Package org.apache.wss4j.common.crypto

Class CertificateStore

  • All Implemented Interfaces:
    Crypto
    public class CertificateStore
extends CryptoBase
    A Crypto implementation based on a simple array of X509Certificate(s). PrivateKeys are not supported, so this cannot be used for signature creation, or decryption.

    • Constructor Detail

      • CertificateStore

        public CertificateStore​(X509Certificate[] trustedCerts)
        Constructor

    • Method Detail

      • getX509Certificates

        public X509Certificate[] getX509Certificates​(CryptoType cryptoType)
                                      throws WSSecurityException
        Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert Note that TYPE.ALIAS is not allowed, as it doesn't have any meaning with a CertificateStore
        Throws:
        WSSecurityException

      • getX509Identifier

        public String getX509Identifier​(X509Certificate cert)
                         throws WSSecurityException
        Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier refers to the subject DN.
        Parameters:
        cert - The X509Certificate for which to search for an identifier
        Returns:
        the identifier corresponding to the cert parameter
        Throws:
        WSSecurityException

      • getPrivateKey

        public PrivateKey getPrivateKey​(X509Certificate certificate,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
        Gets the private key corresponding to the certificate. Not supported.
        Parameters:
        certificate - The X509Certificate corresponding to the private key
        callbackHandler - The callbackHandler needed to get the password
        Returns:
        The private key
        Throws:
        WSSecurityException

      • getPrivateKey

        public PrivateKey getPrivateKey​(PublicKey publicKey,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
        Gets the private key corresponding to the given PublicKey.
        Parameters:
        publicKey - The PublicKey corresponding to the private key
        callbackHandler - The callbackHandler needed to get the password
        Returns:
        The private key
        Throws:
        WSSecurityException

      • getPrivateKey

        public PrivateKey getPrivateKey​(String identifier,
                                String password)
                         throws WSSecurityException
        Gets the private key corresponding to the identifier. Not supported.
        Parameters:
        identifier - The implementation-specific identifier corresponding to the key
        password - The password needed to get the key
        Returns:
        The private key
        Throws:
        WSSecurityException

      • verifyTrust

        protected void verifyTrust​(X509Certificate[] certs,
                           boolean enableRevocation,
                           Collection<Pattern> subjectCertConstraints)
                    throws WSSecurityException
        Evaluate whether a given certificate chain should be trusted.
        Parameters:
        certs - Certificate chain to validate
        enableRevocation - whether to enable CRL verification or not
        subjectCertConstraints - A set of constraints on the Subject DN of the certificates
        Throws:
        WSSecurityException - if the certificate chain is invalid

      • verifyTrust

        public void verifyTrust​(X509Certificate[] certs,
                        boolean enableRevocation,
                        Collection<Pattern> subjectCertConstraints,
                        Collection<Pattern> issuerCertConstraints)
                 throws WSSecurityException
        Description copied from interface: Crypto
        Evaluate whether a given certificate chain should be trusted.
        Parameters:
        certs - Certificate chain to validate
        enableRevocation - whether to enable CRL verification or not
        subjectCertConstraints - A set of constraints on the Subject DN of the certificates
        issuerCertConstraints - A set of constraints on the Issuer DN of the certificates
        Throws:
        WSSecurityException - if the certificate chain is invalid

      • verifyTrust

        public void verifyTrust​(PublicKey publicKey)
                 throws WSSecurityException
        Evaluate whether a given public key should be trusted.
        Parameters:
        publicKey - The PublicKey to be evaluated
        Throws:
        WSSecurityException - if the PublicKey is invalid