org.apache.ws.security.components.crypto
Class Merlin

java.lang.Object
  extended by org.apache.ws.security.components.crypto.CryptoBase
      extended by org.apache.ws.security.components.crypto.Merlin
All Implemented Interfaces:
Crypto
Direct Known Subclasses:
MerlinDevice

public class Merlin
extends CryptoBase

A Crypto implementation based on two Java KeyStore objects, one being the keystore, and one being the truststore.


Field Summary
protected static CertificateFactory certFact
           
protected  CertStore crlCertStore
           
static String CRYPTO_CERT_PROVIDER
           
static String CRYPTO_KEYSTORE_PROVIDER
           
protected  KeyStore keystore
           
static String KEYSTORE_ALIAS
           
static String KEYSTORE_FILE
           
static String KEYSTORE_PASSWORD
           
static String KEYSTORE_PRIVATE_PASSWORD
           
static String KEYSTORE_TYPE
           
static String LOAD_CA_CERTS
           
protected  boolean loadCACerts
           
static String OLD_KEYSTORE_FILE
           
protected  boolean privatePasswordSet
           
protected  Properties properties
           
protected  KeyStore truststore
           
static String TRUSTSTORE_FILE
           
static String TRUSTSTORE_PASSWORD
           
static String TRUSTSTORE_TYPE
           
static String X509_CRL_FILE
           
 
Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase
certFactMap, cryptoProvider, defaultAlias, NAME_CONSTRAINTS_OID, SKI_OID
 
Constructor Summary
Merlin()
           
Merlin(Properties properties)
           
Merlin(Properties properties, ClassLoader loader)
           
 
Method Summary
 CertificateFactory getCertificateFactory()
          Singleton certificate factory for this Crypto instance.
 CertStore getCRLCertStore()
          Get the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.
 String getDefaultX509Identifier()
          Retrieves the identifier name of the default certificate.
 KeyStore getKeyStore()
          Gets the Keystore that was loaded
 PrivateKey getPrivateKey(String identifier, String password)
          Gets the private key corresponding to the identifier.
 PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)
          Gets the private key corresponding to the certificate.
 KeyStore getTrustStore()
          Gets the trust store that was loaded by the underlying implementation
 X509Certificate[] getX509Certificates(CryptoType cryptoType)
          Get an X509Certificate (chain) corresponding to the CryptoType argument.
 String getX509Identifier(X509Certificate cert)
          Get the implementation-specific identifier corresponding to the cert parameter.
 KeyStore load(InputStream input, String storepass, String provider, String type)
          Loads the keystore from an InputStream .
static InputStream loadInputStream(ClassLoader loader, String location)
          Load a KeyStore object as an InputStream, using the ClassLoader and location arguments
 void loadProperties(Properties properties)
           
 void loadProperties(Properties properties, ClassLoader loader)
           
 void setCRLCertStore(CertStore crlCertStore)
          Set the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.
 void setKeyStore(KeyStore keyStore)
          Set the Keystore on this Crypto instance
 void setTrustStore(KeyStore trustStore)
          Set the trust store on this Crypto instance
 boolean verifyTrust(PublicKey publicKey)
          Evaluate whether a given public key should be trusted.
 boolean verifyTrust(X509Certificate[] certs)
          Deprecated. 
 boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation)
          Evaluate whether a given certificate chain should be trusted.
 
Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getSKIBytesFromCert, loadCertificate, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OLD_KEYSTORE_FILE

public static final String OLD_KEYSTORE_FILE
See Also:
Constant Field Values

CRYPTO_KEYSTORE_PROVIDER

public static final String CRYPTO_KEYSTORE_PROVIDER
See Also:
Constant Field Values

CRYPTO_CERT_PROVIDER

public static final String CRYPTO_CERT_PROVIDER
See Also:
Constant Field Values

KEYSTORE_FILE

public static final String KEYSTORE_FILE
See Also:
Constant Field Values

KEYSTORE_PASSWORD

public static final String KEYSTORE_PASSWORD
See Also:
Constant Field Values

KEYSTORE_TYPE

public static final String KEYSTORE_TYPE
See Also:
Constant Field Values

KEYSTORE_ALIAS

public static final String KEYSTORE_ALIAS
See Also:
Constant Field Values

KEYSTORE_PRIVATE_PASSWORD

public static final String KEYSTORE_PRIVATE_PASSWORD
See Also:
Constant Field Values

LOAD_CA_CERTS

public static final String LOAD_CA_CERTS
See Also:
Constant Field Values

TRUSTSTORE_FILE

public static final String TRUSTSTORE_FILE
See Also:
Constant Field Values

TRUSTSTORE_PASSWORD

public static final String TRUSTSTORE_PASSWORD
See Also:
Constant Field Values

TRUSTSTORE_TYPE

public static final String TRUSTSTORE_TYPE
See Also:
Constant Field Values

X509_CRL_FILE

public static final String X509_CRL_FILE
See Also:
Constant Field Values

certFact

protected static CertificateFactory certFact

properties

protected Properties properties

keystore

protected KeyStore keystore

truststore

protected KeyStore truststore

crlCertStore

protected CertStore crlCertStore

loadCACerts

protected boolean loadCACerts

privatePasswordSet

protected boolean privatePasswordSet
Constructor Detail

Merlin

public Merlin()

Merlin

public Merlin(Properties properties)
       throws CredentialException,
              IOException
Throws:
CredentialException
IOException

Merlin

public Merlin(Properties properties,
              ClassLoader loader)
       throws CredentialException,
              IOException
Throws:
CredentialException
IOException
Method Detail

loadProperties

public void loadProperties(Properties properties)
                    throws CredentialException,
                           IOException
Throws:
CredentialException
IOException

loadProperties

public void loadProperties(Properties properties,
                           ClassLoader loader)
                    throws CredentialException,
                           IOException
Throws:
CredentialException
IOException

loadInputStream

public static InputStream loadInputStream(ClassLoader loader,
                                          String location)
                                   throws CredentialException,
                                          IOException
Load a KeyStore object as an InputStream, using the ClassLoader and location arguments

Throws:
CredentialException
IOException

load

public KeyStore load(InputStream input,
                     String storepass,
                     String provider,
                     String type)
              throws CredentialException
Loads the keystore from an InputStream .

Parameters:
input - InputStream to read from
Throws:
CredentialException

getKeyStore

public KeyStore getKeyStore()
Gets the Keystore that was loaded

Returns:
the Keystore

setKeyStore

public void setKeyStore(KeyStore keyStore)
Set the Keystore on this Crypto instance

Parameters:
keyStore - the Keystore to set

getTrustStore

public KeyStore getTrustStore()
Gets the trust store that was loaded by the underlying implementation

Returns:
the trust store

setTrustStore

public void setTrustStore(KeyStore trustStore)
Set the trust store on this Crypto instance

Parameters:
trustStore - the trust store to set

setCRLCertStore

public void setCRLCertStore(CertStore crlCertStore)
Set the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

Parameters:
crlCertStore - the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

getCRLCertStore

public CertStore getCRLCertStore()
Get the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

Returns:
the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

getCertificateFactory

public CertificateFactory getCertificateFactory()
                                         throws WSSecurityException
Singleton certificate factory for this Crypto instance.

Specified by:
getCertificateFactory in interface Crypto
Overrides:
getCertificateFactory in class CryptoBase
Returns:
Returns a CertificateFactory to construct X509 certificates
Throws:
WSSecurityException

getDefaultX509Identifier

public String getDefaultX509Identifier()
                                throws WSSecurityException
Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Specified by:
getDefaultX509Identifier in interface Crypto
Overrides:
getDefaultX509Identifier in class CryptoBase
Returns:
name of the default X509 certificate.
Throws:
WSSecurityException

getX509Certificates

public X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                      throws WSSecurityException
Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias, which for this implementation means an alias of the keystore or truststore.

Throws:
WSSecurityException

getX509Identifier

public String getX509Identifier(X509Certificate cert)
                         throws WSSecurityException
Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier corresponds to a KeyStore alias.

Parameters:
cert - The X509Certificate for which to search for an identifier
Returns:
the identifier corresponding to the cert parameter
Throws:
WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(X509Certificate certificate,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
Gets the private key corresponding to the certificate.

Parameters:
certificate - The X509Certificate corresponding to the private key
callbackHandler - The callbackHandler needed to get the password
Returns:
The private key
Throws:
WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(String identifier,
                                String password)
                         throws WSSecurityException
Gets the private key corresponding to the identifier.

Parameters:
identifier - The implementation-specific identifier corresponding to the key
password - The password needed to get the key
Returns:
The private key
Throws:
WSSecurityException

verifyTrust

@Deprecated
public boolean verifyTrust(X509Certificate[] certs)
                    throws WSSecurityException
Deprecated. 

Evaluate whether a given certificate chain should be trusted. Uses the CertPath API to validate a given certificate chain.

Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(X509Certificate[] certs,
                           boolean enableRevocation)
                    throws WSSecurityException
Evaluate whether a given certificate chain should be trusted. Uses the CertPath API to validate a given certificate chain.

Parameters:
certs - Certificate chain to validate
enableRevocation - whether to enable CRL verification or not
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(PublicKey publicKey)
                    throws WSSecurityException
Evaluate whether a given public key should be trusted.

Parameters:
publicKey - The PublicKey to be evaluated
Returns:
whether the PublicKey parameter is trusted or not
Throws:
WSSecurityException


Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.