diff options
Diffstat (limited to 'pkix/src/main/java/org/spongycastle/cert/path')
14 files changed, 840 insertions, 0 deletions
diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPath.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPath.java new file mode 100644 index 00000000..bbb20a4d --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPath.java @@ -0,0 +1,80 @@ +package org.spongycastle.cert.path; + +import org.spongycastle.cert.X509CertificateHolder; + +public class CertPath +{ + private final X509CertificateHolder[] certificates; + + public CertPath(X509CertificateHolder[] certificates) + { + this.certificates = copyArray(certificates); + } + + public X509CertificateHolder[] getCertificates() + { + return copyArray(certificates); + } + + public CertPathValidationResult validate(CertPathValidation[] ruleSet) + { + CertPathValidationContext context = new CertPathValidationContext(CertPathUtils.getCriticalExtensionsOIDs(certificates)); + + for (int i = 0; i != ruleSet.length; i++) + { + for (int j = certificates.length - 1; j >= 0; j--) + { + try + { + context.setIsEndEntity(j == 0); + ruleSet[i].validate(context, certificates[j]); + } + catch (CertPathValidationException e) + { // TODO: introduce object to hold (i and e) + return new CertPathValidationResult(context, j, i, e); + } + } + } + + return new CertPathValidationResult(context); + } + + public CertPathValidationResult evaluate(CertPathValidation[] ruleSet) + { + CertPathValidationContext context = new CertPathValidationContext(CertPathUtils.getCriticalExtensionsOIDs(certificates)); + + CertPathValidationResultBuilder builder = new CertPathValidationResultBuilder(); + + for (int i = 0; i != ruleSet.length; i++) + { + for (int j = certificates.length - 1; j >= 0; j--) + { + try + { + context.setIsEndEntity(j == 0); + ruleSet[i].validate(context, certificates[j]); + } + catch (CertPathValidationException e) + { + builder.addException(e); + } + } + } + + return builder.build(); + } + + private X509CertificateHolder[] copyArray(X509CertificateHolder[] array) + { + X509CertificateHolder[] rv = new X509CertificateHolder[array.length]; + + System.arraycopy(array, 0, rv, 0, rv.length); + + return rv; + } + + public int length() + { + return certificates.length; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathUtils.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathUtils.java new file mode 100644 index 00000000..257e0bb8 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathUtils.java @@ -0,0 +1,21 @@ +package org.spongycastle.cert.path; + +import java.util.HashSet; +import java.util.Set; + +import org.spongycastle.cert.X509CertificateHolder; + +class CertPathUtils +{ + static Set getCriticalExtensionsOIDs(X509CertificateHolder[] certificates) + { + Set criticalExtensions = new HashSet(); + + for (int i = 0; i != certificates.length; i++) + { + criticalExtensions.addAll(certificates[i].getCriticalExtensionOIDs()); + } + + return criticalExtensions; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidation.java new file mode 100644 index 00000000..11f48367 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidation.java @@ -0,0 +1,11 @@ +package org.spongycastle.cert.path; + +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.util.Memoable; + +public interface CertPathValidation + extends Memoable +{ + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException; +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationContext.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationContext.java new file mode 100644 index 00000000..010b4ef6 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationContext.java @@ -0,0 +1,61 @@ +package org.spongycastle.cert.path; + +import java.util.HashSet; +import java.util.Set; + +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.util.Memoable; + +public class CertPathValidationContext + implements Memoable +{ + private Set criticalExtensions; + + private Set handledExtensions = new HashSet(); + private boolean endEntity; + private int index; + + public CertPathValidationContext(Set criticalExtensionsOIDs) + { + this.criticalExtensions = criticalExtensionsOIDs; + } + + public void addHandledExtension(ASN1ObjectIdentifier extensionIdentifier) + { + this.handledExtensions.add(extensionIdentifier); + } + + public void setIsEndEntity(boolean isEndEntity) + { + this.endEntity = isEndEntity; + } + + public Set getUnhandledCriticalExtensionOIDs() + { + Set rv = new HashSet(criticalExtensions); + + rv.removeAll(handledExtensions); + + return rv; + } + + /** + * Returns true if the current certificate is the end-entity certificate. + * + * @return if current cert end-entity, false otherwise. + */ + public boolean isEndEntity() + { + return endEntity; + } + + public Memoable copy() + { + return null; //To change body of implemented methods use File | Settings | File Templates. + } + + public void reset(Memoable other) + { + //To change body of implemented methods use File | Settings | File Templates. + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationException.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationException.java new file mode 100644 index 00000000..0a1188d1 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationException.java @@ -0,0 +1,24 @@ +package org.spongycastle.cert.path; + +public class CertPathValidationException + extends Exception +{ + private final Exception cause; + + public CertPathValidationException(String msg) + { + this(msg, null); + } + + public CertPathValidationException(String msg, Exception cause) + { + super(msg); + + this.cause = cause; + } + + public Throwable getCause() + { + return cause; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResult.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResult.java new file mode 100644 index 00000000..276ef8d4 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResult.java @@ -0,0 +1,66 @@ +package org.spongycastle.cert.path; + +import java.util.Collections; +import java.util.Set; + +public class CertPathValidationResult +{ + private final boolean isValid; + private final CertPathValidationException cause; + private final Set unhandledCriticalExtensionOIDs; + + private int[] certIndexes; + + public CertPathValidationResult(CertPathValidationContext context) + { + this.unhandledCriticalExtensionOIDs = Collections.unmodifiableSet(context.getUnhandledCriticalExtensionOIDs()); + this.isValid = this.unhandledCriticalExtensionOIDs.isEmpty(); + cause = null; + } + + public CertPathValidationResult(CertPathValidationContext context, int certIndex, int ruleIndex, CertPathValidationException cause) + { + this.unhandledCriticalExtensionOIDs = Collections.unmodifiableSet(context.getUnhandledCriticalExtensionOIDs()); + this.isValid = false; + this.cause = cause; + } + + public CertPathValidationResult(CertPathValidationContext context, int[] certIndexes, int[] ruleIndexes, CertPathValidationException[] cause) + { + // TODO + this.unhandledCriticalExtensionOIDs = Collections.unmodifiableSet(context.getUnhandledCriticalExtensionOIDs()); + this.isValid = false; + this.cause = cause[0]; + this.certIndexes = certIndexes; + } + + public boolean isValid() + { + return isValid; + } + + public Exception getCause() + { + if (cause != null) + { + return cause; + } + + if (!unhandledCriticalExtensionOIDs.isEmpty()) + { + return new CertPathValidationException("Unhandled Critical Extensions"); + } + + return null; + } + + public Set getUnhandledCriticalExtensionOIDs() + { + return unhandledCriticalExtensionOIDs; + } + + public boolean isDetailed() + { + return this.certIndexes != null; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResultBuilder.java b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResultBuilder.java new file mode 100644 index 00000000..80bf7ff2 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/CertPathValidationResultBuilder.java @@ -0,0 +1,14 @@ +package org.spongycastle.cert.path; + +class CertPathValidationResultBuilder +{ + public CertPathValidationResult build() + { + return new CertPathValidationResult(null, 0, 0, null); + } + + public void addException(CertPathValidationException exception) + { + //To change body of created methods use File | Settings | File Templates. + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/BasicConstraintsValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/BasicConstraintsValidation.java new file mode 100644 index 00000000..bfe0f1a4 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/BasicConstraintsValidation.java @@ -0,0 +1,103 @@ +package org.spongycastle.cert.path.validations; + +import java.math.BigInteger; + +import org.spongycastle.asn1.x509.BasicConstraints; +import org.spongycastle.asn1.x509.Extension; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.path.CertPathValidation; +import org.spongycastle.cert.path.CertPathValidationContext; +import org.spongycastle.cert.path.CertPathValidationException; +import org.spongycastle.util.Memoable; + +public class BasicConstraintsValidation + implements CertPathValidation +{ + private boolean isMandatory; + private BasicConstraints bc; + private int maxPathLength; + + public BasicConstraintsValidation() + { + this(true); + } + + public BasicConstraintsValidation(boolean isMandatory) + { + this.isMandatory = isMandatory; + } + + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException + { + if (maxPathLength < 0) + { + throw new CertPathValidationException("BasicConstraints path length exceeded"); + } + + context.addHandledExtension(Extension.basicConstraints); + + BasicConstraints certBC = BasicConstraints.fromExtensions(certificate.getExtensions()); + + if (certBC != null) + { + if (bc != null) + { + if (certBC.isCA()) + { + BigInteger pathLengthConstraint = certBC.getPathLenConstraint(); + + if (pathLengthConstraint != null) + { + int plc = pathLengthConstraint.intValue(); + + if (plc < maxPathLength) + { + maxPathLength = plc; + bc = certBC; + } + } + } + } + else + { + bc = certBC; + if (certBC.isCA()) + { + maxPathLength = certBC.getPathLenConstraint().intValue(); + } + } + } + else + { + if (bc != null) + { + maxPathLength--; + } + } + + if (isMandatory && bc == null) + { + throw new CertPathValidationException("BasicConstraints not present in path"); + } + } + + public Memoable copy() + { + BasicConstraintsValidation v = new BasicConstraintsValidation(isMandatory); + + v.bc = this.bc; + v.maxPathLength = this.maxPathLength; + + return v; + } + + public void reset(Memoable other) + { + BasicConstraintsValidation v = (BasicConstraintsValidation)other; + + this.isMandatory = v.isMandatory; + this.bc = v.bc; + this.maxPathLength = v.maxPathLength; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/CRLValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/CRLValidation.java new file mode 100644 index 00000000..325126e1 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/CRLValidation.java @@ -0,0 +1,78 @@ +package org.spongycastle.cert.path.validations; + +import java.util.Collection; +import java.util.Iterator; + +import org.spongycastle.asn1.x500.X500Name; +import org.spongycastle.cert.X509CRLHolder; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.path.CertPathValidation; +import org.spongycastle.cert.path.CertPathValidationContext; +import org.spongycastle.cert.path.CertPathValidationException; +import org.spongycastle.util.Memoable; +import org.spongycastle.util.Selector; +import org.spongycastle.util.Store; + +public class CRLValidation + implements CertPathValidation +{ + private Store crls; + private X500Name workingIssuerName; + + public CRLValidation(X500Name trustAnchorName, Store crls) + { + this.workingIssuerName = trustAnchorName; + this.crls = crls; + } + + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException + { + // TODO: add handling of delta CRLs + Collection matches = crls.getMatches(new Selector() + { + public boolean match(Object obj) + { + X509CRLHolder crl = (X509CRLHolder)obj; + + return (crl.getIssuer().equals(workingIssuerName)); + } + + public Object clone() + { + return this; + } + }); + + if (matches.isEmpty()) + { + throw new CertPathValidationException("CRL for " + workingIssuerName + " not found"); + } + + for (Iterator it = matches.iterator(); it.hasNext();) + { + X509CRLHolder crl = (X509CRLHolder)it.next(); + + // TODO: not quite right! + if (crl.getRevokedCertificate(certificate.getSerialNumber()) != null) + { + throw new CertPathValidationException("Certificate revoked"); + } + } + + this.workingIssuerName = certificate.getSubject(); + } + + public Memoable copy() + { + return new CRLValidation(workingIssuerName, crls); + } + + public void reset(Memoable other) + { + CRLValidation v = (CRLValidation)other; + + this.workingIssuerName = v.workingIssuerName; + this.crls = v.crls; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidation.java new file mode 100644 index 00000000..7015adb0 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidation.java @@ -0,0 +1,146 @@ +package org.spongycastle.cert.path.validations; + +import java.math.BigInteger; + +import org.spongycastle.asn1.ASN1Integer; +import org.spongycastle.asn1.x509.Extension; +import org.spongycastle.asn1.x509.PolicyConstraints; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.path.CertPathValidation; +import org.spongycastle.cert.path.CertPathValidationContext; +import org.spongycastle.cert.path.CertPathValidationException; +import org.spongycastle.util.Memoable; + +public class CertificatePoliciesValidation + implements CertPathValidation +{ + private int explicitPolicy; + private int policyMapping; + private int inhibitAnyPolicy; + + CertificatePoliciesValidation(int pathLength) + { + this(pathLength, false, false, false); + } + + CertificatePoliciesValidation(int pathLength, boolean isExplicitPolicyRequired, boolean isAnyPolicyInhibited, boolean isPolicyMappingInhibited) + { + // + // (d) + // + + if (isExplicitPolicyRequired) + { + explicitPolicy = 0; + } + else + { + explicitPolicy = pathLength + 1; + } + + // + // (e) + // + if (isAnyPolicyInhibited) + { + inhibitAnyPolicy = 0; + } + else + { + inhibitAnyPolicy = pathLength + 1; + } + + // + // (f) + // + if (isPolicyMappingInhibited) + { + policyMapping = 0; + } + else + { + policyMapping = pathLength + 1; + } + } + + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException + { + context.addHandledExtension(Extension.policyConstraints); + context.addHandledExtension(Extension.inhibitAnyPolicy); + + if (!context.isEndEntity()) + { + if (!ValidationUtils.isSelfIssued(certificate)) + { + // + // H (1), (2), (3) + // + explicitPolicy = countDown(explicitPolicy); + policyMapping = countDown(policyMapping); + inhibitAnyPolicy = countDown(inhibitAnyPolicy); + + // + // I (1), (2) + // + PolicyConstraints policyConstraints = PolicyConstraints.fromExtensions(certificate.getExtensions()); + + if (policyConstraints != null) + { + BigInteger requireExplicitPolicyMapping = policyConstraints.getRequireExplicitPolicyMapping(); + if (requireExplicitPolicyMapping != null) + { + if (requireExplicitPolicyMapping.intValue() < explicitPolicy) + { + explicitPolicy = requireExplicitPolicyMapping.intValue(); + } + } + + BigInteger inhibitPolicyMapping = policyConstraints.getInhibitPolicyMapping(); + if (inhibitPolicyMapping != null) + { + if (inhibitPolicyMapping.intValue() < policyMapping) + { + policyMapping = inhibitPolicyMapping.intValue(); + } + } + } + + // + // J + // + Extension ext = certificate.getExtension(Extension.inhibitAnyPolicy); + + if (ext != null) + { + int extValue = ASN1Integer.getInstance(ext.getParsedValue()).getValue().intValue(); + + if (extValue < inhibitAnyPolicy) + { + inhibitAnyPolicy = extValue; + } + } + } + } + } + + private int countDown(int policyCounter) + { + if (policyCounter != 0) + { + return policyCounter - 1; + } + + return 0; + } + + public Memoable copy() + { + return new CertificatePoliciesValidation(0); // TODO: + } + + public void reset(Memoable other) + { + CertificatePoliciesValidation v = (CertificatePoliciesValidation)other; // TODO: + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java new file mode 100644 index 00000000..44817b61 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/CertificatePoliciesValidationBuilder.java @@ -0,0 +1,35 @@ +package org.spongycastle.cert.path.validations; + +import org.spongycastle.cert.path.CertPath; + +public class CertificatePoliciesValidationBuilder +{ + private boolean isExplicitPolicyRequired; + private boolean isAnyPolicyInhibited; + private boolean isPolicyMappingInhibited; + + public void setAnyPolicyInhibited(boolean anyPolicyInhibited) + { + isAnyPolicyInhibited = anyPolicyInhibited; + } + + public void setExplicitPolicyRequired(boolean explicitPolicyRequired) + { + isExplicitPolicyRequired = explicitPolicyRequired; + } + + public void setPolicyMappingInhibited(boolean policyMappingInhibited) + { + isPolicyMappingInhibited = policyMappingInhibited; + } + + public CertificatePoliciesValidation build(int pathLen) + { + return new CertificatePoliciesValidation(pathLen, isExplicitPolicyRequired, isAnyPolicyInhibited, isPolicyMappingInhibited); + } + + public CertificatePoliciesValidation build(CertPath path) + { + return build(path.length()); + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/KeyUsageValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/KeyUsageValidation.java new file mode 100644 index 00000000..7211b7cd --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/KeyUsageValidation.java @@ -0,0 +1,63 @@ +package org.spongycastle.cert.path.validations; + +import org.spongycastle.asn1.x509.Extension; +import org.spongycastle.asn1.x509.KeyUsage; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.path.CertPathValidation; +import org.spongycastle.cert.path.CertPathValidationContext; +import org.spongycastle.cert.path.CertPathValidationException; +import org.spongycastle.util.Memoable; + +public class KeyUsageValidation + implements CertPathValidation +{ + private boolean isMandatory; + + public KeyUsageValidation() + { + this(true); + } + + public KeyUsageValidation(boolean isMandatory) + { + this.isMandatory = isMandatory; + } + + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException + { + context.addHandledExtension(Extension.keyUsage); + + if (!context.isEndEntity()) + { + KeyUsage usage = KeyUsage.fromExtensions(certificate.getExtensions()); + + if (usage != null) + { + if (!usage.hasUsages(KeyUsage.keyCertSign)) + { + throw new CertPathValidationException("Issuer certificate KeyUsage extension does not permit key signing"); + } + } + else + { + if (isMandatory) + { + throw new CertPathValidationException("KeyUsage extension not present in CA certificate"); + } + } + } + } + + public Memoable copy() + { + return new KeyUsageValidation(isMandatory); + } + + public void reset(Memoable other) + { + KeyUsageValidation v = (KeyUsageValidation)other; + + this.isMandatory = v.isMandatory; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/ParentCertIssuedValidation.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/ParentCertIssuedValidation.java new file mode 100644 index 00000000..dff47fb7 --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/ParentCertIssuedValidation.java @@ -0,0 +1,127 @@ +package org.spongycastle.cert.path.validations; + +import java.io.IOException; + +import org.spongycastle.asn1.ASN1Encodable; +import org.spongycastle.asn1.ASN1Null; +import org.spongycastle.asn1.x500.X500Name; +import org.spongycastle.asn1.x509.AlgorithmIdentifier; +import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; +import org.spongycastle.cert.CertException; +import org.spongycastle.cert.X509CertificateHolder; +import org.spongycastle.cert.X509ContentVerifierProviderBuilder; +import org.spongycastle.cert.path.CertPathValidation; +import org.spongycastle.cert.path.CertPathValidationContext; +import org.spongycastle.cert.path.CertPathValidationException; +import org.spongycastle.operator.OperatorCreationException; +import org.spongycastle.util.Memoable; + +public class ParentCertIssuedValidation + implements CertPathValidation +{ + private X509ContentVerifierProviderBuilder contentVerifierProvider; + + private X500Name workingIssuerName; + private SubjectPublicKeyInfo workingPublicKey; + private AlgorithmIdentifier workingAlgId; + + public ParentCertIssuedValidation(X509ContentVerifierProviderBuilder contentVerifierProvider) + { + this.contentVerifierProvider = contentVerifierProvider; + } + + public void validate(CertPathValidationContext context, X509CertificateHolder certificate) + throws CertPathValidationException + { + if (workingIssuerName != null) + { + if (!workingIssuerName.equals(certificate.getIssuer())) + { + throw new CertPathValidationException("Certificate issue does not match parent"); + } + } + + if (workingPublicKey != null) + { + try + { + SubjectPublicKeyInfo validatingKeyInfo; + + if (workingPublicKey.getAlgorithm().equals(workingAlgId)) + { + validatingKeyInfo = workingPublicKey; + } + else + { + validatingKeyInfo = new SubjectPublicKeyInfo(workingAlgId, workingPublicKey.parsePublicKey()); + } + + if (!certificate.isSignatureValid(contentVerifierProvider.build(validatingKeyInfo))) + { + throw new CertPathValidationException("Certificate signature not for public key in parent"); + } + } + catch (OperatorCreationException e) + { + throw new CertPathValidationException("Unable to create verifier: " + e.getMessage(), e); + } + catch (CertException e) + { + throw new CertPathValidationException("Unable to validate signature: " + e.getMessage(), e); + } + catch (IOException e) + { + throw new CertPathValidationException("Unable to build public key: " + e.getMessage(), e); + } + } + + workingIssuerName = certificate.getSubject(); + workingPublicKey = certificate.getSubjectPublicKeyInfo(); + + if (workingAlgId != null) + { + // check for inherited parameters + if (workingPublicKey.getAlgorithm().getAlgorithm().equals(workingAlgId.getAlgorithm())) + { + if (!isNull(workingPublicKey.getAlgorithm().getParameters())) + { + workingAlgId = workingPublicKey.getAlgorithm(); + } + } + else + { + workingAlgId = workingPublicKey.getAlgorithm(); + } + } + else + { + workingAlgId = workingPublicKey.getAlgorithm(); + } + } + + private boolean isNull(ASN1Encodable obj) + { + return obj == null || obj instanceof ASN1Null; + } + + public Memoable copy() + { + ParentCertIssuedValidation v = new ParentCertIssuedValidation(contentVerifierProvider); + + v.workingAlgId = this.workingAlgId; + v.workingIssuerName = this.workingIssuerName; + v.workingPublicKey = this.workingPublicKey; + + return v; + } + + public void reset(Memoable other) + { + ParentCertIssuedValidation v = (ParentCertIssuedValidation)other; + + this.contentVerifierProvider = v.contentVerifierProvider; + this.workingAlgId = v.workingAlgId; + this.workingIssuerName = v.workingIssuerName; + this.workingPublicKey = v.workingPublicKey; + } +} diff --git a/pkix/src/main/java/org/spongycastle/cert/path/validations/ValidationUtils.java b/pkix/src/main/java/org/spongycastle/cert/path/validations/ValidationUtils.java new file mode 100644 index 00000000..5dbf495a --- /dev/null +++ b/pkix/src/main/java/org/spongycastle/cert/path/validations/ValidationUtils.java @@ -0,0 +1,11 @@ +package org.spongycastle.cert.path.validations; + +import org.spongycastle.cert.X509CertificateHolder; + +class ValidationUtils +{ + static boolean isSelfIssued(X509CertificateHolder cert) + { + return cert.getSubject().equals(cert.getIssuer()); + } +} |