Package br.ufsc.labsec.utils

Class CertificateUtils

java.lang.Object

br.ufsc.labsec.utils.CertificateUtils

public class CertificateUtils
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CertificateUtils.AdditionalExtensionOIDS
static class	CertificateUtils.Usage

Field Summary

Fields

Modifier and Type	Field	Description
static String	UNABLE_TO_GET_CERTIFICATE_ENCODING
static String	X509_TYPE

Constructor Summary

Constructors

Constructor	Description
CertificateUtils()

Method Summary

Modifier and Type	Method	Description
static Collection<X509Certificate>	buildPathFromCollection(Collection<X509Certificate> certs, Object certificate)
static boolean	certificateInReference(Certificate certificate, List<org.apache.commons.lang3.tuple.Pair<String,byte[]>> references)
static byte[]	convertPEMtoDER(byte[] pemEncoded)
static Optional<TrustAnchor>	createTrustAnchor(byte[] bytes)
static Optional<TrustAnchor>	createTrustAnchor(InputStream inputStream)
static TrustAnchor	createTrustAnchor(Certificate certificate)
static TrustAnchor	createTrustAnchor(X509Certificate x509Certificate)
static List<TrustAnchor>	createTrustAnchors(byte[] bytes)
static Stream<TrustAnchor>	createTrustAnchors(InputStream inputStream)
static byte[]	digest(Object certificate)
static byte[]	digest(String algorithm, Object certificate)
static byte[]	digest(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, Object certificate)
static byte[]	DIGEST(Object certificate)
static byte[]	DIGEST(String algorithm, Object certificate)
static byte[]	DIGEST(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, Object certificate)
static boolean	expired(Time timeReference, Object certificate)
static X500Principal	generalNamesToX500Principal(org.bouncycastle.asn1.x509.GeneralNames generalNames)
static CertPath	generateCertPath(List<? extends Certificate> certificates)
static Optional<String>	getAlternativeNameByOid(Object certificate, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)
static Optional<X509Certificate>	getAnchor(Certificate certificate, Collection<TrustAnchor> trustAnchors)
static Optional<X509Certificate>	getAnchor(CertPath certPath, Collection<TrustAnchor> trustAnchors)
static org.bouncycastle.asn1.x509.AuthorityInformationAccess	getAuthorityInformationAccess(Object certificate)
Optional<Certificate>	getCertificate(CertificateCollection collection, SignatureObject object, org.bouncycastle.util.Selector<Certificate> selector, CertificateCollectionCache cache)
static Optional<Certificate>	getCertificate(org.bouncycastle.cert.X509CertificateHolder holder)
static List<X509Certificate>	getCertificatesInCertPath(X509Certificate certificate, CertStore certStore, Set<TrustAnchor> trustAnchors)
static Collection<? extends Certificate>	getCertsFromX509Factory(InputStream certs)
static Optional<String>	getCNPJFromCertificate(Object certificate)	Deprecated. para uso no Validador de Documentos, utilize ExtensionsReport
static String	getCountryFromCertificate(Object certificate)
static Optional<String>	getCPFFromCertificate(Object certificate)	Deprecated.
static org.bouncycastle.asn1.x509.CRLDistPoint	getCRLDistributionPoints(Object certificate)
static org.bouncycastle.asn1.x500.X500Name	getCRLIssuerName(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoint)
static List<org.bouncycastle.asn1.x509.GeneralNames>	getCRLIssuers(Object certificate)
static Collection<? extends CRL>	getCRLsFromX509Factory(InputStream crls)
static org.bouncycastle.asn1.x500.X500Name	getDirectoryName(org.bouncycastle.asn1.x509.GeneralNames generalNames)
static org.bouncycastle.asn1.x509.DistributionPoint[]	getDistributionPoints(Object certificate)
static org.bouncycastle.asn1.x509.GeneralName	getGeneralName(org.bouncycastle.asn1.x509.GeneralNames generalNames, int tag)
static org.bouncycastle.asn1.x509.GeneralNames	getGeneralNamesFromX500Name(org.bouncycastle.asn1.x500.X500Name name)
static int	getKeyLength(PublicKey pk)	Retorna o tamanho da chave pública
static List<Certificate>	getPathWithAnchor(CertPath certPath, SignaturePolicyInterface policyInterface)
static List<Certificate>	getPathWithAnchor(CertPath certPath, Collection<TrustAnchor> trustAnchors)
static Optional<X509Certificate>	getTrustPoint(Certificate certificate, SignaturePolicyInterface signaturePolicyInterface)
static Optional<X509Certificate>	getTrustPoint(Certificate certificate, Collection<TrustAnchor> anchors)
static CertificateFactory	getX509CertificateFactory()
static boolean	hasCRLIssuer(Object certificate)
static CertificateUtils.Usage	hasKeyUsage(Object certificate, int usage)
static boolean	hasNotSupportedExtensions(TrustAnchor anchor)	Verifica se a âncora de confiança contém a extensão namedConstraints.
static boolean	hasTrustAnchorAsIssuer(Certificate certificate, Collection<TrustAnchor> anchors)
static boolean	isCACertificate(Object certificate)
static boolean	ISDIGEST(byte[] expectedDigest, Object certificate)
static boolean	ISDIGEST(String algorithm, byte[] expectedDigest, Object certificate)
static boolean	ISDIGEST(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, byte[] expectedDigest, Object certificate)
static boolean	isICPBr(CertPath certPath)
static boolean	isIssuer(Object subject, Object issuer)
static boolean	isIssuer(org.bouncycastle.cert.X509AttributeCertificateHolder subject, org.bouncycastle.cert.X509CertificateHolder issuer)
static boolean	isPEM(CertificateInterface.Instance instance, byte[] encoded)
static boolean	isSelfSigned(Object certificate)
static boolean	isTrustAnchor(Certificate certificate, SignaturePolicyInterface signaturePolicyInterface)
static boolean	isTrustAnchor(Certificate certificate, Collection<TrustAnchor> anchors)
static boolean	noRevAvail(org.bouncycastle.cert.X509AttributeCertificateHolder certificate)	Indica se o certificado de atributo contém a extensão noRevAvail e se ela é válida.
static boolean	notYetValid(Time timeReference, Object certificate)
static boolean	validOnPeriod(Time timeReference, Object certificate)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

X509_TYPE

public static final String X509_TYPE

See Also:

Constant Field Values

UNABLE_TO_GET_CERTIFICATE_ENCODING

public static final String UNABLE_TO_GET_CERTIFICATE_ENCODING

See Also:

Constant Field Values

Constructor Details

CertificateUtils

public CertificateUtils()

Method Details

isIssuer

public static boolean isIssuer(Object subject,
Object issuer)

isIssuer

public static boolean isIssuer(org.bouncycastle.cert.X509AttributeCertificateHolder subject,
org.bouncycastle.cert.X509CertificateHolder issuer)

getX509CertificateFactory

public static CertificateFactory getX509CertificateFactory()
                                                    throws CertificateException

Throws:

CertificateException

getCertsFromX509Factory

public static Collection<? extends Certificate> getCertsFromX509Factory(InputStream certs)

getCRLsFromX509Factory

public static Collection<? extends CRL> getCRLsFromX509Factory(InputStream crls)

generateCertPath

public static CertPath generateCertPath(List<? extends Certificate> certificates)

getAuthorityInformationAccess

public static org.bouncycastle.asn1.x509.AuthorityInformationAccess getAuthorityInformationAccess(Object certificate)

getCRLDistributionPoints

public static org.bouncycastle.asn1.x509.CRLDistPoint getCRLDistributionPoints(Object certificate)

getCRLIssuerName

public static org.bouncycastle.asn1.x500.X500Name getCRLIssuerName(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoint)

getDistributionPoints

public static org.bouncycastle.asn1.x509.DistributionPoint[] getDistributionPoints(Object certificate)

getCRLIssuers

public static List<org.bouncycastle.asn1.x509.GeneralNames> getCRLIssuers(Object certificate)

hasCRLIssuer

public static boolean hasCRLIssuer(Object certificate)

getGeneralName

public static org.bouncycastle.asn1.x509.GeneralName getGeneralName(org.bouncycastle.asn1.x509.GeneralNames generalNames,
int tag)
                                                             throws IOException

Throws:

IOException

getDirectoryName

public static org.bouncycastle.asn1.x500.X500Name getDirectoryName(org.bouncycastle.asn1.x509.GeneralNames generalNames)
                                                            throws IOException

Throws:

IOException

generalNamesToX500Principal

public static X500Principal generalNamesToX500Principal(org.bouncycastle.asn1.x509.GeneralNames generalNames)
                                                 throws IOException

Throws:

IOException

expired

public static boolean expired(Time timeReference,
Object certificate)

notYetValid

public static boolean notYetValid(Time timeReference,
Object certificate)

validOnPeriod

public static boolean validOnPeriod(Time timeReference,
Object certificate)

getTrustPoint

public static Optional<X509Certificate> getTrustPoint(Certificate certificate,
SignaturePolicyInterface signaturePolicyInterface)

createTrustAnchor

public static Optional<TrustAnchor> createTrustAnchor(byte[] bytes)

createTrustAnchor

public static Optional<TrustAnchor> createTrustAnchor(InputStream inputStream)

createTrustAnchors

public static List<TrustAnchor> createTrustAnchors(byte[] bytes)

createTrustAnchors

public static Stream<TrustAnchor> createTrustAnchors(InputStream inputStream)

createTrustAnchor

public static TrustAnchor createTrustAnchor(Certificate certificate)

getAnchor

public static Optional<X509Certificate> getAnchor(Certificate certificate,
Collection<TrustAnchor> trustAnchors)

getAnchor

public static Optional<X509Certificate> getAnchor(CertPath certPath,
Collection<TrustAnchor> trustAnchors)

getPathWithAnchor

public static List<Certificate> getPathWithAnchor(CertPath certPath,
SignaturePolicyInterface policyInterface)

getPathWithAnchor

public static List<Certificate> getPathWithAnchor(CertPath certPath,
Collection<TrustAnchor> trustAnchors)

createTrustAnchor

public static TrustAnchor createTrustAnchor(X509Certificate x509Certificate)

getTrustPoint

public static Optional<X509Certificate> getTrustPoint(Certificate certificate,
Collection<TrustAnchor> anchors)

hasTrustAnchorAsIssuer

public static boolean hasTrustAnchorAsIssuer(Certificate certificate,
Collection<TrustAnchor> anchors)

isSelfSigned

public static boolean isSelfSigned(Object certificate)

isTrustAnchor

public static boolean isTrustAnchor(Certificate certificate,
SignaturePolicyInterface signaturePolicyInterface)

getGeneralNamesFromX500Name

public static org.bouncycastle.asn1.x509.GeneralNames getGeneralNamesFromX500Name(org.bouncycastle.asn1.x500.X500Name name)

hasKeyUsage

public static CertificateUtils.Usage hasKeyUsage(Object certificate,
int usage)

getCNPJFromCertificate

public static Optional<String> getCNPJFromCertificate(Object certificate)

Deprecated.

para uso no Validador de Documentos, utilize ExtensionsReport

Obtém o CNPJ do certificado pelo OID definido em BrazilianPKIObjectIdentifiers, se presente

Parameters:

certificate - certificado a ser obtido o CNPJ

Returns:

o CNPJ em um Optional

getCPFFromCertificate

@Deprecated
public static Optional<String> getCPFFromCertificate(Object certificate)

Deprecated.

Agora é obtido através do relatório de extensões, pois o campo pode não ser um DERPrintableString, então, para o Validador de Documentos, use ExtensionsReport.

getAlternativeNameByOid

public static Optional<String> getAlternativeNameByOid(Object certificate,
org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

certificateInReference

public static boolean certificateInReference(Certificate certificate,
List<org.apache.commons.lang3.tuple.Pair<String,byte[]>> references)

getCountryFromCertificate

public static String getCountryFromCertificate(Object certificate)

isCACertificate

public static boolean isCACertificate(Object certificate)

isTrustAnchor

public static boolean isTrustAnchor(Certificate certificate,
Collection<TrustAnchor> anchors)

hasNotSupportedExtensions

public static boolean hasNotSupportedExtensions(TrustAnchor anchor)

Verifica se a âncora de confiança contém a extensão namedConstraints.

Parameters:

anchor - âncora de confiança.

Returns:

valor lógico que indica se a âncora de confiança contém a extensão namedConstraints.

buildPathFromCollection

public static Collection<X509Certificate> buildPathFromCollection(Collection<X509Certificate> certs,
Object certificate)

getCertificate

public Optional<Certificate> getCertificate(CertificateCollection collection,
SignatureObject object,
org.bouncycastle.util.Selector<Certificate> selector,
CertificateCollectionCache cache)

getCertificate

public static Optional<Certificate> getCertificate(org.bouncycastle.cert.X509CertificateHolder holder)

noRevAvail

public static boolean noRevAvail(org.bouncycastle.cert.X509AttributeCertificateHolder certificate)

Indica se o certificado de atributo contém a extensão noRevAvail e se ela é válida.

Parameters:

certificate - certificado de atributo

Returns:

valor lógico que indica se o certificado de atributo contém a extensão noRevAvail e se ela é válida.

digest

public static byte[] digest(Object certificate)
                     throws NoSuchAlgorithmException,
IOException

Throws:

NoSuchAlgorithmException

IOException

digest

public static byte[] digest(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier,
Object certificate)
                     throws NoSuchAlgorithmException,
IOException

Throws:

NoSuchAlgorithmException

IOException

digest

public static byte[] digest(String algorithm,
Object certificate)
                     throws NoSuchAlgorithmException,
IOException

Throws:

NoSuchAlgorithmException

IOException

DIGEST

public static byte[] DIGEST(Object certificate)

DIGEST

public static byte[] DIGEST(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier,
Object certificate)

DIGEST

public static byte[] DIGEST(String algorithm,
Object certificate)

ISDIGEST

public static boolean ISDIGEST(byte[] expectedDigest,
Object certificate)

ISDIGEST

public static boolean ISDIGEST(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier,
byte[] expectedDigest,
Object certificate)

ISDIGEST

public static boolean ISDIGEST(String algorithm,
byte[] expectedDigest,
Object certificate)

isPEM

public static boolean isPEM(CertificateInterface.Instance instance,
byte[] encoded)

convertPEMtoDER

public static byte[] convertPEMtoDER(byte[] pemEncoded)
                              throws IOException

Throws:

IOException

isICPBr

public static boolean isICPBr(CertPath certPath)

getKeyLength

public static int getKeyLength(PublicKey pk)

Retorna o tamanho da chave pública

Parameters:

pk - A chave pública

Returns:

O tamanho da chave ou -1 se a chave não for suportada

getCertificatesInCertPath

public static List<X509Certificate> getCertificatesInCertPath(X509Certificate certificate,
CertStore certStore,
Set<TrustAnchor> trustAnchors)