org.bouncycastle.pkix.jcajce

Class X509RevocationChecker

java.lang.Object

java.security.cert.PKIXCertPathChecker

org.bouncycastle.pkix.jcajce.X509RevocationChecker

All Implemented Interfaces:

java.lang.Cloneable, java.security.cert.CertPathChecker

public class X509RevocationChecker
extends java.security.cert.PKIXCertPathChecker

X.509 Certificate Revocation Checker - still lacks OCSP support and support for delta CRLs.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	X509RevocationChecker.Builder

Field Summary

Fields

Modifier and Type	Field and Description
static int	CHAIN_VALIDITY_MODEL This model uses the following validity model.
protected static java.lang.String[]	crlReasons
static int	PKIX_VALIDITY_MODEL This is the default PKIX validity model.

Method Summary

Modifier and Type	Method and Description
void	check(java.security.cert.Certificate certificate, java.util.Collection<java.lang.String> collection)
protected void	checkCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams, java.util.Date currentDate, java.util.Date validityDate, java.security.cert.X509Certificate cert, java.security.cert.X509Certificate sign, java.security.PublicKey workingPublicKey, java.util.List certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper) Checks a certificate if it is revoked.
java.lang.Object	clone()
java.util.Set<java.lang.String>	getSupportedExtensions()
void	init(boolean forward)
boolean	isForwardCheckingSupported()

Methods inherited from class java.security.cert.PKIXCertPathChecker

check

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PKIX_VALIDITY_MODEL

public static final int PKIX_VALIDITY_MODEL

This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the time of signing. Both are indirectly chosen with the PKIXParameters.setDate(Date) method, so this methods sets the Date when all certificates must have been valid.

See Also:

Constant Field Values

CHAIN_VALIDITY_MODEL

public static final int CHAIN_VALIDITY_MODEL

This model uses the following validity model. Each certificate must have been valid at the moment where is was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid, when the CA certificate was signed and so on. So the PKIXParameters.setDate(Date) method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.

See Also:

Constant Field Values

crlReasons

protected static final java.lang.String[] crlReasons

Method Detail

init

public void init(boolean forward)
          throws java.security.cert.CertPathValidatorException

Specified by:

init in interface java.security.cert.CertPathChecker

Specified by:

init in class java.security.cert.PKIXCertPathChecker

Throws:

java.security.cert.CertPathValidatorException

isForwardCheckingSupported

public boolean isForwardCheckingSupported()

Specified by:

isForwardCheckingSupported in interface java.security.cert.CertPathChecker

Specified by:

isForwardCheckingSupported in class java.security.cert.PKIXCertPathChecker

getSupportedExtensions

public java.util.Set<java.lang.String> getSupportedExtensions()

Specified by:

getSupportedExtensions in class java.security.cert.PKIXCertPathChecker

check

public void check(java.security.cert.Certificate certificate,
                  java.util.Collection<java.lang.String> collection)
           throws java.security.cert.CertPathValidatorException

Specified by:

check in class java.security.cert.PKIXCertPathChecker

Throws:

java.security.cert.CertPathValidatorException

checkCRLs

protected void checkCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams,
                         java.util.Date currentDate,
                         java.util.Date validityDate,
                         java.security.cert.X509Certificate cert,
                         java.security.cert.X509Certificate sign,
                         java.security.PublicKey workingPublicKey,
                         java.util.List certPathCerts,
                         org.bouncycastle.jcajce.util.JcaJceHelper helper)
                  throws org.bouncycastle.pkix.jcajce.AnnotatedException,
                         java.security.cert.CertPathValidatorException

Checks a certificate if it is revoked.

Parameters:

pkixParams - PKIX parameters.

cert - Certificate to check if it is revoked.

validityDate - The date when the certificate revocation status should be checked.

sign - The issuer certificate of the certificate cert.

workingPublicKey - The public key of the issuer certificate sign.

certPathCerts - The certificates of the certification path.

Throws:

AnnotatedException - if the certificate is revoked or the status cannot be checked or some error occurs.

java.security.cert.CertPathValidatorException

clone

public java.lang.Object clone()

Overrides:

clone in class java.security.cert.PKIXCertPathChecker