Package org.bouncycastle.x509

Class PKIXCertPathReviewer

  • public class PKIXCertPathReviewer
extends java.lang.Object
    Deprecated.
    use org.bouncycastle.pkix.jcajce.PKIXCertPathReviewer in the bcpkix package
    PKIXCertPathReviewer Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible.

    • Constructor Summary

      Constructors 
      Constructor Description
      PKIXCertPathReviewer()
      Deprecated.
      Creates an empty PKIXCertPathReviewer.
      PKIXCertPathReviewer​(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params)
      Deprecated.
      Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected void addError​(ErrorBundle msg)
      Deprecated.
       
      protected void addError​(ErrorBundle msg, int index)
      Deprecated.
       
      protected void addNotification​(ErrorBundle msg)
      Deprecated.
       
      protected void addNotification​(ErrorBundle msg, int index)
      Deprecated.
       
      protected void checkCRLs​(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, int index)
      Deprecated.
       
      protected void checkRevocation​(java.security.cert.PKIXParameters paramsPKIX, java.security.cert.X509Certificate cert, java.util.Date validDate, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.Vector crlDistPointUrls, java.util.Vector ocspUrls, int index)
      Deprecated.
       
      protected void doChecks()
      Deprecated.
       
      protected static java.util.Collection findCertificates​(PKIXCertStoreSelector certSelect, java.util.List certStores)  
      protected static java.util.Collection findCertificates​(X509AttributeCertStoreSelector certSelect, java.util.List certStores)  
      protected static java.util.Collection findCertificates​(X509CertStoreSelector certSelect, java.util.List certStores)
      Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
      protected static AlgorithmIdentifier getAlgorithmIdentifier​(java.security.PublicKey key)  
      java.security.cert.CertPath getCertPath()
      Deprecated.
       
      int getCertPathSize()
      Deprecated.
       
      protected static void getCertStatus​(java.util.Date validDate, java.security.cert.X509CRL crl, java.lang.Object cert, org.bouncycastle.x509.CertStatus certStatus)  
      protected java.util.Vector getCRLDistUrls​(CRLDistPoint crlDistPoints)
      Deprecated.
       
      protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal​(java.lang.Object cert)
      Returns the issuer of an attribute certificate or certificate.
      java.util.List[] getErrors()
      Deprecated.
      Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path.
      java.util.List getErrors​(int index)
      Deprecated.
      Returns an List of error messages for the certificate at the given index in the CertPath.
      protected static ASN1Primitive getExtensionValue​(java.security.cert.X509Extension ext, java.lang.String oid)
      Extract the value of the given extension, if it exists.
      protected static javax.security.auth.x500.X500Principal getIssuerPrincipal​(java.security.cert.X509CRL crl)  
      protected static java.security.PublicKey getNextWorkingKey​(java.util.List certs, int index)
      Return the next working key inheriting DSA parameters if necessary.
      java.util.List[] getNotifications()
      Deprecated.
      Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path.
      java.util.List getNotifications​(int index)
      Deprecated.
      Returns an List of notification messages for the certificate at the given index in the CertPath.
      protected java.util.Vector getOCSPUrls​(AuthorityInformationAccess authInfoAccess)
      Deprecated.
       
      java.security.cert.PolicyNode getPolicyTree()
      Deprecated.
       
      protected static java.util.Set getQualifierSet​(ASN1Sequence qualifiers)  
      protected static javax.security.auth.x500.X500Principal getSubjectPrincipal​(java.security.cert.X509Certificate cert)  
      java.security.PublicKey getSubjectPublicKey()
      Deprecated.
       
      java.security.cert.TrustAnchor getTrustAnchor()
      Deprecated.
       
      protected java.util.Collection getTrustAnchors​(java.security.cert.X509Certificate cert, java.util.Set trustanchors)
      Deprecated.
       
      protected static java.util.Date getValidityDate​(java.security.cert.PKIXParameters paramsPKIX, java.util.Date currentDate)  
      void init​(java.security.cert.CertPath certPath, java.security.cert.PKIXParameters params)
      Deprecated.
      Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
      protected static boolean isAnyPolicy​(java.util.Set policySet)  
      protected static boolean isSelfIssued​(java.security.cert.X509Certificate cert)  
      boolean isValidCertPath()
      Deprecated.
       
      protected static void prepareNextCertB1​(int i, java.util.List[] policyNodes, java.lang.String id_p, java.util.Map m_idp, java.security.cert.X509Certificate cert)  
      protected static PKIXPolicyNode prepareNextCertB2​(int i, java.util.List[] policyNodes, java.lang.String id_p, PKIXPolicyNode validPolicyTree)  
      protected static boolean processCertD1i​(int index, java.util.List[] policyNodes, ASN1ObjectIdentifier pOid, java.util.Set pq)  
      protected static void processCertD1ii​(int index, java.util.List[] policyNodes, ASN1ObjectIdentifier _poid, java.util.Set _pq)  
      protected static PKIXPolicyNode removePolicyNode​(PKIXPolicyNode validPolicyTree, java.util.List[] policyNodes, PKIXPolicyNode _node)  
      protected static void verifyX509Certificate​(java.security.cert.X509Certificate cert, java.security.PublicKey publicKey, java.lang.String sigProvider)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • certPath

        protected java.security.cert.CertPath certPath
        Deprecated.

      • pkixParams

        protected java.security.cert.PKIXParameters pkixParams
        Deprecated.

      • currentDate

        protected java.util.Date currentDate
        Deprecated.

      • validDate

        protected java.util.Date validDate
        Deprecated.

      • certs

        protected java.util.List certs
        Deprecated.

      • n

        protected int n
        Deprecated.

      • notifications

        protected java.util.List[] notifications
        Deprecated.

      • errors

        protected java.util.List[] errors
        Deprecated.

      • trustAnchor

        protected java.security.cert.TrustAnchor trustAnchor
        Deprecated.

      • subjectPublicKey

        protected java.security.PublicKey subjectPublicKey
        Deprecated.

      • policyTree

        protected java.security.cert.PolicyNode policyTree
        Deprecated.

      • CERTIFICATE_POLICIES

        protected static final java.lang.String CERTIFICATE_POLICIES

      • BASIC_CONSTRAINTS

        protected static final java.lang.String BASIC_CONSTRAINTS

      • POLICY_MAPPINGS

        protected static final java.lang.String POLICY_MAPPINGS

      • SUBJECT_ALTERNATIVE_NAME

        protected static final java.lang.String SUBJECT_ALTERNATIVE_NAME

      • NAME_CONSTRAINTS

        protected static final java.lang.String NAME_CONSTRAINTS

      • KEY_USAGE

        protected static final java.lang.String KEY_USAGE

      • INHIBIT_ANY_POLICY

        protected static final java.lang.String INHIBIT_ANY_POLICY

      • ISSUING_DISTRIBUTION_POINT

        protected static final java.lang.String ISSUING_DISTRIBUTION_POINT

      • DELTA_CRL_INDICATOR

        protected static final java.lang.String DELTA_CRL_INDICATOR

      • POLICY_CONSTRAINTS

        protected static final java.lang.String POLICY_CONSTRAINTS

      • CRL_NUMBER

        protected static final java.lang.String CRL_NUMBER

      • crlReasons

        protected static final java.lang.String[] crlReasons

    • Constructor Detail

      • PKIXCertPathReviewer

        public PKIXCertPathReviewer​(java.security.cert.CertPath certPath,
                            java.security.cert.PKIXParameters params)
                     throws CertPathReviewerException
        Deprecated.
        Creates a PKIXCertPathReviewer and initializes it with the given CertPath and PKIXParameters params
        Parameters:
        certPath - the CertPath to validate
        params - the PKIXParameters to use
        Throws:
        CertPathReviewerException - if the certPath is empty

      • PKIXCertPathReviewer

        public PKIXCertPathReviewer()
        Deprecated.
        Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object.

    • Method Detail

      • init

        public void init​(java.security.cert.CertPath certPath,
                 java.security.cert.PKIXParameters params)
          throws CertPathReviewerException
        Deprecated.
        Initializes the PKIXCertPathReviewer with the given CertPath and PKIXParameters params
        Parameters:
        certPath - the CertPath to validate
        params - the PKIXParameters to use
        Throws:
        CertPathReviewerException - if the certPath is empty
        java.lang.IllegalStateException - if the PKIXCertPathReviewer is already initialized

      • getCertPath

        public java.security.cert.CertPath getCertPath()
        Deprecated.
        Returns:
        the CertPath that was validated

      • getCertPathSize

        public int getCertPathSize()
        Deprecated.
        Returns:
        the size of the CertPath

      • getErrors

        public java.util.List[] getErrors()
        Deprecated.
        Returns an Array of Lists which contains a List of global error messages and a List of error messages for each certificate in the path. The global error List is at index 0. The error lists for each certificate at index 1 to n. The error messages are of type.
        Returns:
        the Array of Lists which contain the error messages
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getErrors

        public java.util.List getErrors​(int index)
        Deprecated.
        Returns an List of error messages for the certificate at the given index in the CertPath. If index == -1 then the list of global errors is returned with errors not specific to a certificate.
        Parameters:
        index - the index of the certificate in the CertPath
        Returns:
        List of error messages for the certificate
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getNotifications

        public java.util.List[] getNotifications()
        Deprecated.
        Returns an Array of Lists which contains a List of global notification messages and a List of botification messages for each certificate in the path. The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. The error messages are of type.
        Returns:
        the Array of Lists which contain the notification messages
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getNotifications

        public java.util.List getNotifications​(int index)
        Deprecated.
        Returns an List of notification messages for the certificate at the given index in the CertPath. If index == -1 then the list of global notifications is returned with notifications not specific to a certificate.
        Parameters:
        index - the index of the certificate in the CertPath
        Returns:
        List of notification messages for the certificate
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getPolicyTree

        public java.security.cert.PolicyNode getPolicyTree()
        Deprecated.
        Returns:
        the valid policy tree, null if no valid policy exists.
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getSubjectPublicKey

        public java.security.PublicKey getSubjectPublicKey()
        Deprecated.
        Returns:
        the PublicKey if the last certificate in the CertPath
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • getTrustAnchor

        public java.security.cert.TrustAnchor getTrustAnchor()
        Deprecated.
        Returns:
        the TrustAnchor for the CertPath, null if no valid TrustAnchor was found.
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • isValidCertPath

        public boolean isValidCertPath()
        Deprecated.
        Returns:
        if the CertPath is valid
        Throws:
        java.lang.IllegalStateException - if the PKIXCertPathReviewer was not initialized

      • addNotification

        protected void addNotification​(ErrorBundle msg)
        Deprecated.

      • addNotification

        protected void addNotification​(ErrorBundle msg,
                               int index)
        Deprecated.

      • addError

        protected void addError​(ErrorBundle msg)
        Deprecated.

      • addError

        protected void addError​(ErrorBundle msg,
                        int index)
        Deprecated.

      • doChecks

        protected void doChecks()
        Deprecated.

      • checkRevocation

        protected void checkRevocation​(java.security.cert.PKIXParameters paramsPKIX,
                               java.security.cert.X509Certificate cert,
                               java.util.Date validDate,
                               java.security.cert.X509Certificate sign,
                               java.security.PublicKey workingPublicKey,
                               java.util.Vector crlDistPointUrls,
                               java.util.Vector ocspUrls,
                               int index)
                        throws CertPathReviewerException
        Deprecated.
        Throws:
        CertPathReviewerException

      • checkCRLs

        protected void checkCRLs​(java.security.cert.PKIXParameters paramsPKIX,
                         java.security.cert.X509Certificate cert,
                         java.util.Date validDate,
                         java.security.cert.X509Certificate sign,
                         java.security.PublicKey workingPublicKey,
                         java.util.Vector crlDistPointUrls,
                         int index)
                  throws CertPathReviewerException
        Deprecated.
        Throws:
        CertPathReviewerException

      • getCRLDistUrls

        protected java.util.Vector getCRLDistUrls​(CRLDistPoint crlDistPoints)
        Deprecated.

      • getEncodedIssuerPrincipal

        protected static javax.security.auth.x500.X500Principal getEncodedIssuerPrincipal​(java.lang.Object cert)
        Returns the issuer of an attribute certificate or certificate.
        Parameters:
        cert - The attribute certificate or certificate.
        Returns:
        The issuer as X500Principal.

      • getValidityDate

        protected static java.util.Date getValidityDate​(java.security.cert.PKIXParameters paramsPKIX,
                                                java.util.Date currentDate)

      • getSubjectPrincipal

        protected static javax.security.auth.x500.X500Principal getSubjectPrincipal​(java.security.cert.X509Certificate cert)

      • isSelfIssued

        protected static boolean isSelfIssued​(java.security.cert.X509Certificate cert)

      • getExtensionValue

        protected static ASN1Primitive getExtensionValue​(java.security.cert.X509Extension ext,
                                                 java.lang.String oid)
                                          throws AnnotatedException
        Extract the value of the given extension, if it exists.
        Parameters:
        ext - The extension object.
        oid - The object identifier to obtain.
        Throws:
        AnnotatedException - if the extension cannot be read.

      • getIssuerPrincipal

        protected static javax.security.auth.x500.X500Principal getIssuerPrincipal​(java.security.cert.X509CRL crl)

      • getAlgorithmIdentifier

        protected static AlgorithmIdentifier getAlgorithmIdentifier​(java.security.PublicKey key)
                                                     throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException

      • getQualifierSet

        protected static final java.util.Set getQualifierSet​(ASN1Sequence qualifiers)
                                              throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException

      • processCertD1i

        protected static boolean processCertD1i​(int index,
                                        java.util.List[] policyNodes,
                                        ASN1ObjectIdentifier pOid,
                                        java.util.Set pq)

      • processCertD1ii

        protected static void processCertD1ii​(int index,
                                      java.util.List[] policyNodes,
                                      ASN1ObjectIdentifier _poid,
                                      java.util.Set _pq)

      • prepareNextCertB1

        protected static void prepareNextCertB1​(int i,
                                        java.util.List[] policyNodes,
                                        java.lang.String id_p,
                                        java.util.Map m_idp,
                                        java.security.cert.X509Certificate cert)
                                 throws AnnotatedException,
                                        java.security.cert.CertPathValidatorException
        Throws:
        AnnotatedException
        java.security.cert.CertPathValidatorException

      • prepareNextCertB2

        protected static PKIXPolicyNode prepareNextCertB2​(int i,
                                                  java.util.List[] policyNodes,
                                                  java.lang.String id_p,
                                                  PKIXPolicyNode validPolicyTree)

      • isAnyPolicy

        protected static boolean isAnyPolicy​(java.util.Set policySet)

      • findCertificates

        protected static java.util.Collection findCertificates​(X509CertStoreSelector certSelect,
                                                       java.util.List certStores)
                                                throws AnnotatedException
        Return a Collection of all certificates or attribute certificates found in the X509Store's that are matching the certSelect criteriums.
        Parameters:
        certSelect - a Selector object that will be used to select the certificates
        certStores - a List containing only X509Store objects. These are used to search for certificates.
        Returns:
        a Collection of all found X509Certificate or X509AttributeCertificate objects. May be empty but never null.
        Throws:
        AnnotatedException

      • getCertStatus

        protected static void getCertStatus​(java.util.Date validDate,
                                    java.security.cert.X509CRL crl,
                                    java.lang.Object cert,
                                    org.bouncycastle.x509.CertStatus certStatus)
                             throws AnnotatedException
        Throws:
        AnnotatedException

      • getNextWorkingKey

        protected static java.security.PublicKey getNextWorkingKey​(java.util.List certs,
                                                           int index)
                                                    throws java.security.cert.CertPathValidatorException
        Return the next working key inheriting DSA parameters if necessary.

        This methods inherits DSA parameters from the indexed certificate or previous certificates in the certificate chain to the returned PublicKey. The list is searched upwards, meaning the end certificate is at position 0 and previous certificates are following.

        If the indexed certificate does not contain a DSA key this method simply returns the public key. If the DSA key already contains DSA parameters the key is also only returned.

        Parameters:
        certs - The certification path.
        index - The index of the certificate which contains the public key which should be extended with DSA parameters.
        Returns:
        The public key of the certificate in list position index extended with DSA parameters if applicable.
        Throws:
        java.security.cert.CertPathValidatorException - if DSA parameters cannot be inherited.

      • verifyX509Certificate

        protected static void verifyX509Certificate​(java.security.cert.X509Certificate cert,
                                            java.security.PublicKey publicKey,
                                            java.lang.String sigProvider)
                                     throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException