org.apache.ws.security.components.crypto
Class CertificateStore

java.lang.Object
  org.apache.ws.security.components.crypto.CryptoBase
      org.apache.ws.security.components.crypto.CertificateStore

All Implemented Interfaces:

Crypto

public class CertificateStore
extends CryptoBase

A Crypto implementation based on a simple array of X509Certificate(s). PrivateKeys are not supported, so this cannot be used for signature creation, or decryption.

Field Summary

protected java.security.cert.X509Certificate[]

trustedCerts

Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase

certFactMap, cryptoProvider, defaultAlias, NAME_CONSTRAINTS_OID, SKI_OID

Constructor Summary

CertificateStore(java.security.cert.X509Certificate[] trustedCerts)
Constructor

Method Summary

java.security.PrivateKey	getPrivateKey(java.lang.String identifier, java.lang.String password) Gets the private key corresponding to the identifier.
java.security.PrivateKey	getPrivateKey(java.security.cert.X509Certificate certificate, javax.security.auth.callback.CallbackHandler callbackHandler) Gets the private key corresponding to the certificate.
java.security.cert.X509Certificate[]	getX509Certificates(CryptoType cryptoType) Get an X509Certificate (chain) corresponding to the CryptoType argument.
java.lang.String	getX509Identifier(java.security.cert.X509Certificate cert) Get the implementation-specific identifier corresponding to the cert parameter.
boolean	verifyTrust(java.security.PublicKey publicKey) Evaluate whether a given public key should be trusted.
boolean	verifyTrust(java.security.cert.X509Certificate[] certs) Deprecated.
boolean	verifyTrust(java.security.cert.X509Certificate[] certs, boolean enableRevocation) Evaluate whether a given certificate chain should be trusted.

Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase

createBCX509Name, getBytesFromCertificates, getCertificateFactory, getCertificatesFromBytes, getCryptoProvider, getDefaultX509Identifier, getSKIBytesFromCert, loadCertificate, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

trustedCerts

protected java.security.cert.X509Certificate[] trustedCerts

Constructor Detail

CertificateStore

public CertificateStore(java.security.cert.X509Certificate[] trustedCerts)

Constructor

Method Detail

getX509Certificates

public java.security.cert.X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                                         throws WSSecurityException

Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. In this case, it duplicates the TYPE.SUBJECT_DN functionality.

Throws:

WSSecurityException

getX509Identifier

public java.lang.String getX509Identifier(java.security.cert.X509Certificate cert)
                                   throws WSSecurityException

Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier refers to the subject DN.

Parameters:

cert - The X509Certificate for which to search for an identifier

Returns:

the identifier corresponding to the cert parameter

Throws:

WSSecurityException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.security.cert.X509Certificate certificate,
                                              javax.security.auth.callback.CallbackHandler callbackHandler)
                                       throws WSSecurityException

Gets the private key corresponding to the certificate. Not supported.

Parameters:

certificate - The X509Certificate corresponding to the private key

callbackHandler - The callbackHandler needed to get the password

Returns:

The private key

Throws:

WSSecurityException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String identifier,
                                              java.lang.String password)
                                       throws WSSecurityException

Gets the private key corresponding to the identifier. Not supported.

Parameters:

identifier - The implementation-specific identifier corresponding to the key

password - The password needed to get the key

Returns:

The private key

Throws:

WSSecurityException

verifyTrust

@Deprecated
public boolean verifyTrust(java.security.cert.X509Certificate[] certs)
                    throws WSSecurityException

Deprecated.

Evaluate whether a given certificate chain should be trusted.

Parameters:

certs - Certificate chain to validate

Returns:

true if the certificate chain is valid, false otherwise

Throws:

WSSecurityException

verifyTrust

public boolean verifyTrust(java.security.cert.X509Certificate[] certs,
                           boolean enableRevocation)
                    throws WSSecurityException

Evaluate whether a given certificate chain should be trusted.

Parameters:

certs - Certificate chain to validate

enableRevocation - whether to enable CRL verification or not

Returns:

true if the certificate chain is valid, false otherwise

Throws:

WSSecurityException

verifyTrust

public boolean verifyTrust(java.security.PublicKey publicKey)
                    throws WSSecurityException

Evaluate whether a given public key should be trusted.

Parameters:

publicKey - The PublicKey to be evaluated

Returns:

whether the PublicKey parameter is trusted or not

Throws:

WSSecurityException