Package org.apache.wss4j.common.crypto
Class CertificateStore
java.lang.Object
org.apache.wss4j.common.crypto.CryptoBase
org.apache.wss4j.common.crypto.CertificateStore
- All Implemented Interfaces:
Crypto
A Crypto implementation based on a simple array of X509Certificate(s). PrivateKeys are not
supported, so this cannot be used for signature creation, or decryption.
-
Field Summary
Fields inherited from class org.apache.wss4j.common.crypto.CryptoBase
certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiongetPrivateKey(String identifier, String password) Gets the private key corresponding to the identifier.getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) Gets the private key corresponding to the certificate.getPrivateKey(PublicKey publicKey, CallbackHandler callbackHandler) Gets the private key corresponding to the given PublicKey.getX509Certificates(CryptoType cryptoType) Get an X509Certificate (chain) corresponding to the CryptoType argument.Get the implementation-specific identifier corresponding to the cert parameter.protected voidverifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) Evaluate whether a given certificate chain should be trusted.voidverifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints, Collection<Pattern> issuerCertConstraints) Evaluate whether a given certificate chain should be trusted.voidverifyTrust(PublicKey publicKey) Evaluate whether a given public key should be trusted.Methods inherited from class org.apache.wss4j.common.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificateFactory, getCertificatesFromBytes, getCryptoProvider, getDefaultX509Identifier, getNameConstraints, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesIssuerDnPattern, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider
-
Constructor Details
-
CertificateStore
Constructor
-
-
Method Details
-
getX509Certificates
Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert Note that TYPE.ALIAS is not allowed, as it doesn't have any meaning with a CertificateStore- Throws:
WSSecurityException
-
getX509Identifier
Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier refers to the subject DN.- Parameters:
cert- The X509Certificate for which to search for an identifier- Returns:
- the identifier corresponding to the cert parameter
- Throws:
WSSecurityException
-
getPrivateKey
public PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) throws WSSecurityException Gets the private key corresponding to the certificate. Not supported.- Parameters:
certificate- The X509Certificate corresponding to the private keycallbackHandler- The callbackHandler needed to get the password- Returns:
- The private key
- Throws:
WSSecurityException
-
getPrivateKey
public PrivateKey getPrivateKey(PublicKey publicKey, CallbackHandler callbackHandler) throws WSSecurityException Gets the private key corresponding to the given PublicKey.- Parameters:
publicKey- The PublicKey corresponding to the private keycallbackHandler- The callbackHandler needed to get the password- Returns:
- The private key
- Throws:
WSSecurityException
-
getPrivateKey
Gets the private key corresponding to the identifier. Not supported.- Parameters:
identifier- The implementation-specific identifier corresponding to the keypassword- The password needed to get the key- Returns:
- The private key
- Throws:
WSSecurityException
-
verifyTrust
protected void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) throws WSSecurityException Evaluate whether a given certificate chain should be trusted.- Parameters:
certs- Certificate chain to validateenableRevocation- whether to enable CRL verification or notsubjectCertConstraints- A set of constraints on the Subject DN of the certificates- Throws:
WSSecurityException- if the certificate chain is invalid
-
verifyTrust
public void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints, Collection<Pattern> issuerCertConstraints) throws WSSecurityException Description copied from interface:CryptoEvaluate whether a given certificate chain should be trusted.- Parameters:
certs- Certificate chain to validateenableRevocation- whether to enable CRL verification or notsubjectCertConstraints- A set of constraints on the Subject DN of the certificatesissuerCertConstraints- A set of constraints on the Issuer DN of the certificates- Throws:
WSSecurityException- if the certificate chain is invalid
-
verifyTrust
Evaluate whether a given public key should be trusted.- Parameters:
publicKey- The PublicKey to be evaluated- Throws:
WSSecurityException- if the PublicKey is invalid
-