| Methods Summary |
|---|
| protected static void | checkExcludedDN(java.util.Set excluded, org.bouncycastle.asn1.ASN1Sequence dns)
if (excluded.isEmpty())
{
return;
}
Iterator it = excluded.iterator();
while (it.hasNext())
{
ASN1Sequence subtree = (ASN1Sequence) it.next();
if (withinDNSubtree(dns, subtree))
{
throw new CertPathValidatorException(
"Subject distinguished name is from an excluded subtree");
}
}
|
| protected static void | checkExcludedEmail(java.util.Set excluded, java.lang.String email)
if (excluded.isEmpty())
{
return;
}
String sub = email.substring(email.indexOf('@") + 1);
Iterator it = excluded.iterator();
while (it.hasNext())
{
String str = (String) it.next();
if (sub.endsWith(str))
{
throw new CertPathValidatorException(
"Subject email address is from an excluded subtree");
}
}
|
| protected static void | checkExcludedIP(java.util.Set excluded, byte[] ip)
if (excluded.isEmpty())
{
return;
}
// TODO, check RFC791 and RFC1883 for IP bytes definition.
|
| protected static void | checkPermittedDN(java.util.Set permitted, org.bouncycastle.asn1.ASN1Sequence dns)
if (permitted.isEmpty())
{
return;
}
Iterator it = permitted.iterator();
while (it.hasNext())
{
ASN1Sequence subtree = (ASN1Sequence) it.next();
if (withinDNSubtree(dns, subtree))
{
return;
}
}
throw new CertPathValidatorException(
"Subject distinguished name is not from a permitted subtree");
|
| protected static void | checkPermittedEmail(java.util.Set permitted, java.lang.String email)
if (permitted.isEmpty())
{
return;
}
String sub = email.substring(email.indexOf('@") + 1);
Iterator it = permitted.iterator();
while (it.hasNext())
{
String str = (String) it.next();
if (sub.endsWith(str))
{
return;
}
}
throw new CertPathValidatorException(
"Subject email address is not from a permitted subtree");
|
| protected static void | checkPermittedIP(java.util.Set permitted, byte[] ip)
if (permitted.isEmpty())
{
return;
}
// TODO: ??? Something here
|
| protected static final java.util.Collection | findCRLs(java.security.cert.X509CRLSelector crlSelect, java.util.List crlStores)Return a Collection of all CRLs found in the
CertStore's that are matching the crlSelect criteriums.
Set crls = new HashSet();
Iterator iter = crlStores.iterator();
while (iter.hasNext())
{
CertStore certStore = (CertStore)iter.next();
try
{
crls.addAll(certStore.getCRLs(crlSelect));
}
catch (CertStoreException e)
{
throw new AnnotatedException("cannot extract crl: " + e, e);
}
}
return crls;
|
| protected static final java.security.cert.TrustAnchor | findTrustAnchor(java.security.cert.X509Certificate cert, java.security.cert.CertPath certPath, int index, java.util.Set trustAnchors)Search the given Set of TrustAnchor's for one that is the
issuer of the given X509 certificate.
Iterator iter = trustAnchors.iterator();
TrustAnchor trust = null;
PublicKey trustPublicKey = null;
Exception invalidKeyEx = null;
X509CertSelector certSelectX509 = new X509CertSelector();
try
{
certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
}
catch (IOException ex)
{
throw new CertPathValidatorException(ex);
}
while (iter.hasNext() && trust == null)
{
trust = (TrustAnchor) iter.next();
if (trust.getTrustedCert() != null)
{
if (certSelectX509.match(trust.getTrustedCert()))
{
trustPublicKey = trust.getTrustedCert().getPublicKey();
}
else
{
trust = null;
}
}
else if (trust.getCAName() != null
&& trust.getCAPublicKey() != null)
{
try
{
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName))
{
trustPublicKey = trust.getCAPublicKey();
}
else
{
trust = null;
}
}
catch (IllegalArgumentException ex)
{
trust = null;
}
}
else
{
trust = null;
}
if (trustPublicKey != null)
{
try
{
cert.verify(trustPublicKey);
}
catch (Exception ex)
{
invalidKeyEx = ex;
trust = null;
}
}
}
if (trust == null && invalidKeyEx != null)
{
throw new CertPathValidatorException("TrustAnchor found but certificate validation failed.", invalidKeyEx, certPath, index);
}
return trust;
|
| protected static org.bouncycastle.asn1.x509.AlgorithmIdentifier | getAlgorithmIdentifier(java.security.PublicKey key)
try
{
ASN1InputStream aIn = new ASN1InputStream(key.getEncoded());
SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject());
return info.getAlgorithmId();
}
catch (IOException e)
{
throw new CertPathValidatorException("exception processing public key");
}
|
| protected static javax.security.auth.x500.X500Principal | getEncodedIssuerPrincipal(java.security.cert.X509Certificate cert)
return cert.getIssuerX500Principal();
|
| protected static org.bouncycastle.asn1.DERObject | getExtensionValue(java.security.cert.X509Extension ext, java.lang.String oid)extract the value of the given extension, if it exists.
byte[] bytes = ext.getExtensionValue(oid);
if (bytes == null)
{
return null;
}
return getObject(oid, bytes);
|
| protected static javax.security.auth.x500.X500Principal | getIssuerPrincipal(java.security.cert.X509CRL crl)
return crl.getIssuerX500Principal();
|
| private static org.bouncycastle.asn1.DERObject | getObject(java.lang.String oid, byte[] ext)
try
{
ASN1InputStream aIn = new ASN1InputStream(ext);
ASN1OctetString octs = (ASN1OctetString)aIn.readObject();
aIn = new ASN1InputStream(octs.getOctets());
return aIn.readObject();
}
catch (IOException e)
{
throw new AnnotatedException("exception processing extension " + oid, e);
}
|
| protected static final java.util.Set | getQualifierSet(org.bouncycastle.asn1.ASN1Sequence qualifiers)
Set pq = new HashSet();
if (qualifiers == null)
{
return pq;
}
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
Enumeration e = qualifiers.getObjects();
while (e.hasMoreElements())
{
try
{
aOut.writeObject(e.nextElement());
pq.add(new PolicyQualifierInfo(bOut.toByteArray()));
}
catch (IOException ex)
{
throw new CertPathValidatorException("exception building qualifier set: " + ex);
}
bOut.reset();
}
return pq;
|
| protected static javax.security.auth.x500.X500Principal | getSubjectPrincipal(java.security.cert.X509Certificate cert)
return cert.getSubjectX500Principal();
|
| protected static java.util.Date | getValidDate(java.security.cert.PKIXParameters paramsPKIX)
Date validDate = paramsPKIX.getDate();
if (validDate == null)
{
validDate = new Date();
}
return validDate;
|
| protected static java.util.Set | intersectDN(java.util.Set permitted, org.bouncycastle.asn1.ASN1Sequence dn)
if (permitted.isEmpty())
{
permitted.add(dn);
return permitted;
}
else
{
Set intersect = new HashSet();
Iterator _iter = permitted.iterator();
while (_iter.hasNext())
{
ASN1Sequence subtree = (ASN1Sequence) _iter.next();
if (withinDNSubtree(dn, subtree))
{
intersect.add(dn);
}
else if (withinDNSubtree(subtree, dn))
{
intersect.add(subtree);
}
}
return intersect;
}
|
| protected static java.util.Set | intersectEmail(java.util.Set permitted, java.lang.String email)
String _sub = email.substring(email.indexOf('@") + 1);
if (permitted.isEmpty())
{
permitted.add(_sub);
return permitted;
}
else
{
Set intersect = new HashSet();
Iterator _iter = permitted.iterator();
while (_iter.hasNext())
{
String _permitted = (String) _iter.next();
if (_sub.endsWith(_permitted))
{
intersect.add(_sub);
}
else if (_permitted.endsWith(_sub))
{
intersect.add(_permitted);
}
}
return intersect;
}
|
| protected static java.util.Set | intersectIP(java.util.Set permitted, byte[] ip)
// TBD
return permitted;
|
| protected static boolean | isAnyPolicy(java.util.Set policySet)
return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty();
|
| protected static boolean | isSelfIssued(java.security.cert.X509Certificate cert)
return cert.getSubjectDN().equals(cert.getIssuerDN());
|
| protected static void | prepareNextCertB1(int i, java.util.List[] policyNodes, java.lang.String id_p, java.util.Map m_idp, java.security.cert.X509Certificate cert)
boolean idp_found = false;
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext())
{
PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
if (node.getValidPolicy().equals(id_p))
{
idp_found = true;
node.expectedPolicies = (Set)m_idp.get(id_p);
break;
}
}
if (!idp_found)
{
nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext())
{
PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
if (ANY_POLICY.equals(node.getValidPolicy()))
{
Set pq = null;
ASN1Sequence policies = (ASN1Sequence)getExtensionValue(cert, CERTIFICATE_POLICIES);
Enumeration e = policies.getObjects();
while (e.hasMoreElements())
{
PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement());
if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId()))
{
pq = getQualifierSet(pinfo.getPolicyQualifiers());
break;
}
}
boolean ci = false;
if (cert.getCriticalExtensionOIDs() != null)
{
ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES);
}
PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
if (ANY_POLICY.equals(p_node.getValidPolicy()))
{
PKIXPolicyNode c_node = new PKIXPolicyNode(
new ArrayList(), i,
(Set)m_idp.get(id_p),
p_node, pq, id_p, ci);
p_node.addChild(c_node);
policyNodes[i].add(c_node);
}
break;
}
}
}
|
| protected static PKIXPolicyNode | prepareNextCertB2(int i, java.util.List[] policyNodes, java.lang.String id_p, PKIXPolicyNode validPolicyTree)
Iterator nodes_i = policyNodes[i].iterator();
while (nodes_i.hasNext())
{
PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next();
if (node.getValidPolicy().equals(id_p))
{
PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent();
p_node.removeChild(node);
nodes_i.remove();
for (int k = (i - 1); k >= 0; k--)
{
List nodes = policyNodes[k];
for (int l = 0; l < nodes.size(); l++)
{
PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l);
if (!node2.hasChildren())
{
validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2);
if (validPolicyTree == null)
{
break;
}
}
}
}
}
}
return validPolicyTree;
|
| protected static boolean | processCertD1i(int index, java.util.List[] policyNodes, org.bouncycastle.asn1.DERObjectIdentifier pOid, java.util.Set pq)
List policyNodeVec = policyNodes[index - 1];
for (int j = 0; j < policyNodeVec.size(); j++)
{
PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j);
Set expectedPolicies = node.getExpectedPolicies();
if (expectedPolicies.contains(pOid.getId()))
{
Set childExpectedPolicies = new HashSet();
childExpectedPolicies.add(pOid.getId());
PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(),
index,
childExpectedPolicies,
node,
pq,
pOid.getId(),
false);
node.addChild(child);
policyNodes[index].add(child);
return true;
}
}
return false;
|
| protected static void | processCertD1ii(int index, java.util.List[] policyNodes, org.bouncycastle.asn1.DERObjectIdentifier _poid, java.util.Set _pq)
List policyNodeVec = policyNodes[index - 1];
for (int j = 0; j < policyNodeVec.size(); j++)
{
PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j);
Set _expectedPolicies = _node.getExpectedPolicies();
if (ANY_POLICY.equals(_node.getValidPolicy()))
{
Set _childExpectedPolicies = new HashSet();
_childExpectedPolicies.add(_poid.getId());
PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(),
index,
_childExpectedPolicies,
_node,
_pq,
_poid.getId(),
false);
_node.addChild(_child);
policyNodes[index].add(_child);
return;
}
}
|
| protected static PKIXPolicyNode | removePolicyNode(PKIXPolicyNode validPolicyTree, java.util.List[] policyNodes, PKIXPolicyNode _node)
PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent();
if (validPolicyTree == null)
{
return null;
}
if (_parent == null)
{
for (int j = 0; j < policyNodes.length; j++)
{
policyNodes[j] = new ArrayList();
}
return null;
}
else
{
_parent.removeChild(_node);
removePolicyNodeRecurse(policyNodes, _node);
return validPolicyTree;
}
|
| private static void | removePolicyNodeRecurse(java.util.List[] policyNodes, PKIXPolicyNode _node)
policyNodes[_node.getDepth()].remove(_node);
if (_node.hasChildren())
{
Iterator _iter = _node.getChildren();
while (_iter.hasNext())
{
PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next();
removePolicyNodeRecurse(policyNodes, _child);
}
}
|
| protected static java.util.Set | unionDN(java.util.Set excluded, org.bouncycastle.asn1.ASN1Sequence dn)
if (excluded.isEmpty())
{
excluded.add(dn);
return excluded;
}
else
{
Set intersect = new HashSet();
Iterator _iter = excluded.iterator();
while (_iter.hasNext())
{
ASN1Sequence subtree = (ASN1Sequence) _iter.next();
if (withinDNSubtree(dn, subtree))
{
intersect.add(subtree);
}
else if (withinDNSubtree(subtree, dn))
{
intersect.add(dn);
}
else
{
intersect.add(subtree);
intersect.add(dn);
}
}
return intersect;
}
|
| protected static java.util.Set | unionEmail(java.util.Set excluded, java.lang.String email)
String _sub = email.substring(email.indexOf('@") + 1);
if (excluded.isEmpty())
{
excluded.add(_sub);
return excluded;
}
else
{
Set intersect = new HashSet();
Iterator _iter = excluded.iterator();
while (_iter.hasNext())
{
String _excluded = (String) _iter.next();
if (_sub.endsWith(_excluded))
{
intersect.add(_excluded);
}
else if (_excluded.endsWith(_sub))
{
intersect.add(_sub);
}
else
{
intersect.add(_excluded);
intersect.add(_sub);
}
}
return intersect;
}
|
| protected static java.util.Set | unionIP(java.util.Set excluded, byte[] ip)
// TBD
return excluded;
|
| private static boolean | withinDNSubtree(org.bouncycastle.asn1.ASN1Sequence dns, org.bouncycastle.asn1.ASN1Sequence subtree)
if (subtree.size() < 1)
{
return false;
}
if (subtree.size() > dns.size())
{
return false;
}
for (int j = subtree.size() - 1; j >= 0; j--)
{
if (!subtree.getObjectAt(j).equals(dns.getObjectAt(j)))
{
return false;
}
}
return true;
|
