org.spongycastle.x509

Class PKIXCertPathReviewer

java.lang.Object

org.spongycastle.jce.provider.CertPathValidatorUtilities

org.spongycastle.x509.PKIXCertPathReviewer

public class PKIXCertPathReviewer
extends CertPathValidatorUtilities

PKIXCertPathReviewer
Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.security.cert.CertPath	certPath
protected java.util.List	certs
protected java.util.List[]	errors
protected int	n
protected java.util.List[]	notifications
protected java.security.cert.PKIXParameters	pkixParams
protected java.security.cert.PolicyNode	policyTree
protected java.security.PublicKey	subjectPublicKey
protected java.security.cert.TrustAnchor	trustAnchor
protected java.util.Date	validDate

Fields inherited from class org.spongycastle.jce.provider.CertPathValidatorUtilities

ANY_POLICY, AUTHORITY_KEY_IDENTIFIER, BASIC_CONSTRAINTS, CERTIFICATE_POLICIES, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_SIGN, CRL_UTIL, crlReasons, DELTA_CRL_INDICATOR, FRESHEST_CRL, INHIBIT_ANY_POLICY, ISSUING_DISTRIBUTION_POINT, KEY_CERT_SIGN, KEY_USAGE, NAME_CONSTRAINTS, POLICY_CONSTRAINTS, POLICY_MAPPINGS, SUBJECT_ALTERNATIVE_NAME

Constructor Summary

Constructors

Constructor and Description
PKIXCertPathReviewer() Creates an empty PKIXCertPathReviewer.
PKIXCertPathReviewer(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params) Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Method Summary

Methods

Modifier and Type	Method and Description
protected void	addError(org.spongycastle.i18n.ErrorBundle msg)
protected void	addError(org.spongycastle.i18n.ErrorBundle msg, int index)
protected void	addNotification(org.spongycastle.i18n.ErrorBundle msg)
protected void	addNotification(org.spongycastle.i18n.ErrorBundle msg, int index)
protected void	checkCRLs(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, int index)
protected void	checkRevocation(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, java.util.Vector ocspUrls, int index)
protected void	doChecks()
java.security.cert.CertPath	getCertPath()
int	getCertPathSize()
protected java.util.Vector	getCRLDistUrls(org.spongycastle.asn1.x509.CRLDistPoint crlDistPoints)
java.util.List[]	getErrors() Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path.
java.util.List	getErrors(int index) Returns an List of error messages for the certificate at the given index in the CertPath.
java.util.List[]	getNotifications() Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path.
java.util.List	getNotifications(int index) Returns an List of notification messages for the certificate at the given index in the CertPath.
protected java.util.Vector	getOCSPUrls(org.spongycastle.asn1.x509.AuthorityInformationAccess authInfoAccess)
java.security.cert.PolicyNode	getPolicyTree()
java.security.PublicKey	getSubjectPublicKey()
java.security.cert.TrustAnchor	getTrustAnchor()
protected java.util.Collection	getTrustAnchors(java.security.cert.X509Certificate cert, java.util.Set trustanchors)
void	init(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params) Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
boolean	isValidCertPath()

Methods inherited from class org.spongycastle.jce.provider.CertPathValidatorUtilities

addAdditionalStoreFromLocation, addAdditionalStoresFromAltNames, addAdditionalStoresFromCRLDistributionPoint, findCertificates, findCertificates, findIssuerCerts, findTrustAnchor, findTrustAnchor, getAlgorithmIdentifier, getCertStatus, getCompleteCRLs, getCRLIssuersFromDistributionPoint, getDeltaCRLs, getEncodedIssuerPrincipal, getExtensionValue, getIssuerPrincipal, getNextWorkingKey, getQualifierSet, getSubjectPrincipal, getValidCertDateFromValidityModel, getValidDate, isAnyPolicy, isSelfIssued, prepareNextCertB1, prepareNextCertB2, processCertD1i, processCertD1ii, removePolicyNode, verifyX509Certificate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

certPath

protected java.security.cert.CertPath certPath

pkixParams

protected java.security.cert.PKIXParameters pkixParams

validDate

protected java.util.Date validDate

certs

protected java.util.List certs

n

protected int n

notifications

protected java.util.List[] notifications

errors

protected java.util.List[] errors

trustAnchor

protected java.security.cert.TrustAnchor trustAnchor

subjectPublicKey

protected java.security.PublicKey subjectPublicKey

policyTree

protected java.security.cert.PolicyNode policyTree

Constructor Detail

PKIXCertPathReviewer

public PKIXCertPathReviewer(java.security.cert.CertPath certPath,
                    java.security.cert.PKIXParameters params)
                     throws CertPathReviewerException

Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

CertPathReviewerException - if the certPath is empty

PKIXCertPathReviewer

public PKIXCertPathReviewer()

Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.

Method Detail

init

public void init(java.security.cert.CertPath certPath,
        java.security.cert.PKIXParameters params)
          throws CertPathReviewerException

Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params

Parameters:

certPath - the CertPath to validate

params - the PKIXParameters to use

Throws:

CertPathReviewerException - if the certPath is empty

java.lang.IllegalStateException - if the PKIXCertPathReviewer is already initialized

getCertPath

public java.security.cert.CertPath getCertPath()

Returns:

the CertPath that was validated

getCertPathSize

public int getCertPathSize()

Returns:

the size of the CertPath

getErrors

public java.util.List[] getErrors()

Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path. The global error List is at index 0. The error lists for each certificate at index 1 to n. The error messages are of type.

Returns:

the Array of Lists which contain the error messages

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getErrors

public java.util.List getErrors(int index)

Returns an List of error messages for the certificate at the given index in the CertPath. If index == -1 then the list of global errors is returned with errors not specific to a certificate.

Parameters:

index - the index of the certificate in the CertPath

Returns:

List of error messages for the certificate

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public java.util.List[] getNotifications()

Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path. The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. The error messages are of type.

Returns:

the Array of Lists which contain the notification messages

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getNotifications

public java.util.List getNotifications(int index)

Returns an List of notification messages for the certificate at the given index in the CertPath. If index == -1 then the list of global notifications is returned with notifications not specific to a certificate.

Parameters:

index - the index of the certificate in the CertPath

Returns:

List of notification messages for the certificate

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getPolicyTree

public java.security.cert.PolicyNode getPolicyTree()

Returns:

the valid policy tree, null if no valid policy exists.

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getSubjectPublicKey

public java.security.PublicKey getSubjectPublicKey()

Returns:

the PublicKey if the last certificate in the CertPath

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

getTrustAnchor

public java.security.cert.TrustAnchor getTrustAnchor()

Returns:

the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

isValidCertPath

public boolean isValidCertPath()

Returns:

if the CertPath is valid

Throws:

java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

addNotification

protected void addNotification(org.spongycastle.i18n.ErrorBundle msg)

addNotification

protected void addNotification(org.spongycastle.i18n.ErrorBundle msg,
                   int index)

addError

protected void addError(org.spongycastle.i18n.ErrorBundle msg)

addError

protected void addError(org.spongycastle.i18n.ErrorBundle msg,
            int index)

doChecks

protected void doChecks()

checkRevocation

protected void checkRevocation(java.security.cert.PKIXParameters paramsPKIX,
                   java.security.cert.X509Certificate cert,
                   java.util.Date validDate,
                   java.security.cert.X509Certificate sign,
                   java.security.PublicKey workingPublicKey,
                   java.util.Vector crlDistPointUrls,
                   java.util.Vector ocspUrls,
                   int index)
                        throws CertPathReviewerException

Throws:

CertPathReviewerException

checkCRLs

protected void checkCRLs(java.security.cert.PKIXParameters paramsPKIX,
             java.security.cert.X509Certificate cert,
             java.util.Date validDate,
             java.security.cert.X509Certificate sign,
             java.security.PublicKey workingPublicKey,
             java.util.Vector crlDistPointUrls,
             int index)
                  throws CertPathReviewerException

Throws:

CertPathReviewerException

getCRLDistUrls

protected java.util.Vector getCRLDistUrls(org.spongycastle.asn1.x509.CRLDistPoint crlDistPoints)

getOCSPUrls

protected java.util.Vector getOCSPUrls(org.spongycastle.asn1.x509.AuthorityInformationAccess authInfoAccess)

getTrustAnchors

protected java.util.Collection getTrustAnchors(java.security.cert.X509Certificate cert,
                                   java.util.Set trustanchors)
                                        throws CertPathReviewerException

Throws:

CertPathReviewerException