Class CertificateValidationService
java.lang.Object
br.ufsc.labsec.signature.conformanceVerifier.validationService.CertificateValidationService
- All Implemented Interfaces:
CertificateValidation
public class CertificateValidationService extends Object implements CertificateValidation
Esta classe realiza a validação de um certificado e sua LCR
-
Nested Class Summary
Nested classes/interfaces inherited from interface br.ufsc.labsec.signature.CertificateValidation
CertificateValidation.Validate -
Field Summary
Fields Modifier and Type Field Description static booleanSKIP_OLD_TIME_REFERENCES_WITH_NO_CACHEDefine o compotamento de validação de caminho de certificação. -
Constructor Summary
Constructors Constructor Description CertificateValidationService(ValidationServiceRepository validationService)Construtor -
Method Summary
Modifier and Type Method Description CertStorecreateCertStore(CertPath certPath, SignatureObject signature, SignaturePolicyInterface policyInterface, Time timeReference, Set<org.bouncycastle.util.Selector<CRL>> obtainedFromWeb)Cria o conjunto de certificados na cadeia de certificação e LCRs do certificado a partir de um caminho de certificados construídoCertPathgenerateCertPath(SignatureObject signature, org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)CertPathgenerateCertPath(Object certificate, Set<TrustAnchor> trustAnchors)Cria o caminho de certificação do certificado dado, no caso do caminho ser construído corretamente, popula-se as coleções de ceritifcados utilizadas na verificação.CertPathgenerateCertPath(Certificate certificate, Set<TrustAnchor> trustAnchors)Cria o caminho de certificação do certificado dado, no caso do caminho ser construído corretamente, popula-se as coleções de ceritifcados utilizadas na verificação.CertPathgenerateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>>getCertPathOCSPResponses(CertPath certPath, SignatureObject signatureObject, Time timeReference)Busca as respostas de servidores OCSP para cada certificado do caminho de certificaçãoOptional<X509CRL>getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObjects)Optional<X509CRL>getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObject)Optional<X509CRL>getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObjects)Optional<Object>getCRLIssuerCertificate(Object certificate, X509CRL crl, Object issuer, Set<TrustAnchor> trustAnchor, SignatureObject... signatureObjects)List<CRL>getCRLsFromCertificate(Object certificate, org.bouncycastle.asn1.x500.X500Name issuerName, Time timeReference, SignatureObject... signatureObject)List<X509CRL>getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObject)Optional<Certificate>getIssuerCertificate(SignatureObject signatureObject, Object certificate, Set<TrustAnchor> trustAnchors)Optional<org.bouncycastle.cert.ocsp.OCSPResp>getOCSPResponse(Object certificate, Object issuer, Time timeReference)Busca a resposta do servidor OCSP para o certificado dadoValidationResultpostValidate(ValidationResult validationResult, boolean proofOfExistance, Time earliestReference)ValidationResultvalidate(CertPath certPath, SignatureObject signatureObject, SignaturePolicyInterface policyInterface, Time timeReference, boolean verifyAlgorithm)ValidationResultvalidate(CertPath certPath, SignatureObject signatureObject, SignaturePolicyInterface policyInterface, Time timeReference, Time currentTimeReference, Time earliestTimeReference, boolean verifyAlgorithm)ValidationResultvalidate(CertPath certPath, CertStore certStore, List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, Time timeReference, boolean validateICPBRAlgorithms)Valida o certificado e seu caminho de certificaçãoValidationResultvalidateAttributeCertificate(RevReq.EnuRevReq requirement, org.bouncycastle.cert.X509AttributeCertificateHolder certificate, X509Certificate anchor, Optional<X509CRL> optionalCRL, Optional<org.bouncycastle.cert.ocsp.OCSPResp> optionalOCSP, Time timeReference, boolean validateICPBRAlgorithms)ValidationResultvalidateAttributeCertificate(org.bouncycastle.cert.X509AttributeCertificateHolder certificate, Time timeReference, boolean verifyICPBRAlgorithms)voidvalidateAttributeCertificateWithReport(SignatureObject signature, Object signerCertificate, SignaturePolicyInterface policyInterface, SignatureReport signatureReport, List<Time> timeReferences)static ValidationResultvalidateCertificateAlgorithm(Object certificate)static ValidationResultvalidateCertificateKey(Object certificate)ValidationResultvalidateWithReport(CertPath certPath, SignatureObject signature, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, List<Time> timeReferences, SignatureReport signatureReport)Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface br.ufsc.labsec.signature.CertificateValidation
getCRLFromCertificateAndIssuer, getCRLFromCertificateAndSelector, getCRLFromCertificateWithoutIssuer, getCRLFromCertificateWithoutIssuer, getCRLFromSelector, getCRLsFromSelector
-
Field Details
-
SKIP_OLD_TIME_REFERENCES_WITH_NO_CACHE
public static final boolean SKIP_OLD_TIME_REFERENCES_WITH_NO_CACHEDefine o compotamento de validação de caminho de certificação.- See Also:
- Constant Field Values
-
-
Constructor Details
-
CertificateValidationService
Construtor- Parameters:
validationService- Componente de repositório PKCS12
-
-
Method Details
-
validateWithReport
public ValidationResult validateWithReport(CertPath certPath, SignatureObject signature, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, List<Time> timeReferences, SignatureReport signatureReport)- Specified by:
validateWithReportin interfaceCertificateValidation
-
postValidate
public ValidationResult postValidate(ValidationResult validationResult, boolean proofOfExistance, Time earliestReference) -
validate
public ValidationResult validate(CertPath certPath, SignatureObject signatureObject, SignaturePolicyInterface policyInterface, Time timeReference, boolean verifyAlgorithm) throws CRLException- Throws:
CRLException
-
validate
public ValidationResult validate(CertPath certPath, SignatureObject signatureObject, SignaturePolicyInterface policyInterface, Time timeReference, Time currentTimeReference, Time earliestTimeReference, boolean verifyAlgorithm) throws CRLException- Throws:
CRLException
-
validate
public ValidationResult validate(CertPath certPath, CertStore certStore, List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> ocspResponses, SignaturePolicyInterface signaturePolicyInterface, CertificateValidation.Validate validate, Time timeReference, boolean validateICPBRAlgorithms)Valida o certificado e seu caminho de certificação- Specified by:
validatein interfaceCertificateValidation- Parameters:
certPath- O caminho de certificados a ser validadosignaturePolicyInterface- interface de política que permite obter as âncoras de confiança para o caminho de certificaçãovalidate- sinaliza a verificação de um caminho de assinatura ou carimbo de tempotimeReference- Data de referência da validaçãovalidateICPBRAlgorithms-certStore- O repositório de certificadosocspResponses- Lista de respostas OCSP- Returns:
- O resultado da validação
-
validateAttributeCertificate
public ValidationResult validateAttributeCertificate(RevReq.EnuRevReq requirement, org.bouncycastle.cert.X509AttributeCertificateHolder certificate, X509Certificate anchor, Optional<X509CRL> optionalCRL, Optional<org.bouncycastle.cert.ocsp.OCSPResp> optionalOCSP, Time timeReference, boolean validateICPBRAlgorithms) throws org.bouncycastle.cert.ocsp.OCSPException, IOException, CRLException, CertificateEncodingException- Throws:
org.bouncycastle.cert.ocsp.OCSPExceptionIOExceptionCRLExceptionCertificateEncodingException
-
validateCertificateAlgorithm
-
validateCertificateKey
-
validateAttributeCertificate
public ValidationResult validateAttributeCertificate(org.bouncycastle.cert.X509AttributeCertificateHolder certificate, Time timeReference, boolean verifyICPBRAlgorithms) -
validateAttributeCertificateWithReport
public void validateAttributeCertificateWithReport(SignatureObject signature, Object signerCertificate, SignaturePolicyInterface policyInterface, SignatureReport signatureReport, List<Time> timeReferences)- Specified by:
validateAttributeCertificateWithReportin interfaceCertificateValidation
-
getIssuerCertificate
public Optional<Certificate> getIssuerCertificate(SignatureObject signatureObject, Object certificate, Set<TrustAnchor> trustAnchors) -
getCRLIssuerCertificate
public Optional<Object> getCRLIssuerCertificate(Object certificate, X509CRL crl, Object issuer, Set<TrustAnchor> trustAnchor, SignatureObject... signatureObjects)- Specified by:
getCRLIssuerCertificatein interfaceCertificateValidation
-
getCRLFromCertificateAndIssuer
public Optional<X509CRL> getCRLFromCertificateAndIssuer(Object certificate, Object issuer, Time timeReference, Set<TrustAnchor> trustAnchors, SignatureObject... signatureObjects) throws CRLException- Specified by:
getCRLFromCertificateAndIssuerin interfaceCertificateValidation- Throws:
CRLException
-
getCRLFromSelector
public Optional<X509CRL> getCRLFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObjects) throws CRLException- Specified by:
getCRLFromSelectorin interfaceCertificateValidation- Throws:
CRLException
-
getCRLsFromSelector
public List<X509CRL> getCRLsFromSelector(AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObject)- Specified by:
getCRLsFromSelectorin interfaceCertificateValidation
-
getCRLFromCertificateAndSelector
public Optional<X509CRL> getCRLFromCertificateAndSelector(Object certificate, AbstractSignatureIdentityInformation.CRLSelector selector, Time timeReference, SignatureObject... signatureObject) throws CRLException- Specified by:
getCRLFromCertificateAndSelectorin interfaceCertificateValidation- Throws:
CRLException
-
getCRLsFromCertificate
public List<CRL> getCRLsFromCertificate(Object certificate, org.bouncycastle.asn1.x500.X500Name issuerName, Time timeReference, SignatureObject... signatureObject) throws IOException- Throws:
IOException
-
generateCertPath
public CertPath generateCertPath(Object certificate, Set<TrustAnchor> trustAnchors) throws CertificateExceptionCria o caminho de certificação do certificado dado, no caso do caminho ser construído corretamente, popula-se as coleções de ceritifcados utilizadas na verificação.- Specified by:
generateCertPathin interfaceCertificateValidation- Parameters:
certificate- O certificadotrustAnchors- Conjunto de âncoras de confiança para o caminho de certificação- Returns:
- O caminho de certificação gerado
- Throws:
CertificateException
-
generateCertPath
Cria o caminho de certificação do certificado dado, no caso do caminho ser construído corretamente, popula-se as coleções de ceritifcados utilizadas na verificação.- Specified by:
generateCertPathin interfaceCertificateValidation- Parameters:
certificate- O certificadotrustAnchors- Conjunto de âncoras de confiança para o caminho de certificação- Returns:
- O caminho de certificação gerado
-
generateCertPath
public CertPath generateCertPath(org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)- Specified by:
generateCertPathin interfaceCertificateValidation
-
generateCertPath
public CertPath generateCertPath(SignatureObject signature, org.bouncycastle.cert.X509AttributeCertificateHolder attributeCertificate, Set<TrustAnchor> trustAnchors)- Specified by:
generateCertPathin interfaceCertificateValidation
-
createCertStore
public CertStore createCertStore(CertPath certPath, SignatureObject signature, SignaturePolicyInterface policyInterface, Time timeReference, Set<org.bouncycastle.util.Selector<CRL>> obtainedFromWeb) throws InvalidAlgorithmParameterException, NoSuchAlgorithmExceptionCria o conjunto de certificados na cadeia de certificação e LCRs do certificado a partir de um caminho de certificados construído- Specified by:
createCertStorein interfaceCertificateValidation- Parameters:
certPath- O caminho de certificados que se deseja-se obter o conjunto- Returns:
- O conjunto de certificados e CRLs em CertStore
- Throws:
InvalidAlgorithmParameterException- Exceção em caso de algoritmo inválidoNoSuchAlgorithmException- Exceção em caso de algoritmo inexistenteLCRException- Exceção caso a LCR não for encontrada
-
getOCSPResponse
public Optional<org.bouncycastle.cert.ocsp.OCSPResp> getOCSPResponse(Object certificate, Object issuer, Time timeReference)Busca a resposta do servidor OCSP para o certificado dado- Specified by:
getOCSPResponsein interfaceCertificateValidation- Parameters:
certificate- Certificado a ser validadoissuer- Certificado do emissor- Returns:
- A resposta do servidor OCSP
-
getCertPathOCSPResponses
public List<org.apache.commons.lang3.tuple.Pair<Object,org.bouncycastle.cert.ocsp.OCSPResp>> getCertPathOCSPResponses(CertPath certPath, SignatureObject signatureObject, Time timeReference)Busca as respostas de servidores OCSP para cada certificado do caminho de certificação- Specified by:
getCertPathOCSPResponsesin interfaceCertificateValidation- Parameters:
certPath- O caminho de certificado do usuário construção do caminho de certificação- Returns:
- Lista de pares de cada certificado do caminho de certificação com sua respectiva resposta do servidor OCSP
-