|
Bouncy Castle Cryptography 1.46 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.bouncycastle.jce.provider.RFC3280CertPathUtilities
public class RFC3280CertPathUtilities
Field Summary | |
---|---|
protected static java.lang.String |
ANY_POLICY
|
protected static java.lang.String |
AUTHORITY_KEY_IDENTIFIER
|
protected static java.lang.String |
BASIC_CONSTRAINTS
|
protected static java.lang.String |
CERTIFICATE_POLICIES
|
protected static java.lang.String |
CRL_DISTRIBUTION_POINTS
|
protected static java.lang.String |
CRL_NUMBER
|
protected static int |
CRL_SIGN
|
protected static java.lang.String[] |
crlReasons
|
protected static java.lang.String |
DELTA_CRL_INDICATOR
|
protected static java.lang.String |
FRESHEST_CRL
|
protected static java.lang.String |
INHIBIT_ANY_POLICY
|
protected static java.lang.String |
ISSUING_DISTRIBUTION_POINT
|
protected static int |
KEY_CERT_SIGN
|
protected static java.lang.String |
KEY_USAGE
|
protected static java.lang.String |
NAME_CONSTRAINTS
|
protected static java.lang.String |
POLICY_CONSTRAINTS
|
protected static java.lang.String |
POLICY_MAPPINGS
|
protected static java.lang.String |
SUBJECT_ALTERNATIVE_NAME
|
Constructor Summary | |
---|---|
RFC3280CertPathUtilities()
|
Method Summary | |
---|---|
protected static void |
checkCRLs(ExtendedPKIXParameters paramsPKIX,
java.security.cert.X509Certificate cert,
java.util.Date validDate,
java.security.cert.X509Certificate sign,
java.security.PublicKey workingPublicKey,
java.util.List certPathCerts)
Checks a certificate if it is revoked. |
protected static PKIXPolicyNode |
prepareCertB(java.security.cert.CertPath certPath,
int index,
java.util.List[] policyNodes,
PKIXPolicyNode validPolicyTree,
int policyMapping)
|
protected static void |
prepareNextCertA(java.security.cert.CertPath certPath,
int index)
|
protected static void |
prepareNextCertG(java.security.cert.CertPath certPath,
int index,
PKIXNameConstraintValidator nameConstraintValidator)
|
protected static int |
prepareNextCertH1(java.security.cert.CertPath certPath,
int index,
int explicitPolicy)
|
protected static int |
prepareNextCertH2(java.security.cert.CertPath certPath,
int index,
int policyMapping)
|
protected static int |
prepareNextCertH3(java.security.cert.CertPath certPath,
int index,
int inhibitAnyPolicy)
|
protected static int |
prepareNextCertI1(java.security.cert.CertPath certPath,
int index,
int explicitPolicy)
|
protected static int |
prepareNextCertI2(java.security.cert.CertPath certPath,
int index,
int policyMapping)
|
protected static int |
prepareNextCertJ(java.security.cert.CertPath certPath,
int index,
int inhibitAnyPolicy)
|
protected static void |
prepareNextCertK(java.security.cert.CertPath certPath,
int index)
|
protected static int |
prepareNextCertL(java.security.cert.CertPath certPath,
int index,
int maxPathLength)
|
protected static int |
prepareNextCertM(java.security.cert.CertPath certPath,
int index,
int maxPathLength)
|
protected static void |
prepareNextCertN(java.security.cert.CertPath certPath,
int index)
|
protected static void |
prepareNextCertO(java.security.cert.CertPath certPath,
int index,
java.util.Set criticalExtensions,
java.util.List pathCheckers)
|
protected static void |
processCertA(java.security.cert.CertPath certPath,
ExtendedPKIXParameters paramsPKIX,
int index,
java.security.PublicKey workingPublicKey,
boolean verificationAlreadyPerformed,
javax.security.auth.x500.X500Principal workingIssuerName,
java.security.cert.X509Certificate sign)
|
protected static void |
processCertBC(java.security.cert.CertPath certPath,
int index,
PKIXNameConstraintValidator nameConstraintValidator)
|
protected static PKIXPolicyNode |
processCertD(java.security.cert.CertPath certPath,
int index,
java.util.Set acceptablePolicies,
PKIXPolicyNode validPolicyTree,
java.util.List[] policyNodes,
int inhibitAnyPolicy)
|
protected static PKIXPolicyNode |
processCertE(java.security.cert.CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree)
|
protected static void |
processCertF(java.security.cert.CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree,
int explicitPolicy)
|
protected static java.util.Set |
processCRLA1i(java.util.Date currentDate,
ExtendedPKIXParameters paramsPKIX,
java.security.cert.X509Certificate cert,
java.security.cert.X509CRL crl)
|
protected static java.util.Set[] |
processCRLA1ii(java.util.Date currentDate,
ExtendedPKIXParameters paramsPKIX,
java.security.cert.X509Certificate cert,
java.security.cert.X509CRL crl)
|
protected static void |
processCRLB1(DistributionPoint dp,
java.lang.Object cert,
java.security.cert.X509CRL crl)
If the DP includes cRLIssuer, then verify that the issuer field in the complete CRL matches cRLIssuer in the DP and that the complete CRL contains an issuing distribution point extension with the indirectCRL boolean asserted. |
protected static void |
processCRLB2(DistributionPoint dp,
java.lang.Object cert,
java.security.cert.X509CRL crl)
If the complete CRL includes an issuing distribution point (IDP) CRL extension check the following: (i) If the distribution point name is present in the IDP CRL extension and the distribution field is present in the DP, then verify that one of the names in the IDP matches one of the names in the DP. |
protected static void |
processCRLC(java.security.cert.X509CRL deltaCRL,
java.security.cert.X509CRL completeCRL,
ExtendedPKIXParameters pkixParams)
If use-deltas is set, verify the issuer and scope of the delta CRL. |
protected static org.bouncycastle.jce.provider.ReasonsMask |
processCRLD(java.security.cert.X509CRL crl,
DistributionPoint dp)
|
protected static java.util.Set |
processCRLF(java.security.cert.X509CRL crl,
java.lang.Object cert,
java.security.cert.X509Certificate defaultCRLSignCert,
java.security.PublicKey defaultCRLSignKey,
ExtendedPKIXParameters paramsPKIX,
java.util.List certPathCerts)
Obtain and validate the certification path for the complete CRL issuer. |
protected static java.security.PublicKey |
processCRLG(java.security.cert.X509CRL crl,
java.util.Set keys)
|
protected static java.security.cert.X509CRL |
processCRLH(java.util.Set deltacrls,
java.security.PublicKey key)
|
protected static void |
processCRLI(java.util.Date validDate,
java.security.cert.X509CRL deltacrl,
java.lang.Object cert,
org.bouncycastle.jce.provider.CertStatus certStatus,
ExtendedPKIXParameters pkixParams)
|
protected static void |
processCRLJ(java.util.Date validDate,
java.security.cert.X509CRL completecrl,
java.lang.Object cert,
org.bouncycastle.jce.provider.CertStatus certStatus)
|
protected static int |
wrapupCertA(int explicitPolicy,
java.security.cert.X509Certificate cert)
|
protected static int |
wrapupCertB(java.security.cert.CertPath certPath,
int index,
int explicitPolicy)
|
protected static void |
wrapupCertF(java.security.cert.CertPath certPath,
int index,
java.util.List pathCheckers,
java.util.Set criticalExtensions)
|
protected static PKIXPolicyNode |
wrapupCertG(java.security.cert.CertPath certPath,
ExtendedPKIXParameters paramsPKIX,
java.util.Set userInitialPolicySet,
int index,
java.util.List[] policyNodes,
PKIXPolicyNode validPolicyTree,
java.util.Set acceptablePolicies)
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final java.lang.String CERTIFICATE_POLICIES
protected static final java.lang.String POLICY_MAPPINGS
protected static final java.lang.String INHIBIT_ANY_POLICY
protected static final java.lang.String ISSUING_DISTRIBUTION_POINT
protected static final java.lang.String FRESHEST_CRL
protected static final java.lang.String DELTA_CRL_INDICATOR
protected static final java.lang.String POLICY_CONSTRAINTS
protected static final java.lang.String BASIC_CONSTRAINTS
protected static final java.lang.String CRL_DISTRIBUTION_POINTS
protected static final java.lang.String SUBJECT_ALTERNATIVE_NAME
protected static final java.lang.String NAME_CONSTRAINTS
protected static final java.lang.String AUTHORITY_KEY_IDENTIFIER
protected static final java.lang.String KEY_USAGE
protected static final java.lang.String CRL_NUMBER
protected static final java.lang.String ANY_POLICY
protected static final int KEY_CERT_SIGN
protected static final int CRL_SIGN
protected static final java.lang.String[] crlReasons
Constructor Detail |
---|
public RFC3280CertPathUtilities()
Method Detail |
---|
protected static void processCRLB2(DistributionPoint dp, java.lang.Object cert, java.security.cert.X509CRL crl) throws AnnotatedException
dp
- The distribution point.cert
- The certificate.crl
- The CRL.
AnnotatedException
- if one of the conditions is not met or an error occurs.protected static void processCRLB1(DistributionPoint dp, java.lang.Object cert, java.security.cert.X509CRL crl) throws AnnotatedException
dp
- The distribution point.cert
- The certificate ot attribute certificate.crl
- The CRL for cert
.
AnnotatedException
- if one of the above conditions does not apply or an error
occurs.protected static org.bouncycastle.jce.provider.ReasonsMask processCRLD(java.security.cert.X509CRL crl, DistributionPoint dp) throws AnnotatedException
AnnotatedException
protected static java.util.Set processCRLF(java.security.cert.X509CRL crl, java.lang.Object cert, java.security.cert.X509Certificate defaultCRLSignCert, java.security.PublicKey defaultCRLSignKey, ExtendedPKIXParameters paramsPKIX, java.util.List certPathCerts) throws AnnotatedException
crl
- CRL which contains revocation information for the certificate
cert
.cert
- The attribute certificate or certificate to check if it is
revoked.defaultCRLSignCert
- The issuer certificate of the certificate cert
.defaultCRLSignKey
- The public key of the issuer certificate
defaultCRLSignCert
.paramsPKIX
- paramsPKIX PKIX parameters.certPathCerts
- The certificates on the certification path.
Set
with all keys of possible CRL issuer
certificates.
AnnotatedException
- if the CRL is not valid or the status cannot be checked or
some error occurs.protected static java.security.PublicKey processCRLG(java.security.cert.X509CRL crl, java.util.Set keys) throws AnnotatedException
AnnotatedException
protected static java.security.cert.X509CRL processCRLH(java.util.Set deltacrls, java.security.PublicKey key) throws AnnotatedException
AnnotatedException
protected static java.util.Set processCRLA1i(java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.security.cert.X509CRL crl) throws AnnotatedException
AnnotatedException
protected static java.util.Set[] processCRLA1ii(java.util.Date currentDate, ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.security.cert.X509CRL crl) throws AnnotatedException
AnnotatedException
protected static void processCRLC(java.security.cert.X509CRL deltaCRL, java.security.cert.X509CRL completeCRL, ExtendedPKIXParameters pkixParams) throws AnnotatedException
deltaCRL
- The delta CRL.completeCRL
- The complete CRL.pkixParams
- The PKIX paramaters.
AnnotatedException
- if an exception occurs.protected static void processCRLI(java.util.Date validDate, java.security.cert.X509CRL deltacrl, java.lang.Object cert, org.bouncycastle.jce.provider.CertStatus certStatus, ExtendedPKIXParameters pkixParams) throws AnnotatedException
AnnotatedException
protected static void processCRLJ(java.util.Date validDate, java.security.cert.X509CRL completecrl, java.lang.Object cert, org.bouncycastle.jce.provider.CertStatus certStatus) throws AnnotatedException
AnnotatedException
protected static PKIXPolicyNode prepareCertB(java.security.cert.CertPath certPath, int index, java.util.List[] policyNodes, PKIXPolicyNode validPolicyTree, int policyMapping) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void prepareNextCertA(java.security.cert.CertPath certPath, int index) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void processCertF(java.security.cert.CertPath certPath, int index, PKIXPolicyNode validPolicyTree, int explicitPolicy) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static PKIXPolicyNode processCertE(java.security.cert.CertPath certPath, int index, PKIXPolicyNode validPolicyTree) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void processCertBC(java.security.cert.CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static PKIXPolicyNode processCertD(java.security.cert.CertPath certPath, int index, java.util.Set acceptablePolicies, PKIXPolicyNode validPolicyTree, java.util.List[] policyNodes, int inhibitAnyPolicy) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void processCertA(java.security.cert.CertPath certPath, ExtendedPKIXParameters paramsPKIX, int index, java.security.PublicKey workingPublicKey, boolean verificationAlreadyPerformed, javax.security.auth.x500.X500Principal workingIssuerName, java.security.cert.X509Certificate sign) throws ExtCertPathValidatorException
ExtCertPathValidatorException
protected static int prepareNextCertI1(java.security.cert.CertPath certPath, int index, int explicitPolicy) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static int prepareNextCertI2(java.security.cert.CertPath certPath, int index, int policyMapping) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void prepareNextCertG(java.security.cert.CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.List certPathCerts) throws AnnotatedException
paramsPKIX
- PKIX parameters.cert
- Certificate to check if it is revoked.validDate
- The date when the certificate revocation status should be
checked.sign
- The issuer certificate of the certificate cert
.workingPublicKey
- The public key of the issuer certificate sign
.certPathCerts
- The certificates of the certification path.
AnnotatedException
- if the certificate is revoked or the status cannot be checked
or some error occurs.protected static int prepareNextCertJ(java.security.cert.CertPath certPath, int index, int inhibitAnyPolicy) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void prepareNextCertK(java.security.cert.CertPath certPath, int index) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static int prepareNextCertL(java.security.cert.CertPath certPath, int index, int maxPathLength) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static int prepareNextCertM(java.security.cert.CertPath certPath, int index, int maxPathLength) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void prepareNextCertN(java.security.cert.CertPath certPath, int index) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void prepareNextCertO(java.security.cert.CertPath certPath, int index, java.util.Set criticalExtensions, java.util.List pathCheckers) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static int prepareNextCertH1(java.security.cert.CertPath certPath, int index, int explicitPolicy)
protected static int prepareNextCertH2(java.security.cert.CertPath certPath, int index, int policyMapping)
protected static int prepareNextCertH3(java.security.cert.CertPath certPath, int index, int inhibitAnyPolicy)
protected static int wrapupCertA(int explicitPolicy, java.security.cert.X509Certificate cert)
protected static int wrapupCertB(java.security.cert.CertPath certPath, int index, int explicitPolicy) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static void wrapupCertF(java.security.cert.CertPath certPath, int index, java.util.List pathCheckers, java.util.Set criticalExtensions) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
protected static PKIXPolicyNode wrapupCertG(java.security.cert.CertPath certPath, ExtendedPKIXParameters paramsPKIX, java.util.Set userInitialPolicySet, int index, java.util.List[] policyNodes, PKIXPolicyNode validPolicyTree, java.util.Set acceptablePolicies) throws java.security.cert.CertPathValidatorException
java.security.cert.CertPathValidatorException
|
Bouncy Castle Cryptography 1.46 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |