Package org.apache.wss4j.common.crypto
Class MerlinAKI
- java.lang.Object
-
- org.apache.wss4j.common.crypto.CryptoBase
-
- org.apache.wss4j.common.crypto.Merlin
-
- org.apache.wss4j.common.crypto.MerlinAKI
-
- All Implemented Interfaces:
Crypto
public class MerlinAKI extends Merlin
A Crypto implementation based on two Java KeyStore objects, one being the keystore, and one being the truststore. It differs from Merlin in that it searches the truststore for the issuing cert using the AuthorityKeyIdentifier bytes of the certificate, as opposed to the issuer DN.
-
-
Field Summary
-
Fields inherited from class org.apache.wss4j.common.crypto.Merlin
crlCertStore, CRYPTO_CERT_PROVIDER, CRYPTO_CERT_PROVIDER_HANDLES_NAME_CONSTRAINTS, CRYPTO_KEYSTORE_PROVIDER, ENCRYPTED_PASSWORD_PREFIX, ENCRYPTED_PASSWORD_SUFFIX, keystore, KEYSTORE_ALIAS, KEYSTORE_FILE, KEYSTORE_PASSWORD, KEYSTORE_PRIVATE_KEY_CACHING, KEYSTORE_PRIVATE_PASSWORD, KEYSTORE_TYPE, LOAD_CA_CERTS, loadCACerts, OLD_KEYSTORE_FILE, OLD_PREFIX, passwordEncryptor, PREFIX, privatePasswordSet, properties, truststore, TRUSTSTORE_FILE, TRUSTSTORE_PASSWORD, TRUSTSTORE_PROVIDER, TRUSTSTORE_TYPE, X509_CRL_FILE
-
Fields inherited from class org.apache.wss4j.common.crypto.CryptoBase
certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID
-
-
Constructor Summary
Constructors Constructor Description MerlinAKI()
MerlinAKI(boolean loadCACerts, String cacertsPasswd)
MerlinAKI(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.-
Methods inherited from class org.apache.wss4j.common.crypto.Merlin
addTrustAnchors, clearCache, createPKIXParameters, decryptPassword, getCertificateFactory, getCRLCertStore, getDefaultX509Identifier, getKeyStore, getPrivateKey, getPrivateKey, getPrivateKey, getTrustStore, getX509Certificates, getX509Identifier, isEnablePrivateKeyCaching, load, loadInputStream, loadProperties, setCRLCertStore, setEnablePrivateKeyCaching, setKeyStore, setPasswordEncryptor, setTrustStore, verifyTrust, verifyTrust
-
Methods inherited from class org.apache.wss4j.common.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getNameConstraints, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesIssuerDnPattern, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider
-
-
-
-
Constructor Detail
-
MerlinAKI
public MerlinAKI()
-
MerlinAKI
public MerlinAKI(boolean loadCACerts, String cacertsPasswd)
-
MerlinAKI
public MerlinAKI(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor) throws WSSecurityException, IOException
- Throws:
WSSecurityException
IOException
-
-
Method Detail
-
verifyTrust
protected void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) throws WSSecurityException
Evaluate whether a given certificate chain should be trusted.- Overrides:
verifyTrust
in classMerlin
- Parameters:
certs
- Certificate chain to validateenableRevocation
- whether to enable CRL verification or notsubjectCertConstraints
- A set of constraints on the Subject DN of the certificates- Throws:
WSSecurityException
- if the certificate chain is invalid
-
-