ANY_POLICY
protected static final String ANY_POLICY
AUTHORITY_KEY_IDENTIFIER
protected static final String AUTHORITY_KEY_IDENTIFIER
BASIC_CONSTRAINTS
protected static final String BASIC_CONSTRAINTS
CERTIFICATE_POLICIES
protected static final String CERTIFICATE_POLICIES
CRL_DISTRIBUTION_POINTS
protected static final String CRL_DISTRIBUTION_POINTS
CRL_NUMBER
protected static final String CRL_NUMBER
CRL_SIGN
protected static final int CRL_SIGN
DELTA_CRL_INDICATOR
protected static final String DELTA_CRL_INDICATOR
FRESHEST_CRL
protected static final String FRESHEST_CRL
INHIBIT_ANY_POLICY
protected static final String INHIBIT_ANY_POLICY
ISSUING_DISTRIBUTION_POINT
protected static final String ISSUING_DISTRIBUTION_POINT
KEY_CERT_SIGN
protected static final int KEY_CERT_SIGN
KEY_USAGE
protected static final String KEY_USAGE
NAME_CONSTRAINTS
protected static final String NAME_CONSTRAINTS
POLICY_CONSTRAINTS
protected static final String POLICY_CONSTRAINTS
POLICY_MAPPINGS
protected static final String POLICY_MAPPINGS
SUBJECT_ALTERNATIVE_NAME
protected static final String SUBJECT_ALTERNATIVE_NAME
crlReasons
protected static final String[] crlReasons
addAdditionalStoreFromLocation
protected static void addAdditionalStoreFromLocation(String location,
ExtendedPKIXParameters pkixParams)
findCRLs
protected static final Collection findCRLs(X509CRLSelector crlSelect,
List crlStores)
throws AnnotatedException
Return a Collection of all CRLs found in the
CertStore's that are matching the crlSelect criteriums.
crlSelect
- a CertSelector
object that will be used to select the CRLscrlStores
- a List containing only CertStore
objects. These are used to search for
CRLs
- a Collection of all found
CRL
objects. May be empty but never null
.
findCRLs
protected static final Collection findCRLs(X509CRLStoreSelector crlSelect,
List crlStores)
throws AnnotatedException
Return a Collection of all CRLs found in the X509Store's that are
matching the crlSelect criteriums.
crlSelect
- a X509CRLStoreSelector
object that will be used
to select the CRLscrlStores
- a List containing only
X509Store
objects.
These are used to search for CRLs
- a Collection of all found
X509CRL
objects. May be
empty but never null
.
findCertificates
protected static Collection findCertificates(CertSelector certSelect,
List certStores)
throws AnnotatedException
Return a Collection of all certificates found in the CertStore's that are
matching the certSelect criteriums.
certSelect
- a CertSelector
object that will
be used to select the certificatescertStores
- a List containing only CertStore
objects. These are used to search for certificates
- a Collection of all found
Certificate
objects. May be empty but never null
.
findCertificates
protected static Collection findCertificates(Selector certSelect,
List certStores)
throws AnnotatedException
Return a Collection of all certificates or attribute certificates found
in the X509Store's that are matching the certSelect criteriums.
certSelect
- a Selector
object that will be used to select
the certificatescertStores
- a List containing only X509Store
objects. These
are used to search for certificates.
findTrustAnchor
protected static final TrustAnchor findTrustAnchor(X509Certificate cert,
CertPath certPath,
int index,
Set trustAnchors)
throws CertPathValidatorException
Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
cert
- the X509 certificatetrustAnchors
- a Set of TrustAnchor's
- the
TrustAnchor
object if found or
null
if not.
getAlgorithmIdentifier
protected static AlgorithmIdentifier getAlgorithmIdentifier(PublicKey key)
throws CertPathValidatorException
getCRLIssuersFromDistributionPoint
protected static void getCRLIssuersFromDistributionPoint(DistributionPoint dp,
Collection issuerPrincipals,
X509CRLStoreSelector selector,
ExtendedPKIXParameters pkixParams)
throws AnnotatedException
Add the CRL issuers from the cRLIssuer field of the distribution point or
from the certificate if not given to the issuer criterion of the
selector
.
The
issuerPrincipals
are a collection with a single
X500Principal
for
X509Certificate
s. For
X509AttributeCertificate
s the issuer may contain more than one
X500Principal
.
dp
- The distribution point.issuerPrincipals
- The issuers of the certificate or atribute
certificate which contains the distribution point.selector
- The CRL selector.pkixParams
- The PKIX parameters containing the cert stores.
getCertStatus
protected static void getCertStatus(Date validDate,
X509CRL crl,
BigInteger serialNumber,
org.bouncycastle.jce.provider.CertStatus certStatus)
throws AnnotatedException
getCompleteCRLs
protected static Set getCompleteCRLs(DistributionPoint dp,
Object cert,
Date currentDate,
ExtendedPKIXParameters paramsPKIX)
throws AnnotatedException
Fetches complete CRLs according to RFC 3280.
dp
- The distribution point for which the complete CRLcert
- The X509Certificate
or
X509AttributeCertificate
for
which the CRL should be searched.currentDate
- The date for which the delta CRLs must be valid.paramsPKIX
- The extended PKIX parameters.
- A
Set
of X509CRL
s with complete
CRLs.
getDeltaCRLs
protected static Set getDeltaCRLs(Date currentDate,
ExtendedPKIXParameters paramsPKIX,
X509CRL completeCRL)
throws AnnotatedException
Fetches delta CRLs according to RFC 3280 section 5.2.4.
currentDate
- The date for which the delta CRLs must be valid.paramsPKIX
- The extended PKIX parameters.completeCRL
- The complete CRL the delta CRL is for.
- A
Set
of X509CRL
s with delta CRLs.
AnnotatedException
- if an exception occurs while picking the delta
CRLs or no delta CRLs are found.
getEncodedIssuerPrincipal
protected static X500Principal getEncodedIssuerPrincipal(Object cert)
Returns the issuer of an attribute certificate or certificate.
cert
- The attribute certificate or certificate.
- The issuer as
X500Principal
.
getExtensionValue
protected static DERObject getExtensionValue(java.security.cert.X509Extension ext,
String oid)
throws AnnotatedException
extract the value of the given extension, if it exists.
getIssuerPrincipal
protected static X500Principal getIssuerPrincipal(X509CRL crl)
getNextWorkingKey
protected static PublicKey getNextWorkingKey(X509Certificate cert,
List certs,
int index)
throws CertPathValidatorException
Return the next working key inheriting DSA parameters if necessary.
This methods inherits DSA parameters from the indexed certificate or
previous certificates in the certificate chain to the returned
PublicKey
. The list is searched upwards, meaning the end
certificate is at position 0 and previous certificates are following.
If the indexed certificate does not contain a DSA key this method simply
returns the public key. If the DSA key already contains DSA parameters
the key is also only returned.
certs
- The certification path.index
- The index of the certificate which contains the public key
which should be extended with DSA parameters.
- The public key of the certificate in list position
index
extended with DSA parameters if applicable.
getQualifierSet
protected static final Set getQualifierSet(ASN1Sequence qualifiers)
throws CertPathValidatorException
getSubjectPrincipal
protected static X500Principal getSubjectPrincipal(X509Certificate cert)
getValidDate
protected static Date getValidDate(PKIXParameters paramsPKIX)
isAnyPolicy
protected static boolean isAnyPolicy(Set policySet)
isSelfIssued
protected static boolean isSelfIssued(X509Certificate cert)
prepareNextCertB1
protected static void prepareNextCertB1(int i,
List[] policyNodes,
String id_p,
Map m_idp,
X509Certificate cert)
throws AnnotatedException,
CertPathValidatorException
processCertD1i
protected static boolean processCertD1i(int index,
List[] policyNodes,
DERObjectIdentifier pOid,
Set pq)
processCertD1ii
protected static void processCertD1ii(int index,
List[] policyNodes,
DERObjectIdentifier _poid,
Set _pq)