com.entrust.toolkit.x509.testlets

Class ExtensionTester

java.lang.Object

com.entrust.toolkit.x509.testlets.ExtensionTester

public class ExtensionTester
extends java.lang.Object

ExtensionTester validates all certificate extensions in a certificate chain that were not validated while the chain was being built.

Note

To register an extension to be tested, create an object that implements CertTestlet and register it using addTestlet.

See Also:

CertTestlet

Constructor Summary

Constructors

Constructor and Description
ExtensionTester(ValidationInfo validationInfo) Creates a new ExtensionTester instance and initializes it with the specified validation info.

Method Summary

Methods

Modifier and Type	Method and Description
void	addTestlet(CertTestlet testlet, ObjectID extension) Adds an extension testlet to be evaluated for each certificate when a certificate chain is validated.
void	addTestlet(CRLEntryTestlet testlet, ObjectID extension) Adds an extension testlet to be evaluated for each CRL entry when it is validated.
void	addTestlet(CRLTestlet testlet, ObjectID extension) Adds an extension testlet to be evaluated for each CRL when it is validated.
void	addTestlet(ExtensionTestlet testlet, ObjectID extensionOID) Adds an extension testlet.
void	validate(X509Certificate[] chain) Validates the certificate extensions in each certificate of the chain.
void	validate(X509Certificate target, X509Certificate[] chain) Validates the certificate extensions in each certificate of the chain.
void	validate(X509CRL crl, X509Certificate caCert) Validates the CRL extensions and CRL entry extensions in the CRL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExtensionTester

public ExtensionTester(ValidationInfo validationInfo)

Creates a new ExtensionTester instance and initializes it with the specified validation info.

Parameters:

validationInfo - the validation information that will be used during extension testing

Throws:

java.lang.NullPointerException - thrown if validationInfo is null

Method Detail

addTestlet

public void addTestlet(CertTestlet testlet,
              ObjectID extension)

Adds an extension testlet to be evaluated for each certificate when a certificate chain is validated.

If a testlet already exists for the given ObjectID, this testlet, as the most recent to be registered, will be used to test the certificate extension.

Parameters:

testlet - the new testlet to be registered

extension - the object ID of the extension that testlet validates

addTestlet

public void addTestlet(CRLTestlet testlet,
              ObjectID extension)

Adds an extension testlet to be evaluated for each CRL when it is validated.

If a testlet already exists for the given ObjectID, this testlet, as the most recent to be registered, will be used to test the CRL extension.

Parameters:

testlet - the new testlet to be registered

extension - the object ID of the extension that testlet validates

addTestlet

public void addTestlet(CRLEntryTestlet testlet,
              ObjectID extension)

Adds an extension testlet to be evaluated for each CRL entry when it is validated.

If a testlet already exists for the given ObjectID, this testlet, as the most recent to be registered, will be used to test the CRL entry extension.

Parameters:

testlet - the new testlet to be registered

extension - the object ID of the extension that testlet validates

addTestlet

public void addTestlet(ExtensionTestlet testlet,
              ObjectID extensionOID)

Adds an extension testlet.

There are different categories of extension testlest, each of which is used to test extensions from different sources:

CertTestlet

Used to test a Certificate extension

CRLTestlet

Used to test a CRL extension

CRLEntryTestlet

Used to test a CRL entry extension

If the extension testlet to be added does not fall under any of the above categories, it is ignored and not added.

If an extension testlet has already been added for the provided object ID, the provided testlet will replace the existing testlet, and be used during validation.

Parameters:

testlet - the new testlet to be registered

extensionOID - the object ID of the extension that this testlet will validate

Since:

7.0

validate

public void validate(X509Certificate[] chain)
              throws ExtensionException

Validates the certificate extensions in each certificate of the chain.

Parameters:

chain - the certificate chain

Throws:

com.entrust.toolkit.exceptions.UnknownExtensionException - thrown if a certificate in the chain contains an unknown critical extension

ExtensionException - thrown if chain validation fails

validate

public void validate(X509Certificate target,
            X509Certificate[] chain)
              throws ExtensionException

Validates the certificate extensions in each certificate of the chain.

Parameters:

target - The certificate that is the eventual target of the validation. Whether or not the target is included in the chain can change the validity of the chain under special cirumstances.

chain - the certificate chain

Throws:

com.entrust.toolkit.exceptions.UnknownExtensionException - thrown if a certificate in the chain contains an unknown critical extension

ExtensionException - thrown if chain validation fails

Since:

7.0

validate

public void validate(X509CRL crl,
            X509Certificate caCert)
              throws ExtensionException

Validates the CRL extensions and CRL entry extensions in the CRL.

Parameters:

crl - the CRL

Throws:

com.entrust.toolkit.exceptions.UnknownExtensionException - thrown if the CRL or a CRL entry contains an unknown critical extension

ExtensionException - thrown if CRL validation fails