Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

anon.crypto
Class CertPath

java.lang.Object
  extended by anon.crypto.CertPath
All Implemented Interfaces:
IXMLEncodable
public class CertPath
extends java.lang.Object
implements IXMLEncodable

Stores a certification path with all included certificates.

Author:
Robert Hirschberger

Field Summary
static int ERROR_BASIC_CONSTRAINTS_IS_CA
           
static int ERROR_BASIC_CONSTRAINTS_IS_NO_CA
           
static int ERROR_BASIC_CONSTRAINTS_PATH_TOO_LONG
           
static int ERROR_KEY_USAGE
           
static int ERROR_REVOCATION
           
static int ERROR_UNKNOWN_CRITICAL_EXTENSION
           
static int ERROR_VALIDITY
           
static int ERROR_VALIDITY_SEVERE
           
static int ERROR_VERIFICATION
           
private static long GRACE_PERIOD
           
private  java.util.Vector m_certificates
          the included certificates
private  int m_documentType
          the certificate class of the certs that may verify this CertPath
private  int m_errorPosition
           
private  int m_pathError
           
private  boolean m_rootFound
          true if the last cert is a root cert
private  boolean m_valid
          true if the CertPath has valid format (not timely valid!!)
private  long m_verificationTime
          time when the CertPath was verified for the last time
private  boolean m_verified
          inicates if the CertPath was verified within the last VERIFICATION_INTERVAL
static int NO_ERRORS
           
private static int VERIFICATION_INTERVAL
           
static java.lang.String XML_ATTR_CLASS
           
static java.lang.String XML_ATTR_TYPE
           
static java.lang.String XML_ELEMENT_NAME
           
 
Fields inherited from interface anon.util.IXMLEncodable
FIELD_XML_ELEMENT_CONTAINER_NAME, FIELD_XML_ELEMENT_NAME, XML_ATTR_ID, XML_ATTR_LANGUAGE, XML_ATTR_VERSION
 
Constructor Summary
protected CertPath(org.w3c.dom.Element a_elemCertPath)
           
private CertPath(JAPCertificate a_firstCert, int a_documentType)
          Creates a new CertPath Object from a given Certificate
 
Method Summary
private  void appendCertificate(JAPCertificate a_certificate)
          Adds a certificate to next higher level of this CertPath, if the cert is not already included
private  void build(java.util.Vector a_pathCertificates)
           
private  boolean buildAndValidate(java.util.Vector a_pathCertificates)
           
 boolean checkValidity(java.util.Date a_date)
          Checks the validity of all certificates in the path.
private static JAPCertificate doNameAndKeyChaining(JAPCertificate a_cert, java.util.Vector a_possibleIssuers, boolean a_bAllowSelfSigned)
          Tries to find a possible verifier for the given cert from the given Vector of certs by comparing the cert's subject with the issuer of the possible verifiers.
private  void findVerifier()
           
protected  java.util.Vector getCertificates()
           
private static int getCertType(int a_documentClass)
           
private static int getDocumentTypeFromRootCertType(int a_rootCertType)
          Only for backwards compatibility.
 int getErrorCode()
           
 int getErrorPosition()
           
 JAPCertificate getFirstCertificate()
          Returns the certificate from the lowest Level of this CertPath (the one that was added at first).
static CertPath getInstance(JAPCertificate a_firstCert, int a_documentType, java.util.Vector a_pathCertificates)
           
 JAPCertificate getLastCertificate()
          Returns the top level certificate (it is the one that was last added)
 CertPathInfo getPathInfo()
           
private static int getRootCertType(int a_documentClass)
          Sets the certificate class for the root certificates that can verify this Cert Path.
static CertPath getRootInstance(JAPCertificate a_rootCert)
           
 JAPCertificate getSecondCertificate()
          Returns the certificate from the second lowest Level of this CertPath (the one that was added at Second).
private static boolean isPossiblyValid(JAPCertificate a_firstCert, java.util.Vector a_pathCertificates)
          Checks if it may be possible to build a (timely) valid CertPath from the given certificates.
 boolean isValidPath()
           
protected  boolean isVerifier(JAPCertificate a_certificate)
           
 int length()
          Returns the number of certificates in this CertPath
private  void removeLastCertificate()
           
protected  void resetVerification()
          Creates an Enumeration of CertificateInfoStructures of the included certs.
 java.lang.String toString()
          Creates a human readable List in String-Format using the CommonNames of the included certs.
 org.w3c.dom.Element toXmlElement(org.w3c.dom.Document a_doc)
          Return an element that can be appended to the document.
private  int validate(JAPCertificate a_cert, int a_position, JAPCertificate a_issuer)
           
 boolean verify()
          Tries to verify the top level certificate in this CertPath against the root certificates.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

XML_ELEMENT_NAME

public static final java.lang.String XML_ELEMENT_NAME
See Also:
Constant Field Values

XML_ATTR_CLASS

public static final java.lang.String XML_ATTR_CLASS
See Also:
Constant Field Values

XML_ATTR_TYPE

public static final java.lang.String XML_ATTR_TYPE
See Also:
Constant Field Values

NO_ERRORS

public static final int NO_ERRORS
See Also:
Constant Field Values

ERROR_VERIFICATION

public static final int ERROR_VERIFICATION
See Also:
Constant Field Values

ERROR_VALIDITY

public static final int ERROR_VALIDITY
See Also:
Constant Field Values

ERROR_REVOCATION

public static final int ERROR_REVOCATION
See Also:
Constant Field Values

ERROR_UNKNOWN_CRITICAL_EXTENSION

public static final int ERROR_UNKNOWN_CRITICAL_EXTENSION
See Also:
Constant Field Values

ERROR_BASIC_CONSTRAINTS_IS_CA

public static final int ERROR_BASIC_CONSTRAINTS_IS_CA
See Also:
Constant Field Values

ERROR_BASIC_CONSTRAINTS_IS_NO_CA

public static final int ERROR_BASIC_CONSTRAINTS_IS_NO_CA
See Also:
Constant Field Values

ERROR_BASIC_CONSTRAINTS_PATH_TOO_LONG

public static final int ERROR_BASIC_CONSTRAINTS_PATH_TOO_LONG
See Also:
Constant Field Values

ERROR_KEY_USAGE

public static final int ERROR_KEY_USAGE
See Also:
Constant Field Values

ERROR_VALIDITY_SEVERE

public static final int ERROR_VALIDITY_SEVERE
See Also:
Constant Field Values

VERIFICATION_INTERVAL

private static final int VERIFICATION_INTERVAL
See Also:
Constant Field Values

GRACE_PERIOD

private static final long GRACE_PERIOD
See Also:
Constant Field Values

m_documentType

private int m_documentType
the certificate class of the certs that may verify this CertPath

m_certificates

private java.util.Vector m_certificates
the included certificates

m_rootFound

private boolean m_rootFound
true if the last cert is a root cert

m_valid

private boolean m_valid
true if the CertPath has valid format (not timely valid!!)

m_verified

private boolean m_verified
inicates if the CertPath was verified within the last VERIFICATION_INTERVAL

m_verificationTime

private long m_verificationTime
time when the CertPath was verified for the last time

m_pathError

private int m_pathError

m_errorPosition

private int m_errorPosition
Constructor Detail

CertPath

private CertPath(JAPCertificate a_firstCert,
                 int a_documentType)
Creates a new CertPath Object from a given Certificate

Parameters:
firstCert - The first certificate of the path (it will be on the lowest level of the cert hierarchy)

CertPath

protected CertPath(org.w3c.dom.Element a_elemCertPath)
            throws XMLParseException
Throws:
XMLParseException
Method Detail

getRootInstance

public static CertPath getRootInstance(JAPCertificate a_rootCert)

getInstance

public static CertPath getInstance(JAPCertificate a_firstCert,
                                   int a_documentType,
                                   java.util.Vector a_pathCertificates)
Parameters:
a_firstCert -
a_documentType -
a_pathCertificates -
Returns:

isPossiblyValid

private static boolean isPossiblyValid(JAPCertificate a_firstCert,
                                       java.util.Vector a_pathCertificates)
Checks if it may be possible to build a (timely) valid CertPath from the given certificates. To return true the first cert has to be valid an at least one of the path certs, too.

Parameters:
a_firstCert - the certificate to verify
a_pathCertificates - the possible path certificates
Returns:
true if it is generally possible to build a (timely) valid CertPath

buildAndValidate

private boolean buildAndValidate(java.util.Vector a_pathCertificates)

build

private void build(java.util.Vector a_pathCertificates)

findVerifier

private void findVerifier()

doNameAndKeyChaining

private static JAPCertificate doNameAndKeyChaining(JAPCertificate a_cert,
                                                   java.util.Vector a_possibleIssuers,
                                                   boolean a_bAllowSelfSigned)
Tries to find a possible verifier for the given cert from the given Vector of certs by comparing the cert's subject with the issuer of the possible verifiers. If the cert contains an AuthorityKeyIdentifier Extension it will also be compared with the SubjectKeyIdentifier of the possible verifiers

Parameters:
a_cert - the cert to find the issuer for
a_possibleIssuers - a vector of certs to search fot the issuer
a_AllowSelfSigned - true if a verification with a self-signed certificate is allowed; false otherwise Warning: may lead to an endless loop if not explicitly used in a self signed context!
Returns:
the possible issuer or null if there was none

validate

private int validate(JAPCertificate a_cert,
                     int a_position,
                     JAPCertificate a_issuer)

toXmlElement

public org.w3c.dom.Element toXmlElement(org.w3c.dom.Document a_doc)
Description copied from interface: IXMLEncodable
Return an element that can be appended to the document. This Method must not change the document in any way!

Specified by:
toXmlElement in interface IXMLEncodable
Parameters:
a_doc - a document
Returns:
the interface as xml element

appendCertificate

private void appendCertificate(JAPCertificate a_certificate)
Adds a certificate to next higher level of this CertPath, if the cert is not already included

Parameters:
a_certificate - the certificate to add

removeLastCertificate

private void removeLastCertificate()

getLastCertificate

public JAPCertificate getLastCertificate()
Returns the top level certificate (it is the one that was last added)

Returns:
the last added certificate

getFirstCertificate

public JAPCertificate getFirstCertificate()
Returns the certificate from the lowest Level of this CertPath (the one that was added at first). If this CertPath is from a Mix this would be the Mix Certificate.

Returns:
the first added certificate

getSecondCertificate

public JAPCertificate getSecondCertificate()
Returns the certificate from the second lowest Level of this CertPath (the one that was added at Second). If this CertPath is from a Mix this would be the Operator Certificate.

Returns:
the second added certificate

getRootCertType

private static int getRootCertType(int a_documentClass)
Sets the certificate class for the root certificates that can verify this Cert Path. This Method is usually called by the getVerifiedXml()-from the SignatureVerifier. It translates the document class from the SignatureVerifier to the certificate class from JAPCertificate

Parameters:
a_documentClass - a document class from the SignatureVerifier
See Also:
anon.crypto.SignatureVerifier.getVerifiedXml()

getDocumentTypeFromRootCertType

private static int getDocumentTypeFromRootCertType(int a_rootCertType)
Only for backwards compatibility. Maybe removed after JonDo 00.10.074 is released.

Parameters:
a_rootCertType -
Returns:

getCertType

private static int getCertType(int a_documentClass)

checkValidity

public boolean checkValidity(java.util.Date a_date)
Checks the validity of all certificates in the path. If only one of the certificates is outdated, it returns false.

Parameters:
a_date - the date for which the validity of the path is tested
Returns:
if all certificates in the path are valid at the given time

isVerifier

protected boolean isVerifier(JAPCertificate a_certificate)

verify

public boolean verify()
Tries to verify the top level certificate in this CertPath against the root certificates. If this last certificate can be verified the whole CertPath is verified, because we only generate valid CertPaths

Returns:
true if the CertPath could be verified

length

public int length()
Returns the number of certificates in this CertPath

Returns:
the number of certificates in this CertPath

resetVerification

protected void resetVerification()
Creates an Enumeration of CertificateInfoStructures of the included certs. The first element of this Enumeration is the verifier of this CertPath if there is one. The isEnabled() field of the CIS is used to mark if the certs are verified.

toString

public java.lang.String toString()
Creates a human readable List in String-Format using the CommonNames of the included certs. This is mainly used for debugging. To display a CertPath use a CertDetailsDialog and call the getCertificates()-Method

Overrides:
toString in class java.lang.Object
Returns:
a String representation of this CertPath object

getPathInfo

public CertPathInfo getPathInfo()

isValidPath

public boolean isValidPath()

getCertificates

protected java.util.Vector getCertificates()

getErrorCode

public int getErrorCode()

getErrorPosition

public int getErrorPosition()
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD