public class CryptoUtil extends Object
Constructor and Description |
---|
CryptoUtil() |
Modifier and Type | Method and Description |
---|---|
X509Certificate[] |
assembleCertChain(X509Certificate[] allcerts,
X509Certificate leaf) |
static boolean[] |
calculateKeyUsages(String type)
Calculates key usages base in the input type
|
static byte[] |
generateKeyId(PublicKey pubk) |
static String |
generateKeyIdString(PublicKey pubk) |
protected static org.bouncycastle.asn1.pkcs.SafeBag[] |
getAllSafeBagsFromPKCS12File(File file,
char[] p12PassPhrase)
Helper method to load all SafeBags from a PKCS#12 keystore.
|
static String |
getDigestAlgorithmNameByKeySize(Key key)
Use SHA-256 for keys sizes > 1024 and SHA-1 for small keys.
|
X509Certificate |
getIssuerCertFromChain(X509Certificate[] chain,
X509Certificate cert) |
static int |
getKeySize(Key key)
Returns the Certificate KeySize
|
static String[] |
getOIDsForExKeyUsages(String type)
Maps the input String to a ASN1ObjectIdentifier[].
|
static String |
getSignatureAlgorithmNameByKeySize(Key key)
Use SHA-256 for keys sizes > 1024 and SHA-1 for small keys.
|
X509Certificate[] |
getSignerCertificates(X509Certificate[] allcerts)
Locates the Signer certificates from the input certificates based on the input key usage.
|
static byte[] |
hashData(byte[] tbhData,
String hashAlg)
Method that hashes the tbhData according to the input hashAlg
|
static boolean |
isAuthSigningCert(boolean[] keyUsageToUse) |
static boolean |
isSelfSigned(X509Certificate currCert) |
static boolean |
isSignSigningCert(boolean[] keyUsageToUse) |
void |
loadContext(String passphrase,
String keystore,
MerchantContext context)
Method that retrieves Certificates, CertificateChains and Keys from the input keystore
and populates the input context with the information
|
PrivateKey |
loadPrivateKey(File file,
char[] p12PassPhrase,
X509Certificate certificate)
Locates the private key in a .bid file for the given certificate.
Additional description: The KeyBag should be located based on the localKeyId from the certificate The KeyBag should be a PKCS#8ShroudedKeyBag (password encrypted) For HSM .bid files with no KeyBags included, the method should return 'null' |
static byte[] |
signData(byte[] data,
String algName,
PrivateKey privateKey)
Verifies the passed-in signature.
|
static boolean |
validateSignature(byte[] data,
org.bouncycastle.asn1.x509.AlgorithmIdentifier algId,
PublicKey publicKey,
byte[] signature)
Verifies the passed-in signature.
|
static boolean |
validateSignature(byte[] data,
String algName,
PublicKey publicKey,
byte[] signature)
Verifies the passed-in signature.
|
public void loadContext(String passphrase, String keystore, MerchantContext context) throws BIDException
passphrase
- String The keystore passwordkeystore
- String The full path to the keystorecontext
- MerchantContext The context that caches the information retrievedBIDException
- If something failspublic X509Certificate getIssuerCertFromChain(X509Certificate[] chain, X509Certificate cert) throws BIDException
BIDException
public X509Certificate[] getSignerCertificates(X509Certificate[] allcerts) throws BIDException
allcerts
- all certs in keystoreBIDException
- if a certfiicate in the input Cert[] is not valid or expired or if the signer certs are
missingpublic X509Certificate[] assembleCertChain(X509Certificate[] allcerts, X509Certificate leaf) throws BIDException
BIDException
public static byte[] hashData(byte[] tbhData, String hashAlg) throws NoSuchAlgorithmException
tbhData
- byte[] The data to be hashedhashAlg
- String The hashAlgorithm name to use. Supported algorithms are SHA, MD5, MD2NoSuchAlgorithmException
- If the algorithm chosen is not supportedpublic static byte[] signData(byte[] data, String algName, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
data
- the byte array to use for the update.algName
- the name of the algorithm requestedprivateKey
- the private key of the identity whose signature is going to be generated.NoSuchAlgorithmException
InvalidKeyException
SignatureException
public static boolean validateSignature(byte[] data, String algName, PublicKey publicKey, byte[] signature) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
data
- the byte array to use for the update.algName
- the name of the algorithm requestedpublicKey
- the public key of the identity whose signature is going to be verified.signature
- the signature bytes to be verifiedNoSuchAlgorithmException
InvalidKeyException
SignatureException
public static boolean validateSignature(byte[] data, org.bouncycastle.asn1.x509.AlgorithmIdentifier algId, PublicKey publicKey, byte[] signature) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
data
- the byte array to use for the update.algId
- the algorithm requestedpublicKey
- the public key of the identity whose signature is going to be verified.signature
- the signature bytes to be verifiedNoSuchAlgorithmException
InvalidKeyException
SignatureException
public static boolean[] calculateKeyUsages(String type)
type
- The usagespublic static String[] getOIDsForExKeyUsages(String type)
type
- String containing a comma separated list of extended KeyUsage
identifierspublic static byte[] generateKeyId(PublicKey pubk) throws NoSuchAlgorithmException, B64UException, InvalidKeyException
public static String generateKeyIdString(PublicKey pubk) throws NoSuchAlgorithmException, B64UException, InvalidKeyException
public static int getKeySize(Key key)
public static String getSignatureAlgorithmNameByKeySize(Key key)
public static String getDigestAlgorithmNameByKeySize(Key key)
public static boolean isAuthSigningCert(boolean[] keyUsageToUse)
public static boolean isSignSigningCert(boolean[] keyUsageToUse)
public static boolean isSelfSigned(X509Certificate currCert)
protected static org.bouncycastle.asn1.pkcs.SafeBag[] getAllSafeBagsFromPKCS12File(File file, char[] p12PassPhrase) throws BIDException
file
- The PKCS12 filep12PassPhrase
- The password for MAC integrityBIDException
public PrivateKey loadPrivateKey(File file, char[] p12PassPhrase, X509Certificate certificate) throws BIDException
file
- p12PassPhrase
- certificate
- BIDException
Copyright © 2017 Nets Branch Norway. All Rights Reserved.