|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objecteu.emi.security.authn.x509.helpers.pkipath.BCCertPathValidator
public class BCCertPathValidator
Low-level certificate validator based on the BC PKIXCertPathReviewer
with additional support for proxy certificates.
Field Summary | |
---|---|
static long |
PROXY_VALIDATION_GRACE_PERIOD
|
Constructor Summary | |
---|---|
BCCertPathValidator()
|
Method Summary | |
---|---|
protected void |
checkLastCNNameRule(X500Principal srcP,
X500Principal issuerP,
List<ValidationError> errors,
int position,
X509Certificate[] proxyChain)
|
protected List<X509Certificate> |
checkNonProxyChain(X509Certificate[] baseChain,
ExtPKIXParameters params,
List<ValidationError> errors,
Set<String> unresolvedExtensions,
int posDelta,
X509Certificate[] cc)
Performs checking of the chain which has no proxies (or at least should not have proxies), using FixedBCPKIXCertPathReviewer . |
protected void |
checkPairWithProxy(X509Certificate issuerCert,
X509Certificate proxyCert,
List<ValidationError> errors,
int position,
X509Certificate[] proxyChain,
Date validationTime)
Checks if the certificate passed as the 2nd argument is a correct proxy certificate including checks w.r.t. |
protected void |
checkProxyChainMain(X509Certificate[] proxyChain,
List<ValidationError> errors,
Set<String> unresolvedExtensions,
Date validDate)
Performs a validation loop of the proxy chain checking each pair in chain for the rules not otherwise verified by the base check. |
protected void |
checkProxyChainWithBC(X509Certificate[] proxyChain,
Set<TrustAnchor> trustAnchor,
List<ValidationError> errors,
Set<String> unresolvedExtensions)
Checks chain with proxies, starting with the EEC using X.509 path validation. |
protected void |
checkProxyTime(X509Certificate proxyCert,
Date validationTime,
X509Certificate[] proxyChain,
List<ValidationError> errors,
int position)
|
protected List<ValidationError> |
convertErrors(List<?>[] bcErrorsA,
boolean ignoreProxyErrors,
int positionDelta,
X509Certificate[] cc)
|
protected ExtPKIXParameters |
createPKIXParameters(X509Certificate[] toCheck,
boolean proxySupport,
Set<TrustAnchor> trustAnchors,
CertStore crlStore,
RevocationParameters revocationParams,
ObserversHandler observersHandler)
|
protected int |
getFirstProxy(X509Certificate[] toCheck)
|
protected Set<String> |
getUnresolvedExtensionons(List<?>[] bcErrorsA)
|
ValidationResult |
validate(X509Certificate[] toCheck,
boolean proxySupport,
Set<TrustAnchor> trustAnchors,
CertStore crlStore,
RevocationParameters revocationParams,
ObserversHandler observersHandler)
Performs validation. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final long PROXY_VALIDATION_GRACE_PERIOD
Constructor Detail |
---|
public BCCertPathValidator()
Method Detail |
---|
public ValidationResult validate(X509Certificate[] toCheck, boolean proxySupport, Set<TrustAnchor> trustAnchors, CertStore crlStore, RevocationParameters revocationParams, ObserversHandler observersHandler) throws CertificateException
If the proxy support is turned off or the chain has no proxy certificate then normal X.509 path validation is performed (see below).
If the proxy support is turned on and the chain has at least one proxy then the following checks are performed:
The normal path validation is performed as follows:
toCheck
- chain to check
CertificateException
- if some of the certificates in the chain can not
be parsedprotected ExtPKIXParameters createPKIXParameters(X509Certificate[] toCheck, boolean proxySupport, Set<TrustAnchor> trustAnchors, CertStore crlStore, RevocationParameters revocationParams, ObserversHandler observersHandler)
protected int getFirstProxy(X509Certificate[] toCheck)
protected List<X509Certificate> checkNonProxyChain(X509Certificate[] baseChain, ExtPKIXParameters params, List<ValidationError> errors, Set<String> unresolvedExtensions, int posDelta, X509Certificate[] cc) throws CertificateException
FixedBCPKIXCertPathReviewer
. In future, when BC implementation is fixed
it should use PKIXCertPathReviewer
instead.
baseChain
- params
- errors
- unresolvedExtensions
-
CertificateException
protected void checkProxyChainWithBC(X509Certificate[] proxyChain, Set<TrustAnchor> trustAnchor, List<ValidationError> errors, Set<String> unresolvedExtensions) throws CertificateException
proxyChain
- errors
- unresolvedExtensions
-
CertificateException
protected void checkProxyChainMain(X509Certificate[] proxyChain, List<ValidationError> errors, Set<String> unresolvedExtensions, Date validDate) throws CertificateException
proxyChain
- errors
- unresolvedExtensions
-
CertificateException
protected void checkPairWithProxy(X509Certificate issuerCert, X509Certificate proxyCert, List<ValidationError> errors, int position, X509Certificate[] proxyChain, Date validationTime) throws CertPathValidatorException, CertificateParsingException
issuerCert
- certificate of the issuerproxyCert
- certificate to be checkederrors
- out arg - list of errors foundposition
- position in original chain to be used in error reporting
CertPathValidatorException
CertificateParsingException
protected void checkProxyTime(X509Certificate proxyCert, Date validationTime, X509Certificate[] proxyChain, List<ValidationError> errors, int position)
protected void checkLastCNNameRule(X500Principal srcP, X500Principal issuerP, List<ValidationError> errors, int position, X509Certificate[] proxyChain) throws CertPathValidatorException
CertPathValidatorException
protected List<ValidationError> convertErrors(List<?>[] bcErrorsA, boolean ignoreProxyErrors, int positionDelta, X509Certificate[] cc)
protected Set<String> getUnresolvedExtensionons(List<?>[] bcErrorsA)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |