org.apache.ws.security.components.crypto
Class CryptoBase

java.lang.Object
  extended by org.apache.ws.security.components.crypto.CryptoBase
All Implemented Interfaces:
Crypto
Direct Known Subclasses:
CertificateStore, Merlin

public abstract class CryptoBase
extends Object
implements Crypto

This Abstract Base Class implements the accessor and keystore-independent methods and functionality of the Crypto interface.


Field Summary
protected  Map<String,CertificateFactory> certFactMap
           
protected  String cryptoProvider
           
protected  String defaultAlias
           
static String NAME_CONSTRAINTS_OID
          OID For the NameConstraints Extension to X.509 http://java.sun.com/j2se/1.4.2/docs/api/ http://www.ietf.org/rfc/rfc3280.txt (s.
static String SKI_OID
           
 
Constructor Summary
protected CryptoBase()
          Constructor
 
Method Summary
protected  Object createBCX509Name(String s)
           
 byte[] getBytesFromCertificates(X509Certificate[] certs)
          Get a byte array given an array of X509 certificates.
 CertificateFactory getCertificateFactory()
          Get the CertificateFactory instance on this Crypto instance
 X509Certificate[] getCertificatesFromBytes(byte[] data)
          Construct an array of X509Certificate's from the byte array.
 String getCryptoProvider()
          Get the crypto provider associated with this implementation
 String getDefaultX509Identifier()
          Retrieves the identifier name of the default certificate.
 byte[] getSKIBytesFromCert(X509Certificate cert)
          Reads the SubjectKeyIdentifier information from the certificate.
 X509Certificate loadCertificate(InputStream in)
          Load a X509Certificate from the input stream.
 void setCertificateFactory(String provider, CertificateFactory certFactory)
          Sets the CertificateFactory instance on this Crypto instance
 void setCryptoProvider(String provider)
          Set the crypto provider associated with this implementation
 void setDefaultX509Identifier(String identifier)
          Sets the identifier name of the default certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.ws.security.components.crypto.Crypto
getPrivateKey, getPrivateKey, getX509Certificates, getX509Identifier, verifyTrust, verifyTrust, verifyTrust
 

Field Detail

SKI_OID

public static final String SKI_OID
See Also:
Constant Field Values

NAME_CONSTRAINTS_OID

public static final String NAME_CONSTRAINTS_OID
OID For the NameConstraints Extension to X.509 http://java.sun.com/j2se/1.4.2/docs/api/ http://www.ietf.org/rfc/rfc3280.txt (s. 4.2.1.11)

See Also:
Constant Field Values

certFactMap

protected Map<String,CertificateFactory> certFactMap

defaultAlias

protected String defaultAlias

cryptoProvider

protected String cryptoProvider
Constructor Detail

CryptoBase

protected CryptoBase()
Constructor

Method Detail

getCryptoProvider

public String getCryptoProvider()
Get the crypto provider associated with this implementation

Specified by:
getCryptoProvider in interface Crypto
Returns:
the crypto provider

setCryptoProvider

public void setCryptoProvider(String provider)
Set the crypto provider associated with this implementation

Specified by:
setCryptoProvider in interface Crypto
Parameters:
provider - the crypto provider to set

getDefaultX509Identifier

public String getDefaultX509Identifier()
                                throws WSSecurityException
Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Specified by:
getDefaultX509Identifier in interface Crypto
Returns:
name of the default X509 certificate.
Throws:
WSSecurityException

setDefaultX509Identifier

public void setDefaultX509Identifier(String identifier)
Sets the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Specified by:
setDefaultX509Identifier in interface Crypto
Parameters:
identifier - name of the default X509 certificate.

setCertificateFactory

public void setCertificateFactory(String provider,
                                  CertificateFactory certFactory)
Sets the CertificateFactory instance on this Crypto instance

Specified by:
setCertificateFactory in interface Crypto
Parameters:
provider - the CertificateFactory provider name
certFactory - the CertificateFactory the CertificateFactory instance to set

getCertificateFactory

public CertificateFactory getCertificateFactory()
                                         throws WSSecurityException
Get the CertificateFactory instance on this Crypto instance

Specified by:
getCertificateFactory in interface Crypto
Returns:
Returns a CertificateFactory to construct X509 certificates
Throws:
WSSecurityException

loadCertificate

public X509Certificate loadCertificate(InputStream in)
                                throws WSSecurityException
Load a X509Certificate from the input stream.

Specified by:
loadCertificate in interface Crypto
Parameters:
in - The InputStream containing the X509Certificate
Returns:
An X509 certificate
Throws:
WSSecurityException

getSKIBytesFromCert

public byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws WSSecurityException
Reads the SubjectKeyIdentifier information from the certificate.

If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

Specified by:
getSKIBytesFromCert in interface Crypto
Parameters:
cert - The certificate to read SKI
Returns:
The byte array containing the binary SKI data
Throws:
WSSecurityException

getBytesFromCertificates

public byte[] getBytesFromCertificates(X509Certificate[] certs)
                                throws WSSecurityException
Get a byte array given an array of X509 certificates.

Specified by:
getBytesFromCertificates in interface Crypto
Parameters:
certs - The certificates to convert
Returns:
The byte array for the certificates
Throws:
WSSecurityException

getCertificatesFromBytes

public X509Certificate[] getCertificatesFromBytes(byte[] data)
                                           throws WSSecurityException
Construct an array of X509Certificate's from the byte array.

Specified by:
getCertificatesFromBytes in interface Crypto
Parameters:
data - The byte array containing the X509 data
Returns:
An array of X509 certificates
Throws:
WSSecurityException

createBCX509Name

protected Object createBCX509Name(String s)


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.