public class

PKIXCertPathReviewer

extends CertPathValidatorUtilities
java.lang.Object
   ↳ org.bouncycastle.jce.provider.CertPathValidatorUtilities
     ↳ org.bouncycastle.x509.PKIXCertPathReviewer

Class Overview

PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.

Summary

[Expand]
Inherited Constants
From class org.bouncycastle.jce.provider.CertPathValidatorUtilities
Fields
protected CertPath certPath
protected List certs
protected List[] errors
protected int n
protected List[] notifications
protected PKIXParameters pkixParams
protected PolicyNode policyTree
protected PublicKey subjectPublicKey
protected TrustAnchor trustAnchor
protected Date validDate
[Expand]
Inherited Fields
From class org.bouncycastle.jce.provider.CertPathValidatorUtilities
Public Constructors
PKIXCertPathReviewer(CertPath certPath, PKIXParameters params)
Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params
PKIXCertPathReviewer()
Creates an empty PKIXCertPathReviewer.
Public Methods
CertPath getCertPath()
int getCertPathSize()
List[] getErrors()
Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path.
List getErrors(int index)
Returns an List of error messages for the certificate at the given index in the CertPath.
List getNotifications(int index)
Returns an List of notification messages for the certificate at the given index in the CertPath.
List[] getNotifications()
Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path.
PolicyNode getPolicyTree()
PublicKey getSubjectPublicKey()
TrustAnchor getTrustAnchor()
void init(CertPath certPath, PKIXParameters params)
Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
boolean isValidCertPath()
Protected Methods
void addError(ErrorBundle msg)
void addError(ErrorBundle msg, int index)
void addNotification(ErrorBundle msg)
void addNotification(ErrorBundle msg, int index)
void checkCRLs(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, int index)
void checkRevocation(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, Vector ocspUrls, int index)
void doChecks()
Vector getCRLDistUrls(CRLDistPoint crlDistPoints)
Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess)
Collection getTrustAnchors(X509Certificate cert, Set trustanchors)
[Expand]
Inherited Methods
From class org.bouncycastle.jce.provider.CertPathValidatorUtilities
From class java.lang.Object

Fields

protected CertPath certPath

protected List certs

protected List[] errors

protected int n

protected List[] notifications

protected PKIXParameters pkixParams

protected PolicyNode policyTree

protected PublicKey subjectPublicKey

protected TrustAnchor trustAnchor

protected Date validDate

Public Constructors

public PKIXCertPathReviewer (CertPath certPath, PKIXParameters params)

Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Parameters
certPath the CertPath to validate
params the PKIXParameters to use
Throws
CertPathReviewerException if the certPath is empty

public PKIXCertPathReviewer ()

Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.

Public Methods

public CertPath getCertPath ()

Returns
  • the CertPath that was validated

public int getCertPathSize ()

Returns
  • the size of the CertPath

public List[] getErrors ()

Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path. The global error List is at index 0. The error lists for each certificate at index 1 to n. The error messages are of type.

Returns
  • the Array of Lists which contain the error messages
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public List getErrors (int index)

Returns an List of error messages for the certificate at the given index in the CertPath. If index == -1 then the list of global errors is returned with errors not specific to a certificate.

Parameters
index the index of the certificate in the CertPath
Returns
  • List of error messages for the certificate
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public List getNotifications (int index)

Returns an List of notification messages for the certificate at the given index in the CertPath. If index == -1 then the list of global notifications is returned with notifications not specific to a certificate.

Parameters
index the index of the certificate in the CertPath
Returns
  • List of notification messages for the certificate
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public List[] getNotifications ()

Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path. The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. The error messages are of type.

Returns
  • the Array of Lists which contain the notification messages
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public PolicyNode getPolicyTree ()

Returns
  • the valid policy tree, null if no valid policy exists.
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public PublicKey getSubjectPublicKey ()

Returns
  • the PublicKey if the last certificate in the CertPath
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public TrustAnchor getTrustAnchor ()

Returns
  • the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

public void init (CertPath certPath, PKIXParameters params)

Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params

Parameters
certPath the CertPath to validate
params the PKIXParameters to use
Throws
CertPathReviewerException if the certPath is empty
IllegalStateException if the PKIXCertPathReviewer is already initialized

public boolean isValidCertPath ()

Returns
  • if the CertPath is valid
Throws
IllegalStateException if the PKIXCertPathReviewer was not initialized

Protected Methods

protected void addError (ErrorBundle msg)

protected void addError (ErrorBundle msg, int index)

protected void addNotification (ErrorBundle msg)

protected void addNotification (ErrorBundle msg, int index)

protected void checkCRLs (PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, int index)

Throws
CertPathReviewerException

protected void checkRevocation (PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, Vector crlDistPointUrls, Vector ocspUrls, int index)

Throws
CertPathReviewerException

protected void doChecks ()

protected Vector getCRLDistUrls (CRLDistPoint crlDistPoints)

protected Vector getOCSPUrls (AuthorityInformationAccess authInfoAccess)

protected Collection getTrustAnchors (X509Certificate cert, Set trustanchors)

Throws
CertPathReviewerException