com.entrust.toolkit.x509.testlets

Class NameConstraintsCertTestlet

java.lang.Object

com.entrust.toolkit.x509.testlets.NameConstraintsCertTestlet

All Implemented Interfaces:

CertTestlet, ExtensionTestlet

public class NameConstraintsCertTestlet
extends java.lang.Object
implements CertTestlet

This class implements a CertTestlet to test the NameConstraints extension of a certificate.

There should be no need for toolkit users to use this class directly.

Constructor Summary

Constructors

Constructor and Description
NameConstraintsCertTestlet()

Method Summary

Methods

Modifier and Type	Method and Description
void	init(X509Certificate[] certChain, TestletDataSet dataSet) Initialize the testlet with the given chain.
void	notify(V3Extension extension, TestletDataSet dataSet) Notify the testlet of the extension that is about to be validated.
void	reset(TestletDataSet dataSet) Resets the state of the testlet to prepare it for the next ceritifcate.
void	validate(X509Certificate cert, TestletDataSet dataSet) Validate that the given certificate does not invalidate the certificate chain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NameConstraintsCertTestlet

public NameConstraintsCertTestlet()

Method Detail

init

public void init(X509Certificate[] certChain,
        TestletDataSet dataSet)

Initialize the testlet with the given chain.

Specified by:

init in interface CertTestlet

Parameters:

certChain - the certificate chain to be validated.

dataSet - the TestletDataSet to use for the chain validation.

notify

public void notify(V3Extension extension,
          TestletDataSet dataSet)

Notify the testlet of the extension that is about to be validated.

Specified by:

notify in interface ExtensionTestlet

Parameters:

extension - The extension to be validated. This will be an instance of NameConstraints.

dataSet - the TestletDataSet to use for the chain validation.

See Also:

NameConstraints

validate

public void validate(X509Certificate cert,
            TestletDataSet dataSet)
              throws ExtensionException

Validate that the given certificate does not invalidate the certificate chain. Checks that the certificate subject name and subject alt names exist within the permitted subtrees, and not within the excluded subtrees.

Note: this method must be called for every certificate in the chain being validated, regardless of whether or not it contains the NameConstraints extension.

Specified by:

validate in interface CertTestlet

Parameters:

cert - The current certificate being processed.

dataSet - the TestletDataSet to use for the chain validation.

Throws:

ExtensionException - if there is a problem processing the certificate, or if the given certificate causes the path to be invalid.

reset

public void reset(TestletDataSet dataSet)

Resets the state of the testlet to prepare it for the next ceritifcate.

Specified by:

reset in interface ExtensionTestlet

Parameters:

dataSet - the TestletDataSet to use for the chain validation.