diff options
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/cert/path/validations')
7 files changed, 0 insertions, 563 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/BasicConstraintsValidation.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/BasicConstraintsValidation.java deleted file mode 100644 index db4f852..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/BasicConstraintsValidation.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.path.CertPathValidation; -import org.bouncycastle.cert.path.CertPathValidationContext; -import org.bouncycastle.cert.path.CertPathValidationException; -import org.bouncycastle.util.Memoable; - -public class BasicConstraintsValidation - implements CertPathValidation -{ - private boolean isMandatory; - private BasicConstraints bc; - private int maxPathLength; - - public BasicConstraintsValidation() - { - this(true); - } - - public BasicConstraintsValidation(boolean isMandatory) - { - this.isMandatory = isMandatory; - } - - public void validate(CertPathValidationContext context, X509CertificateHolder certificate) - throws CertPathValidationException - { - if (maxPathLength < 0) - { - throw new CertPathValidationException("BasicConstraints path length exceeded"); - } - - context.addHandledExtension(Extension.basicConstraints); - - BasicConstraints certBC = BasicConstraints.fromExtensions(certificate.getExtensions()); - - if (certBC != null) - { - if (bc != null) - { - if (certBC.isCA()) - { - BigInteger pathLengthConstraint = certBC.getPathLenConstraint(); - - if (pathLengthConstraint != null) - { - int plc = pathLengthConstraint.intValue(); - - if (plc < maxPathLength) - { - maxPathLength = plc; - bc = certBC; - } - } - } - } - else - { - bc = certBC; - if (certBC.isCA()) - { - maxPathLength = certBC.getPathLenConstraint().intValue(); - } - } - } - else - { - if (bc != null) - { - maxPathLength--; - } - } - - if (isMandatory && bc == null) - { - throw new CertPathValidationException("BasicConstraints not present in path"); - } - } - - public Memoable copy() - { - BasicConstraintsValidation v = new BasicConstraintsValidation(isMandatory); - - v.bc = this.bc; - v.maxPathLength = this.maxPathLength; - - return v; - } - - public void reset(Memoable other) - { - BasicConstraintsValidation v = (BasicConstraintsValidation)other; - - this.isMandatory = v.isMandatory; - this.bc = v.bc; - this.maxPathLength = v.maxPathLength; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CRLValidation.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CRLValidation.java deleted file mode 100644 index c44b7c0..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CRLValidation.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import java.util.Collection; -import java.util.Iterator; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.path.CertPathValidation; -import org.bouncycastle.cert.path.CertPathValidationContext; -import org.bouncycastle.cert.path.CertPathValidationException; -import org.bouncycastle.util.Memoable; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.Store; - -public class CRLValidation - implements CertPathValidation -{ - private Store crls; - private X500Name workingIssuerName; - - public CRLValidation(X500Name trustAnchorName, Store crls) - { - this.workingIssuerName = trustAnchorName; - this.crls = crls; - } - - public void validate(CertPathValidationContext context, X509CertificateHolder certificate) - throws CertPathValidationException - { - // TODO: add handling of delta CRLs - Collection matches = crls.getMatches(new Selector() - { - public boolean match(Object obj) - { - X509CRLHolder crl = (X509CRLHolder)obj; - - return (crl.getIssuer().equals(workingIssuerName)); - } - - public Object clone() - { - return this; - } - }); - - if (matches.isEmpty()) - { - throw new CertPathValidationException("CRL for " + workingIssuerName + " not found"); - } - - for (Iterator it = matches.iterator(); it.hasNext();) - { - X509CRLHolder crl = (X509CRLHolder)it.next(); - - // TODO: not quite right! - if (crl.getRevokedCertificate(certificate.getSerialNumber()) != null) - { - throw new CertPathValidationException("Certificate revoked"); - } - } - - this.workingIssuerName = certificate.getSubject(); - } - - public Memoable copy() - { - return new CRLValidation(workingIssuerName, crls); - } - - public void reset(Memoable other) - { - CRLValidation v = (CRLValidation)other; - - this.workingIssuerName = v.workingIssuerName; - this.crls = v.crls; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidation.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidation.java deleted file mode 100644 index ebaf989..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidation.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.PolicyConstraints; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.path.CertPathValidation; -import org.bouncycastle.cert.path.CertPathValidationContext; -import org.bouncycastle.cert.path.CertPathValidationException; -import org.bouncycastle.util.Memoable; - -public class CertificatePoliciesValidation - implements CertPathValidation -{ - private int explicitPolicy; - private int policyMapping; - private int inhibitAnyPolicy; - - CertificatePoliciesValidation(int pathLength) - { - this(pathLength, false, false, false); - } - - CertificatePoliciesValidation(int pathLength, boolean isExplicitPolicyRequired, boolean isAnyPolicyInhibited, boolean isPolicyMappingInhibited) - { - // - // (d) - // - - if (isExplicitPolicyRequired) - { - explicitPolicy = 0; - } - else - { - explicitPolicy = pathLength + 1; - } - - // - // (e) - // - if (isAnyPolicyInhibited) - { - inhibitAnyPolicy = 0; - } - else - { - inhibitAnyPolicy = pathLength + 1; - } - - // - // (f) - // - if (isPolicyMappingInhibited) - { - policyMapping = 0; - } - else - { - policyMapping = pathLength + 1; - } - } - - public void validate(CertPathValidationContext context, X509CertificateHolder certificate) - throws CertPathValidationException - { - context.addHandledExtension(Extension.policyConstraints); - context.addHandledExtension(Extension.inhibitAnyPolicy); - - if (!context.isEndEntity()) - { - if (!ValidationUtils.isSelfIssued(certificate)) - { - // - // H (1), (2), (3) - // - explicitPolicy = countDown(explicitPolicy); - policyMapping = countDown(policyMapping); - inhibitAnyPolicy = countDown(inhibitAnyPolicy); - - // - // I (1), (2) - // - PolicyConstraints policyConstraints = PolicyConstraints.fromExtensions(certificate.getExtensions()); - - if (policyConstraints != null) - { - BigInteger requireExplicitPolicyMapping = policyConstraints.getRequireExplicitPolicyMapping(); - if (requireExplicitPolicyMapping != null) - { - if (requireExplicitPolicyMapping.intValue() < explicitPolicy) - { - explicitPolicy = requireExplicitPolicyMapping.intValue(); - } - } - - BigInteger inhibitPolicyMapping = policyConstraints.getInhibitPolicyMapping(); - if (inhibitPolicyMapping != null) - { - if (inhibitPolicyMapping.intValue() < policyMapping) - { - policyMapping = inhibitPolicyMapping.intValue(); - } - } - } - - // - // J - // - Extension ext = certificate.getExtension(Extension.inhibitAnyPolicy); - - if (ext != null) - { - int extValue = ASN1Integer.getInstance(ext.getParsedValue()).getValue().intValue(); - - if (extValue < inhibitAnyPolicy) - { - inhibitAnyPolicy = extValue; - } - } - } - } - } - - private int countDown(int policyCounter) - { - if (policyCounter != 0) - { - return policyCounter - 1; - } - - return 0; - } - - public Memoable copy() - { - return new CertificatePoliciesValidation(0); // TODO: - } - - public void reset(Memoable other) - { - CertificatePoliciesValidation v = (CertificatePoliciesValidation)other; // TODO: - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java deleted file mode 100644 index 74b622e..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import org.bouncycastle.cert.path.CertPath; - -public class CertificatePoliciesValidationBuilder -{ - private boolean isExplicitPolicyRequired; - private boolean isAnyPolicyInhibited; - private boolean isPolicyMappingInhibited; - - public void setAnyPolicyInhibited(boolean anyPolicyInhibited) - { - isAnyPolicyInhibited = anyPolicyInhibited; - } - - public void setExplicitPolicyRequired(boolean explicitPolicyRequired) - { - isExplicitPolicyRequired = explicitPolicyRequired; - } - - public void setPolicyMappingInhibited(boolean policyMappingInhibited) - { - isPolicyMappingInhibited = policyMappingInhibited; - } - - public CertificatePoliciesValidation build(int pathLen) - { - return new CertificatePoliciesValidation(pathLen, isExplicitPolicyRequired, isAnyPolicyInhibited, isPolicyMappingInhibited); - } - - public CertificatePoliciesValidation build(CertPath path) - { - return build(path.length()); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/KeyUsageValidation.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/KeyUsageValidation.java deleted file mode 100644 index 5d9adc8..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/KeyUsageValidation.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.path.CertPathValidation; -import org.bouncycastle.cert.path.CertPathValidationContext; -import org.bouncycastle.cert.path.CertPathValidationException; -import org.bouncycastle.util.Memoable; - -public class KeyUsageValidation - implements CertPathValidation -{ - private boolean isMandatory; - - public KeyUsageValidation() - { - this(true); - } - - public KeyUsageValidation(boolean isMandatory) - { - this.isMandatory = isMandatory; - } - - public void validate(CertPathValidationContext context, X509CertificateHolder certificate) - throws CertPathValidationException - { - context.addHandledExtension(Extension.keyUsage); - - if (!context.isEndEntity()) - { - KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); - - if (usage != null) - { - if (!usage.hasUsages(KeyUsage.keyCertSign)) - { - throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); - } - } - else - { - if (isMandatory) - { - throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); - } - } - } - } - - public Memoable copy() - { - return new KeyUsageValidation(isMandatory); - } - - public void reset(Memoable other) - { - KeyUsageValidation v = (KeyUsageValidation)other; - - this.isMandatory = v.isMandatory; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ParentCertIssuedValidation.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ParentCertIssuedValidation.java deleted file mode 100644 index a21ad1c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ParentCertIssuedValidation.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.CertException; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509ContentVerifierProviderBuilder; -import org.bouncycastle.cert.path.CertPathValidation; -import org.bouncycastle.cert.path.CertPathValidationContext; -import org.bouncycastle.cert.path.CertPathValidationException; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Memoable; - -public class ParentCertIssuedValidation - implements CertPathValidation -{ - private X509ContentVerifierProviderBuilder contentVerifierProvider; - - private X500Name workingIssuerName; - private SubjectPublicKeyInfo workingPublicKey; - private AlgorithmIdentifier workingAlgId; - - public ParentCertIssuedValidation(X509ContentVerifierProviderBuilder contentVerifierProvider) - { - this.contentVerifierProvider = contentVerifierProvider; - } - - public void validate(CertPathValidationContext context, X509CertificateHolder certificate) - throws CertPathValidationException - { - if (workingIssuerName != null) - { - if (!workingIssuerName.equals(certificate.getIssuer())) - { - throw new CertPathValidationException("Certificate issue does not match parent"); - } - } - - if (workingPublicKey != null) - { - try - { - SubjectPublicKeyInfo validatingKeyInfo; - - if (workingPublicKey.getAlgorithm().equals(workingAlgId)) - { - validatingKeyInfo = workingPublicKey; - } - else - { - validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey()); - } - - if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) - { - throw new CertPathValidationException("Certificate signature not for public key in parent"); - } - } - catch (OperatorCreationException e) - { - throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e); - } - catch (CertException e) - { - throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e); - } - catch (IOException e) - { - throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e); - } - } - - workingIssuerName = certificate.getSubject(); - workingPublicKey = certificate.getSubjectPublicKeyInfo(); - - if (workingAlgId != null) - { - // check for inherited parameters - if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) - { - if (!isNull(workingPublicKey.getAlgorithm().getParameters())) - { - workingAlgId = workingPublicKey.getAlgorithm(); - } - } - else - { - workingAlgId = workingPublicKey.getAlgorithm(); - } - } - else - { - workingAlgId = workingPublicKey.getAlgorithm(); - } - } - - private boolean isNull(ASN1Encodable obj) - { - return obj == null || obj instanceof ASN1Null; - } - - public Memoable copy() - { - ParentCertIssuedValidation v = new ParentCertIssuedValidation(contentVerifierProvider); - - v.workingAlgId = this.workingAlgId; - v.workingIssuerName = this.workingIssuerName; - v.workingPublicKey = this.workingPublicKey; - - return v; - } - - public void reset(Memoable other) - { - ParentCertIssuedValidation v = (ParentCertIssuedValidation)other; - - this.contentVerifierProvider = v.contentVerifierProvider; - this.workingAlgId = v.workingAlgId; - this.workingIssuerName = v.workingIssuerName; - this.workingPublicKey = v.workingPublicKey; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ValidationUtils.java b/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ValidationUtils.java deleted file mode 100644 index 2a58706..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/path/validations/ValidationUtils.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.bouncycastle.cert.path.validations; - -import org.bouncycastle.cert.X509CertificateHolder; - -class ValidationUtils -{ - static boolean isSelfIssued(X509CertificateHolder cert) - { - return cert.getSubject().equals(cert.getIssuer()); - } -} |