Package org.apache.wss4j.common.crypto

Interface Crypto

    • Method Detail

      • getCryptoProvider

        String getCryptoProvider()
        Get the crypto provider associated with this implementation
        Returns:
        the crypto provider

      • setCryptoProvider

        void setCryptoProvider​(String provider)
        Set the crypto provider associated with this implementation
        Parameters:
        provider - the crypto provider name to set

      • getTrustProvider

        String getTrustProvider()
        Get the crypto provider used for truststore operation associated with this implementation.
        Returns:
        a crypto provider name

      • setTrustProvider

        void setTrustProvider​(String provider)
        Set the crypto provider used for truststore operations associated with this implementation
        Parameters:
        provider - the name of the provider

      • getDefaultX509Identifier

        String getDefaultX509Identifier()
                         throws WSSecurityException
        Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.
        Returns:
        name of the default X509 certificate.
        Throws:
        WSSecurityException

      • setDefaultX509Identifier

        void setDefaultX509Identifier​(String identifier)
        Sets the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
        Parameters:
        identifier - name of the default X509 certificate.

      • setCertificateFactory

        void setCertificateFactory​(CertificateFactory certFactory)
        Sets the CertificateFactory instance on this Crypto instance
        Parameters:
        certFactory - the CertificateFactory the CertificateFactory instance to set

      • getSKIBytesFromCert

        byte[] getSKIBytesFromCert​(X509Certificate cert)
                    throws WSSecurityException
        Reads the SubjectKeyIdentifier information from the certificate.

        If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

        Parameters:
        cert - The certificate to read SKI
        Returns:
        The byte array containing the binary SKI data
        Throws:
        WSSecurityException

      • getBytesFromCertificates

        byte[] getBytesFromCertificates​(X509Certificate[] certs)
                         throws WSSecurityException
        Get a byte array given an array of X509 certificates.

        Parameters:
        certs - The certificates to convert
        Returns:
        The byte array for the certificates
        Throws:
        WSSecurityException

      • getCertificatesFromBytes

        X509Certificate[] getCertificatesFromBytes​(byte[] data)
                                    throws WSSecurityException
        Construct an array of X509Certificate's from the byte array.
        Parameters:
        data - The byte array containing the X509 data
        Returns:
        An array of X509 certificates
        Throws:
        WSSecurityException

      • getX509Certificates

        X509Certificate[] getX509Certificates​(CryptoType cryptoType)
                               throws WSSecurityException
        Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation specific, for example - it could be a java KeyStore alias.
        Throws:
        WSSecurityException

      • getX509Identifier

        String getX509Identifier​(X509Certificate cert)
                  throws WSSecurityException
        Get the implementation-specific identifier corresponding to the cert parameter, e.g. the identifier could be a KeyStore alias.
        Parameters:
        cert - The X509Certificate for which to search for an identifier
        Returns:
        the identifier corresponding to the cert parameter
        Throws:
        WSSecurityException

      • getPrivateKey

        PrivateKey getPrivateKey​(PublicKey publicKey,
                         CallbackHandler callbackHandler)
                  throws WSSecurityException
        Gets the private key corresponding to the given PublicKey.
        Parameters:
        publicKey - The PublicKey corresponding to the private key
        callbackHandler - The callbackHandler needed to get the password
        Returns:
        The private key
        Throws:
        WSSecurityException

      • getPrivateKey

        PrivateKey getPrivateKey​(String identifier,
                         String password)
                  throws WSSecurityException
        Gets the private key corresponding to the identifier.
        Parameters:
        identifier - The implementation-specific identifier corresponding to the key
        password - The password needed to get the key
        Returns:
        The private key
        Throws:
        WSSecurityException

      • verifyTrust

        void verifyTrust​(X509Certificate[] certs,
                 boolean enableRevocation,
                 Collection<Pattern> subjectCertConstraints,
                 Collection<Pattern> issuerCertConstraints)
          throws WSSecurityException
        Evaluate whether a given certificate chain should be trusted.
        Parameters:
        certs - Certificate chain to validate
        enableRevocation - whether to enable CRL verification or not
        subjectCertConstraints - A set of constraints on the Subject DN of the certificates
        issuerCertConstraints - A set of constraints on the Issuer DN of the certificates
        Throws:
        WSSecurityException - if the certificate chain is invalid

      • verifyTrust

        void verifyTrust​(PublicKey publicKey)
          throws WSSecurityException
        Evaluate whether a given public key should be trusted.
        Parameters:
        publicKey - The PublicKey to be evaluated
        Throws:
        WSSecurityException - if the PublicKey is invalid