| java.lang.Object | |
| ↳ | org.bouncycastle.jce.provider.CertPathValidatorUtilities |
 Known Direct Subclasses
|
Summary
| Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| String | ANY_POLICY | ||||||||||
| int | CRL_SIGN | ||||||||||
| int | KEY_CERT_SIGN | ||||||||||
| Fields | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| AUTHORITY_KEY_IDENTIFIER | |||||||||||
| BASIC_CONSTRAINTS | |||||||||||
| CERTIFICATE_POLICIES | |||||||||||
| CRL_DISTRIBUTION_POINTS | |||||||||||
| CRL_NUMBER | |||||||||||
| CRL_UTIL | |||||||||||
| DELTA_CRL_INDICATOR | |||||||||||
| FRESHEST_CRL | |||||||||||
| INHIBIT_ANY_POLICY | |||||||||||
| ISSUING_DISTRIBUTION_POINT | |||||||||||
| KEY_USAGE | |||||||||||
| NAME_CONSTRAINTS | |||||||||||
| POLICY_CONSTRAINTS | |||||||||||
| POLICY_MAPPINGS | |||||||||||
| SUBJECT_ALTERNATIVE_NAME | |||||||||||
| crlReasons | |||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Return a Collection of all certificates or attribute certificates found
in the X509Store's that are matching the certSelect criteriums.
| |||||||||||
Find the issuer certificates of a given certificate.
| |||||||||||
Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
| |||||||||||
Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
| |||||||||||
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector. | |||||||||||
Fetches complete CRLs according to RFC 3280.
| |||||||||||
Fetches delta CRLs according to RFC 3280 section 5.2.4.
| |||||||||||
Returns the issuer of an attribute certificate or certificate.
| |||||||||||
Extract the value of the given extension, if it exists.
| |||||||||||
Return the next working key inheriting DSA parameters if necessary.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
java.lang.Object
| |||||||||||
Constants
protected static final int CRL_SIGN
Constant Value:
6
(0x00000006)
protected static final int KEY_CERT_SIGN
Constant Value:
5
(0x00000005)
Fields
Public Constructors
public CertPathValidatorUtilities ()
Protected Methods
protected static void addAdditionalStoreFromLocation (String location, ExtendedPKIXParameters pkixParams)
protected static void addAdditionalStoresFromAltNames (X509Certificate cert, ExtendedPKIXParameters pkixParams)
Throws
| CertificateParsingException |
|---|
protected static void addAdditionalStoresFromCRLDistributionPoint (CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
Throws
| AnnotatedException |
|---|
protected static Collection findCertificates (X509CertStoreSelector certSelect, List certStores)
Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
Parameters
| certSelect | a Selector object that will be used to select
the certificates |
|---|---|
| certStores | a List containing only X509Store objects. These
are used to search for certificates. |
Returns
- a Collection of all found
X509CertificateorX509AttributeCertificateobjects. May be empty but nevernull.
Throws
| AnnotatedException |
|---|
protected static Collection findCertificates (X509AttributeCertStoreSelector certSelect, List certStores)
Throws
| AnnotatedException |
|---|
protected static Collection findIssuerCerts (X509Certificate cert, ExtendedPKIXBuilderParameters pkixParams)
Find the issuer certificates of a given certificate.
Parameters
| cert | The certificate for which an issuer should be found. |
|---|
Returns
- A
Collectionobject containing the issuerX509Certificates. Nevernull.
Throws
| AnnotatedException | if an error occurs. |
|---|
protected static TrustAnchor findTrustAnchor (X509Certificate cert, Set trustAnchors)
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate. Uses the default provider for signature verification.
Parameters
| cert | the X509 certificate |
|---|---|
| trustAnchors | a Set of TrustAnchor's |
Returns
- the
TrustAnchorobject if found ornullif not.
Throws
| AnnotatedException | if a TrustAnchor was found but the signature verification on the given certificate has thrown an exception. |
|---|
protected static TrustAnchor findTrustAnchor (X509Certificate cert, Set trustAnchors, String sigProvider)
Search the given Set of TrustAnchor's for one that is the issuer of the given X509 certificate. Uses the specified provider for signature verification, or the default provider if null.
Parameters
| cert | the X509 certificate |
|---|---|
| trustAnchors | a Set of TrustAnchor's |
| sigProvider | the provider to use for signature verification |
Returns
- the
TrustAnchorobject if found ornullif not.
Throws
| AnnotatedException | if a TrustAnchor was found but the signature verification on the given certificate has thrown an exception. |
|---|
protected static AlgorithmIdentifier getAlgorithmIdentifier (PublicKey key)
Throws
| CertPathValidatorException |
|---|
protected static void getCRLIssuersFromDistributionPoint (DistributionPoint dp, Collection issuerPrincipals, X509CRLSelector selector, ExtendedPKIXParameters pkixParams)
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector.
The issuerPrincipals are a collection with a single
X500Principal for X509Certificates. For
X509AttributeCertificates the issuer may contain more than one
X500Principal.
Parameters
| dp | The distribution point. |
|---|---|
| issuerPrincipals | The issuers of the certificate or attribute certificate which contains the distribution point. |
| selector | The CRL selector. |
| pkixParams | The PKIX parameters containing the cert stores. |
Throws
| AnnotatedException | if an exception occurs while processing. |
|---|---|
| ClassCastException | if issuerPrincipals does not
contain only X500Principals.
|
protected static void getCertStatus (Date validDate, X509CRL crl, Object cert, CertStatus certStatus)
Throws
| AnnotatedException |
|---|
protected static Set getCompleteCRLs (DistributionPoint dp, Object cert, Date currentDate, ExtendedPKIXParameters paramsPKIX)
Fetches complete CRLs according to RFC 3280.
Parameters
| dp | The distribution point for which the complete CRL |
|---|---|
| cert | The X509Certificate or
X509AttributeCertificate for
which the CRL should be searched. |
| currentDate | The date for which the delta CRLs must be valid. |
| paramsPKIX | The extended PKIX parameters. |
Returns
- A
SetofX509CRLs with complete CRLs.
Throws
| AnnotatedException | if an exception occurs while picking the CRLs or no CRLs are found. |
|---|
protected static Set getDeltaCRLs (Date currentDate, ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL)
Fetches delta CRLs according to RFC 3280 section 5.2.4.
Parameters
| currentDate | The date for which the delta CRLs must be valid. |
|---|---|
| paramsPKIX | The extended PKIX parameters. |
| completeCRL | The complete CRL the delta CRL is for. |
Returns
- A
SetofX509CRLs with delta CRLs.
Throws
| AnnotatedException | if an exception occurs while picking the delta CRLs. |
|---|
protected static X500Principal getEncodedIssuerPrincipal (Object cert)
Returns the issuer of an attribute certificate or certificate.
Parameters
| cert | The attribute certificate or certificate. |
|---|
Returns
- The issuer as
X500Principal.
protected static DERObject getExtensionValue (X509Extension ext, String oid)
Extract the value of the given extension, if it exists.
Parameters
| ext | The extension object. |
|---|---|
| oid | The object identifier to obtain. |
Throws
| AnnotatedException | if the extension cannot be read. |
|---|
protected static PublicKey getNextWorkingKey (List certs, int index)
Return the next working key inheriting DSA parameters if necessary.
This methods inherits DSA parameters from the indexed certificate or
previous certificates in the certificate chain to the returned
PublicKey. The list is searched upwards, meaning the end
certificate is at position 0 and previous certificates are following.
If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.
Parameters
| certs | The certification path. |
|---|---|
| index | The index of the certificate which contains the public key which should be extended with DSA parameters. |
Returns
- The public key of the certificate in list position
indexextended with DSA parameters if applicable.
Throws
| AnnotatedException | if DSA parameters cannot be inherited. |
|---|---|
| CertPathValidatorException |
protected static final Set getQualifierSet (ASN1Sequence qualifiers)
Throws
| CertPathValidatorException |
|---|
protected static Date getValidCertDateFromValidityModel (ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index)
Throws
| AnnotatedException |
|---|
protected static void prepareNextCertB1 (int i, List[] policyNodes, String id_p, Map m_idp, X509Certificate cert)
protected static PKIXPolicyNode prepareNextCertB2 (int i, List[] policyNodes, String id_p, PKIXPolicyNode validPolicyTree)
protected static boolean processCertD1i (int index, List[] policyNodes, DERObjectIdentifier pOid, Set pq)
protected static void processCertD1ii (int index, List[] policyNodes, DERObjectIdentifier _poid, Set _pq)
protected static PKIXPolicyNode removePolicyNode (PKIXPolicyNode validPolicyTree, List[] policyNodes, PKIXPolicyNode _node)
protected static void verifyX509Certificate (X509Certificate cert, PublicKey publicKey, String sigProvider)
Throws
| GeneralSecurityException |
|---|