public class X509ProxyCertPathValidator extends CertPathValidatorSpi
Modifier and Type | Field and Description |
---|---|
static String |
BASIC_CONSTRAINT_OID |
protected CertStore |
certStore |
static String |
KEY_USAGE_OID |
protected KeyStore |
keyStore |
protected SigningPolicyStore |
policyStore |
Constructor and Description |
---|
X509ProxyCertPathValidator() |
Modifier and Type | Method and Description |
---|---|
protected void |
checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) |
protected void |
checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
org.bouncycastle.asn1.x509.TBSCertificateStructure issuer,
X509Certificate checkedProxy) |
protected void |
checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy,
CertPath certPath,
int index) |
void |
clear()
Dispose of the current validation state.
|
CertPathValidatorResult |
engineValidate(CertPath certPath,
CertPathParameters params)
Validates the specified certification path using the specified algorithm parameter set.
|
protected List<CertificateChecker> |
getCertificateCheckers() |
X509Certificate |
getIdentityCertificate() |
boolean |
isLimited() |
boolean |
isRejectLimitedProxy() |
protected void |
parseParameters(CertPathParameters params) |
void |
setIdentityCert(X509Certificate identityCert) |
void |
setLimited(boolean limited) |
protected CertPathValidatorResult |
validate(CertPath certPath)
Validates the certificate path and does the following for each certificate in the chain: method
checkCertificate() In addition: a) Validates if the issuer type of each certificate is correct b) CA path
constraints c) Proxy path constraints
If it is of type proxy, check following: a) proxy constraints b) restricted proxy else if certificate, check the
following: a) keyisage
|
engineGetRevocationChecker
public static final String BASIC_CONSTRAINT_OID
public static final String KEY_USAGE_OID
protected KeyStore keyStore
protected CertStore certStore
protected SigningPolicyStore policyStore
public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters params) throws CertPathValidatorException, InvalidAlgorithmParameterException
CertPath
specified must be of a type that is supported by the validation algorithm, otherwise
an InvalidAlgorithmParameterException
will be thrown. For example, a CertPathValidator
that implements the PKIX algorithm validates CertPath
objects of type X.509.engineValidate
in class CertPathValidatorSpi
certPath
- the CertPath
to be validatedparams
- the algorithm parametersCertPathValidatorException
- if the CertPath
does not validateInvalidAlgorithmParameterException
- if the specified parameters or the type of the
specified CertPath
are inappropriate for this CertPathValidator
public void clear()
protected void parseParameters(CertPathParameters params) throws InvalidAlgorithmParameterException
protected CertPathValidatorResult validate(CertPath certPath) throws CertPathValidatorException
certPath
- The CertPath to validate.CertPathValidatorException
- If the CertPath is invalid.protected void checkRestrictedProxy(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, CertPath certPath, int index) throws CertPathValidatorException, IOException
protected void checkKeyUsage(org.bouncycastle.asn1.x509.TBSCertificateStructure issuer) throws CertPathValidatorException, IOException
protected List<CertificateChecker> getCertificateCheckers()
protected void checkProxyConstraints(org.bouncycastle.asn1.x509.TBSCertificateStructure proxy, org.bouncycastle.asn1.x509.TBSCertificateStructure issuer, X509Certificate checkedProxy) throws CertPathValidatorException, IOException
public X509Certificate getIdentityCertificate()
public void setLimited(boolean limited)
public boolean isLimited()
public void setIdentityCert(X509Certificate identityCert)
public boolean isRejectLimitedProxy()
Copyright © 2016. All rights reserved.