org.apache.ws.security.components.crypto
Interface Crypto

All Known Implementing Classes:
CertificateStore, CryptoBase, Merlin, MerlinDevice

public interface Crypto


Method Summary
 byte[] getBytesFromCertificates(X509Certificate[] certs)
          Get a byte array given an array of X509 certificates.
 CertificateFactory getCertificateFactory()
          Get the CertificateFactory instance on this Crypto instance
 X509Certificate[] getCertificatesFromBytes(byte[] data)
          Construct an array of X509Certificate's from the byte array.
 String getCryptoProvider()
          Get the crypto provider associated with this implementation
 String getDefaultX509Identifier()
          Retrieves the identifier name of the default certificate.
 PrivateKey getPrivateKey(String identifier, String password)
          Gets the private key corresponding to the identifier.
 PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)
          Gets the private key corresponding to the certificate.
 byte[] getSKIBytesFromCert(X509Certificate cert)
          Reads the SubjectKeyIdentifier information from the certificate.
 X509Certificate[] getX509Certificates(CryptoType cryptoType)
          Get an X509Certificate (chain) corresponding to the CryptoType argument.
 String getX509Identifier(X509Certificate cert)
          Get the implementation-specific identifier corresponding to the cert parameter, e.g.
 X509Certificate loadCertificate(InputStream in)
          Load a X509Certificate from the input stream.
 void setCertificateFactory(String provider, CertificateFactory certFactory)
          Sets the CertificateFactory instance on this Crypto instance
 void setCryptoProvider(String provider)
          Set the crypto provider associated with this implementation
 void setDefaultX509Identifier(String identifier)
          Sets the identifier name of the default certificate.
 boolean verifyTrust(PublicKey publicKey)
          Evaluate whether a given public key should be trusted.
 boolean verifyTrust(X509Certificate[] certs)
          Deprecated. 
 boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation)
          Evaluate whether a given certificate chain should be trusted.
 

Method Detail

getCryptoProvider

String getCryptoProvider()
Get the crypto provider associated with this implementation

Returns:
the crypto provider

setCryptoProvider

void setCryptoProvider(String provider)
Set the crypto provider associated with this implementation

Parameters:
provider - the crypto provider to set

getDefaultX509Identifier

String getDefaultX509Identifier()
                                throws WSSecurityException
Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Returns:
name of the default X509 certificate.
Throws:
WSSecurityException

setDefaultX509Identifier

void setDefaultX509Identifier(String identifier)
Sets the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Parameters:
identifier - name of the default X509 certificate.

setCertificateFactory

void setCertificateFactory(String provider,
                           CertificateFactory certFactory)
Sets the CertificateFactory instance on this Crypto instance

Parameters:
provider - the CertificateFactory provider name
certFactory - the CertificateFactory the CertificateFactory instance to set

getCertificateFactory

CertificateFactory getCertificateFactory()
                                         throws WSSecurityException
Get the CertificateFactory instance on this Crypto instance

Returns:
Returns a CertificateFactory to construct X509 certificates
Throws:
WSSecurityException

loadCertificate

X509Certificate loadCertificate(InputStream in)
                                throws WSSecurityException
Load a X509Certificate from the input stream.

Parameters:
in - The InputStream containing the X509 data
Returns:
An X509 certificate
Throws:
WSSecurityException

getSKIBytesFromCert

byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws WSSecurityException
Reads the SubjectKeyIdentifier information from the certificate.

If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

Parameters:
cert - The certificate to read SKI
Returns:
The byte array containing the binary SKI data
Throws:
WSSecurityException

getBytesFromCertificates

byte[] getBytesFromCertificates(X509Certificate[] certs)
                                throws WSSecurityException
Get a byte array given an array of X509 certificates.

Parameters:
certs - The certificates to convert
Returns:
The byte array for the certificates
Throws:
WSSecurityException

getCertificatesFromBytes

X509Certificate[] getCertificatesFromBytes(byte[] data)
                                           throws WSSecurityException
Construct an array of X509Certificate's from the byte array.

Parameters:
data - The byte array containing the X509 data
Returns:
An array of X509 certificates
Throws:
WSSecurityException

getX509Certificates

X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                      throws WSSecurityException
Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation specific, for example - it could be a java KeyStore alias.

Throws:
WSSecurityException

getX509Identifier

String getX509Identifier(X509Certificate cert)
                         throws WSSecurityException
Get the implementation-specific identifier corresponding to the cert parameter, e.g. the identifier could be a KeyStore alias.

Parameters:
cert - The X509Certificate for which to search for an identifier
Returns:
the identifier corresponding to the cert parameter
Throws:
WSSecurityException

getPrivateKey

PrivateKey getPrivateKey(X509Certificate certificate,
                         CallbackHandler callbackHandler)
                         throws WSSecurityException
Gets the private key corresponding to the certificate.

Parameters:
certificate - The X509Certificate corresponding to the private key
callbackHandler - The callbackHandler needed to get the password
Returns:
The private key
Throws:
WSSecurityException

getPrivateKey

PrivateKey getPrivateKey(String identifier,
                         String password)
                         throws WSSecurityException
Gets the private key corresponding to the identifier.

Parameters:
identifier - The implementation-specific identifier corresponding to the key
password - The password needed to get the key
Returns:
The private key
Throws:
WSSecurityException

verifyTrust

@Deprecated
boolean verifyTrust(X509Certificate[] certs)
                    throws WSSecurityException
Deprecated. 

Evaluate whether a given certificate chain should be trusted.

Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

boolean verifyTrust(X509Certificate[] certs,
                    boolean enableRevocation)
                    throws WSSecurityException
Evaluate whether a given certificate chain should be trusted.

Parameters:
certs - Certificate chain to validate
enableRevocation - whether to enable CRL verification or not
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

boolean verifyTrust(PublicKey publicKey)
                    throws WSSecurityException
Evaluate whether a given public key should be trusted.

Parameters:
publicKey - The PublicKey to be evaluated
Returns:
whether the PublicKey parameter is trusted or not
Throws:
WSSecurityException


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.