Class AbstractCrypto
java.lang.Object
org.apache.ws.security.components.crypto.AbstractCrypto
- All Implemented Interfaces:
Crypto
- Direct Known Subclasses:
BouncyCastle
,Merlin
Created by IntelliJ IDEA.
User: dims
Date: Sep 15, 2005
Time: 9:50:40 AM
To change this template use File | Settings | File Templates.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static CertificateFactory
protected KeyStore
protected Properties
-
Constructor Summary
ConstructorsConstructorDescriptionAbstractCrypto
(Properties properties) ConstructorAbstractCrypto
(Properties properties, ClassLoader loader) This allows providing a custom class loader to load the resources, etc -
Method Summary
Modifier and TypeMethodDescriptionString[]
getAliasesForDN
(String subjectDN) Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificategetAliasForX509Cert
(byte[] skiBytes) Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.getAliasForX509Cert
(String issuer) Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.getAliasForX509Cert
(String issuer, BigInteger serialNumber) Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.Return a X509 Certificate alias in the keystore according to a given CertificategetAliasForX509CertThumb
(byte[] thumb) Lookup a X509 Certificate in the keystore according to a given Thumbprint.Singleton certificate factory for this Crypto instance.getCertificates
(String alias) Gets the list of certificates for a given alias.Retrieves the alias name of the default certificate which has been specified as a property.Gets the Keystore that was loaded by the underlying implementationgetPrivateKey
(String alias, String password) Gets the private key identified byaliasinvalid input: '<'/> and
password
.byte[]
Reads the SubjectKeyIdentifier information from the certificate.void
load
(InputStream input) Loads the the keystore from anInputStream
.load a X509Certificate from the input stream.void
setKeyStore
(KeyStore ks) A Hook for subclasses to set the keystore without having to load it from anInputStream
.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apache.ws.security.components.crypto.Crypto
getCertificateData, getX509Certificates, validateCertPath
-
Field Details
-
certFact
-
properties
-
keystore
-
-
Constructor Details
-
AbstractCrypto
Constructor- Parameters:
properties
-- Throws:
CredentialException
IOException
-
AbstractCrypto
public AbstractCrypto(Properties properties, ClassLoader loader) throws CredentialException, IOException This allows providing a custom class loader to load the resources, etc- Parameters:
properties
-loader
-- Throws:
CredentialException
IOException
-
-
Method Details
-
getCertificateFactory
Singleton certificate factory for this Crypto instance.- Specified by:
getCertificateFactory
in interfaceCrypto
- Returns:
- Returns a
CertificateFactory
to construct X509 certficates - Throws:
WSSecurityException
-
loadCertificate
load a X509Certificate from the input stream.- Specified by:
loadCertificate
in interfaceCrypto
- Parameters:
in
- TheInputStream
array containg the X509 data- Returns:
- Returns a X509 certificate
- Throws:
WSSecurityException
-
getPrivateKey
Gets the private key identified byaliasinvalid input: '<'/> and
password
.- Specified by:
getPrivateKey
in interfaceCrypto
- Parameters:
alias
- The alias (KeyStore
) of the key ownerpassword
- The password needed to access the private key- Returns:
- The private key
- Throws:
Exception
-
getAliasForX509Cert
Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate. The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.- Specified by:
getAliasForX509Cert
in interfaceCrypto
- Parameters:
issuer
- The issuer's name for the certificate- Returns:
- alias name of the certificate that matches the issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
-
getAliasForX509Cert
public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate. The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.- Specified by:
getAliasForX509Cert
in interfaceCrypto
- Parameters:
issuer
- The issuer's name for the certificateserialNumber
- The serial number of the certificate from the named issuer- Returns:
- alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
-
getAliasForX509Cert
Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier. The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.- Specified by:
getAliasForX509Cert
in interfaceCrypto
- Parameters:
skiBytes
- The SKI info bytes- Returns:
- alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
- Throws:
WSSecurityException
- if problems during keystore handling or wrong certificate (no SKI data)
-
getAliasForX509Cert
Return a X509 Certificate alias in the keystore according to a given Certificate- Specified by:
getAliasForX509Cert
in interfaceCrypto
- Parameters:
cert
- The certificate to lookup- Returns:
- alias name of the certificate that matches the given certificate or null if no such certificate was found.
- Throws:
WSSecurityException
-
getDefaultX509Alias
Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.- Specified by:
getDefaultX509Alias
in interfaceCrypto
- Returns:
- alias name of the default X509 certificate
-
getCertificates
Gets the list of certificates for a given alias.- Specified by:
getCertificates
in interfaceCrypto
- Parameters:
alias
- Lookup certificate chain for this alias- Returns:
- Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
- Throws:
WSSecurityException
-
getAliasForX509CertThumb
Lookup a X509 Certificate in the keystore according to a given Thumbprint. The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.- Specified by:
getAliasForX509CertThumb
in interfaceCrypto
- Parameters:
thumb
- The SHA1 thumbprint info bytes- Returns:
- alias name of the certificate that matches the thumbprint or null if no such certificate was found.
- Throws:
WSSecurityException
- if problems during keystore handling or wrong certificate
-
setKeyStore
A Hook for subclasses to set the keystore without having to load it from anInputStream
.- Parameters:
ks
- existing keystore
-
load
Loads the the keystore from anInputStream
.- Parameters:
input
-InputStream
to read from- Throws:
CredentialException
-
getSKIBytesFromCert
Reads the SubjectKeyIdentifier information from the certificate. If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.- Specified by:
getSKIBytesFromCert
in interfaceCrypto
- Parameters:
cert
- The certificate to read SKI- Returns:
- The byte array conating the binary SKI data
- Throws:
WSSecurityException
-
getKeyStore
Description copied from interface:Crypto
Gets the Keystore that was loaded by the underlying implementation- Specified by:
getKeyStore
in interfaceCrypto
- Returns:
- the Keystore
-
getAliasesForDN
Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate The search gets all alias names of the keystore and gets the certificate (chain) for each alias. Then the DN of the certificate is compared with the parameters.- Specified by:
getAliasesForDN
in interfaceCrypto
- Parameters:
subjectDN
- The DN of subject to look for in the keystore- Returns:
- Vector with all alias of certificates with the same DN as given in the parameters
- Throws:
WSSecurityException
-