org.bouncycastle.jce.provider

Class CertPathValidatorUtilities


public class CertPathValidatorUtilities
extends java.lang.Object

Field Summary

protected static String
ANY_POLICY
protected static String
AUTHORITY_KEY_IDENTIFIER
protected static String
BASIC_CONSTRAINTS
protected static String
CERTIFICATE_POLICIES
protected static String
CRL_DISTRIBUTION_POINTS
protected static String
CRL_NUMBER
protected static int
CRL_SIGN
protected static String
DELTA_CRL_INDICATOR
protected static String
FRESHEST_CRL
protected static String
INHIBIT_ANY_POLICY
protected static String
ISSUING_DISTRIBUTION_POINT
protected static int
KEY_CERT_SIGN
protected static String
KEY_USAGE
protected static String
NAME_CONSTRAINTS
protected static String
POLICY_CONSTRAINTS
protected static String
POLICY_MAPPINGS
protected static String
SUBJECT_ALTERNATIVE_NAME
protected static String[]
crlReasons

Method Summary

protected static void
addAdditionalStoreFromLocation(String location, ExtendedPKIXParameters pkixParams)
protected static void
addAdditionalStoresFromAltNames(X509Certificate cert, ExtendedPKIXParameters pkixParams)
protected static void
addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
protected static Collection
findCRLs(X509CRLStoreSelector crlSelect, List crlStores)
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
protected static Collection
findCertificates(X509AttributeCertStoreSelector certSelect, List certStores)
protected static Collection
findCertificates(X509CertStoreSelector certSelect, List certStores)
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
protected static Collection
findIssuerCerts(X509Certificate cert, ExtendedPKIXBuilderParameters pkixParams)
Find the issuer certificates of a given certificate.
protected static TrustAnchor
findTrustAnchor(X509Certificate cert, Set trustAnchors)
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.
protected static AlgorithmIdentifier
getAlgorithmIdentifier(PublicKey key)
protected static void
getCRLIssuersFromDistributionPoint(DistributionPoint dp, Collection issuerPrincipals, X509CRLSelector selector, ExtendedPKIXParameters pkixParams)
Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.
protected static void
getCertStatus(Date validDate, X509CRL crl, Object cert, org.bouncycastle.jce.provider.CertStatus certStatus)
protected static Set
getCompleteCRLs(DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX)
Fetches complete CRLs according to RFC 3280.
protected static Set
getDeltaCRLs(Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
Fetches delta CRLs according to RFC 3280 section 5.2.4.
protected static X500Principal
getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.
protected static DERObject
getExtensionValue(java.security.cert.X509Extension ext, String oid)
Extract the value of the given extension, if it exists.
protected static X500Principal
getIssuerPrincipal(X509CRL crl)
protected static PublicKey
getNextWorkingKey(List certs, int index)
Return the next working key inheriting DSA parameters if necessary.
protected static Set
getQualifierSet(ASN1Sequence qualifiers)
protected static X500Principal
getSubjectPrincipal(X509Certificate cert)
protected static Date
getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
protected static Date
getValidDate(PKIXParameters paramsPKIX)
protected static boolean
isAnyPolicy(Set policySet)
protected static boolean
isSelfIssued(X509Certificate cert)
protected static void
prepareNextCertB1(int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert)
protected static PKIXPolicyNode
prepareNextCertB2(int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree)
protected static boolean
processCertD1i(int index, List[] policyNodes, DERObjectIdentifier pOid, Set pq)
protected static void
processCertD1ii(int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq)
protected static PKIXPolicyNode
removePolicyNode(PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node)

Field Details

ANY_POLICY

protected static final String ANY_POLICY

AUTHORITY_KEY_IDENTIFIER

protected static final String AUTHORITY_KEY_IDENTIFIER

BASIC_CONSTRAINTS

protected static final String BASIC_CONSTRAINTS

CERTIFICATE_POLICIES

protected static final String CERTIFICATE_POLICIES

CRL_DISTRIBUTION_POINTS

protected static final String CRL_DISTRIBUTION_POINTS

CRL_NUMBER

protected static final String CRL_NUMBER

CRL_SIGN

protected static final int CRL_SIGN
Field Value:
6

DELTA_CRL_INDICATOR

protected static final String DELTA_CRL_INDICATOR

FRESHEST_CRL

protected static final String FRESHEST_CRL

INHIBIT_ANY_POLICY

protected static final String INHIBIT_ANY_POLICY

ISSUING_DISTRIBUTION_POINT

protected static final String ISSUING_DISTRIBUTION_POINT

KEY_CERT_SIGN

protected static final int KEY_CERT_SIGN
Field Value:
5

KEY_USAGE

protected static final String KEY_USAGE

NAME_CONSTRAINTS

protected static final String NAME_CONSTRAINTS

POLICY_CONSTRAINTS

protected static final String POLICY_CONSTRAINTS

POLICY_MAPPINGS

protected static final String POLICY_MAPPINGS

SUBJECT_ALTERNATIVE_NAME

protected static final String SUBJECT_ALTERNATIVE_NAME

crlReasons

protected static final String[] crlReasons

Method Details

addAdditionalStoreFromLocation

protected static void addAdditionalStoreFromLocation(String location,
                                                     ExtendedPKIXParameters pkixParams)

addAdditionalStoresFromAltNames

protected static void addAdditionalStoresFromAltNames(X509Certificate cert,
                                                      ExtendedPKIXParameters pkixParams)
            throws CertificateParsingException

addAdditionalStoresFromCRLDistributionPoint

protected static void addAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp,
                                                                  ExtendedPKIXParameters pkixParams)
            throws AnnotatedException

findCRLs

protected static final Collection findCRLs(X509CRLStoreSelector crlSelect,
                                           List crlStores)
            throws AnnotatedException
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
Parameters:
crlSelect - a X509CRLStoreSelector object that will be used to select the CRLs
crlStores - a List containing only X509Store objects. These are used to search for CRLs
Returns:
a Collection of all found X509CRL objects. May be empty but never null.

findCertificates

protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
                                             List certStores)
            throws AnnotatedException

findCertificates

protected static Collection findCertificates(X509CertStoreSelector certSelect,
                                             List certStores)
            throws AnnotatedException
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
Parameters:
certSelect - a Selector object that will be used to select the certificates
certStores - a List containing only X509Store objects. These are used to search for certificates.
Returns:
a Collection of all found X509Certificate or X509AttributeCertificate objects. May be empty but never null.

findIssuerCerts

protected static Collection findIssuerCerts(X509Certificate cert,
                                            ExtendedPKIXBuilderParameters pkixParams)
            throws AnnotatedException
Find the issuer certificates of a given certificate.
Parameters:
cert - The certificate for which an issuer should be found.
pkixParams -
Returns:
A Collection object containing the issuer X509Certificates. Never null.
Throws:
AnnotatedException - if an error occurs.

findTrustAnchor

protected static TrustAnchor findTrustAnchor(X509Certificate cert,
                                             Set trustAnchors)
            throws AnnotatedException
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate.
Parameters:
cert - the X509 certificate
trustAnchors - a Set of TrustAnchor's
Returns:
the TrustAnchor object if found or null if not.
Throws:
AnnotatedException - if a TrustAnchor was found but the signature verification on the given certificate has thrown an exception.

getAlgorithmIdentifier

protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key)
            throws CertPathValidatorException

getCRLIssuersFromDistributionPoint

protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp,
                                                         Collection issuerPrincipals,
                                                         X509CRLSelector selector,
                                                         ExtendedPKIXParameters pkixParams)
            throws AnnotatedException
Add the CRL issuers from the cRLIssuer field of the distribution point or from the certificate if not given to the issuer criterion of the selector.

The issuerPrincipals are a collection with a single X500Principal for X509Certificates. For X509AttributeCertificates the issuer may contain more than one X500Principal.

Parameters:
dp - The distribution point.
issuerPrincipals - The issuers of the certificate or attribute certificate which contains the distribution point.
selector - The CRL selector.
pkixParams - The PKIX parameters containing the cert stores.
Throws:
AnnotatedException - if an exception occurs while processing.

getCertStatus

protected static void getCertStatus(Date validDate,
                                    X509CRL crl,
                                    Object cert,
                                    org.bouncycastle.jce.provider.CertStatus certStatus)
            throws AnnotatedException

getCompleteCRLs

protected static Set getCompleteCRLs(DistributionPoint dp,
                                     Object cert,
                                     Date currentDate,
                                     ExtendedPKIXParameters paramsPKIX)
            throws AnnotatedException
Fetches complete CRLs according to RFC 3280.
Parameters:
dp - The distribution point for which the complete CRL
cert - The X509Certificate or X509AttributeCertificate for which the CRL should be searched.
currentDate - The date for which the delta CRLs must be valid.
paramsPKIX - The extended PKIX parameters.
Returns:
A Set of X509CRLs with complete CRLs.
Throws:
AnnotatedException - if an exception occurs while picking the CRLs or no CRLs are found.

getDeltaCRLs

protected static Set getDeltaCRLs(Date currentDate,
                                  ExtendedPKIXParameters paramsPKIX,
                                  X509CRL completeCRL)
            throws AnnotatedException
Fetches delta CRLs according to RFC 3280 section 5.2.4.
Parameters:
currentDate - The date for which the delta CRLs must be valid.
paramsPKIX - The extended PKIX parameters.
completeCRL - The complete CRL the delta CRL is for.
Returns:
A Set of X509CRLs with delta CRLs.
Throws:
AnnotatedException - if an exception occurs while picking the delta CRLs.

getEncodedIssuerPrincipal

protected static X500Principal getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.
Parameters:
cert - The attribute certificate or certificate.
Returns:
The issuer as X500Principal.

getExtensionValue

protected static DERObject getExtensionValue(java.security.cert.X509Extension ext,
                                             String oid)
            throws AnnotatedException
Extract the value of the given extension, if it exists.
Parameters:
ext - The extension object.
oid - The object identifier to obtain.
Throws:
AnnotatedException - if the extension cannot be read.

getIssuerPrincipal

protected static X500Principal getIssuerPrincipal(X509CRL crl)

getNextWorkingKey

protected static PublicKey getNextWorkingKey(List certs,
                                             int index)
            throws CertPathValidatorException
Return the next working key inheriting DSA parameters if necessary.

This methods inherits DSA parameters from the indexed certificate or previous certificates in the certificate chain to the returned PublicKey. The list is searched upwards, meaning the end certificate is at position 0 and previous certificates are following.

If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.

Parameters:
certs - The certification path.
index - The index of the certificate which contains the public key which should be extended with DSA parameters.
Returns:
The public key of the certificate in list position index extended with DSA parameters if applicable.

getQualifierSet

protected static final Set getQualifierSet(ASN1Sequence qualifiers)
            throws CertPathValidatorException

getSubjectPrincipal

protected static X500Principal getSubjectPrincipal(X509Certificate cert)

getValidCertDateFromValidityModel

protected static Date getValidCertDateFromValidityModel(ExtendedPKIXParameters paramsPKIX,
                                                        CertPath certPath,
                                                        int index)
            throws AnnotatedException

getValidDate

protected static Date getValidDate(PKIXParameters paramsPKIX)

isAnyPolicy

protected static boolean isAnyPolicy(Set policySet)

isSelfIssued

protected static boolean isSelfIssued(X509Certificate cert)

prepareNextCertB1

protected static void prepareNextCertB1(int i,
                                        List[] policyNodes,
                                        String id_p,
                                        Map m_idp,
                                        X509Certificate cert)
            throws AnnotatedException,
                   CertPathValidatorException

prepareNextCertB2

protected static PKIXPolicyNode prepareNextCertB2(int i,
                                                  List[] policyNodes,
                                                  String id_p,
                                                  PKIXPolicyNode validPolicyTree)

processCertD1i

protected static boolean processCertD1i(int index,
                                        List[] policyNodes,
                                        DERObjectIdentifier pOid,
                                        Set pq)

processCertD1ii

protected static void processCertD1ii(int index,
                                      List[] policyNodes,
                                      DERObjectIdentifier _poid,
                                      Set _pq)

removePolicyNode

protected static PKIXPolicyNode removePolicyNode(PKIXPolicyNode validPolicyTree,
                                                 List[] policyNodes,
                                                 PKIXPolicyNode _node)