Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.bouncycastle.x509
Class PKIXCertPathReviewer

java.lang.Object
  extended by org.bouncycastle.jce.provider.CertPathValidatorUtilities
      extended by org.bouncycastle.x509.PKIXCertPathReviewer

public class PKIXCertPathReviewer
extends CertPathValidatorUtilities

PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.

Field Summary
private static java.lang.String AUTH_INFO_ACCESS
           
protected  java.security.cert.CertPath certPath
           
protected  java.util.List certs
           
private static java.lang.String CRL_DIST_POINTS
           
protected  java.util.List[] errors
           
private  boolean initialized
           
protected  int n
           
protected  java.util.List[] notifications
           
protected  java.security.cert.PKIXParameters pkixParams
           
protected  java.security.cert.PolicyNode policyTree
           
private static java.lang.String QC_STATEMENT
           
private static java.lang.String RESOURCE_NAME
           
protected  java.security.PublicKey subjectPublicKey
           
protected  java.security.cert.TrustAnchor trustAnchor
           
protected  java.util.Date validDate
           
 
Fields inherited from class org.bouncycastle.jce.provider.CertPathValidatorUtilities
ANY_POLICY, AUTHORITY_KEY_IDENTIFIER, BASIC_CONSTRAINTS, CERTIFICATE_POLICIES, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_SIGN, crlReasons, DELTA_CRL_INDICATOR, FRESHEST_CRL, INHIBIT_ANY_POLICY, ISSUING_DISTRIBUTION_POINT, KEY_CERT_SIGN, KEY_USAGE, NAME_CONSTRAINTS, POLICY_CONSTRAINTS, POLICY_MAPPINGS, SUBJECT_ALTERNATIVE_NAME
 
Constructor Summary
PKIXCertPathReviewer()
          Creates an empty PKIXCertPathReviewer.
PKIXCertPathReviewer(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params)
          Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params
 
Method Summary
protected  void addError(ErrorBundle msg)
           
protected  void addError(ErrorBundle msg, int index)
           
protected  void addNotification(ErrorBundle msg)
           
protected  void addNotification(ErrorBundle msg, int index)
           
private  void checkCriticalExtensions()
           
protected  void checkCRLs(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, int index)
           
private  void checkNameConstraints()
           
private  void checkPathLength()
           
private  void checkPolicy()
           
protected  void checkRevocation(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, java.util.Vector ocspUrls, int index)
           
private  void checkSignatures()
           
protected  void doChecks()
           
 java.security.cert.CertPath getCertPath()
           
 int getCertPathSize()
           
private  java.security.cert.X509CRL getCRL(java.lang.String location)
           
protected  java.util.Vector getCRLDistUrls(CRLDistPoint crlDistPoints)
           
 java.util.List[] getErrors()
          Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path.
 java.util.List getErrors(int index)
          Returns an List of error messages for the certificate at the given index in the CertPath.
 java.util.List[] getNotifications()
          Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path.
 java.util.List getNotifications(int index)
          Returns an List of notification messages for the certificate at the given index in the CertPath.
protected  java.util.Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)
           
 java.security.cert.PolicyNode getPolicyTree()
           
 java.security.PublicKey getSubjectPublicKey()
           
 java.security.cert.TrustAnchor getTrustAnchor()
           
private  java.util.Collection getTrustAnchors(java.security.cert.X509Certificate cert, java.util.Set trustanchors)
           
 void init(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params)
          Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
private  java.lang.String IPtoString(byte[] ip)
           
 boolean isValidCertPath()
           
private  boolean processQcStatements(java.security.cert.X509Certificate cert, int index)
           
 
Methods inherited from class org.bouncycastle.jce.provider.CertPathValidatorUtilities
addAdditionalStoreFromLocation, addAdditionalStoresFromCRLDistributionPoint, findCertificates, findCertificates, findCRLs, findCRLs, findTrustAnchor, getAlgorithmIdentifier, getCertStatus, getCompleteCRLs, getCRLIssuersFromDistributionPoint, getDeltaCRLs, getEncodedIssuerPrincipal, getExtensionValue, getIssuerPrincipal, getNextWorkingKey, getQualifierSet, getSubjectPrincipal, getValidCertDateFromValidityModel, getValidDate, isAnyPolicy, isSelfIssued, prepareNextCertB1, prepareNextCertB2, processCertD1i, processCertD1ii, removePolicyNode
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

QC_STATEMENT

private static final java.lang.String QC_STATEMENT

CRL_DIST_POINTS

private static final java.lang.String CRL_DIST_POINTS

AUTH_INFO_ACCESS

private static final java.lang.String AUTH_INFO_ACCESS

RESOURCE_NAME

private static final java.lang.String RESOURCE_NAME
See Also:
Constant Field Values

certPath

protected java.security.cert.CertPath certPath

pkixParams

protected java.security.cert.PKIXParameters pkixParams

validDate

protected java.util.Date validDate

certs

protected java.util.List certs

n

protected int n

notifications

protected java.util.List[] notifications

errors

protected java.util.List[] errors

trustAnchor

protected java.security.cert.TrustAnchor trustAnchor

subjectPublicKey

protected java.security.PublicKey subjectPublicKey

policyTree

protected java.security.cert.PolicyNode policyTree

initialized

private boolean initialized
Constructor Detail

PKIXCertPathReviewer

public PKIXCertPathReviewer(java.security.cert.CertPath certPath,
                            java.security.cert.PKIXParameters params)
                     throws CertPathReviewerException
Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Parameters:
certPath - the CertPath to validate
params - the PKIXParameters to use
Throws:
CertPathReviewerException - if the certPath is empty

PKIXCertPathReviewer

public PKIXCertPathReviewer()
Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.

Method Detail

init

public void init(java.security.cert.CertPath certPath,
                 java.security.cert.PKIXParameters params)
          throws CertPathReviewerException
Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params

Parameters:
certPath - the CertPath to validate
params - the PKIXParameters to use
Throws:
CertPathReviewerException - if the certPath is empty
java.lang.IllegalStateException - if the PKIXCertPathReviewer is already initialized

getCertPath

public java.security.cert.CertPath getCertPath()
Returns:
the CertPath that was validated

getCertPathSize

public int getCertPathSize()
Returns:
the size of the CertPath

getErrors

public java.util.List[] getErrors()
Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path. The global error List is at index 0. The error lists for each certificate at index 1 to n. The error messages are of type.

Returns:
the Array of Lists which contain the error messages
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getErrors

public java.util.List getErrors(int index)
Returns an List of error messages for the certificate at the given index in the CertPath. If index == -1 then the list of global errors is returned with errors not specific to a certificate.

Parameters:
index - the index of the certificate in the CertPath
Returns:
List of error messages for the certificate
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public java.util.List[] getNotifications()
Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path. The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. The error messages are of type.

Returns:
the Array of Lists which contain the notification messages
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public java.util.List getNotifications(int index)
Returns an List of notification messages for the certificate at the given index in the CertPath. If index == -1 then the list of global notifications is returned with notifications not specific to a certificate.

Parameters:
index - the index of the certificate in the CertPath
Returns:
List of notification messages for the certificate
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getPolicyTree

public java.security.cert.PolicyNode getPolicyTree()
Returns:
the valid policy tree, null if no valid policy exists.
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getSubjectPublicKey

public java.security.PublicKey getSubjectPublicKey()
Returns:
the PublicKey if the last certificate in the CertPath
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getTrustAnchor

public java.security.cert.TrustAnchor getTrustAnchor()
Returns:
the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

isValidCertPath

public boolean isValidCertPath()
Returns:
if the CertPath is valid
Throws:
java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

addNotification

protected void addNotification(ErrorBundle msg)

addNotification

protected void addNotification(ErrorBundle msg,
                               int index)

addError

protected void addError(ErrorBundle msg)

addError

protected void addError(ErrorBundle msg,
                        int index)

doChecks

protected void doChecks()

checkNameConstraints

private void checkNameConstraints()

checkPathLength

private void checkPathLength()

checkSignatures

private void checkSignatures()

checkPolicy

private void checkPolicy()

checkCriticalExtensions

private void checkCriticalExtensions()

processQcStatements

private boolean processQcStatements(java.security.cert.X509Certificate cert,
                                    int index)

IPtoString

private java.lang.String IPtoString(byte[] ip)

checkRevocation

protected void checkRevocation(java.security.cert.PKIXParameters paramsPKIX,
                               java.security.cert.X509Certificate cert,
                               java.util.Date validDate,
                               java.security.cert.X509Certificate sign,
                               java.security.PublicKey workingPublicKey,
                               java.util.Vector crlDistPointUrls,
                               java.util.Vector ocspUrls,
                               int index)
                        throws CertPathReviewerException
Throws:
CertPathReviewerException

checkCRLs

protected void checkCRLs(java.security.cert.PKIXParameters paramsPKIX,
                         java.security.cert.X509Certificate cert,
                         java.util.Date validDate,
                         java.security.cert.X509Certificate sign,
                         java.security.PublicKey workingPublicKey,
                         java.util.Vector crlDistPointUrls,
                         int index)
                  throws CertPathReviewerException
Throws:
CertPathReviewerException

getCRLDistUrls

protected java.util.Vector getCRLDistUrls(CRLDistPoint crlDistPoints)

getOCSPUrls

protected java.util.Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)

getCRL

private java.security.cert.X509CRL getCRL(java.lang.String location)
                                   throws CertPathReviewerException
Throws:
CertPathReviewerException

getTrustAnchors

private java.util.Collection getTrustAnchors(java.security.cert.X509Certificate cert,
                                             java.util.Set trustanchors)
                                      throws CertPathReviewerException
Throws:
CertPathReviewerException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD