ANY_POLICY
protected static final String ANY_POLICY
AUTHORITY_KEY_IDENTIFIER
protected static final String AUTHORITY_KEY_IDENTIFIER
BASIC_CONSTRAINTS
protected static final String BASIC_CONSTRAINTS
CERTIFICATE_POLICIES
protected static final String CERTIFICATE_POLICIES
CRL_DISTRIBUTION_POINTS
protected static final String CRL_DISTRIBUTION_POINTS
CRL_NUMBER
protected static final String CRL_NUMBER
CRL_SIGN
protected static final int CRL_SIGN
DELTA_CRL_INDICATOR
protected static final String DELTA_CRL_INDICATOR
FRESHEST_CRL
protected static final String FRESHEST_CRL
INHIBIT_ANY_POLICY
protected static final String INHIBIT_ANY_POLICY
ISSUING_DISTRIBUTION_POINT
protected static final String ISSUING_DISTRIBUTION_POINT
KEY_CERT_SIGN
protected static final int KEY_CERT_SIGN
KEY_USAGE
protected static final String KEY_USAGE
NAME_CONSTRAINTS
protected static final String NAME_CONSTRAINTS
POLICY_CONSTRAINTS
protected static final String POLICY_CONSTRAINTS
POLICY_MAPPINGS
protected static final String POLICY_MAPPINGS
SUBJECT_ALTERNATIVE_NAME
protected static final String SUBJECT_ALTERNATIVE_NAME
crlReasons
protected static final String[] crlReasons
checkCRLs
protected static void checkCRLs(ExtendedPKIXParameters paramsPKIX,
X509Certificate cert,
Date validDate,
X509Certificate sign,
PublicKey workingPublicKey,
List certPathCerts)
throws AnnotatedException
Checks a certificate if it is revoked.
paramsPKIX
- PKIX parameters.cert
- Certificate to check if it is revoked.validDate
- The date when the certificate revocation status should be
checked.sign
- The issuer certificate of the certificate cert
.workingPublicKey
- The public key of the issuer certificate sign
.certPathCerts
- The certificates of the certification path.
AnnotatedException
- if the certificate is revoked or the status cannot be checked
or some error occurs.
prepareCertB
protected static PKIXPolicyNode prepareCertB(CertPath certPath,
int index,
List[] policyNodes,
PKIXPolicyNode validPolicyTree,
int policyMapping)
throws CertPathValidatorException
prepareNextCertA
protected static void prepareNextCertA(CertPath certPath,
int index)
throws CertPathValidatorException
prepareNextCertG
protected static void prepareNextCertG(CertPath certPath,
int index,
PKIXNameConstraintValidator nameConstraintValidator)
throws CertPathValidatorException
prepareNextCertH1
protected static int prepareNextCertH1(CertPath certPath,
int index,
int explicitPolicy)
prepareNextCertH2
protected static int prepareNextCertH2(CertPath certPath,
int index,
int policyMapping)
prepareNextCertH3
protected static int prepareNextCertH3(CertPath certPath,
int index,
int inhibitAnyPolicy)
prepareNextCertI1
protected static int prepareNextCertI1(CertPath certPath,
int index,
int explicitPolicy)
throws CertPathValidatorException
prepareNextCertI2
protected static int prepareNextCertI2(CertPath certPath,
int index,
int policyMapping)
throws CertPathValidatorException
prepareNextCertJ
protected static int prepareNextCertJ(CertPath certPath,
int index,
int inhibitAnyPolicy)
throws CertPathValidatorException
prepareNextCertK
protected static void prepareNextCertK(CertPath certPath,
int index)
throws CertPathValidatorException
prepareNextCertL
protected static int prepareNextCertL(CertPath certPath,
int index,
int maxPathLength)
throws CertPathValidatorException
prepareNextCertM
protected static int prepareNextCertM(CertPath certPath,
int index,
int maxPathLength)
throws CertPathValidatorException
prepareNextCertN
protected static void prepareNextCertN(CertPath certPath,
int index)
throws CertPathValidatorException
prepareNextCertO
protected static void prepareNextCertO(CertPath certPath,
int index,
Set criticalExtensions,
List pathCheckers)
throws CertPathValidatorException
processCRLB1
protected static void processCRLB1(DistributionPoint dp,
Object cert,
X509CRL crl)
throws AnnotatedException
If the DP includes cRLIssuer, then verify that the issuer field in the
complete CRL matches cRLIssuer in the DP and that the complete CRL
contains an issuing distribution point extension with the indirectCRL
boolean asserted. Otherwise, verify that the CRL issuer matches the
certificate issuer.
dp
- The distribution point.cert
- The certificate ot attribute certificate.crl
- The CRL for cert
.
processCRLB2
protected static void processCRLB2(DistributionPoint dp,
Object cert,
X509CRL crl)
throws AnnotatedException
If the complete CRL includes an issuing distribution point (IDP) CRL
extension check the following:
(i) If the distribution point name is present in the IDP CRL extension
and the distribution field is present in the DP, then verify that one of
the names in the IDP matches one of the names in the DP. If the
distribution point name is present in the IDP CRL extension and the
distribution field is omitted from the DP, then verify that one of the
names in the IDP matches one of the names in the cRLIssuer field of the
DP.
(ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
extension, verify that the certificate does not include the basic
constraints extension with the cA boolean asserted.
(iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
extension, verify that the certificate includes the basic constraints
extension with the cA boolean asserted.
(iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
dp
- The distribution point.cert
- The certificate.crl
- The CRL.
processCRLC
protected static void processCRLC(X509CRL deltaCRL,
X509CRL completeCRL,
ExtendedPKIXParameters pkixParams)
throws AnnotatedException
If use-deltas is set, verify the issuer and scope of the delta CRL.
deltaCRL
- The delta CRL.completeCRL
- The complete CRL.pkixParams
- The PKIX paramaters.
processCRLF
protected static Set processCRLF(X509CRL crl,
Object cert,
X509Certificate defaultCRLSignCert,
PublicKey defaultCRLSignKey,
ExtendedPKIXParameters paramsPKIX,
List certPathCerts)
throws AnnotatedException
Obtain and validate the certification path for the complete CRL issuer.
If a key usage extension is present in the CRL issuer's certificate,
verify that the cRLSign bit is set.
crl
- CRL which contains revocation information for the certificate
cert
.cert
- The attribute certificate or certificate to check if it is
revoked.defaultCRLSignCert
- The issuer certificate of the certificate cert
.defaultCRLSignKey
- The public key of the issuer certificate
defaultCRLSignCert
.paramsPKIX
- paramsPKIX PKIX parameters.certPathCerts
- The certificates on the certification path.
- A
Set
with all keys of possible CRL issuer
certificates.
AnnotatedException
- if the CRL is no valid or the status cannot be checked or
some error occurs.
processCRLG
protected static PublicKey processCRLG(X509CRL crl,
Set keys)
throws AnnotatedException
processCRLH
protected static X509CRL processCRLH(Set deltacrls,
PublicKey key)
throws AnnotatedException
processCRLI
protected static void processCRLI(Date validDate,
X509CRL deltacrl,
Object cert,
org.bouncycastle.jce.provider.CertStatus certStatus,
ExtendedPKIXParameters pkixParams)
throws AnnotatedException
processCRLJ
protected static void processCRLJ(Date validDate,
X509CRL completecrl,
Object cert,
org.bouncycastle.jce.provider.CertStatus certStatus)
throws AnnotatedException
processCertBC
protected static void processCertBC(CertPath certPath,
int index,
PKIXNameConstraintValidator nameConstraintValidator)
throws CertPathValidatorException
processCertD
protected static PKIXPolicyNode processCertD(CertPath certPath,
int index,
Set acceptablePolicies,
PKIXPolicyNode validPolicyTree,
List[] policyNodes,
int inhibitAnyPolicy)
throws CertPathValidatorException
processCertE
protected static PKIXPolicyNode processCertE(CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree)
throws CertPathValidatorException
processCertF
protected static void processCertF(CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree,
int explicitPolicy)
throws CertPathValidatorException
wrapupCertA
protected static int wrapupCertA(int explicitPolicy,
X509Certificate cert)
wrapupCertB
protected static int wrapupCertB(CertPath certPath,
int index,
int explicitPolicy)
throws CertPathValidatorException
wrapupCertF
protected static void wrapupCertF(CertPath certPath,
int index,
List pathCheckers,
Set criticalExtensions)
throws CertPathValidatorException
wrapupCertG
protected static PKIXPolicyNode wrapupCertG(CertPath certPath,
ExtendedPKIXParameters paramsPKIX,
Set userInitialPolicySet,
int index,
List[] policyNodes,
PKIXPolicyNode validPolicyTree,
Set acceptablePolicies)
throws CertPathValidatorException