summary refs log tree commit diff
path: root/crypto/src/pkix/PkixCertPathChecker.cs
blob: 856053d1152e9bea3c1da97ef50c31cc89858873 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
using System.Collections.Generic;

using Org.BouncyCastle.X509;

namespace Org.BouncyCastle.Pkix
{
    public abstract class PkixCertPathChecker
    {
        protected PkixCertPathChecker()
        {
        }

        /**
         * Initializes the internal state of this <code>PKIXCertPathChecker</code>.
         * <p>
         * The <code>forward</code> flag specifies the order that certificates
         * will be passed to the {@link #check check} method (forward or reverse). A
         * <code>PKIXCertPathChecker</code> <b>must</b> support reverse checking
         * and <b>may</b> support forward checking.
		 * </p>
         * 
         * @param forward
         *            the order that certificates are presented to the
         *            <code>check</code> method. If <code>true</code>,
         *            certificates are presented from target to most-trusted CA
         *            (forward); if <code>false</code>, from most-trusted CA to
         *            target (reverse).
         * @exception CertPathValidatorException
         *                if this <code>PKIXCertPathChecker</code> is unable to
         *                check certificates in the specified order; it should never
         *                be thrown if the forward flag is false since reverse
         *                checking must be supported
         */
        public abstract void Init(bool forward);

        /**
         * Indicates if forward checking is supported. Forward checking refers to
         * the ability of the <code>PKIXCertPathChecker</code> to perform its
         * checks when certificates are presented to the <code>check</code> method
         * in the forward direction (from target to most-trusted CA).
         * 
         * @return <code>true</code> if forward checking is supported,
         *         <code>false</code> otherwise
         */
        public abstract bool IsForwardCheckingSupported();

        /**
         * Returns an immutable <code>Set</code> of X.509 certificate extensions
         * that this <code>PKIXCertPathChecker</code> supports (i.e. recognizes,
         * is able to process), or <code>null</code> if no extensions are
         * supported.
         * <p>
         * Each element of the set is a <code>String</code> representing the
         * Object Identifier (OID) of the X.509 extension that is supported. The OID
         * is represented by a set of nonnegative integers separated by periods.
         * </p><p>
         * All X.509 certificate extensions that a <code>PKIXCertPathChecker</code>
         * might possibly be able to process should be included in the set.
		 * </p>
         * 
         * @return an immutable <code>Set</code> of X.509 extension OIDs (in
         *         <code>String</code> format) supported by this
         *         <code>PKIXCertPathChecker</code>, or <code>null</code> if no
         *         extensions are supported
         */
        public abstract ISet<string> GetSupportedExtensions();

        /**
         * Performs the check(s) on the specified certificate using its internal
         * state and removes any critical extensions that it processes from the
         * specified collection of OID strings that represent the unresolved
         * critical extensions. The certificates are presented in the order
         * specified by the <code>init</code> method.
         * 
         * @param cert
         *            the <code>Certificate</code> to be checked
         * @param unresolvedCritExts
         *            a <code>Collection</code> of OID strings representing the
         *            current set of unresolved critical extensions
         * @exception CertPathValidatorException
         *                if the specified certificate does not pass the check
         */
        public abstract void Check(X509Certificate cert, ISet<string> unresolvedCritExts);

        /**
         * Returns a clone of this object. Calls the <code>Object.clone()</code>
         * method. All subclasses which maintain state must support and override
         * this method, if necessary.
         * 
         * @return a copy of this <code>PKIXCertPathChecker</code>
         */
        public virtual object Clone()
        {
			// TODO Check this
			return base.MemberwiseClone();
        }
    }
}