public class X509ProxyCertPathValidator extends CertPathValidatorSpi
| Modifier and Type | Field and Description |
|---|---|
static String |
BASIC_CONSTRAINT_OID |
protected CertStore |
certStore |
static String |
KEY_USAGE_OID |
protected KeyStore |
keyStore |
protected SigningPolicyStore |
policyStore |
| Constructor and Description |
|---|
X509ProxyCertPathValidator() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) |
protected void |
checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
X509Certificate checkedProxy) |
protected void |
checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
CertPath certPath,
int index) |
void |
clear()
Dispose of the current validation state.
|
CertPathValidatorResult |
engineValidate(CertPath certPath,
CertPathParameters params)
Validates the specified certification path using the specified algorithm parameter set.
|
protected List<CertificateChecker> |
getCertificateCheckers() |
X509Certificate |
getIdentityCertificate() |
boolean |
isLimited() |
boolean |
isRejectLimitedProxy() |
protected void |
parseParameters(CertPathParameters params) |
void |
setIdentityCert(X509Certificate identityCert) |
void |
setLimited(boolean limited) |
protected CertPathValidatorResult |
validate(CertPath certPath)
Validates the certificate path and does the following for each certificate in the chain: method
checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path
constraints c) Proxy path constraints
If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the
following: a) keyisage
|
public static final String BASIC_CONSTRAINT_OID
public static final String KEY_USAGE_OID
protected KeyStore keyStore
protected CertStore certStore
protected SigningPolicyStore policyStore
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException
CertPath specified must be of a type that is supported by the validation algorithm, otherwise
an InvalidAlgorithmParameterException will be thrown. For example, a CertPathValidator
that implements the PKIX algorithm validates CertPath objects of type X.509.engineValidate in class CertPathValidatorSpicertPath - the CertPath to be validatedparams - the algorithm parametersCertPathValidatorException - if the CertPath does not validateInvalidAlgorithmParameterException - if the specified parameters or the type of the
specified CertPath are inappropriate for this CertPathValidatorpublic void clear()
protected void parseParameters(CertPathParameters params) throws InvalidAlgorithmParameterException
protected CertPathValidatorResult validate(CertPath certPath) throws CertPathValidatorException
certPath - The CertPath to validate.CertPathValidatorException - If the CertPath is invalid.protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
CertPath certPath,
int index)
throws CertPathValidatorException,
IOException
protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer)
throws CertPathValidatorException,
IOException
protected List<CertificateChecker> getCertificateCheckers()
protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
X509Certificate checkedProxy)
throws CertPathValidatorException,
IOException
public X509Certificate getIdentityCertificate()
public void setLimited(boolean limited)
public boolean isLimited()
public void setIdentityCert(X509Certificate identityCert)
public boolean isRejectLimitedProxy()
Copyright © 2013. All Rights Reserved.