|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objecteu.emi.security.authn.x509.helpers.pkipath.BCCertPathValidator
public class BCCertPathValidator
Low-level certificate validator based on the BC PKIXCertPathReviewer
with additional support for proxy certificates.
Constructor Summary | |
---|---|
BCCertPathValidator()
|
Method Summary | |
---|---|
protected void |
checkLastCNNameRule(X500Principal srcP,
X500Principal issuerP,
List<ValidationError> errors,
int position,
X509Certificate[] proxyChain)
|
protected void |
checkNonProxyChain(X509Certificate[] baseChain,
ExtPKIXParameters params,
List<ValidationError> errors,
Set<String> unresolvedExtensions,
int posDelta,
X509Certificate[] cc)
Performs checking of the chain which has no proxies (or at least should not have proxies), using FixedBCPKIXCertPathReviewer . |
protected void |
checkPairWithProxy(X509Certificate issuerCert,
X509Certificate proxyCert,
List<ValidationError> errors,
int position,
X509Certificate[] proxyChain)
Checks if the certificate passed as the 2nd argument is a correct proxy certificate including checks w.r.t. |
protected void |
checkProxyChainMain(X509Certificate[] proxyChain,
List<ValidationError> errors,
Set<String> unresolvedExtensions)
Performs a validation loop of the proxy chain checking each pair in chain for the rules not otherwise verified by the base check. |
protected void |
checkProxyChainWithBC(X509Certificate[] proxyChain,
Set<TrustAnchor> trustAnchor,
List<ValidationError> errors,
Set<String> unresolvedExtensions)
Checks chain with proxies, starting with the EEC using X.509 path validation. |
protected List<ValidationError> |
convertErrors(List<?>[] bcErrorsA,
boolean ignoreProxyErrors,
boolean ignoreNoCrl,
int positionDelta,
X509Certificate[] cc)
|
protected ExtPKIXParameters |
createPKIXParameters(X509Certificate[] toCheck,
boolean proxySupport,
Set<TrustAnchor> trustAnchors,
CertStore crlStore,
CrlCheckingMode crlCheckingMode)
|
protected int |
getFirstProxy(X509Certificate[] toCheck)
|
protected Set<String> |
getUnresolvedExtensionons(List<?>[] bcErrorsA)
|
ValidationResult |
validate(X509Certificate[] toCheck,
boolean proxySupport,
Set<TrustAnchor> trustAnchors,
CertStore crlStore,
CrlCheckingMode crlCheckingMode)
Performs validation. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public BCCertPathValidator()
Method Detail |
---|
public ValidationResult validate(X509Certificate[] toCheck, boolean proxySupport, Set<TrustAnchor> trustAnchors, CertStore crlStore, CrlCheckingMode crlCheckingMode) throws CertificateException
If the proxy support is turned off or the chain has no proxy certificate then normal X.509 path validation is performed (see below).
If the proxy support is turned on and the chain has at least one proxy then the following checks are performed:
The normal path validation is performed as follows:
toCheck
- chain to check
CertificateException
- if some of the certificates in the chain can not
be parsedprotected ExtPKIXParameters createPKIXParameters(X509Certificate[] toCheck, boolean proxySupport, Set<TrustAnchor> trustAnchors, CertStore crlStore, CrlCheckingMode crlCheckingMode)
protected int getFirstProxy(X509Certificate[] toCheck)
protected void checkNonProxyChain(X509Certificate[] baseChain, ExtPKIXParameters params, List<ValidationError> errors, Set<String> unresolvedExtensions, int posDelta, X509Certificate[] cc) throws CertificateException
FixedBCPKIXCertPathReviewer
. In future, when BC implementation is fixed
it should use PKIXCertPathReviewer
instead.
baseChain
- params
- errors
- unresolvedExtensions
-
CertificateException
protected void checkProxyChainWithBC(X509Certificate[] proxyChain, Set<TrustAnchor> trustAnchor, List<ValidationError> errors, Set<String> unresolvedExtensions) throws CertificateException
proxyChain
- errors
- unresolvedExtensions
-
CertificateException
protected void checkProxyChainMain(X509Certificate[] proxyChain, List<ValidationError> errors, Set<String> unresolvedExtensions) throws CertificateException
proxyChain
- errors
- unresolvedExtensions
-
CertificateException
protected void checkPairWithProxy(X509Certificate issuerCert, X509Certificate proxyCert, List<ValidationError> errors, int position, X509Certificate[] proxyChain) throws CertPathValidatorException, CertificateParsingException
issuerCert
- certificate of the issuerproxyCert
- certificate to be checkederrors
- out arg - list of errors foundposition
- position in original chain to be used in error reporting
CertPathValidatorException
CertificateParsingException
protected void checkLastCNNameRule(X500Principal srcP, X500Principal issuerP, List<ValidationError> errors, int position, X509Certificate[] proxyChain) throws CertPathValidatorException
CertPathValidatorException
protected List<ValidationError> convertErrors(List<?>[] bcErrorsA, boolean ignoreProxyErrors, boolean ignoreNoCrl, int positionDelta, X509Certificate[] cc)
protected Set<String> getUnresolvedExtensionons(List<?>[] bcErrorsA)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |