2362N/A * Copyright (c) 2000, 2008, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * KeyChecker is a <code>PKIXCertPathChecker</code> that checks that the 0N/A * keyCertSign bit is set in the keyUsage extension in an intermediate CA 0N/A * certificate. It also checks whether the final certificate in a 0N/A * certification path meets the specified target constraints specified as 0N/A * a CertSelector in the PKIXParameters passed to the CertPathValidator. 0N/A * @author Yassir Elley 0N/A // the index of keyCertSign in the boolean KeyUsage array 0N/A * Default Constructor 0N/A * @param certPathLen allowable cert path length 0N/A * @param targetCertSel a CertSelector object specifying the constraints 0N/A * on the target certificate 0N/A * Initializes the internal state of the checker from parameters 0N/A * specified in the constructor 585N/A (
"forward checking not supported");
0N/A * Checks that keyUsage and target constraints are satisfied by 0N/A * the specified certificate. 0N/A * @param cert the Certificate 0N/A * @param unresolvedCritExts the unresolved critical extensions 0N/A * @exception CertPathValidatorException Exception thrown if certificate 0N/A // if final certificate, check that target constraints are satisfied 0N/A "constraints check failed");
0N/A // otherwise, verify that keyCertSign bit is set in CA certificate 0N/A // remove the extensions that we have checked 0N/A * Static method to verify that the key usage and extended key usage 0N/A * extension in a CA cert. The key usage extension, if present, must 0N/A * assert the keyCertSign bit. The extended key usage extension, if 0N/A * present, must include anyExtendedKeyUsage. 0N/A // getKeyUsage returns null if the KeyUsage extension is not present 0N/A // in the certificate - in which case there is nothing to check 0N/A // throw an exception if the keyCertSign bit is not set