Package br.ufsc.labsec.signature
Interface CertificateValidation
- All Known Implementing Classes:
CertificateValidationService,CertificateVerifier
public interface CertificateValidation
Interface responsável pela validação de certificados.
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static classCertificateValidation.ValidateSinaliza quais âncoras deverão ser obtidas na validação do caminho -
Method Summary
Modifier and Type Method Description CertStorecreateCertStore(CertPath certPath, SignatureObject signature, SignaturePolicyInterface policyInterface, Time timeReference, Set<org.bouncycastle.util.Selector<CRL>> fromWeb)CertPathgenerateCertPath(SignatureObject signature, org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)CertPathgenerateCertPath(Object certificate, Set<TrustAnchor> trustAnchors)CertPathgenerateCertPath(Certificate certificate, Set<TrustAnchor> trustAnchors)Cria o caminho de certificação.CertPathgenerateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)Optional<List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>>>getCertPathOCSPResponses(CertPath certPath, SignatureObject signatureObject, Time timeReference)Optional<X509CRL>getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)default Optional<X509CRL>getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)default Optional<X509CRL>getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObjects)Optional<X509CRL>getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObjects)default Optional<X509CRL>getCRLFromCertificateWithoutIssuer(Object certificate, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)default Optional<X509CRL>getCRLFromCertificateWithoutIssuer(Object certificate, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)default Optional<X509CRL>getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObject)Optional<X509CRL>getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject)Optional<Certificate>getCRLIssuer(Object certificate, SignatureObject signature, Set<TrustAnchor> trustAnchors, CertificateCollection collection)Optional<Object>getCRLIssuerCertificate(Object certificate, X509CRL crl, Object issuer, Set<TrustAnchor> trustAnchor, SignatureObject... signatureObject)default List<X509CRL>getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selectore, SignatureObject... signatureObject)List<X509CRL>getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject)Optional<org.bouncycastle.cert.ocsp.OCSPResp>getOCSPResponse(Object certificate, Object issuer, Time timeReference1)ValidationResultvalidate(CertPath certPath, CertStore certStore, List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, Time timeReference, boolean validateICPBRAlgorithms)Valida o certificado e seu caminho de certificaçãovoidvalidateAttributeCertificateWithReport(SignatureObject signatureObject, Object signerCertificate, SignaturePolicyInterface policyInterface, SignatureReport signatureReport, List<Time> timeReferences)ValidationResultvalidateWithReport(CertPath certPath, SignatureObject signature, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, List<Time> timeReferences, SignatureReport signatureReport)
-
Method Details
-
getCertPathOCSPResponses
-
createCertStore
CertStore createCertStore(CertPath certPath, SignatureObject signature, SignaturePolicyInterface policyInterface, Time timeReference, Set<org.bouncycastle.util.Selector<CRL>> fromWeb) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException -
validateWithReport
ValidationResult validateWithReport(CertPath certPath, SignatureObject signature, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, List<Time> timeReferences, SignatureReport signatureReport) -
validate
ValidationResult validate(CertPath certPath, CertStore certStore, List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, Time timeReference, boolean validateICPBRAlgorithms)Valida o certificado e seu caminho de certificação- Parameters:
certPath- O caminho de certificados a ser validadocertStore- O repositório de certificadosocspResponses- Lista de respostas OCSPsignaturePolicyInterface- interface de política que permite obter as âncoras de confiança para o caminho de certificaçãovalidate- sinaliza a verificação de um caminho de assinatura ou carimbo de tempotimeReference- Data de referência da validaçãovalidateICPBRAlgorithms- sinaliza se os algoritmos de assinatura devem ser validados conforme a ICP-Brasil- Returns:
- O resultado da validação
-
validateAttributeCertificateWithReport
void validateAttributeCertificateWithReport(SignatureObject signatureObject, Object signerCertificate, SignaturePolicyInterface policyInterface, SignatureReport signatureReport, List<Time> timeReferences) -
generateCertPath
CertPath generateCertPath(Object certificate, Set<TrustAnchor> trustAnchors) throws CertificateException- Throws:
CertificateException
-
generateCertPath
Cria o caminho de certificação.- Parameters:
certificate- O certificado.trustAnchors- Os trust anchors- Returns:
- O caminho de certificação.
-
generateCertPath
CertPath generateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors) -
generateCertPath
CertPath generateCertPath(SignatureObject signature, org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors) -
getCRLsFromSelector
default List<X509CRL> getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selectore, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLsFromSelector
List<X509CRL> getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromSelector
default Optional<X509CRL> getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromSelector
Optional<X509CRL> getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateAndSelector
default Optional<X509CRL> getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObjects) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateAndSelector
Optional<X509CRL> getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObjects) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateWithoutIssuer
default Optional<X509CRL> getCRLFromCertificateWithoutIssuer(Object certificate, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateWithoutIssuer
default Optional<X509CRL> getCRLFromCertificateWithoutIssuer(Object certificate, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateAndIssuer
default Optional<X509CRL> getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLFromCertificateAndIssuer
Optional<X509CRL> getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject) throws CRLException- Throws:
CRLException
-
getCRLIssuerCertificate
Optional<Object> getCRLIssuerCertificate(Object certificate, X509CRL crl, Object issuer, Set<TrustAnchor> trustAnchor, SignatureObject... signatureObject) throws AIAException, IOException, CRLException- Throws:
AIAExceptionIOExceptionCRLException
-
getOCSPResponse
-
getCRLIssuer
Optional<Certificate> getCRLIssuer(Object certificate, SignatureObject signature, Set<TrustAnchor> trustAnchors, CertificateCollection collection) throws CRLException- Throws:
CRLException
-