Package br.ufsc.labsec.signature

Interface CertificateValidation

All Known Implementing Classes:

CertificateValidationService

public interface CertificateValidation

Interface responsável pela validação de certificados.

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static class	CertificateValidation.Validate	Sinaliza quais âncoras deverão ser obtidas na validação do caminho

Method Summary

Modifier and Type	Method	Description
CertStore	createCertStore(CertPath certPath, SignatureObject signature, SignaturePolicyInterface policyInterface, Time timeReference, Set<org.bouncycastle.util.Selector<CRL>> fromWeb)
CertPath	generateCertPath(SignatureObject signature, org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)
CertPath	generateCertPath(Object certificate, Set<TrustAnchor> trustAnchors)
CertPath	generateCertPath(Certificate certificate, Set<TrustAnchor> trustAnchors)	Cria o caminho de certificação.
CertPath	generateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)
List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>>	getCertPathOCSPResponses(CertPath certPath, SignatureObject signatureObject, Time timeReference)
Optional<X509CRL>	getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)
default Optional<X509CRL>	getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)
default Optional<X509CRL>	getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObjects)
Optional<X509CRL>	getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObjects)
default Optional<X509CRL>	getCRLFromCertificateWithoutIssuer(Object certificate, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)
default Optional<X509CRL>	getCRLFromCertificateWithoutIssuer(Object certificate, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObject)
default Optional<X509CRL>	getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, SignatureObject... signatureObject)
Optional<X509CRL>	getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject)
Optional<Object>	getCRLIssuerCertificate(Object certificate, X509CRL crl, Object issuer, Set<TrustAnchor> trustAnchor, SignatureObject... signatureObject)
default List<X509CRL>	getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selectore, SignatureObject... signatureObject)
List<X509CRL>	getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timereference, SignatureObject... signatureObject)
Optional<org.bouncycastle.cert.ocsp.OCSPResp>	getOCSPResponse(Object certificate, Object issuer, Time timeReference1)
ValidationResult	validate(CertPath certPath, CertStore certStore, List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, Time timeReference, boolean validateICPBRAlgorithms)	Valida o certificado e seu caminho de certificação
void	validateAttributeCertificateWithReport(SignatureObject signatureObject, Object signerCertificate, SignaturePolicyInterface policyInterface, SignatureReport signatureReport, List<Time> timeReferences)
ValidationResult	validateWithReport(CertPath certPath, SignatureObject signature, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, List<Time> timeReferences, SignatureReport signatureReport)

Method Details

getCertPathOCSPResponses

List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> getCertPathOCSPResponses(CertPath certPath,
SignatureObject signatureObject,
Time timeReference)

createCertStore

CertStore createCertStore(CertPath certPath,
SignatureObject signature,
SignaturePolicyInterface policyInterface,
Time timeReference,
Set<org.bouncycastle.util.Selector<CRL>> fromWeb)
                   throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException

Throws:

InvalidAlgorithmParameterException

NoSuchAlgorithmException

validateWithReport

ValidationResult validateWithReport(CertPath certPath,
SignatureObject signature,
SignaturePolicyInterface signaturePolicyInterface,
CertificateValidation.Validate validate,
List<Time> timeReferences,
SignatureReport signatureReport)

validate

ValidationResult validate(CertPath certPath,
CertStore certStore,
List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses,
SignaturePolicyInterface signaturePolicyInterface,
CertificateValidation.Validate validate,
Time timeReference,
boolean validateICPBRAlgorithms)

Valida o certificado e seu caminho de certificação

Parameters:

certPath - O caminho de certificados a ser validado

certStore - O repositório de certificados

ocspResponses - Lista de respostas OCSP

signaturePolicyInterface - interface de política que permite obter as âncoras de confiança para o caminho de certificação

validate - sinaliza a verificação de um caminho de assinatura ou carimbo de tempo

timeReference - Data de referência da validação

validateICPBRAlgorithms - sinaliza se os algoritmos de assinatura devem ser validados conforme a ICP-Brasil

Returns:

O resultado da validação

validateAttributeCertificateWithReport

void validateAttributeCertificateWithReport(SignatureObject signatureObject,
Object signerCertificate,
SignaturePolicyInterface policyInterface,
SignatureReport signatureReport,
List<Time> timeReferences)

generateCertPath

CertPath generateCertPath(Object certificate,
Set<TrustAnchor> trustAnchors)
                   throws CertificateException

Throws:

CertificateException

generateCertPath

CertPath generateCertPath(Certificate certificate,
Set<TrustAnchor> trustAnchors)

Cria o caminho de certificação.

Parameters:

certificate - O certificado.

trustAnchors - Os trust anchors

Returns:

O caminho de certificação.

generateCertPath

CertPath generateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate,
Set<TrustAnchor> trustAnchors)

generateCertPath

CertPath generateCertPath(SignatureObject signature,
org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate,
Set<TrustAnchor> trustAnchors)

getCRLsFromSelector

default List<X509CRL> getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selectore,
SignatureObject... signatureObject)
                                   throws CRLException

Throws:

CRLException

getCRLsFromSelector

List<X509CRL> getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector,
Time timereference,
SignatureObject... signatureObject)
                           throws CRLException

Throws:

CRLException

getCRLFromSelector

default Optional<X509CRL> getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector,
SignatureObject... signatureObject)
                                      throws CRLException

Throws:

CRLException

getCRLFromSelector

Optional<X509CRL> getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector,
Time timereference,
SignatureObject... signatureObject)
                              throws CRLException

Throws:

CRLException

getCRLFromCertificateAndSelector

default Optional<X509CRL> getCRLFromCertificateAndSelector(Object certificate,
AbstractSignatureIdentityInformation.CRLSelector selector,
SignatureObject... signatureObjects)
                                                    throws CRLException

Throws:

CRLException

getCRLFromCertificateAndSelector

Optional<X509CRL> getCRLFromCertificateAndSelector(Object certificate,
AbstractSignatureIdentityInformation.CRLSelector selector,
Time timeReference,
SignatureObject... signatureObjects)
                                            throws CRLException

Throws:

CRLException

getCRLFromCertificateWithoutIssuer

default Optional<X509CRL> getCRLFromCertificateWithoutIssuer(Object certificate,
Set<TrustAnchor> trustAnchors,
SignatureObject... signatureObject)
                                                      throws CRLException

Throws:

CRLException

getCRLFromCertificateWithoutIssuer

default Optional<X509CRL> getCRLFromCertificateWithoutIssuer(Object certificate,
Time timeReference,
Set<TrustAnchor> trustAnchors,
SignatureObject... signatureObject)
                                                      throws CRLException

Throws:

CRLException

getCRLFromCertificateAndIssuer

default Optional<X509CRL> getCRLFromCertificateAndIssuer(Object certificate,
Object issuer,
Set<TrustAnchor> trustAnchors,
SignatureObject... signatureObject)
                                                  throws CRLException

Throws:

CRLException

getCRLFromCertificateAndIssuer

Optional<X509CRL> getCRLFromCertificateAndIssuer(Object certificate,
Object issuer,
Time timeReference,
Set<TrustAnchor> trustAnchors,
SignatureObject... signatureObject)
                                          throws CRLException

Throws:

CRLException

getCRLIssuerCertificate

Optional<Object> getCRLIssuerCertificate(Object certificate,
X509CRL crl,
Object issuer,
Set<TrustAnchor> trustAnchor,
SignatureObject... signatureObject)
                                  throws AIAException,
IOException,
CRLException

Throws:

AIAException

IOException

CRLException

getOCSPResponse

Optional<org.bouncycastle.cert.ocsp.OCSPResp> getOCSPResponse(Object certificate,
Object issuer,
Time timeReference1)