Package org.apache.wss4j.common.crypto

Interface Crypto

All Known Implementing Classes:
CertificateStore, CryptoBase, Merlin, MerlinAKI, MerlinDevice
public interface Crypto

  • Method Details

    • getCryptoProvider

      String getCryptoProvider()
      Get the crypto provider associated with this implementation
      Returns:
      the crypto provider

    • setCryptoProvider

      void setCryptoProvider(String provider)
      Set the crypto provider associated with this implementation
      Parameters:
      provider - the crypto provider name to set

    • getTrustProvider

      String getTrustProvider()
      Get the crypto provider used for truststore operation associated with this implementation.
      Returns:
      a crypto provider name

    • setTrustProvider

      void setTrustProvider(String provider)
      Set the crypto provider used for truststore operations associated with this implementation
      Parameters:
      provider - the name of the provider

    • getDefaultX509Identifier

      String getDefaultX509Identifier() throws WSSecurityException
      Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.
      Returns:
      name of the default X509 certificate.
      Throws:
      WSSecurityException

    • setDefaultX509Identifier

      void setDefaultX509Identifier(String identifier)
      Sets the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
      Parameters:
      identifier - name of the default X509 certificate.

    • setCertificateFactory

      void setCertificateFactory(CertificateFactory certFactory)
      Sets the CertificateFactory instance on this Crypto instance
      Parameters:
      certFactory - the CertificateFactory the CertificateFactory instance to set

    • getCertificateFactory

      CertificateFactory getCertificateFactory() throws WSSecurityException
      Get the CertificateFactory instance on this Crypto instance
      Returns:
      Returns a CertificateFactory to construct X509 certificates
      Throws:
      WSSecurityException

    • loadCertificate

      X509Certificate loadCertificate(InputStream in) throws WSSecurityException
      Load a X509Certificate from the input stream.
      Parameters:
      in - The InputStream containing the X509 data
      Returns:
      An X509 certificate
      Throws:
      WSSecurityException

    • getSKIBytesFromCert

      byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException
      Reads the SubjectKeyIdentifier information from the certificate.

      If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

      Parameters:
      cert - The certificate to read SKI
      Returns:
      The byte array containing the binary SKI data
      Throws:
      WSSecurityException

    • getBytesFromCertificates

      byte[] getBytesFromCertificates(X509Certificate[] certs) throws WSSecurityException
      Get a byte array given an array of X509 certificates.

      Parameters:
      certs - The certificates to convert
      Returns:
      The byte array for the certificates
      Throws:
      WSSecurityException

    • getCertificatesFromBytes

      X509Certificate[] getCertificatesFromBytes(byte[] data) throws WSSecurityException
      Construct an array of X509Certificate's from the byte array.
      Parameters:
      data - The byte array containing the X509 data
      Returns:
      An array of X509 certificates
      Throws:
      WSSecurityException

    • getX509Certificates

      X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException
      Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation specific, for example - it could be a java KeyStore alias.
      Throws:
      WSSecurityException

    • getX509Identifier

      String getX509Identifier(X509Certificate cert) throws WSSecurityException
      Get the implementation-specific identifier corresponding to the cert parameter, e.g. the identifier could be a KeyStore alias.
      Parameters:
      cert - The X509Certificate for which to search for an identifier
      Returns:
      the identifier corresponding to the cert parameter
      Throws:
      WSSecurityException

    • getPrivateKey

      PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) throws WSSecurityException
      Gets the private key corresponding to the certificate.
      Parameters:
      certificate - The X509Certificate corresponding to the private key
      callbackHandler - The callbackHandler needed to get the password
      Returns:
      The private key
      Throws:
      WSSecurityException

    • getPrivateKey

      PrivateKey getPrivateKey(PublicKey publicKey, CallbackHandler callbackHandler) throws WSSecurityException
      Gets the private key corresponding to the given PublicKey.
      Parameters:
      publicKey - The PublicKey corresponding to the private key
      callbackHandler - The callbackHandler needed to get the password
      Returns:
      The private key
      Throws:
      WSSecurityException

    • getPrivateKey

      PrivateKey getPrivateKey(String identifier, String password) throws WSSecurityException
      Gets the private key corresponding to the identifier.
      Parameters:
      identifier - The implementation-specific identifier corresponding to the key
      password - The password needed to get the key
      Returns:
      The private key
      Throws:
      WSSecurityException

    • verifyTrust

      void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints, Collection<Pattern> issuerCertConstraints) throws WSSecurityException
      Evaluate whether a given certificate chain should be trusted.
      Parameters:
      certs - Certificate chain to validate
      enableRevocation - whether to enable CRL verification or not
      subjectCertConstraints - A set of constraints on the Subject DN of the certificates
      issuerCertConstraints - A set of constraints on the Issuer DN of the certificates
      Throws:
      WSSecurityException - if the certificate chain is invalid

    • verifyTrust

      void verifyTrust(PublicKey publicKey) throws WSSecurityException
      Evaluate whether a given public key should be trusted.
      Parameters:
      publicKey - The PublicKey to be evaluated
      Throws:
      WSSecurityException - if the PublicKey is invalid