if (paramsPKIX.getDate() != null) validityDate = paramsPKIX.getDate(); Set completeSet = CRL_UTIL.findCRLs(extSelect, validityDate, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores()); if (paramsPKIX.isUseDeltasEnabled()) deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(validityDate, crl, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores()));
public static Collection<?> findIssuerCerts(X509Certificate cert, PKIXExtendedBuilderParameters pkixParams) throws AnnotatedException { @SuppressWarnings("rawtypes") List<PKIXCertStore> stores = new ArrayList<PKIXCertStore>(); stores.addAll(pkixParams.getBaseParameters().getCertificateStores()); // add additional X.509 stores from locations in certificate try { stores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromAltNames( cert.getExtensionValue(Extension.issuerAlternativeName.getId()), pkixParams.getBaseParameters().getNamedCertificateStoreMap())); } catch (CertificateParsingException e) { //OK, we ignore those } return CertPathValidatorUtilities.findIssuerCerts(cert, pkixParams.getBaseParameters(). getCertStores(), stores); }
if (paramsPKIX.isUseDeltasEnabled()) crlStores.addAll(paramsPKIX.getCRLStores()); crlStores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(freshestCRL, paramsPKIX.getNamedCRLStoreMap())); set.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, crl, paramsPKIX.getCertStores(), crlStores));
/** * Fetches delta CRLs according to RFC 3280 section 5.2.4. * * @param currentDate The date for which the delta CRLs must be valid. * @param paramsPKIX The extended PKIX parameters. * @param completeCRL The complete CRL the delta CRL is for. * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs. * @throws SimpleValidationErrorException if an exception occurs while picking the * delta CRLs. */ @SuppressWarnings("unchecked") protected static Set<X509CRL> getDeltaCRLs2(Date currentDate, PKIXExtendedParameters paramsPKIX, X509CRL completeCRL) throws SimpleValidationErrorException { try { return getDeltaCRLs(currentDate, completeCRL, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores()); } catch (AnnotatedException e) { throw new SimpleValidationErrorException( ValidationErrorCode.crlDeltaProblem, e.getMessage(), e.getCause(), e.getCause().getClass().getName()); } }
if (paramsPKIX.getTrustAnchors() == null) Set userInitialPolicySet = paramsPKIX.getInitialPolicies(); paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider()); Set acceptablePolicies = new HashSet(); if (paramsPKIX.isExplicitPolicyRequired()) if (paramsPKIX.isAnyPolicyInhibited()) if (paramsPKIX.isPolicyMappingInhibited()) if (paramsPKIX.getTargetConstraints() != null && !paramsPKIX.getTargetConstraints().match((X509Certificate) certs.get(0))) List pathCheckers = paramsPKIX.getCertPathCheckers(); certIter = pathCheckers.iterator(); while (certIter.hasNext())
if (CertPathValidatorUtilities.isIssuerTrustAnchor(tbvCert, pkixParams.getBaseParameters().getTrustAnchors(), pkixParams.getBaseParameters().getSigProvider())) stores.addAll(pkixParams.getBaseParameters().getCertificateStores()); stores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromAltNames(tbvCert.getExtensionValue(Extension.issuerAlternativeName.getId()), pkixParams.getBaseParameters().getNamedCertificateStoreMap())); issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams.getBaseParameters().getCertStores(), stores));
if (paramsPKIX.getDate() != null) validityDate = paramsPKIX.getDate(); Set crls = CRL_UTIL.findCRLs(crlSelect, validityDate, paramsPKIX.getCertStores(), paramsPKIX.getCRLStores());
Set userInitialPolicySet = pkixParams.getBaseParameters().getInitialPolicies(); if (pkixParams.getBaseParameters().isExplicitPolicyRequired()) if (pkixParams.getBaseParameters().isAnyPolicyInhibited()) if (pkixParams.getBaseParameters().isPolicyMappingInhibited()) if (pkixParams.getBaseParameters().isExplicitPolicyRequired()) if (pkixParams.getBaseParameters().isExplicitPolicyRequired())
PKIXCertStoreSelector certSelect = paramsPKIX.getBaseParameters().getTargetConstraints(); targets = CertPathValidatorUtilities.findCertificates(certSelect, paramsPKIX.getBaseParameters().getCertificateStores()); targets.addAll(CertPathValidatorUtilities.findCertificates(certSelect, paramsPKIX.getBaseParameters().getCertStores()));
Date validityDate = currentDate; if (paramsPKIX.getDate() != null) validityDate = paramsPKIX.getDate(); if (paramsPKIX.isUseDeltasEnabled()) if (paramsPKIX.getValidityModel() != PKIXExtendedParameters.CHAIN_VALIDITY_MODEL)
Date validDate, List certPathCerts, JcaJceHelper helper) throws CertPathValidatorException if (paramsPKIX.isRevocationEnabled()) crlStores.addAll(CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX.getNamedCRLStoreMap())); .clone(); issuer))), null, null); PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters) paramsPKIX .clone(); checkCRL(dp, attrCert, paramsPKIXClone, validDate, issuerCert, certStatus, reasonsMask, certPathCerts, helper);
Collection trustColl = getTrustAnchors(cert,pkixParams.getBaseParameters().getTrustAnchors()); if (trustColl.size() > 1) "CertPathReviewer.noTrustAnchorFound", new Object[] {new UntrustedInput(cert.getIssuerX500Principal()), new Integer(pkixParams.getBaseParameters().getTrustAnchors().size())}); addError(msg); pkixParams.getBaseParameters().getSigProvider()); pkixParams.getBaseParameters().getSigProvider()); pkixParams.getBaseParameters().getSigProvider()); ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.rootKeyIsValidButNotATrustAnchor"); addError(msg, index); if (pkixParams.getBaseParameters().isRevocationEnabled())
try coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertificateStores()); coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores()));
try List extras = CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX.getNamedCRLStoreMap()); for (Iterator it = extras.iterator(); it.hasNext();) PKIXExtendedParameters paramsPKIXClone = (PKIXExtendedParameters)paramsPKIX.clone(); checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts, helper);
paramsPKIX.getSigProvider()); if (paramsPKIX.isRevocationEnabled())
pkixParams.getBaseParameters().getTrustAnchors(), pkixParams.getBaseParameters().getSigProvider()); } catch (AnnotatedException e1)
protected static Date getValidDate(PKIXExtendedParameters paramsPKIX) { Date validDate = paramsPKIX.getDate(); if (validDate == null) { validDate = new Date(); } return validDate; }
@SuppressWarnings("rawtypes") protected static List<PKIXCRLStore> getAdditionalStoresFromCRLDistributionPoint(CRLDistPoint crldp, PKIXExtendedBuilderParameters pkixParams) throws AnnotatedException { return CertPathValidatorUtilities.getAdditionalStoresFromCRLDistributionPoint(crldp, pkixParams.getBaseParameters().getNamedCRLStoreMap()); }
.findCertificates(new PKIXCertStoreSelector.Builder(selector).build(), pkixParams.getCertStores())); .findCertificates(new PKIXCertStoreSelector.Builder(selector).build(), pkixParams.getCertStores()));
List pathCheckers = pkixParams.getBaseParameters().getCertPathCheckers(); Iterator certIter = pathCheckers.iterator();