org.apache.ws.security.components.crypto
Class CertificateStore

java.lang.Object
  extended by org.apache.ws.security.components.crypto.CryptoBase
      extended by org.apache.ws.security.components.crypto.CertificateStore
All Implemented Interfaces:
Crypto

public class CertificateStore
extends CryptoBase

A Crypto implementation based on a simple array of X509Certificate(s). PrivateKeys are not supported, so this cannot be used for signature creation, or decryption.


Field Summary
protected  X509Certificate[] trustedCerts
           
 
Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase
certFactMap, cryptoProvider, defaultAlias, NAME_CONSTRAINTS_OID, SKI_OID
 
Constructor Summary
CertificateStore(X509Certificate[] trustedCerts)
          Constructor
 
Method Summary
 PrivateKey getPrivateKey(String identifier, String password)
          Gets the private key corresponding to the identifier.
 PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)
          Gets the private key corresponding to the certificate.
 X509Certificate[] getX509Certificates(CryptoType cryptoType)
          Get an X509Certificate (chain) corresponding to the CryptoType argument.
 String getX509Identifier(X509Certificate cert)
          Get the implementation-specific identifier corresponding to the cert parameter.
 boolean verifyTrust(PublicKey publicKey)
          Evaluate whether a given public key should be trusted.
 boolean verifyTrust(X509Certificate[] certs)
          Deprecated. 
 boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation)
          Evaluate whether a given certificate chain should be trusted.
 
Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificateFactory, getCertificatesFromBytes, getCryptoProvider, getDefaultX509Identifier, getSKIBytesFromCert, loadCertificate, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

trustedCerts

protected X509Certificate[] trustedCerts
Constructor Detail

CertificateStore

public CertificateStore(X509Certificate[] trustedCerts)
Constructor

Method Detail

getX509Certificates

public X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                      throws WSSecurityException
Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. In this case, it duplicates the TYPE.SUBJECT_DN functionality.

Throws:
WSSecurityException

getX509Identifier

public String getX509Identifier(X509Certificate cert)
                         throws WSSecurityException
Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier refers to the subject DN.

Parameters:
cert - The X509Certificate for which to search for an identifier
Returns:
the identifier corresponding to the cert parameter
Throws:
WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(X509Certificate certificate,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
Gets the private key corresponding to the certificate. Not supported.

Parameters:
certificate - The X509Certificate corresponding to the private key
callbackHandler - The callbackHandler needed to get the password
Returns:
The private key
Throws:
WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(String identifier,
                                String password)
                         throws WSSecurityException
Gets the private key corresponding to the identifier. Not supported.

Parameters:
identifier - The implementation-specific identifier corresponding to the key
password - The password needed to get the key
Returns:
The private key
Throws:
WSSecurityException

verifyTrust

@Deprecated
public boolean verifyTrust(X509Certificate[] certs)
                    throws WSSecurityException
Deprecated. 

Evaluate whether a given certificate chain should be trusted.

Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(X509Certificate[] certs,
                           boolean enableRevocation)
                    throws WSSecurityException
Evaluate whether a given certificate chain should be trusted.

Parameters:
certs - Certificate chain to validate
enableRevocation - whether to enable CRL verification or not
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(PublicKey publicKey)
                    throws WSSecurityException
Evaluate whether a given public key should be trusted.

Parameters:
publicKey - The PublicKey to be evaluated
Returns:
whether the PublicKey parameter is trusted or not
Throws:
WSSecurityException


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.