Package br.ufsc.labsec.utils

Class CertificateUtils

java.lang.Object
br.ufsc.labsec.utils.CertificateUtils
public class CertificateUtils
extends Object

  • Field Details

  • Constructor Details

    • CertificateUtils

      public CertificateUtils()

  • Method Details

    • isIssuer

      public static boolean isIssuer​(Object subject, Object issuer)

    • isIssuer

      public static boolean isIssuer​(org.bouncycastle.cert.X509AttributeCertificateHolder subject, org.bouncycastle.cert.X509CertificateHolder issuer)

    • getX509CertificateFactory

      public static CertificateFactory getX509CertificateFactory() throws CertificateException
      Throws:
      CertificateException

    • getCertsFromX509Factory

      public static Collection<? extends Certificate> getCertsFromX509Factory​(InputStream certs)

    • getCRLsFromX509Factory

      public static Collection<? extends CRL> getCRLsFromX509Factory​(InputStream crls)

    • generateCertPath

      public static CertPath generateCertPath​(List<? extends Certificate> certificates)

    • getAuthorityInformationAccess

      public static org.bouncycastle.asn1.x509.AuthorityInformationAccess getAuthorityInformationAccess​(Object certificate)

    • getCRLDistributionPoints

      public static org.bouncycastle.asn1.x509.CRLDistPoint getCRLDistributionPoints​(Object certificate)

    • getCRLIssuerName

      public static org.bouncycastle.asn1.x500.X500Name getCRLIssuerName​(org.bouncycastle.asn1.x509.CRLDistPoint crlDistPoint)

    • getDistributionPoints

      public static org.bouncycastle.asn1.x509.DistributionPoint[] getDistributionPoints​(Object certificate)

    • getCRLIssuers

      public static List<org.bouncycastle.asn1.x509.GeneralNames> getCRLIssuers​(Object certificate)

    • hasCRLIssuer

      public static boolean hasCRLIssuer​(Object certificate)

    • getGeneralName

      public static org.bouncycastle.asn1.x509.GeneralName getGeneralName​(org.bouncycastle.asn1.x509.GeneralNames generalNames, int tag) throws IOException
      Throws:
      IOException

    • getDirectoryName

      public static org.bouncycastle.asn1.x500.X500Name getDirectoryName​(org.bouncycastle.asn1.x509.GeneralNames generalNames) throws IOException
      Throws:
      IOException

    • generalNamesToX500Principal

      public static X500Principal generalNamesToX500Principal​(org.bouncycastle.asn1.x509.GeneralNames generalNames) throws IOException
      Throws:
      IOException

    • expired

      public static boolean expired​(Time timeReference, Object certificate)

    • notYetValid

      public static boolean notYetValid​(Time timeReference, Object certificate)

    • validOnPeriod

      public static boolean validOnPeriod​(Time timeReference, Object certificate)

    • getTrustPoint

      public static Optional<X509Certificate> getTrustPoint​(Certificate certificate, SignaturePolicyInterface signaturePolicyInterface)

    • createTrustAnchor

      public static Optional<TrustAnchor> createTrustAnchor​(byte[] bytes)

    • createTrustAnchor

      public static Optional<TrustAnchor> createTrustAnchor​(InputStream inputStream)

    • createTrustAnchors

      public static List<TrustAnchor> createTrustAnchors​(byte[] bytes)

    • createTrustAnchors

      public static Stream<TrustAnchor> createTrustAnchors​(InputStream inputStream)

    • createTrustAnchor

      public static TrustAnchor createTrustAnchor​(Certificate certificate)

    • getAnchorCertificate

      public static Optional<X509Certificate> getAnchorCertificate​(Certificate certificate, Collection<TrustAnchor> trustAnchors)

    • getAnchorCertificate

      public static Optional<X509Certificate> getAnchorCertificate​(CertPath certPath, Collection<TrustAnchor> trustAnchors)

    • getAnchor

      public static Optional<TrustAnchor> getAnchor​(CertPath certPath, Collection<TrustAnchor> trustAnchors)

    • getPathWithAnchor

      public static List<Certificate> getPathWithAnchor​(CertPath certPath, SignaturePolicyInterface policyInterface)

    • getPathWithAnchor

      public static List<Certificate> getPathWithAnchor​(CertPath certPath, Collection<TrustAnchor> trustAnchors)

    • createTrustAnchor

      public static TrustAnchor createTrustAnchor​(X509Certificate x509Certificate)

    • getTrustPoint

      public static Optional<X509Certificate> getTrustPoint​(Certificate certificate, Collection<TrustAnchor> anchors)

    • hasTrustAnchorAsIssuer

      public static boolean hasTrustAnchorAsIssuer​(Certificate certificate, Collection<TrustAnchor> anchors)

    • isSelfSigned

      public static boolean isSelfSigned​(Object certificate)

    • isTrustAnchor

      public static boolean isTrustAnchor​(Certificate certificate, SignaturePolicyInterface signaturePolicyInterface)

    • getGeneralNamesFromX500Name

      public static org.bouncycastle.asn1.x509.GeneralNames getGeneralNamesFromX500Name​(org.bouncycastle.asn1.x500.X500Name name)

    • hasKeyUsage

      public static CertificateUtils.Usage hasKeyUsage​(Object certificate, int usage)

    • getCNPJFromCertificate

      public static Optional<String> getCNPJFromCertificate​(Object certificate)
      Deprecated.
      para uso no Validador de Documentos, utilize ExtensionsReport
      Obtém o CNPJ do certificado pelo OID definido em BrazilianPKIObjectIdentifiers, se presente
      Parameters:
      certificate - certificado a ser obtido o CNPJ
      Returns:
      o CNPJ em um Optional

    • getCPFFromCertificate

      @Deprecated public static Optional<String> getCPFFromCertificate​(Object certificate)
      Deprecated.
      Agora é obtido através do relatório de extensões, pois o campo pode não ser um DERPrintableString, então, para o Validador de Documentos, use ExtensionsReport.

    • getAlternativeNameByOid

      public static Optional<String> getAlternativeNameByOid​(Object certificate, org.bouncycastle.asn1.ASN1ObjectIdentifier oid)

    • certificateInReference

      public static boolean certificateInReference​(Certificate certificate, List<org.apache.commons.lang3.tuple.Pair<String,​byte[]>> references)

    • getCountryFromCertificate

      public static String getCountryFromCertificate​(Object certificate)

    • isCACertificate

      public static boolean isCACertificate​(Object certificate)

    • isTrustAnchor

      public static boolean isTrustAnchor​(Certificate certificate, Collection<TrustAnchor> anchors)

    • hasNotSupportedExtensions

      public static boolean hasNotSupportedExtensions​(TrustAnchor anchor)
      Verifica se a âncora de confiança contém a extensão namedConstraints.
      Parameters:
      anchor - âncora de confiança.
      Returns:
      valor lógico que indica se a âncora de confiança contém a extensão namedConstraints.

    • buildPathFromCollection

      public static Collection<X509Certificate> buildPathFromCollection​(Collection<X509Certificate> certs, Object certificate)

    • getCertificate

      public Optional<Certificate> getCertificate​(CertificateCollection collection, SignatureObject object, org.bouncycastle.util.Selector<Certificate> selector, CertificateCollectionCache cache)

    • getCertificate

      public static Optional<Certificate> getCertificate​(org.bouncycastle.cert.X509CertificateHolder holder)

    • certificateToBase64String

      public static String certificateToBase64String​(Object object)

    • certPathToBase64String

      public static String certPathToBase64String​(Object object)

    • noRevAvail

      public static boolean noRevAvail​(org.bouncycastle.cert.X509AttributeCertificateHolder certificate)
      Indica se o certificado de atributo contém a extensão noRevAvail e se ela é válida.
      Parameters:
      certificate - certificado de atributo
      Returns:
      valor lógico que indica se o certificado de atributo contém a extensão noRevAvail e se ela é válida.

    • digest

      public static byte[] digest​(Object certificate) throws NoSuchAlgorithmException, IOException
      Throws:
      NoSuchAlgorithmException
      IOException

    • digest

      public static byte[] digest​(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, Object certificate) throws NoSuchAlgorithmException, IOException
      Throws:
      NoSuchAlgorithmException
      IOException

    • digest

      public static byte[] digest​(String algorithm, Object certificate) throws NoSuchAlgorithmException, IOException
      Throws:
      NoSuchAlgorithmException
      IOException

    • DIGEST

      public static byte[] DIGEST​(Object certificate)

    • DIGEST

      public static byte[] DIGEST​(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, Object certificate)

    • DIGEST

      public static byte[] DIGEST​(String algorithm, Object certificate)

    • ISDIGEST

      public static boolean ISDIGEST​(byte[] expectedDigest, Object certificate)

    • ISDIGEST

      public static boolean ISDIGEST​(org.bouncycastle.asn1.ASN1ObjectIdentifier identifier, byte[] expectedDigest, Object certificate)

    • ISDIGEST

      public static boolean ISDIGEST​(String algorithm, byte[] expectedDigest, Object certificate)

    • isPEM

      public static boolean isPEM​(CertificateInterface.Instance instance, byte[] encoded)

    • convertPEMtoDER

      public static byte[] convertPEMtoDER​(byte[] pemEncoded) throws IOException
      Throws:
      IOException

    • isICPBr

      public static boolean isICPBr​(CertPath certPath)

    • getKeyLength

      public static int getKeyLength​(PublicKey pk)
      Retorna o tamanho da chave pública
      Parameters:
      pk - A chave pública
      Returns:
      O tamanho da chave ou -1 se a chave não for suportada

    • getCertificatesInCertPath

      public static List<X509Certificate> getCertificatesInCertPath​(X509Certificate certificate, CertStore certStore, Set<TrustAnchor> trustAnchors)

    • parseCertificate

      public static Optional<Certificate> parseCertificate​(String certificateB64)