Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.nhindirect.stagent
Class CryptoExtensions

java.lang.Object
  extended by org.nhindirect.stagent.CryptoExtensions

public class CryptoExtensions
extends java.lang.Object

Utility functions for searching for certificates.

Author:
Greg Meyer, Umesh Madan

Constructor Summary
CryptoExtensions()
           
 
Method Summary
static boolean certSubjectContainsName(java.security.cert.X509Certificate cert, java.lang.String name)
          Checks if a name is contained in a certificate's distinguished name.
static boolean containsEmailAddressInSubjectAltName(java.security.cert.X509Certificate cert, java.lang.String subjectName)
          Checks if the subject is contained in the certificates alternate subject names.
static java.security.cert.X509Certificate findCertByName(java.util.Collection<java.security.cert.X509Certificate> certs, java.lang.String name)
          Searches a collection of X509Certificates for a certificate that matches the provided name.
static SignerCertPair findSignerByCert(org.bouncycastle.cms.CMSSignedData signedData, java.security.cert.X509Certificate searchCert)
          Searches CMS signed data for a specific X509 certificate.
static java.util.Collection<SignerCertPair> findSignersByName(org.bouncycastle.cms.CMSSignedData signedData, java.lang.String name, java.util.Collection<java.lang.String> excludeNames)
          Searches CMS signed data for a given email name.
static java.lang.String getJCEProviderName()
          Gets the configured JCE crypto provider string for crypto operations.
static java.lang.String getSubjectAddress(java.security.cert.X509Certificate certificate)
          Gets the address name associated with the certificate.
static boolean isEqualThumbprint(java.security.cert.X509Certificate cert1, java.security.cert.X509Certificate cert2)
          Compares the thumbprints of two certificates for equality.
static boolean matchName(java.security.cert.X509Certificate cert, java.lang.String name)
          Matches a common name in a certificate.
static void setJCEProviderName(java.lang.String name)
          Overrides the configured JCE crypto provider string.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CryptoExtensions

public CryptoExtensions()
Method Detail

getJCEProviderName

public static java.lang.String getJCEProviderName()
Gets the configured JCE crypto provider string for crypto operations. This is configured using the -Dorg.nhindirect.stagent.cryptography.JCEProviderName JVM parameters. If the parameter is not set or is empty, then the default string "BC" (BouncyCastle provider) is returned. By default the agent installs the BouncyCastle provider.

Returns:
The name of the JCE provider string.

setJCEProviderName

public static void setJCEProviderName(java.lang.String name)
Overrides the configured JCE crypto provider string. If the name is empty or null, the default string "BC" (BouncyCastle provider) is used.

Parameters:
name - The name of the JCE provider.

isEqualThumbprint

public static boolean isEqualThumbprint(java.security.cert.X509Certificate cert1,
                                        java.security.cert.X509Certificate cert2)
Compares the thumbprints of two certificates for equality.

Parameters:
cert1 - The first certificate to compare.
cert2 - The second certificate to compare.
Returns:
True if the certificates' thumbprints are equal. False other wise.

containsEmailAddressInSubjectAltName

public static boolean containsEmailAddressInSubjectAltName(java.security.cert.X509Certificate cert,
                                                           java.lang.String subjectName)
Checks if the subject is contained in the certificates alternate subject names. Specifically the rfc822Name name and DNSName types are checked.

Parameters:
cert - The certificate to check.
subjectName - The subject name to check in the alternate names.
Returns:
True if the subjectName is contained in the alternate subject names. False otherwise.

certSubjectContainsName

public static boolean certSubjectContainsName(java.security.cert.X509Certificate cert,
                                              java.lang.String name)
Checks if a name is contained in a certificate's distinguished name.

Parameters:
cert - The certificate to check.
name - The name to search for in the certificate's distinguished name.
Returns:
True if the name is found in the certificates distinguished name. False otherwise.

matchName

public static boolean matchName(java.security.cert.X509Certificate cert,
                                java.lang.String name)
Matches a common name in a certificate.

Parameters:
cert - The certificate to check for the common name.
name - The common name to check for. This method automatically prefixes the name with "CN="
Returns:
True if the common name is contained in the certificate. False otherwise.

findSignersByName

public static java.util.Collection<SignerCertPair> findSignersByName(org.bouncycastle.cms.CMSSignedData signedData,
                                                                     java.lang.String name,
                                                                     java.util.Collection<java.lang.String> excludeNames)
Searches CMS signed data for a given email name. Signed data may consist of multiple signatures either from the same subject of from multiple subjects.

Parameters:
signedData - The signed data to search.
name - The name to search for in the list of signers.
excludeNames - A list of names to exclude from the list. Because the search uses a simple "contains" search, it is possible for the name parameter to be a substring of what is requested. The excludeNames contains a super string of the name to remove unwanted names from the returned list. This parameter may be null;
Returns:
A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name. Returns an empty collection if a signer matching the name cannot be found in the signed data.

findCertByName

public static java.security.cert.X509Certificate findCertByName(java.util.Collection<java.security.cert.X509Certificate> certs,
                                                                java.lang.String name)
Searches a collection of X509Certificates for a certificate that matches the provided name.

Parameters:
certs - The collection of certificates to search.
name - The name to search for in the collection.
Returns:
A certificate that matches the provided name. Returns null if a matching certificate cannot be found in the collection.

findSignerByCert

public static SignerCertPair findSignerByCert(org.bouncycastle.cms.CMSSignedData signedData,
                                              java.security.cert.X509Certificate searchCert)
Searches CMS signed data for a specific X509 certificate.

Parameters:
signedData - The signed data to search.
name - The certificate to search for in the signed data.
Returns:
A pair consisting of the singer's X509 certificated and signer information that matches the provided certificate. Returns null if a signer matching the name cannot be found in the signed data.

getSubjectAddress

public static java.lang.String getSubjectAddress(java.security.cert.X509Certificate certificate)
Gets the address name associated with the certificate. It may be an email address or a domain name.

Parameters:
certificate - The certificate to search
Returns:
The address of domain associated with a certificate.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010-2011 HNIN Direct. All Rights Reserved.