Interface Crypto
- All Known Implementing Classes:
AbstractCrypto
,BouncyCastle
,Merlin
public interface Crypto
Crypto.
- Author:
- Davanum Srinivas (dims@yahoo.com).
-
Method Summary
Modifier and TypeMethodDescriptionString[]
getAliasesForDN
(String subjectDN) Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificategetAliasForX509Cert
(byte[] skiBytes) Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.getAliasForX509Cert
(String issuer) Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.getAliasForX509Cert
(String issuer, BigInteger serialNumber) Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.Return a X509 Certificate alias in the keystore according to a given CertificategetAliasForX509CertThumb
(byte[] thumb) Lookup a X509 Certificate in the keystore according to a given Thumbprint.byte[]
getCertificateData
(boolean reverse, X509Certificate[] certs) get a byte array given an array of X509 certificates.Gets the CertificateFactory instantiated by the underlying implementationgetCertificates
(String alias) get the list of certificates for a given alias.Retrieves the alias name of the default certificate which has been specified as a property.Gets the Keystore that was loaded by the underlying implementationgetPrivateKey
(String alias, String password) Gets the private key identified byaliasinvalid input: '<'/> and
password
.byte[]
Reads the SubjectKeyIdentifier information from the certificate.getX509Certificates
(byte[] data, boolean reverse) Construct an array of X509Certificate's from the byte array.load a X509Certificate from the input stream.boolean
validateCertPath
(X509Certificate[] certs) Uses the CertPath API to validate a given certificate chain
-
Method Details
-
loadCertificate
load a X509Certificate from the input stream.- Parameters:
in
- TheInputStream
array containg the X509 data- Returns:
- An X509 certificate
- Throws:
WSSecurityException
-
getX509Certificates
Construct an array of X509Certificate's from the byte array.- Parameters:
data
- Thebyte
array containg the X509 datareverse
- If set the first certificate in input data will the last in the array- Returns:
- An array of X509 certificates, ordered according to the reverse flag
- Throws:
WSSecurityException
-
getCertificateData
get a byte array given an array of X509 certificates.- Parameters:
reverse
- If set the first certificate in the array data will the last in the byte arraycerts
- The certificates to convert- Returns:
- The byte array for the certficates ordered according to the reverse flag
- Throws:
WSSecurityException
-
getPrivateKey
Gets the private key identified byaliasinvalid input: '<'/> and
password
.- Parameters:
alias
- The alias (KeyStore
) of the key ownerpassword
- The password needed to access the private key- Returns:
- The private key
- Throws:
Exception
-
getCertificates
get the list of certificates for a given alias. This method reads a new certificate chain and overwrites a previously stored certificate chain.- Parameters:
alias
- Lookup certificate chain for this alias- Returns:
- Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
- Throws:
WSSecurityException
-
getAliasForX509Cert
Return a X509 Certificate alias in the keystore according to a given Certificate- Parameters:
cert
- The certificate to lookup- Returns:
- alias name of the certificate that matches the given certificate or null if no such certificate was found. See comment above See comment above
- Throws:
WSSecurityException
-
getAliasForX509Cert
Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate. The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.- Parameters:
issuer
- The issuer's name for the certificate- Returns:
- alias name of the certificate that matches the issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
-
getAliasForX509Cert
Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate. The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.- Parameters:
issuer
- The issuer's name for the certificateserialNumber
- The serial number of the certificate from the named issuer- Returns:
- alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
-
getAliasForX509Cert
Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier. The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.- Parameters:
skiBytes
- The SKI info bytes- Returns:
- alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
-
getDefaultX509Alias
String getDefaultX509Alias()Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.- Returns:
- alias name of the default X509 certificate.
-
getSKIBytesFromCert
Reads the SubjectKeyIdentifier information from the certificate.- Parameters:
cert
- The certificate to read SKI- Returns:
- The byte array conating the binary SKI data
- Throws:
WSSecurityException
-
getAliasForX509CertThumb
Lookup a X509 Certificate in the keystore according to a given Thumbprint. The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.- Parameters:
thumb
- The SHA1 thumbprint info bytes- Returns:
- alias name of the certificate that matches the thumbprint or null if no such certificate was found.
- Throws:
WSSecurityException
- if problems during keystore handling or wrong certificate
-
getKeyStore
KeyStore getKeyStore()Gets the Keystore that was loaded by the underlying implementation- Returns:
- the Keystore
-
getCertificateFactory
Gets the CertificateFactory instantiated by the underlying implementation- Returns:
- the CertificateFactory
- Throws:
WSSecurityException
-
validateCertPath
Uses the CertPath API to validate a given certificate chain- Parameters:
certs
- Certificate chain to validate- Returns:
- true if the certificate chain is valid, false otherwise
- Throws:
WSSecurityException
-
getAliasesForDN
Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate- Parameters:
subjectDN
- The DN of subject to look for in the keystore- Returns:
- Vector with all alias of certificates with the same DN as given in the parameters
- Throws:
WSSecurityException
-