old.org.bouncycastle.x509

Class PKIXCertPathReviewer

java.lang.Object

old.org.bouncycastle.jce.provider.CertPathValidatorUtilities

old.org.bouncycastle.x509.PKIXCertPathReviewer

public class PKIXCertPathReviewer
extends CertPathValidatorUtilities

PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.

Field Summary

Fields

Modifier and Type	Field and Description
protected CertPath	certPath
protected List	certs
protected List[]	errors
protected int	n
protected List[]	notifications
protected PKIXParameters	pkixParams
protected PolicyNode	policyTree
protected PublicKey	subjectPublicKey
protected TrustAnchor	trustAnchor
protected Date	validDate

Fields inherited from class old.org.bouncycastle.jce.provider.CertPathValidatorUtilities

ANY_POLICY, AUTHORITY_KEY_IDENTIFIER, BASIC_CONSTRAINTS, CERTIFICATE_POLICIES, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_SIGN, CRL_UTIL, crlReasons, DELTA_CRL_INDICATOR, FRESHEST_CRL, INHIBIT_ANY_POLICY, ISSUING_DISTRIBUTION_POINT, KEY_CERT_SIGN, KEY_USAGE, NAME_CONSTRAINTS, POLICY_CONSTRAINTS, POLICY_MAPPINGS, SUBJECT_ALTERNATIVE_NAME

Constructor Summary

Constructors

Constructor and Description
PKIXCertPathReviewer() Creates an empty PKIXCertPathReviewer.
PKIXCertPathReviewer(CertPath certPath, PKIXParameters params) Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Method Summary

Modifier and Type	Method and Description
protected void	addError(ErrorBundle msg)
protected void	addError(ErrorBundle msg, int index)
protected void	addNotification(ErrorBundle msg)
protected void	addNotification(ErrorBundle msg, int index)
protected void	doChecks()
CertPath	getCertPath()
int	getCertPathSize()
protected Vector	getCRLDistUrls(CRLDistPoint crlDistPoints)
List[]	getErrors() Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path.
List	getErrors(int index) Returns an List of error messages for the certificate at the given index in the CertPath.
List[]	getNotifications() Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path.
List	getNotifications(int index) Returns an List of notification messages for the certificate at the given index in the CertPath.
protected Vector	getOCSPUrls(AuthorityInformationAccess authInfoAccess)
PolicyNode	getPolicyTree()
PublicKey	getSubjectPublicKey()
TrustAnchor	getTrustAnchor()
protected Collection	getTrustAnchors(X509Certificate cert, Set trustanchors)
protected void	checkCRLs(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, int index)
protected void	checkRevocation(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, Vector ocspUrls, int index)
void	init(CertPath certPath, PKIXParameters params) Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
boolean	isValidCertPath()

Methods inherited from class old.org.bouncycastle.jce.provider.CertPathValidatorUtilities

addAdditionalStoreFromLocation, addAdditionalStoresFromAltNames, addAdditionalStoresFromCRLDistributionPoint, findCertificates, findCertificates, findIssuerCerts, findTrustAnchor, findTrustAnchor, getAlgorithmIdentifier, getCertStatus, getCompleteCRLs, getCRLIssuersFromDistributionPoint, getDeltaCRLs, getEncodedIssuerPrincipal, getExtensionValue, getIssuerPrincipal, getNextWorkingKey, getQualifierSet, getSubjectPrincipal, getValidCertDateFromValidityModel, getValidDate, isAnyPolicy, isSelfIssued, prepareNextCertB1, prepareNextCertB2, processCertD1i, processCertD1ii, removePolicyNode, verifyX509Certificate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

certPath

protected CertPath certPath

pkixParams

protected PKIXParameters pkixParams

validDate

protected Date validDate

certs

protected List certs

n

protected int n

notifications

protected List[] notifications

errors

protected List[] errors

trustAnchor

protected TrustAnchor trustAnchor

subjectPublicKey

protected PublicKey subjectPublicKey

policyTree

protected PolicyNode policyTree

Constructor Detail

PKIXCertPathReviewer

public PKIXCertPathReviewer(CertPath certPath,
                            PKIXParameters params)
                     throws CertPathReviewerException

Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

CertPathReviewerException - if the certPath is empty

PKIXCertPathReviewer

public PKIXCertPathReviewer()

Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.

Method Detail

init

public void init(CertPath certPath,
                 PKIXParameters params)
          throws CertPathReviewerException

Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

CertPathReviewerException - if the certPath is empty

IllegalStateException - if the PKIXCertPathReviewer is already initialized

getCertPath

public CertPath getCertPath()

Returns:

the CertPath that was validated

getCertPathSize

public int getCertPathSize()

Returns:

the size of the CertPath

getErrors

public List[] getErrors()

Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path. The global error List is at index 0. The error lists for each certificate at index 1 to n. The error messages are of type.

Returns:

the Array of Lists which contain the error messages

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getErrors

public List getErrors(int index)

Returns an List of error messages for the certificate at the given index in the CertPath. If index == -1 then the list of global errors is returned with errors not specific to a certificate.

Parameters:

index - the index of the certificate in the CertPath

Returns:

List of error messages for the certificate

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public List[] getNotifications()

Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path. The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. The error messages are of type.

Returns:

the Array of Lists which contain the notification messages

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public List getNotifications(int index)

Returns an List of notification messages for the certificate at the given index in the CertPath. If index == -1 then the list of global notifications is returned with notifications not specific to a certificate.

Parameters:

index - the index of the certificate in the CertPath

Returns:

List of notification messages for the certificate

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getPolicyTree

public PolicyNode getPolicyTree()

Returns:

the valid policy tree, null if no valid policy exists.

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getSubjectPublicKey

public PublicKey getSubjectPublicKey()

Returns:

the PublicKey if the last certificate in the CertPath

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

getTrustAnchor

public TrustAnchor getTrustAnchor()

Returns:

the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

isValidCertPath

public boolean isValidCertPath()

Returns:

if the CertPath is valid

Throws:

IllegalStateException - if the PKIXCertPathReviewer was not initialized

addNotification

protected void addNotification(ErrorBundle msg)

addNotification

protected void addNotification(ErrorBundle msg,
                               int index)

addError

protected void addError(ErrorBundle msg)

addError

protected void addError(ErrorBundle msg,
                        int index)

doChecks

protected void doChecks()

checkRevocation

protected void checkRevocation(PKIXParameters paramsPKIX,
                               X509Certificate cert,
                               Date validDate,
                               X509Certificate sign,
                               PublicKey workingPublicKey,
                               Vector crlDistPointUrls,
                               Vector ocspUrls,
                               int index)
                        throws CertPathReviewerException

Throws:

CertPathReviewerException

checkCRLs

protected void checkCRLs(PKIXParameters paramsPKIX,
                         X509Certificate cert,
                         Date validDate,
                         X509Certificate sign,
                         PublicKey workingPublicKey,
                         Vector crlDistPointUrls,
                         int index)
                  throws CertPathReviewerException

Throws:

CertPathReviewerException

getCRLDistUrls

protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints)

getOCSPUrls

protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)

getTrustAnchors

protected Collection getTrustAnchors(X509Certificate cert,
                                     Set trustanchors)
                              throws CertPathReviewerException

Throws:

CertPathReviewerException