Class RFC3280CertPathUtilitiesCanl
java.lang.Object
eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilities
eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilitiesCanl
This class exposes the BC's JCA implementation of the
RFC3280CertPathUtilities
.
It was done to: fix its bugs (only one or two, should be OK in BC 1.47) and
to have errors consumable by the rest of this library (most of the code).-
Field Summary
Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilities
ANY_POLICY, AUTHORITY_KEY_IDENTIFIER, BASIC_CONSTRAINTS, CERTIFICATE_POLICIES, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_SIGN, crlReasons, DELTA_CRL_INDICATOR, FRESHEST_CRL, INHIBIT_ANY_POLICY, ISSUING_DISTRIBUTION_POINT, KEY_CERT_SIGN, KEY_USAGE, NAME_CONSTRAINTS, POLICY_CONSTRAINTS, POLICY_MAPPINGS, SUBJECT_ALTERNATIVE_NAME
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static void
checkCRL
(org.bouncycastle.asn1.x509.DistributionPoint dp, org.bouncycastle.jcajce.PKIXExtendedParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, CertStatus certStatus, ReasonsMask reasonMask, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper jcaHelper) Checks a distribution point for revocation information for the certificatecert
.static void
checkCRLs2
(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper jcaHelper) Checks a certificate if it is revoked.protected static void
getCertStatus
(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) private static void
processCRLB1_2
(org.bouncycastle.asn1.x509.DistributionPoint dp, Object cert, X509CRL crl) private static void
processCRLB2_2
(org.bouncycastle.asn1.x509.DistributionPoint dp, Object cert, X509CRL crl) private static void
processCRLC2
(X509CRL deltaCRL, X509CRL completeCRL, org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams) private static ReasonsMask
processCRLD2
(X509CRL crl, org.bouncycastle.asn1.x509.DistributionPoint dp) private static Set
<?> processCRLF2
(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, org.bouncycastle.jcajce.PKIXExtendedParameters paramsPKIX, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper) private static PublicKey
processCRLG2
(X509CRL crl, Set<?> keys) private static X509CRL
processCRLH2
(Set<?> deltacrls, PublicKey key) private static void
processCRLI2
(Date validDate, X509CRL deltacrl, Object cert, CertStatus certStatus, org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams) private static void
processCRLJ2
(Date validDate, X509CRL completecrl, Object cert, CertStatus certStatus) Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.bc.RFC3280CertPathUtilities
checkCRLs, prepareCertB, prepareNextCertA, prepareNextCertG, prepareNextCertH1, prepareNextCertH2, prepareNextCertH3, prepareNextCertI1, prepareNextCertI2, prepareNextCertJ, prepareNextCertK, prepareNextCertL, prepareNextCertM, prepareNextCertN, prepareNextCertO, processCertA, processCertBC, processCertD, processCertE, processCertF, processCRLA1i, processCRLA1ii, processCRLB1, processCRLB2, processCRLC, processCRLD, processCRLF, processCRLG, processCRLH, processCRLI, processCRLJ, wrapupCertA, wrapupCertB, wrapupCertF, wrapupCertG
-
Constructor Details
-
RFC3280CertPathUtilitiesCanl
public RFC3280CertPathUtilitiesCanl()
-
-
Method Details
-
checkCRLs2
public static void checkCRLs2(ExtPKIXParameters2 paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper jcaHelper) throws SimpleValidationErrorException Checks a certificate if it is revoked.- Parameters:
paramsPKIX
- PKIX parameters.cert
- Certificate to check if it is revoked.validDate
- The date when the certificate revocation status should be checked.sign
- The issuer certificate of the certificatecert
.workingPublicKey
- The public key of the issuer certificatesign
.certPathCerts
- The certificates of the certification path.jcaHelper
- JcaJce helper- Throws:
SimpleValidationErrorException
- if the certificate is revoked or the status cannot be checked or some error occurs.
-
checkCRL
private static void checkCRL(org.bouncycastle.asn1.x509.DistributionPoint dp, org.bouncycastle.jcajce.PKIXExtendedParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, CertStatus certStatus, ReasonsMask reasonMask, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper jcaHelper) throws SimpleValidationErrorException Checks a distribution point for revocation information for the certificatecert
.- Parameters:
dp
- The distribution point to consider.paramsPKIX
- PKIX parameters.cert
- Certificate to check if it is revoked.validDate
- The date when the certificate revocation status should be checked.defaultCRLSignCert
- The issuer certificate of the certificatecert
.defaultCRLSignKey
- The public key of the issuer certificatedefaultCRLSignCert
.certStatus
- The current certificate revocation status.reasonMask
- The reasons mask which is already checked.certPathCerts
- The certificates of the certification path.- Throws:
org.bouncycastle.jce.provider.AnnotatedException
- if the certificate is revoked or the status cannot be checked or some error occurs.SimpleValidationErrorException
-
processCRLB1_2
private static void processCRLB1_2(org.bouncycastle.asn1.x509.DistributionPoint dp, Object cert, X509CRL crl) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLB2_2
private static void processCRLB2_2(org.bouncycastle.asn1.x509.DistributionPoint dp, Object cert, X509CRL crl) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLC2
private static void processCRLC2(X509CRL deltaCRL, X509CRL completeCRL, org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLF2
private static Set<?> processCRLF2(X509CRL crl, Object cert, X509Certificate defaultCRLSignCert, PublicKey defaultCRLSignKey, org.bouncycastle.jcajce.PKIXExtendedParameters paramsPKIX, List<?> certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLH2
private static X509CRL processCRLH2(Set<?> deltacrls, PublicKey key) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLG2
private static PublicKey processCRLG2(X509CRL crl, Set<?> keys) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLI2
private static void processCRLI2(Date validDate, X509CRL deltacrl, Object cert, CertStatus certStatus, org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLJ2
private static void processCRLJ2(Date validDate, X509CRL completecrl, Object cert, CertStatus certStatus) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
processCRLD2
private static ReasonsMask processCRLD2(X509CRL crl, org.bouncycastle.asn1.x509.DistributionPoint dp) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-
getCertStatus
protected static void getCertStatus(Date validDate, X509CRL crl, Object cert, CertStatus certStatus) throws SimpleValidationErrorException - Throws:
SimpleValidationErrorException
-