Class CryptographicSuiteUtils

java.lang.Object
eu.europa.esig.dss.validation.policy.CryptographicSuiteUtils
public final class CryptographicSuiteUtils extends Object
This class contains supporting methods for processing a eu.europa.esig.dss.model.policy.CryptographicSuite

  • Field Details

    • MODULES_LENGTH_PARAMETER

      public static final String MODULES_LENGTH_PARAMETER
      Key size parameter used by RSA algorithms
      See Also:

    • PLENGTH_PARAMETER

      public static final String PLENGTH_PARAMETER
      P Length key size parameter used by DSA algorithms (supported)
      See Also:

    • QLENGTH_PARAMETER

      public static final String QLENGTH_PARAMETER
      Q Length key size parameter used by DSA algorithms (not supported)
      See Also:

  • Method Details

    • isSignatureAlgorithmReliable

      public static boolean isSignatureAlgorithmReliable(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm)
      Checks if the given SignatureAlgorithm is reliable (acceptable)
      Parameters:
      cryptographicSuite - CryptographicSuite
      signatureAlgorithm - SignatureAlgorithm to check
      Returns:
      TRUE if the algorithm is reliable, FALSE otherwise

    • isDigestAlgorithmReliable

      public static boolean isDigestAlgorithmReliable(CryptographicSuite cryptographicSuite, DigestAlgorithm digestAlgorithm)
      Checks if the given DigestAlgorithm is reliable (acceptable)
      Parameters:
      cryptographicSuite - CryptographicSuite
      digestAlgorithm - DigestAlgorithm to check
      Returns:
      TRUE if the algorithm is reliable, FALSE otherwise

    • isSignatureAlgorithmWithKeySizeReliable

      public static boolean isSignatureAlgorithmWithKeySizeReliable(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, String keyLength)
      Checks if the {code keyLength} for SignatureAlgorithm is reliable (acceptable)
      Parameters:
      cryptographicSuite - CryptographicSuite
      signatureAlgorithm - SignatureAlgorithm to check key length for
      keyLength - String the key length to be checked
      Returns:
      TRUE if the key length for the algorithm is reliable, FALSE otherwise

    • isSignatureAlgorithmWithKeySizeReliable

      public static boolean isSignatureAlgorithmWithKeySizeReliable(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, Integer keySize)
      Checks if the {code keyLength} for SignatureAlgorithm is reliable (acceptable)
      Parameters:
      cryptographicSuite - CryptographicSuite
      signatureAlgorithm - SignatureAlgorithm to check key length for
      keySize - Integer the key length to be checked
      Returns:
      TRUE if the key length for the algorithm is reliable, FALSE otherwise

    • isSignatureAlgorithmKeyLengthBigEnough

      public static boolean isSignatureAlgorithmKeyLengthBigEnough(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, String keyLength)
      This method verifies whether the given keyLength of the signatureAlgorithm is big enough. NOTE: This method only ensures that the key length is bigger than the minimal accepted key size. It does not consider the maximum requirements.
      Parameters:
      cryptographicSuite - CryptographicSuite set of validation constraints
      signatureAlgorithm - SignatureAlgorithm to be checked
      keyLength - String
      Returns:
      TRUE if the signature algorithm key length is big enough, FALSE otherwise

    • getExpirationDate

      public static Date getExpirationDate(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, String keyLength)
      Gets an expiration date for the encryption algorithm with name signatureAlgorithm and keyLength. Returns null if the expiration date is not defined for the algorithm.
      Parameters:
      cryptographicSuite - CryptographicSuite
      signatureAlgorithm - SignatureAlgorithm to get expiration date for
      keyLength - String key length used to sign the token
      Returns:
      Date

    • getExpirationDate

      public static Date getExpirationDate(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, Integer keySize)
      Gets an expiration date for the encryption algorithm with name signatureAlgorithm and keyLength. Returns null if the expiration date is not defined for the algorithm.
      Parameters:
      cryptographicSuite - CryptographicSuite
      signatureAlgorithm - SignatureAlgorithm to get expiration date for
      keySize - Integer key length used to sign the token
      Returns:
      Date

    • getExpirationDate

      public static Date getExpirationDate(CryptographicSuite cryptographicSuite, DigestAlgorithm digestAlgorithm)
      Gets an expiration date for the digest algorithm with name digestAlgoToSearch. Returns null if the expiration date is not defined for the algorithm.
      Parameters:
      cryptographicSuite - CryptographicSuite
      digestAlgorithm - DigestAlgorithm the algorithm to get expiration date for
      Returns:
      Date

    • isDigestAlgorithmReliableAtTime

      public static boolean isDigestAlgorithmReliableAtTime(CryptographicSuite cryptographicSuite, DigestAlgorithm digestAlgorithm, Date validationTime)
      This method verifies whether the digestAlgorithm is reliable at the validationTime
      Parameters:
      cryptographicSuite - CryptographicSuite containing the algorithm validation rules
      digestAlgorithm - DigestAlgorithm to be checked
      validationTime - Date validation time to check at
      Returns:
      TRUE if the algorithm is reliable at the given time, FALSE otherwise

    • getReliableDigestAlgorithmsAtTime

      public static Set<DigestAlgorithm> getReliableDigestAlgorithmsAtTime(CryptographicSuite cryptographicSuite, Date validationTime)
      This method returns a list of reliable DigestAlgorithm according to the current validation policy at the given validation time
      Parameters:
      cryptographicSuite - CryptographicSuite
      validationTime - Date to verify against
      Returns:
      a set of DigestAlgorithms

    • getReliableSignatureAlgorithmsWithMinimalKeyLengthAtTime

      public static Set<SignatureAlgorithmWithMinKeySize> getReliableSignatureAlgorithmsWithMinimalKeyLengthAtTime(CryptographicSuite cryptographicSuite, Date validationTime)
      This method returns a list of reliable SignatureAlgorithmWithMinKeySize according to the current validation policy and at the given time.
      Parameters:
      cryptographicSuite - CryptographicSuite
      validationTime - Date to verify against
      Returns:
      a set of SignatureAlgorithmWithMinKeySizes

    • isSignatureAlgorithmReliableAtTime

      public static boolean isSignatureAlgorithmReliableAtTime(CryptographicSuite cryptographicSuite, SignatureAlgorithm signatureAlgorithm, String keyLength, Date validationTime)
      This method verifies whether the signatureAlgorithm with the keySize is reliable at the validationTime
      Parameters:
      cryptographicSuite - CryptographicSuite containing the algorithm validation rules
      signatureAlgorithm - SignatureAlgorithm to be checked
      keyLength - String used to create the signature
      validationTime - Date validation time to check at
      Returns:
      TRUE if the algorithm is reliable at the given time, FALSE otherwise