerCert, ExtendedPKIXParameters pkixParams)
protected static void	processAttrCert4(java.security.cert.X509Certificate acIssuerCert, ExtendedPKIXParameters pkixParams)
protected static void	processAttrCert5(X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams)
protected static void	processAttrCert7(X509AttributeCertificate attrCert, java.security.cert.CertPath certPath, java.security.cert.CertPath holderCertPath, ExtendedPKIXParameters pkixParams)
protected static java.util.Set	processCRLA1i(java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.security.cert.X509CRL crl)
protected static java.util.Set[]	processCRLA1ii(java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.security.cert.X509CRL crl)
protected static void	processCRLB1(DistributionPoint dp, java.lang.Object cert, java.security.cert.X509CRL crl)
protected static void	processCRLB2(DistributionPoint dp, java.lang.Object cert, java.security.cert.X509CRL crl)
protected static void	processCRLC(java.security.cert.X509CRL deltaCRL, java.security.cert.X509CRL completeCRL, ExtendedPKIXParameters pkixParams) If use-deltas is set, verify the issuer and scope of the delta CRL.
protected static ReasonsMask	processCRLD(java.security.cert.X509CRL crl, DistributionPoint dp)
protected static java.util.Set	processCRLF(java.security.cert.X509CRL crl, java.lang.Object cert, java.security.cert.X509Certificate defaultCRLSignCert, java.security.PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX) Obtain and validate the certification path for the complete CRL issuer.
protected static java.security.PublicKey	processCRLG(java.security.cert.X509CRL crl, java.util.Set keys)
protected static java.security.cert.X509CRL	processCRLH(java.util.Set deltacrls, java.security.PublicKey key)
protected static void	processCRLI(java.util.Date validDate, java.security.cert.X509CRL deltacrl, java.math.BigInteger serialNumber, CertStatus certStatus, ExtendedPKIXParameters pkixParams)
protected static void	processCRLJ(java.util.Date validDate, java.security.cert.X509CRL completecrl, java.math.BigInteger serialNumber, CertStatus certStatus)

Methods inherited from class org.bouncycastle.jce.provider.CertPathValidatorUtilities

addAdditionalStoreFromLocation, addAdditionalStoresFromCRLDistributionPoint, findCertificates, findCertificates, findCRLs, findCRLs, findTrustAnchor, getAlgorithmIdentifier, getCertStatus, getCompleteCRLs, getCRLIssuersFromDistributionPoint, getDeltaCRLs, getEncodedIssuerPrincipal, getExtensionValue, getIssuerPrincipal, getNextWorkingKey, getQualifierSet, getSubjectPrincipal, getValidCertDateFromValidityModel, getValidDate, isAnyPolicy, isSelfIssued, prepareNextCertB1, prepareNextCertB2, processCertD1i, processCertD1ii, removePolicyNode

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TARGET_INFORMATION

private static final java.lang.String TARGET_INFORMATION

NO_REV_AVAIL

private static final java.lang.String NO_REV_AVAIL

AUTHORITY_INFO_ACCESS

private static final java.lang.String AUTHORITY_INFO_ACCESS

Constructor Detail

RFC3281CertPathUtilities

RFC3281CertPathUtilities()

Method Detail

processAttrCert7

protected static void processAttrCert7(X509AttributeCertificate attrCert,
                                       java.security.cert.CertPath certPath,
                                       java.security.cert.CertPath holderCertPath,
                                       ExtendedPKIXParameters pkixParams)
                                throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

checkCRLs

protected static void checkCRLs(X509AttributeCertificate attrCert,
                                ExtendedPKIXParameters paramsPKIX,
                                java.security.cert.X509Certificate issuerCert,
                                java.util.Date validDate)
                         throws java.security.cert.CertPathValidatorException

Checks if an attribute certificate is revoked.

Parameters:

attrCert - Attribute certificate to check if it is revoked.

paramsPKIX - PKIX parameters.

issuerCert - The issuer certificate of the attribute certificate attrCert.

validDate - The date when the certificate revocation status should be checked.

Throws:

java.security.cert.CertPathValidatorException - if the certificate is revoked or the status cannot be checked or some error occurs.

additionalChecks

protected static void additionalChecks(X509AttributeCertificate attrCert,
                                       ExtendedPKIXParameters pkixParams)
                                throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

processAttrCert5

protected static void processAttrCert5(X509AttributeCertificate attrCert,
                                       ExtendedPKIXParameters pkixParams)
                                throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

processAttrCert4

protected static void processAttrCert4(java.security.cert.X509Certificate acIssuerCert,
                                       ExtendedPKIXParameters pkixParams)
                                throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

processAttrCert3

protected static void processAttrCert3(java.security.cert.X509Certificate acIssuerCert,
                                       ExtendedPKIXParameters pkixParams)
                                throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

processAttrCert2

protected static java.security.cert.CertPathValidatorResult processAttrCert2(java.security.cert.CertPath certPath,
                                                                             ExtendedPKIXParameters pkixParams)
                                                                      throws java.security.cert.CertPathValidatorException

Throws:

java.security.cert.CertPathValidatorException

processAttrCert1

protected static java.security.cert.CertPath processAttrCert1(X509AttributeCertificate attrCert,
                                                              ExtendedPKIXParameters pkixParams)
                                                       throws java.security.cert.CertPathValidatorException

Searches for a holder public key certificate and verifies its certification path.

Parameters:

attrCert - the attribute certificate.

pkixParams - The PKIX parameters.

Returns:

The certificate path of the holder certificate.

Throws:

AnnotatedException - if

• no public key certificate can be found although holder information is given by an entity name or a base certificate ID
• support classes cannot be created
• no certification path for the public key certificate can be built

java.security.cert.CertPathValidatorException

checkCRL

private static void checkCRL(DistributionPoint dp,
                             X509AttributeCertificate attrCert,
                             ExtendedPKIXParameters paramsPKIX,
                             java.util.Date validDate,
                             java.security.cert.X509Certificate issuerCert,
                             CertStatus certStatus,
                             ReasonsMask reasonMask)
                      throws AnnotatedException

Checks a distribution point for revocation information for the certificate cert.

Parameters:

dp - The distribution point to consider.

attrCert - The attribute certificate which should be checked.

paramsPKIX - PKIX parameters.

validDate - The date when the certificate revocation status should be checked.

issuerCert - Certificate to check if it is revoked.

reasonMask - The reasons mask which is already checked.

Throws:

AnnotatedException - if the certificate is revoked or the status cannot be checked or some error occurs.

processCRLB2

protected static void processCRLB2(DistributionPoint dp,
                                   java.lang.Object cert,
                                   java.security.cert.X509CRL crl)
                            throws AnnotatedException

Throws:

AnnotatedException

processCRLB1

protected static void processCRLB1(DistributionPoint dp,
                                   java.lang.Object cert,
                                   java.security.cert.X509CRL crl)
                            throws AnnotatedException

Throws:

AnnotatedException

processCRLD

protected static ReasonsMask processCRLD(java.security.cert.X509CRL crl,
                                         DistributionPoint dp)
                                  throws AnnotatedException

Throws:

AnnotatedException

processCRLF

protected static java.util.Set processCRLF(java.security.cert.X509CRL crl,
                                           java.lang.Object cert,
                                           java.security.cert.X509Certificate defaultCRLSignCert,
                                           java.security.PublicKey defaultCRLSignKey,
                                           ExtendedPKIXParameters paramsPKIX)
                                    throws AnnotatedException

Obtain and validate the certification path for the complete CRL issuer. If a key usage extension is present in the CRL issuer's certificate, verify that the cRLSign bit is set.

Parameters:

crl - CRL which contains revocation information for the certificate cert.

cert - The attribute certificate or certificate to check if it is revoked.

defaultCRLSignCert - The issuer certificate of the certificate cert. May be null.

defaultCRLSignKey - The public key of the issuer certificate defaultCRLSignCert. May be null.

paramsPKIX - paramsPKIX PKIX parameters.

Returns:

A Set with all keys of possible CRL issuer certificates.

Throws:

AnnotatedException - if the CRL is no valid or the status cannot be checked or some error occurs.

processCRLG

protected static java.security.PublicKey processCRLG(java.security.cert.X509CRL crl,
                                                     java.util.Set keys)
                                              throws AnnotatedException

Throws:

AnnotatedException

processCRLH

protected static java.security.cert.X509CRL processCRLH(java.util.Set deltacrls,
                                                        java.security.PublicKey key)
                                                 throws AnnotatedException

Throws:

AnnotatedException

processCRLA1i

protected static java.util.Set processCRLA1i(java.util.Date currentDate,
                                             ExtendedPKIXParameters paramsPKIX,
                                             java.security.cert.X509Certificate cert,
                                             java.security.cert.X509CRL crl)
                                      throws AnnotatedException

Throws:

AnnotatedException

processCRLA1ii

protected static java.util.Set[] processCRLA1ii(java.util.Date currentDate,
                                                ExtendedPKIXParameters paramsPKIX,
                                                java.security.cert.X509Certificate cert,
                                                java.security.cert.X509CRL crl)
                                         throws AnnotatedException

Throws:

AnnotatedException

processCRLC

protected static void processCRLC(java.security.cert.X509CRL deltaCRL,
                                  java.security.cert.X509CRL completeCRL,
                                  ExtendedPKIXParameters pkixParams)
                           throws AnnotatedException

If use-deltas is set, verify the issuer and scope of the delta CRL.

Parameters:

deltaCRL - The delta CRL.

completeCRL - The complete CRL.

pkixParams - The PKIX paramaters.

Throws:

AnnotatedException - if an exception occurs.

processCRLI

protected static void processCRLI(java.util.Date validDate,
                                  java.security.cert.X509CRL deltacrl,
                                  java.math.BigInteger serialNumber,
                                  CertStatus certStatus,
                                  ExtendedPKIXParameters pkixParams)
                           throws AnnotatedException

Throws:

AnnotatedException

processCRLJ

protected static void processCRLJ(java.util.Date validDate,
                                  java.security.cert.X509CRL completecrl,
                                  java.math.BigInteger serialNumber,
                                  CertStatus certStatus)
                           throws AnnotatedException

Throws:

AnnotatedException

checkCRL

private static void checkCRL(DistributionPoint dp,
                             ExtendedPKIXParameters paramsPKIX,
                             java.security.cert.X509Certificate cert,
                             java.util.Date validDate,
                             java.security.cert.X509Certificate defaultCRLSignCert,
                             java.security.PublicKey defaultCRLSignKey,
                             CertStatus certStatus,
                             ReasonsMask reasonMask,
                             java.util.List certPathCerts)
                      throws AnnotatedException

Checks a distribution point for revocation information for the certificate cert.

Parameters:

dp - The distribution point to consider.

paramsPKIX - PKIX parameters.

cert - Certificate to check if it is revoked.

validDate - The date when the certificate revocation status should be checked.

defaultCRLSignCert - The issuer certificate of the certificate cert.

defaultCRLSignKey - The public key of the issuer certificate defaultCRLSignCert.

certStatus - The current certificate revocation status.

reasonMask - The reasons mask which is already checked.

certPathCerts - The certificates of the certification path.

Throws:

AnnotatedException - if the certificate is revoked or the status cannot be checked or some error occurs.

checkCRLs

private static void checkCRLs(ExtendedPKIXParameters paramsPKIX,
                              java.security.cert.X509Certificate cert,
                              java.util.Date validDate,
                              java.security.cert.X509Certificate sign,
                              java.security.PublicKey workingPublicKey,
                              java.util.List certPathCerts)
                       throws AnnotatedException

Checks a certificate if it is revoked.

Parameters:

paramsPKIX - PKIX parameters.

cert - Certificate to check if it is revoked.

validDate - The date when the certificate revocation status should be checked.

sign - The issuer certificate of the certificate cert.

workingPublicKey - The public key of the issuer certificate sign.

certPathCerts - The certificates of the certification path.

Throws:

AnnotatedException - if the certificate is revoked or the status cannot be checked or some error occurs.