Package se.swedenconnect.sigval.commons.utils

Class SVAUtils

java.lang.Object
se.swedenconnect.sigval.commons.utils.SVAUtils
public class SVAUtils extends Object
Utility methods for SVT processing
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Constructor Summary

    Constructors
    Constructor
    Description
    SVAUtils()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static int
    compareSVTIssueDate(com.nimbusds.jwt.SignedJWT o1, com.nimbusds.jwt.SignedJWT o2)
    Compare jwt issue date to support sorting to place the most recent item first in the list
    static X509Certificate
    getCertificate(byte[] certBytes)
    Get a certificate from byte input
    static X509Certificate
    getCertOrNull(byte[] bytes)
    Get a certificate or null
    static org.bouncycastle.asn1.tsp.TSTInfo
    getCmsSigTSTInfo(byte[] sigBytes)
    Get timestamp TST ino from CMS signature bytes
    static com.nimbusds.jwt.SignedJWT
    getMostRecentJwt(List<com.nimbusds.jwt.SignedJWT> signedJWTList)
     
    static List<X509Certificate>
    getOrderedCertList(byte[] signerCertificate, List<byte[]> certificateChain)
    Get an ordered certificate list beginning with leaf cert and ending with parent trust anchor
    static org.bouncycastle.asn1.cms.SignedData
    getSignedDataFromSignature(byte[] sigBytes)
    Get the CMS SignedData object from a CMS signature
    static se.swedenconnect.sigval.svt.claims.SVTClaims
    getSVTClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet)
    Get the SVT claims from a JWT claims set
    static Date
    getSVTIssueDate(com.nimbusds.jwt.SignedJWT o1)
    Obtains the date from SVT JWT
    static String
    getSVTJWT(org.bouncycastle.asn1.tsp.TSTInfo tstInfo)
    Get the SVT JWT string from time stamp tstInfo
    static boolean
    isSVADocTimestamp(byte[] sigBytes)
    test if a CMS signature is a SVT document timestamp signature
    static void
    verifySVA(com.nimbusds.jwt.SignedJWT signedJWT, PublicKey publicKey)
    Verifies the SVT signature.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SVAUtils

      public SVAUtils()

  • Method Details

    • isSVADocTimestamp

      public static boolean isSVADocTimestamp(byte[] sigBytes)
      test if a CMS signature is a SVT document timestamp signature
      Parameters:
      sigBytes - bytes of the CMS signature
      Returns:
      true if this is a document timestamp signature containing an SVT

    • getSVTClaims

      public static se.swedenconnect.sigval.svt.claims.SVTClaims getSVTClaims(com.nimbusds.jwt.JWTClaimsSet jwtClaimsSet) throws IOException
      Get the SVT claims from a JWT claims set
      Parameters:
      jwtClaimsSet - the source JWT claims set
      Returns:
      SVT claims
      Throws:
      IOException - on parsing errors

    • getSVTJWT

      public static String getSVTJWT(org.bouncycastle.asn1.tsp.TSTInfo tstInfo) throws IOException
      Get the SVT JWT string from time stamp tstInfo
      Parameters:
      tstInfo - timestamp data
      Returns:
      SVT JWT (Json Web Token)
      Throws:
      IOException - on parsing errors

    • getCmsSigTSTInfo

      public static org.bouncycastle.asn1.tsp.TSTInfo getCmsSigTSTInfo(byte[] sigBytes) throws IOException
      Get timestamp TST ino from CMS signature bytes
      Parameters:
      sigBytes - CMS signature bytes
      Returns:
      TSTInfo from signature bytes
      Throws:
      IOException - on parsing errors

    • getSignedDataFromSignature

      public static org.bouncycastle.asn1.cms.SignedData getSignedDataFromSignature(byte[] sigBytes) throws IOException
      Get the CMS SignedData object from a CMS signature
      Parameters:
      sigBytes - CMS signature bytes
      Returns:
      CMS SignedData object
      Throws:
      IOException - on parsing errors

    • getCertificate

      public static X509Certificate getCertificate(byte[] certBytes) throws CertificateException, IOException
      Get a certificate from byte input
      Parameters:
      certBytes - certificate bytes
      Returns:
      certificate object
      Throws:
      CertificateException - exception creating certificate
      IOException - exception parsing data

    • getCertOrNull

      public static X509Certificate getCertOrNull(byte[] bytes)
      Get a certificate or null
      Parameters:
      bytes - certificate bytes
      Returns:
      a certificate object, or null if certificate creation failed

    • getOrderedCertList

      public static List<X509Certificate> getOrderedCertList(byte[] signerCertificate, List<byte[]> certificateChain)
      Get an ordered certificate list beginning with leaf cert and ending with parent trust anchor
      Parameters:
      signerCertificate - target leaf certificate
      certificateChain - supporting certificate chain
      Returns:
      ordered list of certificates beginning with target certificate

    • verifySVA

      public static void verifySVA(com.nimbusds.jwt.SignedJWT signedJWT, PublicKey publicKey) throws Exception
      Verifies the SVT signature.
      Parameters:
      signedJWT - signed JWT holding the SVT
      publicKey - the public key used to verify the SVA token signature
      Throws:
      Exception - if validation of SVA fails

    • getMostRecentJwt

      public static com.nimbusds.jwt.SignedJWT getMostRecentJwt(List<com.nimbusds.jwt.SignedJWT> signedJWTList)

    • compareSVTIssueDate

      public static int compareSVTIssueDate(com.nimbusds.jwt.SignedJWT o1, com.nimbusds.jwt.SignedJWT o2)
      Compare jwt issue date to support sorting to place the most recent item first in the list
      Parameters:
      o1 - Signed JWT*
      o2 - Other Signed JWT
      Returns:
      negative if first date is after (more recent) than second date

    • getSVTIssueDate

      public static Date getSVTIssueDate(com.nimbusds.jwt.SignedJWT o1)
      Obtains the date from SVT JWT
      Parameters:
      o1 - SignedJWT
      Returns:
      the issue date or epoc time if date is not set.