public abstract class CryptoBase extends Object implements Crypto
Modifier and Type | Field and Description |
---|---|
protected KeyStore |
cacerts |
protected static Map |
certFactMap |
protected KeyStore |
keystore |
Modifier | Constructor and Description |
---|---|
protected |
CryptoBase()
Constructor
|
Modifier and Type | Method and Description |
---|---|
protected static String |
createKeyStoreErrorMessage(KeyStore keystore) |
String[] |
getAliasesForDN(String subjectDN)
Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
The search gets all alias names of the keystore and gets the certificate (chain)
for each alias.
|
String |
getAliasForX509Cert(byte[] skiBytes)
Lookup a X509 Certificate in the keystore according to a given
SubjectKeyIdentifier.
|
String |
getAliasForX509Cert(Certificate cert)
Return a X509 Certificate alias in the keystore according to a given Certificate
|
String |
getAliasForX509Cert(String issuer)
Lookup a X509 Certificate in the keystore according to a given
the issuer of a Certificate.
|
String |
getAliasForX509Cert(String issuer,
BigInteger serialNumber)
Lookup a X509 Certificate in the keystore according to a given serial number and
the issuer of a Certificate.
|
String |
getAliasForX509CertThumb(byte[] thumb)
Lookup a X509 Certificate in the keystore according to a given
Thumbprint.
|
byte[] |
getCertificateData(boolean reverse,
X509Certificate[] certs)
get a byte array given an array of X509 certificates.
|
CertificateFactory |
getCertificateFactory()
Singleton certificate factory for this Crypto instance.
|
X509Certificate[] |
getCertificates(String alias)
Gets the list of certificates for a given alias.
|
protected abstract String |
getCryptoProvider() |
KeyStore |
getKeyStore()
Gets the Keystore that was loaded by the underlying implementation
|
PrivateKey |
getPrivateKey(String alias,
String password)
Gets the private key identified by
alias> and |
byte[] |
getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
X509Certificate[] |
getX509Certificates(byte[] data,
boolean reverse)
Construct an array of X509Certificate's from the byte array.
|
X509Certificate |
loadCertificate(InputStream in)
load a X509Certificate from the input stream.
|
void |
setKeyStore(KeyStore ks)
A Hook for subclasses to set the keystore without having to
load it from an
InputStream . |
protected Vector |
splitAndTrim(String inString) |
boolean |
validateCertPath(X509Certificate[] certs)
Overridden because there's a bug in the base class where they don't use
the provider variant for the certificate validator.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getDefaultX509Alias
protected static Map certFactMap
protected KeyStore keystore
protected KeyStore cacerts
protected abstract String getCryptoProvider()
public CertificateFactory getCertificateFactory() throws WSSecurityException
getCertificateFactory
in interface Crypto
CertificateFactory
to construct
X509 certificatesWSSecurityException
public X509Certificate loadCertificate(InputStream in) throws WSSecurityException
loadCertificate
in interface Crypto
in
- The InputStream
array containing the X509 dataWSSecurityException
public PrivateKey getPrivateKey(String alias, String password) throws Exception
alias> and password
.
getPrivateKey
in interface Crypto
alias
- The alias (KeyStore
) of the key ownerpassword
- The password needed to access the private keyException
protected static String createKeyStoreErrorMessage(KeyStore keystore) throws KeyStoreException
KeyStoreException
public String getAliasForX509Cert(String issuer) throws WSSecurityException
getAliasForX509Cert
in interface Crypto
issuer
- The issuer's name for the certificateWSSecurityException
public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException
getAliasForX509Cert
in interface Crypto
issuer
- The issuer's name for the certificateserialNumber
- The serial number of the certificate from the named issuerWSSecurityException
public String getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException
getAliasForX509Cert
in interface Crypto
skiBytes
- The SKI info bytesWSSecurityException
- if problems during keystore handling or wrong certificate (no SKI data)public String getAliasForX509Cert(Certificate cert) throws WSSecurityException
getAliasForX509Cert
in interface Crypto
cert
- The certificate to lookupWSSecurityException
public X509Certificate[] getCertificates(String alias) throws WSSecurityException
getCertificates
in interface Crypto
alias
- Lookup certificate chain for this aliasWSSecurityException
public String getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException
getAliasForX509CertThumb
in interface Crypto
thumb
- The SHA1 thumbprint info bytesWSSecurityException
- if problems during keystore handling or wrong certificatepublic void setKeyStore(KeyStore ks)
InputStream
.ks
- existing keystorepublic byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException
getSKIBytesFromCert
in interface Crypto
cert
- The certificate to read SKIWSSecurityException
public KeyStore getKeyStore()
Crypto
getKeyStore
in interface Crypto
public String[] getAliasesForDN(String subjectDN) throws WSSecurityException
getAliasesForDN
in interface Crypto
subjectDN
- The DN of subject to look for in the keystoreWSSecurityException
public byte[] getCertificateData(boolean reverse, X509Certificate[] certs) throws WSSecurityException
getCertificateData
in interface Crypto
reverse
- If set the first certificate in the array data will
the last in the byte arraycerts
- The certificates to convertWSSecurityException
public X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException
getX509Certificates
in interface Crypto
data
- The byte
array containing the X509 datareverse
- If set the first certificate in input data will
the last in the arrayWSSecurityException
public boolean validateCertPath(X509Certificate[] certs) throws WSSecurityException
validateCertPath
in interface Crypto
certs
- Certificate chain to validateWSSecurityException
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.