Interface Crypto

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.String[] getAliasesForDN​(java.lang.String subjectDN)
      Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
      java.lang.String getAliasForX509Cert​(byte[] skiBytes)
      Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.
      java.lang.String getAliasForX509Cert​(java.lang.String issuer)
      Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.
      java.lang.String getAliasForX509Cert​(java.lang.String issuer, java.math.BigInteger serialNumber)
      Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.
      java.lang.String getAliasForX509Cert​(java.security.cert.Certificate cert)
      Return a X509 Certificate alias in the keystore according to a given Certificate
      java.lang.String getAliasForX509CertThumb​(byte[] thumb)
      Lookup a X509 Certificate in the keystore according to a given Thumbprint.
      byte[] getCertificateData​(boolean reverse, java.security.cert.X509Certificate[] certs)
      get a byte array given an array of X509 certificates.
      java.security.cert.CertificateFactory getCertificateFactory()
      Gets the CertificateFactory instantiated by the underlying implementation
      java.security.cert.X509Certificate[] getCertificates​(java.lang.String alias)
      get the list of certificates for a given alias.
      java.lang.String getDefaultX509Alias()
      Retrieves the alias name of the default certificate which has been specified as a property.
      java.security.KeyStore getKeyStore()
      Gets the Keystore that was loaded by the underlying implementation
      java.security.PrivateKey getPrivateKey​(java.lang.String alias, java.lang.String password)
      Gets the private key identified by alias and password.
      byte[] getSKIBytesFromCert​(java.security.cert.X509Certificate cert)
      Reads the SubjectKeyIdentifier information from the certificate.
      java.security.cert.X509Certificate[] getX509Certificates​(byte[] data, boolean reverse)
      Construct an array of X509Certificate's from the byte array.
      java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
      load a X509Certificate from the input stream.
      boolean validateCertPath​(java.security.cert.X509Certificate[] certs)
      Uses the CertPath API to validate a given certificate chain
    • Method Detail

      • loadCertificate

        java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
                                                    throws WSSecurityException
        load a X509Certificate from the input stream.

        Parameters:
        in - The InputStream array containg the X509 data
        Returns:
        An X509 certificate
        Throws:
        WSSecurityException
      • getX509Certificates

        java.security.cert.X509Certificate[] getX509Certificates​(byte[] data,
                                                                 boolean reverse)
                                                          throws WSSecurityException
        Construct an array of X509Certificate's from the byte array.

        Parameters:
        data - The byte array containg the X509 data
        reverse - If set the first certificate in input data will the last in the array
        Returns:
        An array of X509 certificates, ordered according to the reverse flag
        Throws:
        WSSecurityException
      • getCertificateData

        byte[] getCertificateData​(boolean reverse,
                                  java.security.cert.X509Certificate[] certs)
                           throws WSSecurityException
        get a byte array given an array of X509 certificates.

        Parameters:
        reverse - If set the first certificate in the array data will the last in the byte array
        certs - The certificates to convert
        Returns:
        The byte array for the certficates ordered according to the reverse flag
        Throws:
        WSSecurityException
      • getPrivateKey

        java.security.PrivateKey getPrivateKey​(java.lang.String alias,
                                               java.lang.String password)
                                        throws java.lang.Exception
        Gets the private key identified by alias and password.

        Parameters:
        alias - The alias (KeyStore) of the key owner
        password - The password needed to access the private key
        Returns:
        The private key
        Throws:
        java.lang.Exception
      • getCertificates

        java.security.cert.X509Certificate[] getCertificates​(java.lang.String alias)
                                                      throws WSSecurityException
        get the list of certificates for a given alias. This method reads a new certificate chain and overwrites a previously stored certificate chain.

        Parameters:
        alias - Lookup certificate chain for this alias
        Returns:
        Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
        Throws:
        WSSecurityException
      • getAliasForX509Cert

        java.lang.String getAliasForX509Cert​(java.security.cert.Certificate cert)
                                      throws WSSecurityException
        Return a X509 Certificate alias in the keystore according to a given Certificate

        Parameters:
        cert - The certificate to lookup
        Returns:
        alias name of the certificate that matches the given certificate or null if no such certificate was found.

        See comment above

        See comment above

        Throws:
        WSSecurityException
      • getAliasForX509Cert

        java.lang.String getAliasForX509Cert​(java.lang.String issuer)
                                      throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.

        The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.

        Parameters:
        issuer - The issuer's name for the certificate
        Returns:
        alias name of the certificate that matches the issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException
      • getAliasForX509Cert

        java.lang.String getAliasForX509Cert​(java.lang.String issuer,
                                             java.math.BigInteger serialNumber)
                                      throws WSSecurityException
        Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.

        The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.

        Parameters:
        issuer - The issuer's name for the certificate
        serialNumber - The serial number of the certificate from the named issuer
        Returns:
        alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException
      • getAliasForX509Cert

        java.lang.String getAliasForX509Cert​(byte[] skiBytes)
                                      throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.

        The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.

        Parameters:
        skiBytes - The SKI info bytes
        Returns:
        alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException
      • getDefaultX509Alias

        java.lang.String getDefaultX509Alias()
        Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.
        Returns:
        alias name of the default X509 certificate.
      • getSKIBytesFromCert

        byte[] getSKIBytesFromCert​(java.security.cert.X509Certificate cert)
                            throws WSSecurityException
        Reads the SubjectKeyIdentifier information from the certificate.

        Parameters:
        cert - The certificate to read SKI
        Returns:
        The byte array conating the binary SKI data
        Throws:
        WSSecurityException
      • getAliasForX509CertThumb

        java.lang.String getAliasForX509CertThumb​(byte[] thumb)
                                           throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given Thumbprint. The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.
        Parameters:
        thumb - The SHA1 thumbprint info bytes
        Returns:
        alias name of the certificate that matches the thumbprint or null if no such certificate was found.
        Throws:
        WSSecurityException - if problems during keystore handling or wrong certificate
      • getKeyStore

        java.security.KeyStore getKeyStore()
        Gets the Keystore that was loaded by the underlying implementation
        Returns:
        the Keystore
      • getCertificateFactory

        java.security.cert.CertificateFactory getCertificateFactory()
                                                             throws WSSecurityException
        Gets the CertificateFactory instantiated by the underlying implementation
        Returns:
        the CertificateFactory
        Throws:
        WSSecurityException
      • validateCertPath

        boolean validateCertPath​(java.security.cert.X509Certificate[] certs)
                          throws WSSecurityException
        Uses the CertPath API to validate a given certificate chain

        Parameters:
        certs - Certificate chain to validate
        Returns:
        true if the certificate chain is valid, false otherwise
        Throws:
        WSSecurityException
      • getAliasesForDN

        java.lang.String[] getAliasesForDN​(java.lang.String subjectDN)
                                    throws WSSecurityException
        Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

        Parameters:
        subjectDN - The DN of subject to look for in the keystore
        Returns:
        Vector with all alias of certificates with the same DN as given in the parameters
        Throws:
        WSSecurityException