org.bouncycastle.jce.provider
public class CertPathValidatorUtilities extends Object
Field Summary | |
---|---|
protected static String | ANY_POLICY |
protected static String | AUTHORITY_KEY_IDENTIFIER |
protected static String | BASIC_CONSTRAINTS |
protected static String[] | crlReasons |
protected static String | CERTIFICATE_POLICIES |
protected static String | CRL_DISTRIBUTION_POINTS |
protected static String | CRL_NUMBER |
protected static int | CRL_SIGN |
protected static String | DELTA_CRL_INDICATOR |
protected static String | FRESHEST_CRL |
protected static String | INHIBIT_ANY_POLICY |
protected static String | ISSUING_DISTRIBUTION_POINT |
protected static int | KEY_CERT_SIGN |
protected static String | KEY_USAGE |
protected static String | NAME_CONSTRAINTS |
protected static String | POLICY_CONSTRAINTS |
protected static String | POLICY_MAPPINGS |
protected static String | SUBJECT_ALTERNATIVE_NAME |
Method Summary | |
---|---|
protected static void | addAdditionalStoreFromLocation(String location, ExtendedPKIXParameters pkixParams) |
protected static void | addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) |
protected static Collection | findCertificates(CertSelector certSelect, List certStores)
Return a Collection of all certificates found in the CertStore's that are
matching the certSelect criteriums.
|
protected static Collection | findCertificates(Selector certSelect, List certStores)
Return a Collection of all certificates or attribute certificates found
in the X509Store's that are matching the certSelect criteriums.
|
protected static Collection | findCRLs(X509CRLSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the
CertStore's that are matching the crlSelect criteriums.
|
protected static Collection | findCRLs(X509CRLStoreSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the X509Store's that are
matching the crlSelect criteriums.
|
protected static TrustAnchor | findTrustAnchor(X509Certificate cert, CertPath certPath, int index, Set trustAnchors)
Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
|
protected static AlgorithmIdentifier | getAlgorithmIdentifier(PublicKey key) |
protected static void | getCertStatus(Date validDate, X509CRL crl, BigInteger serialNumber, CertStatus certStatus) |
protected static Set | getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX)
Fetches complete CRLs according to RFC 3280.
|
protected static void | getCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLStoreSelector selector, ExtendedPKIXParameters pkixParams)
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector .
|
protected static Set | getDeltaCRLs(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
Fetches delta CRLs according to RFC 3280 section 5.2.4.
|
protected static X500Principal | getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate. |
protected static DERObject | getExtensionValue(X509Extension ext, String oid)
extract the value of the given extension, if it exists. |
protected static X500Principal | getIssuerPrincipal(X509CRL crl) |
protected static PublicKey | getNextWorkingKey(X509Certificate cert, List certs, int index)
Return the next working key inheriting DSA parameters if necessary.
|
protected static Set | getQualifierSet(ASN1Sequence qualifiers) |
protected static X500Principal | getSubjectPrincipal(X509Certificate cert) |
protected static Date | getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index) |
protected static Date | getValidDate(PKIXParameters paramsPKIX) |
protected static boolean | isAnyPolicy(Set policySet) |
protected static boolean | isSelfIssued(X509Certificate cert) |
protected static void | prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert) |
protected static PKIXPolicyNode | prepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree) |
protected static boolean | processCertD1i(int index, List[] policyNodes, DERObjectIdentifier pOid, Set pq) |
protected static void | processCertD1ii(int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq) |
protected static PKIXPolicyNode | removePolicyNode(PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node) |
Parameters: certSelect a CertSelector CertSelector
object that will
be used to select the certificates certStores a List containing only CertStore CertStore
objects. These are used to search for certificates
Returns: a Collection of all found java.security.cert.Certificate Certificate
objects. May be empty but never null
.
Parameters: certSelect a Selector object that will be used to select the certificates certStores a List containing only X509Store objects. These are used to search for certificates.
Returns: a Collection of all found X509Certificate or
X509AttributeCertificate objects.
May be empty but never null
.
Parameters: crlSelect a CertSelector CertSelector
object that will be used to select the CRLs crlStores a List containing only CertStore
CertStore
objects. These are used to search for
CRLs
Returns: a Collection of all found CRL CRL
objects. May be empty but never null
.
Parameters: crlSelect a X509CRLStoreSelector object that will be used
to select the CRLs crlStores a List containing only
X509Store
objects.
These are used to search for CRLs
Returns: a Collection of all found X509CRL X509CRL
objects. May be
empty but never null
.
Parameters: cert the X509 certificate trustAnchors a Set of TrustAnchor's
Returns: the TrustAnchor
object if found or
null
if not.
Throws: CertPathValidatorException if a TrustAnchor was
found but the signature verification on the given certificate
has thrown an exception. This Exception can be obtainted with
getCause()
method.
Parameters: dp The distribution point for which the complete CRL cert The X509Certificate
or
X509AttributeCertificate for
which the CRL should be searched. currentDate The date for which the delta CRLs must be valid. paramsPKIX The extended PKIX parameters.
Returns: A Set
of X509CRL
s with complete
CRLs.
Throws: AnnotatedException if an exception occurs while picking the CRLs or no CRLs are found.
selector
.
The issuerPrincipals
are a collection with a single
X500Principal
for X509Certificate
s. For
X509AttributeCertificates the issuer may contain more than one
X500Principal
.
Parameters: dp The distribution point. issuerPrincipals The issuers of the certificate or atribute certificate which contains the distribution point. selector The CRL selector. pkixParams The PKIX parameters containing the cert stores.
Throws: AnnotatedException if an exception occurs while processing. ClassCastException if issuerPrincipals
does not
contain only X500Principal
s.
Parameters: currentDate The date for which the delta CRLs must be valid. paramsPKIX The extended PKIX parameters. completeCRL The complete CRL the delta CRL is for.
Returns: A Set
of X509CRL
s with delta CRLs.
Throws: AnnotatedException if an exception occurs while picking the delta CRLs or no delta CRLs are found.
Parameters: cert The attribute certificate or certificate.
Returns: The issuer as X500Principal
.
This methods inherits DSA parameters from the indexed certificate or
previous certificates in the certificate chain to the returned
PublicKey
. The list is searched upwards, meaning the end
certificate is at position 0 and previous certificates are following.
If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.
Parameters: certs The certification path. index The index of the certificate which contains the public key which should be extended with DSA parameters.
Returns: The public key of the certificate in list position
index
extended with DSA parameters if applicable.
Throws: AnnotatedException if DSA parameters cannot be inherited.