Package org.bouncycastle.pkix.jcajce
Class X509RevocationChecker
java.lang.Object
java.security.cert.PKIXCertPathChecker
org.bouncycastle.pkix.jcajce.X509RevocationChecker
- All Implemented Interfaces:
Cloneable,CertPathChecker
X.509 Certificate Revocation Checker - still lacks OCSP support and support for delta CRLs.
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final intThis model uses the following validity model.protected static final String[]static final intThis is the default PKIX validity model. -
Method Summary
Modifier and TypeMethodDescriptionvoidcheck(Certificate certificate, Collection<String> collection) protected voidcheckCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams, Date currentDate, Date validityDate, X509Certificate cert, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper) Checks a certificate if it is revoked.clone()voidinit(boolean forward) booleanMethods inherited from class java.security.cert.PKIXCertPathChecker
check
-
Field Details
-
PKIX_VALIDITY_MODEL
public static final int PKIX_VALIDITY_MODELThis is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the time of signing. Both are indirectly chosen with thePKIXParameters.setDate(Date)method, so this methods sets the Date when all certificates must have been valid.- See Also:
-
CHAIN_VALIDITY_MODEL
public static final int CHAIN_VALIDITY_MODELThis model uses the following validity model. Each certificate must have been valid at the moment where is was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid, when the CA certificate was signed and so on. So thePKIXParameters.setDate(Date)method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.- See Also:
-
crlReasons
-
-
Method Details
-
init
- Specified by:
initin interfaceCertPathChecker- Specified by:
initin classPKIXCertPathChecker- Throws:
CertPathValidatorException
-
isForwardCheckingSupported
public boolean isForwardCheckingSupported()- Specified by:
isForwardCheckingSupportedin interfaceCertPathChecker- Specified by:
isForwardCheckingSupportedin classPKIXCertPathChecker
-
getSupportedExtensions
- Specified by:
getSupportedExtensionsin classPKIXCertPathChecker
-
check
public void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException - Specified by:
checkin classPKIXCertPathChecker- Throws:
CertPathValidatorException
-
checkCRLs
protected void checkCRLs(org.bouncycastle.jcajce.PKIXExtendedParameters pkixParams, Date currentDate, Date validityDate, X509Certificate cert, X509Certificate sign, PublicKey workingPublicKey, List certPathCerts, org.bouncycastle.jcajce.util.JcaJceHelper helper) throws org.bouncycastle.pkix.jcajce.AnnotatedException, CertPathValidatorException Checks a certificate if it is revoked.- Parameters:
pkixParams- PKIX parameters.cert- Certificate to check if it is revoked.validityDate- The date when the certificate revocation status should be checked.sign- The issuer certificate of the certificatecert.workingPublicKey- The public key of the issuer certificatesign.certPathCerts- The certificates of the certification path.- Throws:
org.bouncycastle.pkix.jcajce.AnnotatedException- if the certificate is revoked or the status cannot be checked or some error occurs.CertPathValidatorException
-
clone
- Overrides:
clonein classPKIXCertPathChecker
-