using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Pkix
{
public abstract class PkixCertPathChecker
{
protected PkixCertPathChecker()
{
}
/**
* Initializes the internal state of this PKIXCertPathChecker
.
*
* The forward
flag specifies the order that certificates
* will be passed to the {@link #check check} method (forward or reverse). A
* PKIXCertPathChecker
must support reverse checking
* and may support forward checking.
*
check
method. If true
,
* certificates are presented from target to most-trusted CA
* (forward); if false
, from most-trusted CA to
* target (reverse).
* @exception CertPathValidatorException
* if this PKIXCertPathChecker
is unable to
* check certificates in the specified order; it should never
* be thrown if the forward flag is false since reverse
* checking must be supported
*/
public abstract void Init(bool forward);
//throws CertPathValidatorException;
/**
* Indicates if forward checking is supported. Forward checking refers to
* the ability of the PKIXCertPathChecker
to perform its
* checks when certificates are presented to the check
method
* in the forward direction (from target to most-trusted CA).
*
* @return true
if forward checking is supported,
* false
otherwise
*/
public abstract bool IsForwardCheckingSupported();
/**
* Returns an immutable Set
of X.509 certificate extensions
* that this PKIXCertPathChecker
supports (i.e. recognizes,
* is able to process), or null
if no extensions are
* supported.
*
* Each element of the set is a String
representing the
* Object Identifier (OID) of the X.509 extension that is supported. The OID
* is represented by a set of nonnegative integers separated by periods.
*
* All X.509 certificate extensions that a PKIXCertPathChecker
* might possibly be able to process should be included in the set.
*
Set
of X.509 extension OIDs (in
* String
format) supported by this
* PKIXCertPathChecker
, or null
if no
* extensions are supported
*/
public abstract ISet GetSupportedExtensions();
/**
* Performs the check(s) on the specified certificate using its internal
* state and removes any critical extensions that it processes from the
* specified collection of OID strings that represent the unresolved
* critical extensions. The certificates are presented in the order
* specified by the init
method.
*
* @param cert
* the Certificate
to be checked
* @param unresolvedCritExts
* a Collection
of OID strings representing the
* current set of unresolved critical extensions
* @exception CertPathValidatorException
* if the specified certificate does not pass the check
*/
public abstract void Check(X509Certificate cert, ISet unresolvedCritExts);
//throws CertPathValidatorException;
/**
* Returns a clone of this object. Calls the Object.clone()
* method. All subclasses which maintain state must support and override
* this method, if necessary.
*
* @return a copy of this PKIXCertPathChecker
*/
public virtual object Clone()
{
// TODO Check this
return base.MemberwiseClone();
}
}
}