com.rsa.certj.provider.path

Class CertPathCommonImplementation

java.lang.Object
  |
  +--com.rsa.certj.ProviderImplementation
        |
        +--com.rsa.certj.provider.path.CertPathCommonImplementation

All Implemented Interfaces:

CertPathInterface

Deprecated. Replaced by CertPathCommon

public abstract class CertPathCommonImplementation

extends ProviderImplementation

implements CertPathInterface

This class implements methods that are used by all the certification path providers that RSA supports.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

Constructor Summary

CertPathCommonImplementation(CertJ certJ, String name)

Deprecated. Constructs a >CertPathCommonImplementation object with a name, name.

Method Summary

boolean	buildCertPath(CertPathCtx pathCtx, Object startObject, Vector certPath, Vector crlList, Vector crlCerts, Vector policyInfoList) Deprecated. Constructs a path in certPath from startObject to one of the trusted certificates provided in pathCtx, the certification path context.
DatabaseService	getDatabase() Deprecated. Returns a DatabaseService associated with this object.
void	getNextCertCandidates(Object baseObject, Vector candidates) Deprecated. Collects, in candidates, possible certificates for baseObject.
void	getNextCertInPath(CertPathCtx pathCtx, Object baseObject, Vector certList) Deprecated. Returns a set of candidate certificates in certList whose public key may be used to verify the signature of baseObject.
int	getPathOptions() Deprecated. Returns the path option flag.
Vector	getPolicies() Deprecated. Returns the initial acceptable policies.
boolean	validateCertificate(CertPathCtx pathCtx, Certificate cert, com.rsa.jsafe.JSAFE_PublicKey validationKey) Deprecated. Validates two certificate fields, the validity period and the signature.
boolean	verifyPath(Vector path, Vector crlList, Vector crlCerts, Vector policyInfoList) Deprecated. Verifies the certification path in path.
boolean	verifyRevocation(X509Certificate cert, Vector crlList, Vector crlCerts) Deprecated. Verifies the revocation status of cert based on the conditions provided in certCtx.

Methods inherited from class com.rsa.certj.ProviderImplementation

getName, toString, unregister

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CertPathCommonImplementation

public CertPathCommonImplementation(CertJ certJ,
                                    String name)
                             throws InvalidParameterException

Deprecated.

Constructs a >CertPathCommonImplementation object with a name, name.

Parameters

	certJ		A CertJ object for which this provider is registered.
	name		A String indicating the name of this provider.

Throws

InvalidParameterException - If any argument is invalid.

Method Detail

buildCertPath

public boolean buildCertPath(CertPathCtx pathCtx,
                             Object startObject,
                             Vector certPath,
                             Vector crlList,
                             Vector crlCerts,
                             Vector policyInfoList)
                      throws NotSupportedException,
                             CertPathException

Deprecated.

Constructs a path in certPath from startObject to one of the trusted certificates provided in pathCtx, the certification path context. The CRLs needed to verify the path will be stored in crlList. The certificates needed to verify the CRLs will be stored in crlCerts.

Note: Since a valid path must exist for this method to return successfully, the routine can be used for path validation by passing null values for the certPath, crlList, and crlCerts.

Specified by:

buildCertPath in interface CertPathInterface

Parameters

	pathCtx		A CertPathCtx that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by appropriate use of pathOptions of this object.
	startObject		An Object that is the first object in the path; it is either an X509Certificate or an X509CRL.
	certPath		A Vector that will hold a valid certification path. This parameter is optional, and may be set to null if not used. On output, a set of certificates that consist of the certification path for startObject will be added to this list unless they are already on the list.
	crlList		A Vector that holds a list of CRLs needed to verify certPath. This parameter is optional, and may be set to null if not used. On output, the list contains any CRLs needed to verify the resulting certification path. Note that some certificate revocation status services may not use or return CRLs.
	crlCerts		A Vector that holds a list of certificates needed to verify crlList. This parameter is optional, and may be set to null if not used. On output, the list contains any additional certificates not included in certPath that may be required to validate CRLs returned in crlList. If the crlList parameter is set to null, this parameter will be ignored. The certificates returned in this parameter are essentially the union of certificate paths extending from the returned CRLs to the trusted certificates in pathCtx, except that the certificates returned in certPath may or may not be included in this list.
	policyInfoList		A Vector that holds a list of PolicyInformation objects that are found in certPath. This parameter is optional and may be set to null if not used. On output, the policy information list contains an entry for each policy under which the certificate was issued. Each entry in the list is a PolicyInformation object.

Returns

A boolean with a value of true if valid path is built or verified; otherwise, false.

Throws

NotSupportedException - If startObject is neither X509Certificate nor X509CRL.

CertPathException - If any certification path processing provider operation fails.

See Also

(com.rsa.certj.spi.path.CertPathCtx pathCtx, java.lang.Object startObject, java.util.Vector certPath, java.util.Vector crlList, java.util.Vector crlCerts, java.util.Vector certPolicyList)

getNextCertInPath

public void getNextCertInPath(CertPathCtx pathCtx,
                              Object baseObject,
                              Vector certList)
                       throws NotSupportedException,
                              CertPathException

Deprecated.

Returns a set of candidate certificates in certList whose public key may be used to verify the signature of baseObject. The pathCtx provides the path-processing options and conditions.

Specified by:

getNextCertInPath in interface CertPathInterface

Parameters

	pathCtx		A CertPathCtx that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by appropriate use of pathOptions of this object.
	baseObject		An Object that is used to locate one or more certificates that may contain the public key needed to verify the base certificate's signature. The information contained in this object (typically the issuer name and/or the authority key identifier) is used to select a set of certificates. The baseObject is either an X509Certificate or an X509CRL.
	certList		A Vector that contains certificates that might be able to verify the signature of baseObject. This function may (but need not) apply additional criteria from the path processing algorithm and options to reduce the set of candidate certificates. The caller is responsible for actual validation of both baseObject, the candidate certificates, and any relationship between baseObject and candidate certificates required by the certification path processing algorithm.

Throws

NotSupportedException - If baseObject is not a type that the path algorithm supports.

CertPathException - If any certification path processing provider operation fails.

See Also

(com.rsa.certj.spi.path.CertPathCtx pathCtx, java.lang.Object baseObject, java.util.Vector certList)

validateCertificate

public boolean validateCertificate(CertPathCtx pathCtx,
                                   Certificate cert,
                                   com.rsa.jsafe.JSAFE_PublicKey validationKey)
                            throws NotSupportedException,
                                   CertPathException

Deprecated.

Validates two certificate fields, the validity period and the signature.

• It verifies that the certifidate validity period includes the validation time specified in the pathCtx.

• It verifies that the certificate was signed using the private key corresponding to the public key specified in the validationKey.

The pathOptions field of the pathCtx can be used to selectively disable the above checks.

Specified by:

validateCertificate in interface CertPathInterface

Parameters

	pathCtx		A CertPathCtx that is used to determine the validation time and other options. Some fields may not be applicable to single-certificate validation.
	cert		A Certificate to be validated.
	validationKey		A JSAFE_PublicKey used to validate the certificate signature.

Returns

A boolean with a value of true if validated; otherwise, false.

Throws

NotSupportedException - If this method is not supported for a given set of arguments by the provider.

CertPathException - If any certification path processing provider operation fails.

See Also

(com.rsa.certj.spi.path.CertPathCtx pathCtx, com.rsa.certj.cert.Certificate cert, com.rsa.jafe.JSAFE_PublicKey validationKey)

getPathOptions

public int getPathOptions()

Deprecated.

Returns the path option flag.

Returns

An int indicating the path option flag of this object.

getPolicies

public Vector getPolicies()

Deprecated.

Returns the initial acceptable policies.

Returns

A Vector holding a set of initial acceptable policies.

getDatabase

public DatabaseService getDatabase()

Deprecated.

Returns a DatabaseService associated with this object.

Returns

A DatabaseService associated with this object.

getNextCertCandidates

public void getNextCertCandidates(Object baseObject,
                                  Vector candidates)
                           throws CertPathException

Deprecated.

Collects, in candidates, possible certificates for baseObject. Any subclass of this class should override this method.

Parameters

	baseObject		An Object whose next certificates are searched for.
	candidates		A Vector to which possible next certificates are added.

Throws

CertPathException - If any certification path processing fails.

verifyPath

public boolean verifyPath(Vector path,
                          Vector crlList,
                          Vector crlCerts,
                          Vector policyInfoList)
                   throws CertPathException

Deprecated.

Verifies the certification path in path. crlList, crlCerts, and policyInfoList will be collected during the process. Any subclass of this class should override this method.

Parameters

	path		A Vector that holds a certification path to be verified. It is a sequence of certificates extending from the starting certificate to one of the trusted certificates. The trusted certificate selected is included as the last certificate in the path.
	crlList		A Vector that holds a list of CRLs needed to verify path. This parameter is optional, and may be set tonull if not used. On output, the list contains any CRLs needed to verify the resulting certification path. Note that some certificate revocation status services may not use or return CRLs.
	crlCerts		A Vector that holds a list of certificates that need to verify crlList. This parameter is optional, and may be set to null if not used. On output, the list contains any additional certificates not included in certPath that may be required to validate CRLs returned in crlList. If the crlList parameter is set to null, this parameter is ignored. The certificates returned in this parameter are essentially the union of certificate paths extending from the returned CRLs to the trusted certificates, except that the certificates returned in path may or may not be included in this list.
	policyInfoList		A Vector that holds a list of PolicyInformation objects that are found in certPath. This parameter is optional and may be set to null if not used. On output, the policy information list contains an entry for each policy under which the certificate was issued. Each entry in the list is a PolicyInformation object.

Returns

A boolean with a value of true if validated; otherwise false.

Throws

CertPathException - This method always throws an exception.

verifyRevocation

public boolean verifyRevocation(X509Certificate cert,
                                Vector crlList,
                                Vector crlCerts)
                         throws CertPathException

Deprecated.

Verifies the revocation status of cert based on the conditions provided in certCtx. crlList and crlCerts are collected during the process. As stated in RFC 2459, it performs the following action:

   (a)  Verify the basic certificate information, including:

      (3) the certificate had not been revoked at time T and is 
      not currently on hold status that commenced before time T, 
      (this may be determined by obtaining the appropriate CRL 
      or status information, or by out-of-band mechanisms)
 

If the status of the certificate is "not revoked" and the evidence of the revocation status is a CRL, then this method verifies the CRL by building certification path for it.

Parameters

	cert		An X509Certificate whose revocation status is checked.
	crlList		A Vector that holds a list of CRLs that are needed to verify the cert. This parameter is optional, and may be set to null if not used. On output, the list contains any CRLs needed to verify the resulting certification path. Note that some certificate revocation status services may not use or return CRLs.
	crlCerts		A Vector that holds a list of certificates that are needed to verify crlList. This parameter is optional, and may be set to null if not used.

Returns

A boolean with a value of true if validated; otherwise, false.

Throws

CertPathException - If any certification path processing fails.