CryptoExtensions (Direct Project Security And Trust Agent 2.0.4 API)

java.lang.Object
- org.nhindirect.stagent.CryptoExtensions

```
public class CryptoExtensions
extends Object
```
Utility functions for searching for certificates.

Author:

Greg Meyer, Umesh Madan

Constructor Summary

Constructors
Constructor and Description

CryptoExtensions()

Constructors
Constructor and Description
`CryptoExtensions()`

Method Summary

Methods
Modifier and Type	Method and Description
`static boolean`	`certSubjectContainsName(X509Certificate cert, String name)` Checks if a name is contained in a certificate's DN or alt subjects.
`static boolean`	`containsEmailAddressInSubjectAltName(X509Certificate cert, String subjectName)` Deprecated. As of 1.1.5. Use `certSubjectContainsName(X509Certificate, String)`
`static X509Certificate`	`findCertByName(Collection<X509Certificate> certs, String name)` Searches a collection of X509Certificates for a certificate that matches the provided name.
`static SignerCertPair`	`findSignerByCert(org.bouncycastle.cms.CMSSignedData signedData, X509Certificate searchCert)` Searches CMS signed data for a specific X509 certificate.
`static Collection<SignerCertPair>`	`findSignersByName(org.bouncycastle.cms.CMSSignedData signedData, String name, Collection<String> excludeNames)` Searches CMS signed data for a given email name.
`static String`	`getJCEProviderName()` Gets the configured JCE crypto provider string for crypto operations.
`static String`	`getJCEProviderNameForTypeAndAlgorithm(String type, String algorithm)` Gets the configured JCE crypto provider that supports the combination of the requested type and algorithm.
`static String`	`getSubjectAddress(X509Certificate certificate)` Gets the address name associated with the certificate.
`static boolean`	`isEqualThumbprint(X509Certificate cert1, X509Certificate cert2)` Compares the `thumbprints` of two certificates for equality.
`static boolean`	`matchName(X509Certificate cert, String name)` Deprecated. As of 1.1.5. Use `certSubjectContainsName(X509Certificate, String)`
`static void`	`registerJCEProviders()` Typically JCE providers are registered through JVM properties files or statically calling `Security.addProvider(Provider)`.
`static void`	`setJCEProviderName(String name)` Overrides the configured JCE crypto provider string.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CryptoExtensions
```
public CryptoExtensions()
```
- Method Detail
  - registerJCEProviders
```
public static void registerJCEProviders()
```
    Typically JCE providers are registered through JVM properties files or statically calling Security.addProvider(Provider). The method allows for configuration of JCE Providers through the OptionsManager classes. This method iterates through a comma delimited set of providers, dynamically loads the provider class, and and registered each one if it has not already been registered.
    If a provider is not configured via the OptionsManager, then the default BouncyCastle provider is registered (if it has not been already registered).
    
    Parameters:
    jceProviderClasses - Comma delimited list of the fully qualified class name of the JCE provider.
  - getJCEProviderName
```
public static String getJCEProviderName()
```
    Gets the configured JCE crypto provider string for crypto operations. This is configured using the -Dorg.nhindirect.stagent.cryptography.JCEProviderName JVM parameters. If the parameter is not set or is empty, then the default string "BC" (BouncyCastle provider) is returned. By default the agent installs the BouncyCastle provider.
    
    Returns:
    The name of the JCE provider string.
  - getJCEProviderNameForTypeAndAlgorithm
```
public static String getJCEProviderNameForTypeAndAlgorithm(String type,
                                           String algorithm)
```
    Gets the configured JCE crypto provider that supports the combination of the requested type and algorithm. If a custom set of providers has not been configured, this method will always return the default BouncyCatle provider string regardless if it matches the request type/algorithm pair.
    
    Parameters:
    type - The crypto type such as CertStore or CertPathValidator
    algorithm - The algorithm such as PKIX or MAC.
    
    Returns:
    The name of the JCE provider string supporting the type/algorithm pair.
  - setJCEProviderName
```
public static void setJCEProviderName(String name)
```
    Overrides the configured JCE crypto provider string. If the name is empty or null, the default string "BC" (BouncyCastle provider) is used.
    The provider name may be a comma delimited list of provider strings. The first string in the list will be the default provider string and returned when using getJCEProviderName(); however, the getJCEProviderNameForTypeAndAlgorithm(String, String) will search through the provider string until a valid provider that supports the requested type and algorithm is found. In this case, the first matching provider string will be used.
    
    Parameters:
    name - The name of the JCE provider.
  - isEqualThumbprint
```
public static boolean isEqualThumbprint(X509Certificate cert1,
                        X509Certificate cert2)
```
    Compares the thumbprints of two certificates for equality.
    
    Parameters:
    cert1 - The first certificate to compare.
    cert2 - The second certificate to compare.
    
    Returns:
    True if the certificates' thumbprints are equal. False other wise.
  - containsEmailAddressInSubjectAltName
```
public static boolean containsEmailAddressInSubjectAltName(X509Certificate cert,
                                           String subjectName)
```
    Deprecated. As of 1.1.5. Use certSubjectContainsName(X509Certificate, String)
    
    Checks if the subject is contained in the certificates alternate subject names. Specifically the rfc822Name name and DNSName types are checked.
    
    Parameters:
    cert - The certificate to check.
    subjectName - The subject name to check in the alternate names.
    
    Returns:
    True if the subjectName is contained in the alternate subject names. False otherwise.
  - certSubjectContainsName
```
public static boolean certSubjectContainsName(X509Certificate cert,
                              String name)
```
    Checks if a name is contained in a certificate's DN or alt subjects.
    
    Parameters:
    cert - The certificate to check.
    name - The name to search for in the certificate.
    
    Returns:
    True if the name is found in the certificate. False otherwise.
  - matchName
```
public static boolean matchName(X509Certificate cert,
                String name)
```
    Deprecated. As of 1.1.5. Use certSubjectContainsName(X509Certificate, String)
    
    Matches a common name in a certificate.
    
    Parameters:
    cert - The certificate to check for the common name.
    name - The common name to check for. This method automatically prefixes the name with "CN="
    
    Returns:
    True if the common name is contained in the certificate. False otherwise.
  - findSignersByName
```
public static Collection<SignerCertPair> findSignersByName(org.bouncycastle.cms.CMSSignedData signedData,
                                           String name,
                                           Collection<String> excludeNames)
```
    Searches CMS signed data for a given email name. Signed data may consist of multiple signatures either from the same subject of from multiple subjects.
    
    Parameters:
    signedData - The signed data to search.
    name - The name to search for in the list of signers.
    excludeNames - A list of names to exclude from the list. Because the search uses a simple "contains" search, it is possible for the name parameter to be a substring of what is requested. The excludeNames contains a super string of the name to remove unwanted names from the returned list. This parameter may be null;
    
    Returns:
    A colllection of pairs consisting of the singer's X509 certificated and signer information that matches the provided name. Returns an empty collection if a signer matching the name cannot be found in the signed data.
  - findCertByName
```
public static X509Certificate findCertByName(Collection<X509Certificate> certs,
                             String name)
```
    Searches a collection of X509Certificates for a certificate that matches the provided name.
    
    Parameters:
    certs - The collection of certificates to search.
    name - The name to search for in the collection.
    
    Returns:
    A certificate that matches the provided name. Returns null if a matching certificate cannot be found in the collection.
  - findSignerByCert
```
public static SignerCertPair findSignerByCert(org.bouncycastle.cms.CMSSignedData signedData,
                              X509Certificate searchCert)
```
    Searches CMS signed data for a specific X509 certificate.
    
    Parameters:
    signedData - The signed data to search.
    name - The certificate to search for in the signed data.
    
    Returns:
    A pair consisting of the singer's X509 certificated and signer information that matches the provided certificate. Returns null if a signer matching the name cannot be found in the signed data.
  - getSubjectAddress
```
public static String getSubjectAddress(X509Certificate certificate)
```
    Gets the address name associated with the certificate. It may be an email address or a domain name.
    
    Parameters:
    certificate - The certificate to search
    
    Returns:
    The address of domain associated with a certificate.

Class CryptoExtensions

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CryptoExtensions

Method Detail

registerJCEProviders

getJCEProviderName

getJCEProviderNameForTypeAndAlgorithm

setJCEProviderName

isEqualThumbprint

containsEmailAddressInSubjectAltName

certSubjectContainsName

matchName

findSignersByName

findCertByName

findSignerByCert

getSubjectAddress