using System.Collections.Generic; using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Pkix { public abstract class PkixCertPathChecker { protected PkixCertPathChecker() { } /** * Initializes the internal state of this PKIXCertPathChecker. *

* The forward flag specifies the order that certificates * will be passed to the {@link #check check} method (forward or reverse). A * PKIXCertPathChecker must support reverse checking * and may support forward checking. *

* * @param forward * the order that certificates are presented to the * check method. If true, * certificates are presented from target to most-trusted CA * (forward); if false, from most-trusted CA to * target (reverse). * @exception CertPathValidatorException * if this PKIXCertPathChecker is unable to * check certificates in the specified order; it should never * be thrown if the forward flag is false since reverse * checking must be supported */ public abstract void Init(bool forward); /** * Indicates if forward checking is supported. Forward checking refers to * the ability of the PKIXCertPathChecker to perform its * checks when certificates are presented to the check method * in the forward direction (from target to most-trusted CA). * * @return true if forward checking is supported, * false otherwise */ public abstract bool IsForwardCheckingSupported(); /** * Returns an immutable Set of X.509 certificate extensions * that this PKIXCertPathChecker supports (i.e. recognizes, * is able to process), or null if no extensions are * supported. *

* Each element of the set is a String representing the * Object Identifier (OID) of the X.509 extension that is supported. The OID * is represented by a set of nonnegative integers separated by periods. *

* All X.509 certificate extensions that a PKIXCertPathChecker * might possibly be able to process should be included in the set. *

* * @return an immutable Set of X.509 extension OIDs (in * String format) supported by this * PKIXCertPathChecker, or null if no * extensions are supported */ public abstract ISet GetSupportedExtensions(); /** * Performs the check(s) on the specified certificate using its internal * state and removes any critical extensions that it processes from the * specified collection of OID strings that represent the unresolved * critical extensions. The certificates are presented in the order * specified by the init method. * * @param cert * the Certificate to be checked * @param unresolvedCritExts * a Collection of OID strings representing the * current set of unresolved critical extensions * @exception CertPathValidatorException * if the specified certificate does not pass the check */ public abstract void Check(X509Certificate cert, ISet unresolvedCritExts); /** * Returns a clone of this object. Calls the Object.clone() * method. All subclasses which maintain state must support and override * this method, if necessary. * * @return a copy of this PKIXCertPathChecker */ public virtual object Clone() { // TODO Check this return base.MemberwiseClone(); } } }