org.bouncycastle.jce.provider

Class CertPathValidatorUtilities

public class CertPathValidatorUtilities extends Object

Field Summary
protected static StringANY_POLICY
protected static StringAUTHORITY_KEY_IDENTIFIER
protected static StringBASIC_CONSTRAINTS
protected static String[]crlReasons
protected static StringCERTIFICATE_POLICIES
protected static StringCRL_DISTRIBUTION_POINTS
protected static StringCRL_NUMBER
protected static intCRL_SIGN
protected static StringDELTA_CRL_INDICATOR
protected static StringFRESHEST_CRL
protected static StringINHIBIT_ANY_POLICY
protected static StringISSUING_DISTRIBUTION_POINT
protected static intKEY_CERT_SIGN
protected static StringKEY_USAGE
protected static StringNAME_CONSTRAINTS
protected static StringPOLICY_CONSTRAINTS
protected static StringPOLICY_MAPPINGS
protected static StringSUBJECT_ALTERNATIVE_NAME
Method Summary
protected static voidaddAdditionalStoreFromLocation(String location, ExtendedPKIXParameters pkixParams)
protected static voidaddAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
protected static CollectionfindCertificates(CertSelector certSelect, List certStores)
Return a Collection of all certificates found in the CertStore's that are matching the certSelect criteriums.
protected static CollectionfindCertificates(Selector certSelect, List certStores)
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
protected static CollectionfindCRLs(X509CRLSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the CertStore's that are matching the crlSelect criteriums.
protected static CollectionfindCRLs(X509CRLStoreSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
protected static TrustAnchorfindTrustAnchor(X509Certificate cert, CertPath certPath, int index, Set trustAnchors)
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.
protected static AlgorithmIdentifiergetAlgorithmIdentifier(PublicKey key)
protected static voidgetCertStatus(Date validDate, X509CRL crl, BigInteger serialNumber, CertStatus certStatus)
protected static SetgetCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX)
Fetches complete CRLs according to RFC 3280.
protected static voidgetCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLStoreSelector selector, ExtendedPKIXParameters pkixParams)
Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.
protected static SetgetDeltaCRLs(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
Fetches delta CRLs according to RFC 3280 section 5.2.4.
protected static X500PrincipalgetEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.
protected static DERObjectgetExtensionValue(X509Extension ext, String oid)
extract the value of the given extension, if it exists.
protected static X500PrincipalgetIssuerPrincipal(X509CRL crl)
protected static PublicKeygetNextWorkingKey(X509Certificate cert, List certs, int index)
Return the next working key inheriting DSA parameters if necessary.
protected static SetgetQualifierSet(ASN1Sequence qualifiers)
protected static X500PrincipalgetSubjectPrincipal(X509Certificate cert)
protected static DategetValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
protected static DategetValidDate(PKIXParameters paramsPKIX)
protected static booleanisAnyPolicy(Set policySet)
protected static booleanisSelfIssued(X509Certificate cert)
protected static voidprepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert)
protected static PKIXPolicyNodeprepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree)
protected static booleanprocessCertD1i(int index, List[] policyNodes, DERObjectIdentifier pOid, Set pq)
protected static voidprocessCertD1ii(int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq)
protected static PKIXPolicyNoderemovePolicyNode(PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node)

Field Detail

ANY_POLICY

protected static final String ANY_POLICY

AUTHORITY_KEY_IDENTIFIER

protected static final String AUTHORITY_KEY_IDENTIFIER

BASIC_CONSTRAINTS

protected static final String BASIC_CONSTRAINTS

crlReasons

protected static final String[] crlReasons

CERTIFICATE_POLICIES

protected static final String CERTIFICATE_POLICIES

CRL_DISTRIBUTION_POINTS

protected static final String CRL_DISTRIBUTION_POINTS

CRL_NUMBER

protected static final String CRL_NUMBER

CRL_SIGN

protected static final int CRL_SIGN

DELTA_CRL_INDICATOR

protected static final String DELTA_CRL_INDICATOR

FRESHEST_CRL

protected static final String FRESHEST_CRL

INHIBIT_ANY_POLICY

protected static final String INHIBIT_ANY_POLICY

ISSUING_DISTRIBUTION_POINT

protected static final String ISSUING_DISTRIBUTION_POINT

KEY_CERT_SIGN

protected static final int KEY_CERT_SIGN

KEY_USAGE

protected static final String KEY_USAGE

NAME_CONSTRAINTS

protected static final String NAME_CONSTRAINTS

POLICY_CONSTRAINTS

protected static final String POLICY_CONSTRAINTS

POLICY_MAPPINGS

protected static final String POLICY_MAPPINGS

SUBJECT_ALTERNATIVE_NAME

protected static final String SUBJECT_ALTERNATIVE_NAME

Method Detail

addAdditionalStoreFromLocation

protected static void addAdditionalStoreFromLocation(String location, ExtendedPKIXParameters pkixParams)

addAdditionalStoresFromCRLDistributionPoint

protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)

findCertificates

protected static Collection findCertificates(CertSelector certSelect, List certStores)
Return a Collection of all certificates found in the CertStore's that are matching the certSelect criteriums.

Parameters: certSelect a CertSelector CertSelector object that will be used to select the certificates certStores a List containing only CertStore CertStore objects. These are used to search for certificates

Returns: a Collection of all found java.security.cert.Certificate Certificate objects. May be empty but never null.

findCertificates

protected static Collection findCertificates(Selector certSelect, List certStores)
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.

Parameters: certSelect a Selector object that will be used to select the certificates certStores a List containing only X509Store objects. These are used to search for certificates.

Returns: a Collection of all found X509Certificate or X509AttributeCertificate objects. May be empty but never null.

findCRLs

protected static final Collection findCRLs(X509CRLSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the CertStore's that are matching the crlSelect criteriums.

Parameters: crlSelect a CertSelector CertSelector object that will be used to select the CRLs crlStores a List containing only CertStore CertStore objects. These are used to search for CRLs

Returns: a Collection of all found CRL CRL objects. May be empty but never null.

findCRLs

protected static final Collection findCRLs(X509CRLStoreSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.

Parameters: crlSelect a X509CRLStoreSelector object that will be used to select the CRLs crlStores a List containing only X509Store objects. These are used to search for CRLs

Returns: a Collection of all found X509CRL X509CRL objects. May be empty but never null.

findTrustAnchor

protected static final TrustAnchor findTrustAnchor(X509Certificate cert, CertPath certPath, int index, Set trustAnchors)
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.

Parameters: cert the X509 certificate trustAnchors a Set of TrustAnchor's

Returns: the TrustAnchor object if found or null if not.

Throws: CertPathValidatorException if a TrustAnchor was found but the signature verification on the given certificate has thrown an exception. This Exception can be obtainted with getCause() method.

getAlgorithmIdentifier

protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key)

getCertStatus

protected static void getCertStatus(Date validDate, X509CRL crl, BigInteger serialNumber, CertStatus certStatus)

getCompleteCRLs

protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX)
Fetches complete CRLs according to RFC 3280.

Parameters: dp The distribution point for which the complete CRL cert The X509Certificate or X509AttributeCertificate for which the CRL should be searched. currentDate The date for which the delta CRLs must be valid. paramsPKIX The extended PKIX parameters.

Returns: A Set of X509CRLs with complete CRLs.

Throws: AnnotatedException if an exception occurs while picking the CRLs or no CRLs are found.

getCRLIssuersFromDistributionPoint

protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLStoreSelector selector, ExtendedPKIXParameters pkixParams)
Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.

The issuerPrincipals are a collection with a single X500Principal for X509Certificates. For X509AttributeCertificates the issuer may contain more than one X500Principal.

Parameters: dp The distribution point. issuerPrincipals The issuers of the certificate or atribute certificate which contains the distribution point. selector The CRL selector. pkixParams The PKIX parameters containing the cert stores.

Throws: AnnotatedException if an exception occurs while processing. ClassCastException if issuerPrincipals does not contain only X500Principals.

getDeltaCRLs

protected static Set getDeltaCRLs(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
Fetches delta CRLs according to RFC 3280 section 5.2.4.

Parameters: currentDate The date for which the delta CRLs must be valid. paramsPKIX The extended PKIX parameters. completeCRL The complete CRL the delta CRL is for.

Returns: A Set of X509CRLs with delta CRLs.

Throws: AnnotatedException if an exception occurs while picking the delta CRLs or no delta CRLs are found.

getEncodedIssuerPrincipal

protected static X500Principal getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.

Parameters: cert The attribute certificate or certificate.

Returns: The issuer as X500Principal.

getExtensionValue

protected static DERObject getExtensionValue(X509Extension ext, String oid)
extract the value of the given extension, if it exists.

getIssuerPrincipal

protected static X500Principal getIssuerPrincipal(X509CRL crl)

getNextWorkingKey

protected static PublicKey getNextWorkingKey(X509Certificate cert, List certs, int index)
Return the next working key inheriting DSA parameters if necessary.

This methods inherits DSA parameters from the indexed certificate or previous certificates in the certificate chain to the returned PublicKey. The list is searched upwards, meaning the end certificate is at position 0 and previous certificates are following.

If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.

Parameters: certs The certification path. index The index of the certificate which contains the public key which should be extended with DSA parameters.

Returns: The public key of the certificate in list position index extended with DSA parameters if applicable.

Throws: AnnotatedException if DSA parameters cannot be inherited.

getQualifierSet

protected static final Set getQualifierSet(ASN1Sequence qualifiers)

getSubjectPrincipal

protected static X500Principal getSubjectPrincipal(X509Certificate cert)

getValidCertDateFromValidityModel

protected static Date getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)

getValidDate

protected static Date getValidDate(PKIXParameters paramsPKIX)

isAnyPolicy

protected static boolean isAnyPolicy(Set policySet)

isSelfIssued

protected static boolean isSelfIssued(X509Certificate cert)

prepareNextCertB1

protected static void prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert)

prepareNextCertB2

protected static PKIXPolicyNode prepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree)

processCertD1i

protected static boolean processCertD1i(int index, List[] policyNodes, DERObjectIdentifier pOid, Set pq)

processCertD1ii

protected static void processCertD1ii(int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq)

removePolicyNode

protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node)