Package no.digipost.security

Class DigipostSecurity

java.lang.Object

no.digipost.security.DigipostSecurity

public final class DigipostSecurity
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
static String	PKIX	String denoting Public-Key Infrastructure ("PKIX").
static String	PROVIDER_NAME	Name of the security provider: "BC"
static String	X509	String denoting the certificate type "X.509".

Method Summary

Modifier and Type	Method	Description
static CertPath	asCertPath(Stream<X509Certificate> certificates)	Build a CertPath from the given certificates.
static KeyStore	asKeyStore(Iterable<X509Certificate> certificates)	Deprecated. Use JCEKS.newKeyStore() instead, and add certificates using e.g.
static Stream<X509Certificate>	asStream(CertPath path)	Convert a CertPath to a stream of certificates.
static String	describe(Certificate certificate)	Create a description of a certificate, applicable for logging and similar.
static String	describe(CertPath certPath)	Create a description of a certificate, applicable for logging and similar.
static void	ensureCryptoPolicyUnlimited()	Sets the security property crypto.policy to "unlimited" to enable Java Cryptography Extension (JCE) Unlimited Strength.
static void	ensureSecurityProvider()	This is called by the static initializer of the DigipostSecurity class, and should not be necessary to explicitly invoke.
static CertificateFactory	getX509CertificateFactory()	Retrieve a CertificateFactory for X.509 certificates.
static X509Certificate	readCertificate(byte[] certificateBytes)	Read the first (or only) certificate from an array of bytes.
static X509Certificate	readCertificate(InputStream certificateResource)	Read the first (or only) certificate from a resource.
static X509Certificate	readCertificate(String resourceName)	Read the first (or only) certificate from a resource.
static Stream<X509Certificate>	readCertificates(byte[] certificatesBytes)	Read several certificates from a byte array.
static Stream<X509Certificate>	readCertificates(InputStream certificatesResource)	Read several certificates from a single resource.
static Stream<X509Certificate>	readCertificates(String resourceName)	Read several certificates from a single resource.
static X509Certificate	requireX509(Certificate certificate)	Cast Certificate to X509Certificate, or throw appropriate exception.
static void	verifyJceUnlimitedStrength()	This method may be invoked to verify that Java Cryptography Extension (JCE) Unlimited Strength is enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROVIDER_NAME

public static final String PROVIDER_NAME

Name of the security provider: "BC"

See Also:

Constant Field Values

PKIX

public static final String PKIX

String denoting Public-Key Infrastructure ("PKIX").

See Also:

Constant Field Values

X509

public static final String X509

String denoting the certificate type "X.509".

See Also:

Constant Field Values

Method Detail

getX509CertificateFactory

public static CertificateFactory getX509CertificateFactory()

Retrieve a CertificateFactory for X.509 certificates.

readCertificate

public static X509Certificate readCertificate(String resourceName)

Read the first (or only) certificate from a resource.

Parameters:

resourceName - the name of the classpath resource containing the certificate.

See Also:

CertificateFactory.generateCertificate(InputStream)

readCertificate

public static X509Certificate readCertificate(byte[] certificateBytes)

Read the first (or only) certificate from an array of bytes.

Parameters:

certificateBytes - the bytes containing the certificate.

readCertificate

public static X509Certificate readCertificate(InputStream certificateResource)

Read the first (or only) certificate from a resource.

See Also:

CertificateFactory.generateCertificate(InputStream)

readCertificates

public static Stream<X509Certificate> readCertificates(String resourceName)

Read several certificates from a single resource.

Parameters:

resourceName - the name of the classpath resource containing the certificates.

See Also:

CertificateFactory.generateCertificates(InputStream)

readCertificates

public static Stream<X509Certificate> readCertificates(byte[] certificatesBytes)

Read several certificates from a byte array.

Parameters:

certificatesBytes - the bytes containing the certificates.

See Also:

CertificateFactory.generateCertificates(InputStream)

readCertificates

public static Stream<X509Certificate> readCertificates(InputStream certificatesResource)

Read several certificates from a single resource.

See Also:

CertificateFactory.generateCertificates(InputStream)

requireX509

public static X509Certificate requireX509(Certificate certificate)

Cast Certificate to X509Certificate, or throw appropriate exception.

Throws:

IllegalCertificateType - if the given certificate is not of type "X.509".

asStream

public static Stream<X509Certificate> asStream(CertPath path)

Convert a CertPath to a stream of certificates. The certificates are casted to X509Certificate.

Parameters:

path - the CertPath

Returns:

stream of "X.509" certificates, aqcuired from CertPath.getCertificates().

asKeyStore

@Deprecated
public static KeyStore asKeyStore(Iterable<X509Certificate> certificates)

Deprecated.

Use JCEKS.newKeyStore() instead, and add certificates using e.g. KeyStoreBuilder.containing(java.util.Collection).

Put certificates into a new KeyStore of type KeyStoreType.JCEKS. They will be aliased as their Subject DNs.

asCertPath

public static CertPath asCertPath(Stream<X509Certificate> certificates)

Build a CertPath from the given certificates.

Parameters:

certificates - the "X.509" certificates.

Returns:

the certification path

describe

public static String describe(CertPath certPath)

Create a description of a certificate, applicable for logging and similar. The description will be multiline, where the certificate is on the first line, and each issuer will be on its own line below.

Parameters:

certPath - the certificate path to describe

Returns:

the multiline description.

describe

public static String describe(Certificate certificate)

Create a description of a certificate, applicable for logging and similar.

Parameters:

certificate - the certificate to describe

Returns:

the description

ensureSecurityProvider

public static void ensureSecurityProvider()

This is called by the static initializer of the DigipostSecurity class, and should not be necessary to explicitly invoke.

ensureCryptoPolicyUnlimited

public static void ensureCryptoPolicyUnlimited()

Sets the security property crypto.policy to "unlimited" to enable Java Cryptography Extension (JCE) Unlimited Strength. This is also invoked by ensureSecurityProvider().

Note: setting this security property this only has effect on Java 8 b152 or newer. On earlier Java versions one must still separately download and add the JCE Unlimited Strength Jurisdiction Policy Files.

See Also:

www.oracle.com/technetwork/java/javase/8u152-relnotes-3850503.html#JDK-8157561

verifyJceUnlimitedStrength

public static void verifyJceUnlimitedStrength()

This method may be invoked to verify that Java Cryptography Extension (JCE) Unlimited Strength is enabled.

Throws:

DigipostSecurityException - if Java Cryptography Extension (JCE) Unlimited Strength can not be verified to be enabled.