diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java')
-rw-r--r-- | libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java | 99 |
1 files changed, 0 insertions, 99 deletions
diff --git a/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java b/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java deleted file mode 100644 index 91db81449..000000000 --- a/libraries/spongycastle/prov/src/main/java/org/spongycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.spongycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CertPath; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertPathValidatorResult; -import java.security.cert.CertPathValidatorSpi; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -import org.spongycastle.jce.exception.ExtCertPathValidatorException; -import org.spongycastle.util.Selector; -import org.spongycastle.x509.ExtendedPKIXParameters; -import org.spongycastle.x509.X509AttributeCertStoreSelector; -import org.spongycastle.x509.X509AttributeCertificate; - -/** - * CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281. - * - * @see org.spongycastle.x509.ExtendedPKIXParameters - */ -public class PKIXAttrCertPathValidatorSpi - extends CertPathValidatorSpi -{ - - /** - * Validates an attribute certificate with the given certificate path. - * - * <p> - * <code>params</code> must be an instance of - * <code>ExtendedPKIXParameters</code>. - * <p> - * The target constraints in the <code>params</code> must be an - * <code>X509AttributeCertStoreSelector</code> with at least the attribute - * certificate criterion set. Obey that also target informations may be - * necessary to correctly validate this attribute certificate. - * <p> - * The attribute certificate issuer must be added to the trusted attribute - * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}. - * - * @param certPath The certificate path which belongs to the attribute - * certificate issuer public key certificate. - * @param params The PKIX parameters. - * @return A <code>PKIXCertPathValidatorResult</code> of the result of - * validating the <code>certPath</code>. - * @throws InvalidAlgorithmParameterException if <code>params</code> is - * inappropriate for this validator. - * @throws CertPathValidatorException if the verification fails. - */ - public CertPathValidatorResult engineValidate(CertPath certPath, - CertPathParameters params) throws CertPathValidatorException, - InvalidAlgorithmParameterException - { - if (!(params instanceof ExtendedPKIXParameters)) - { - throw new InvalidAlgorithmParameterException( - "Parameters must be a " - + ExtendedPKIXParameters.class.getName() + " instance."); - } - ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params; - - Selector certSelect = pkixParams.getTargetConstraints(); - if (!(certSelect instanceof X509AttributeCertStoreSelector)) - { - throw new InvalidAlgorithmParameterException( - "TargetConstraints must be an instance of " - + X509AttributeCertStoreSelector.class.getName() + " for " - + this.getClass().getName() + " class."); - } - X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) - .getAttributeCert(); - - CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams); - CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams); - X509Certificate issuerCert = (X509Certificate) certPath - .getCertificates().get(0); - RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams); - RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams); - RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams); - // 6 already done in X509AttributeCertStoreSelector - RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams); - RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams); - Date date = null; - try - { - date = CertPathValidatorUtilities - .getValidCertDateFromValidityModel(pkixParams, null, -1); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Could not get validity date from attribute certificate.", e); - } - RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates()); - return result; - } -} |