eu.emi.security.authn.x509.helpers.pkipath.bc

Class FixedBCPKIXCertPathReviewer

java.lang.Object

org.bouncycastle.x509.PKIXCertPathReviewer

eu.emi.security.authn.x509.helpers.pkipath.bc.FixedBCPKIXCertPathReviewer

public class FixedBCPKIXCertPathReviewer
extends org.bouncycastle.x509.PKIXCertPathReviewer

PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. Copy note: unfortunately a lot of code can not be inherited, as too many methods are private + are very long :-(

Field Summary

Fields

Modifier and Type	Field and Description
protected static String	ANY_POLICY
protected static String	AUTHORITY_KEY_IDENTIFIER
protected static String	BASIC_CONSTRAINTS
protected static String	CERTIFICATE_POLICIES
protected static String	CRL_DISTRIBUTION_POINTS
protected static String	CRL_NUMBER
protected static int	CRL_SIGN
protected static org.bouncycastle.x509.PKIXCRLUtil	CRL_UTIL
protected static String[]	crlReasons
protected static String	DELTA_CRL_INDICATOR
protected static String	FRESHEST_CRL
protected static String	INHIBIT_ANY_POLICY
protected static String	ISSUING_DISTRIBUTION_POINT
protected static int	KEY_CERT_SIGN
protected static String	KEY_USAGE
protected static String	NAME_CONSTRAINTS
protected ExtPKIXParameters2	pkixParams
protected static String	POLICY_CONSTRAINTS
protected static String	POLICY_MAPPINGS
static String	RESOURCE_NAME
protected static String	SUBJECT_ALTERNATIVE_NAME

Fields inherited from class org.bouncycastle.x509.PKIXCertPathReviewer

certPath, certs, errors, n, notifications, policyTree, subjectPublicKey, trustAnchor, validDate

Constructor Summary

Constructors

Constructor and Description
FixedBCPKIXCertPathReviewer(CertPath certPath, ExtPKIXParameters2 params) Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Method Summary

Modifier and Type	Method and Description
protected static void	addAdditionalStoreFromLocation(String arg0, org.bouncycastle.x509.ExtendedPKIXParameters arg1)
protected static void	addAdditionalStoresFromAltNames(X509Certificate arg0, org.bouncycastle.x509.ExtendedPKIXParameters arg1)
protected static void	addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint arg0, org.bouncycastle.x509.ExtendedPKIXParameters arg1)
protected void	addError(SimpleValidationErrorException msg, int index)
protected void	checkRevocation(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey)
protected void	doChecks()
protected static Collection	findCertificates(PKIXCertStoreSelector arg0, List arg1)
protected static Collection	findCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0, List arg1)
protected static Collection	findCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0, List arg1)
protected static TrustAnchor	findTrustAnchor(X509Certificate arg0, Set arg1)
protected static TrustAnchor	findTrustAnchor(X509Certificate arg0, Set arg1, String arg2)
protected static AlgorithmIdentifier	getAlgorithmIdentifier(PublicKey arg0)
protected static void	getCertStatus(Date arg0, X509CRL arg1, Object arg2, org.bouncycastle.x509.CertStatus arg3)
protected static Set	getCompleteCRLs(DistributionPoint arg0, Object arg1, Date arg2, org.bouncycastle.x509.ExtendedPKIXParameters arg3)
protected Vector	getCRLDistUrls(CRLDistPoint crlDistPoints)
protected static void	getCRLIssuersFromDistributionPoint(DistributionPoint arg0, Collection arg1, X509CRLSelector arg2, org.bouncycastle.x509.ExtendedPKIXParameters arg3)
protected static Set	getDeltaCRLs(Date arg0, org.bouncycastle.x509.ExtendedPKIXParameters arg1, X509CRL arg2)
protected static X500Principal	getEncodedIssuerPrincipal(Object arg0)
protected static ASN1Primitive	getExtensionValue(X509Extension arg0, String arg1)
protected static X500Principal	getIssuerPrincipal(X509CRL arg0)
protected static PublicKey	getNextWorkingKey(List arg0, int arg1)
protected static Set	getQualifierSet(ASN1Sequence arg0)
protected static X500Principal	getSubjectPrincipal(X509Certificate arg0)
protected static Date	getValidCertDateFromValidityModel(org.bouncycastle.x509.ExtendedPKIXParameters arg0, CertPath arg1, int arg2)
protected static Date	getValidDate(PKIXParameters arg0)
void	init(CertPath certPath, ExtPKIXParameters2 params) Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
protected static boolean	isAnyPolicy(Set arg0)
protected static boolean	isSelfIssued(X509Certificate arg0)
protected static void	prepareNextCertB1(int arg0, List[] arg1, String arg2, Map arg3, X509Certificate arg4)
protected static PKIXPolicyNode	prepareNextCertB2(int arg0, List[] arg1, String arg2, PKIXPolicyNode arg3)
protected static boolean	processCertD1i(int arg0, List[] arg1, ASN1ObjectIdentifier arg2, Set arg3)
protected static void	processCertD1ii(int arg0, List[] arg1, ASN1ObjectIdentifier arg2, Set arg3)
protected static PKIXPolicyNode	removePolicyNode(PKIXPolicyNode arg0, List[] arg1, PKIXPolicyNode arg2)
protected static void	verifyX509Certificate(X509Certificate arg0, PublicKey arg1, String arg2)

Methods inherited from class org.bouncycastle.x509.PKIXCertPathReviewer

addError, addError, addNotification, addNotification, checkCRLs, checkRevocation, getCertPath, getCertPathSize, getErrors, getErrors, getNotifications, getNotifications, getOCSPUrls, getPolicyTree, getSubjectPublicKey, getTrustAnchor, getTrustAnchors, init, isValidCertPath

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RESOURCE_NAME

public static final String RESOURCE_NAME

See Also:

Constant Field Values

pkixParams

protected ExtPKIXParameters2 pkixParams

CRL_UTIL

protected static final org.bouncycastle.x509.PKIXCRLUtil CRL_UTIL

CERTIFICATE_POLICIES

protected static final String CERTIFICATE_POLICIES

BASIC_CONSTRAINTS

protected static final String BASIC_CONSTRAINTS

POLICY_MAPPINGS

protected static final String POLICY_MAPPINGS

SUBJECT_ALTERNATIVE_NAME

protected static final String SUBJECT_ALTERNATIVE_NAME

NAME_CONSTRAINTS

protected static final String NAME_CONSTRAINTS

KEY_USAGE

protected static final String KEY_USAGE

INHIBIT_ANY_POLICY

protected static final String INHIBIT_ANY_POLICY

ISSUING_DISTRIBUTION_POINT

protected static final String ISSUING_DISTRIBUTION_POINT

DELTA_CRL_INDICATOR

protected static final String DELTA_CRL_INDICATOR

POLICY_CONSTRAINTS

protected static final String POLICY_CONSTRAINTS

FRESHEST_CRL

protected static final String FRESHEST_CRL

CRL_DISTRIBUTION_POINTS

protected static final String CRL_DISTRIBUTION_POINTS

AUTHORITY_KEY_IDENTIFIER

protected static final String AUTHORITY_KEY_IDENTIFIER

ANY_POLICY

protected static final String ANY_POLICY

See Also:

Constant Field Values

CRL_NUMBER

protected static final String CRL_NUMBER

KEY_CERT_SIGN

protected static final int KEY_CERT_SIGN

See Also:

Constant Field Values

CRL_SIGN

protected static final int CRL_SIGN

See Also:

Constant Field Values

crlReasons

protected static final String[] crlReasons

Constructor Detail

FixedBCPKIXCertPathReviewer

public FixedBCPKIXCertPathReviewer(CertPath certPath,
                                   ExtPKIXParameters2 params)
                            throws org.bouncycastle.x509.CertPathReviewerException

Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

org.bouncycastle.x509.CertPathReviewerException - if the certPath is empty

Method Detail

init

public void init(CertPath certPath,
                 ExtPKIXParameters2 params)
          throws org.bouncycastle.x509.CertPathReviewerException

Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

org.bouncycastle.x509.CertPathReviewerException - if the certPath is empty

IllegalStateException - if the PKIXCertPathReviewer is already initialized

addError

protected void addError(SimpleValidationErrorException msg,
                        int index)

doChecks

protected void doChecks()

Overrides:

doChecks in class org.bouncycastle.x509.PKIXCertPathReviewer

checkRevocation

protected void checkRevocation(ExtPKIXParameters2 paramsPKIX,
                               X509Certificate cert,
                               Date validDate,
                               X509Certificate sign,
                               PublicKey workingPublicKey)
                        throws SimpleValidationErrorException

Throws:

SimpleValidationErrorException

getCRLDistUrls

protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints)

Overrides:

getCRLDistUrls in class org.bouncycastle.x509.PKIXCertPathReviewer

findTrustAnchor

protected static TrustAnchor findTrustAnchor(X509Certificate arg0,
                                             Set arg1)
                                      throws AnnotatedException

Throws:

AnnotatedException

findTrustAnchor

protected static TrustAnchor findTrustAnchor(X509Certificate arg0,
                                             Set arg1,
                                             String arg2)
                                      throws AnnotatedException

Throws:

AnnotatedException

addAdditionalStoresFromAltNames

protected static void addAdditionalStoresFromAltNames(X509Certificate arg0,
                                                      org.bouncycastle.x509.ExtendedPKIXParameters arg1)
                                               throws CertificateParsingException

Throws:

CertificateParsingException

getEncodedIssuerPrincipal

protected static X500Principal getEncodedIssuerPrincipal(Object arg0)

getValidDate

protected static Date getValidDate(PKIXParameters arg0)

getSubjectPrincipal

protected static X500Principal getSubjectPrincipal(X509Certificate arg0)

isSelfIssued

protected static boolean isSelfIssued(X509Certificate arg0)

getExtensionValue

protected static ASN1Primitive getExtensionValue(X509Extension arg0,
                                                 String arg1)
                                          throws AnnotatedException

Throws:

AnnotatedException

getIssuerPrincipal

protected static X500Principal getIssuerPrincipal(X509CRL arg0)

getAlgorithmIdentifier

protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey arg0)
                                                     throws CertPathValidatorException

Throws:

CertPathValidatorException

getQualifierSet

protected static final Set getQualifierSet(ASN1Sequence arg0)
                                    throws CertPathValidatorException

Throws:

CertPathValidatorException

removePolicyNode

protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode arg0,
                                                 List[] arg1,
                                                 PKIXPolicyNode arg2)

processCertD1i

protected static boolean processCertD1i(int arg0,
                                        List[] arg1,
                                        ASN1ObjectIdentifier arg2,
                                        Set arg3)

processCertD1ii

protected static void processCertD1ii(int arg0,
                                      List[] arg1,
                                      ASN1ObjectIdentifier arg2,
                                      Set arg3)

prepareNextCertB1

protected static void prepareNextCertB1(int arg0,
                                        List[] arg1,
                                        String arg2,
                                        Map arg3,
                                        X509Certificate arg4)
                                 throws AnnotatedException,
                                        CertPathValidatorException

Throws:

AnnotatedException

CertPathValidatorException

prepareNextCertB2

protected static PKIXPolicyNode prepareNextCertB2(int arg0,
                                                  List[] arg1,
                                                  String arg2,
                                                  PKIXPolicyNode arg3)

isAnyPolicy

protected static boolean isAnyPolicy(Set arg0)

addAdditionalStoreFromLocation

protected static void addAdditionalStoreFromLocation(String arg0,
                                                     org.bouncycastle.x509.ExtendedPKIXParameters arg1)

findCertificates

protected static Collection findCertificates(org.bouncycastle.x509.X509CertStoreSelector arg0,
                                             List arg1)
                                      throws AnnotatedException

Throws:

AnnotatedException

findCertificates

protected static Collection findCertificates(PKIXCertStoreSelector arg0,
                                             List arg1)
                                      throws AnnotatedException

Throws:

AnnotatedException

findCertificates

protected static Collection findCertificates(org.bouncycastle.x509.X509AttributeCertStoreSelector arg0,
                                             List arg1)
                                      throws AnnotatedException

Throws:

AnnotatedException

addAdditionalStoresFromCRLDistributionPoint

protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint arg0,
                                                                  org.bouncycastle.x509.ExtendedPKIXParameters arg1)
                                                           throws AnnotatedException

Throws:

AnnotatedException

getCRLIssuersFromDistributionPoint

protected static void getCRLIssuersFromDistributionPoint(DistributionPoint arg0,
                                                         Collection arg1,
                                                         X509CRLSelector arg2,
                                                         org.bouncycastle.x509.ExtendedPKIXParameters arg3)
                                                  throws AnnotatedException

Throws:

AnnotatedException

getCertStatus

protected static void getCertStatus(Date arg0,
                                    X509CRL arg1,
                                    Object arg2,
                                    org.bouncycastle.x509.CertStatus arg3)
                             throws AnnotatedException

Throws:

AnnotatedException

getDeltaCRLs

protected static Set getDeltaCRLs(Date arg0,
                                  org.bouncycastle.x509.ExtendedPKIXParameters arg1,
                                  X509CRL arg2)
                           throws AnnotatedException

Throws:

AnnotatedException

getCompleteCRLs

protected static Set getCompleteCRLs(DistributionPoint arg0,
                                     Object arg1,
                                     Date arg2,
                                     org.bouncycastle.x509.ExtendedPKIXParameters arg3)
                              throws AnnotatedException

Throws:

AnnotatedException

getValidCertDateFromValidityModel

protected static Date getValidCertDateFromValidityModel(org.bouncycastle.x509.ExtendedPKIXParameters arg0,
                                                        CertPath arg1,
                                                        int arg2)
                                                 throws AnnotatedException

Throws:

AnnotatedException

getNextWorkingKey

protected static PublicKey getNextWorkingKey(List arg0,
                                             int arg1)
                                      throws CertPathValidatorException

Throws:

CertPathValidatorException

verifyX509Certificate

protected static void verifyX509Certificate(X509Certificate arg0,
                                            PublicKey arg1,
                                            String arg2)
                                     throws GeneralSecurityException

Throws:

GeneralSecurityException