Package org.apache.ws.security.components.crypto

Class AbstractCrypto

  • All Implemented Interfaces:
    Crypto
    Direct Known Subclasses:
    BouncyCastle, Merlin
    public abstract class AbstractCrypto
extends java.lang.Object
implements Crypto
    Created by IntelliJ IDEA. User: dims Date: Sep 15, 2005 Time: 9:50:40 AM To change this template use File | Settings | File Templates.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static java.security.cert.CertificateFactory certFact  
      protected java.security.KeyStore keystore  
      protected java.util.Properties properties  

    • Constructor Summary

      Constructors 
      Constructor Description
      AbstractCrypto​(java.util.Properties properties)
      Constructor
      AbstractCrypto​(java.util.Properties properties, java.lang.ClassLoader loader)
      This allows providing a custom class loader to load the resources, etc

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String[] getAliasesForDN​(java.lang.String subjectDN)
      Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
      java.lang.String getAliasForX509Cert​(byte[] skiBytes)
      Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.
      java.lang.String getAliasForX509Cert​(java.lang.String issuer)
      Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.
      java.lang.String getAliasForX509Cert​(java.lang.String issuer, java.math.BigInteger serialNumber)
      Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.
      java.lang.String getAliasForX509Cert​(java.security.cert.Certificate cert)
      Return a X509 Certificate alias in the keystore according to a given Certificate
      java.lang.String getAliasForX509CertThumb​(byte[] thumb)
      Lookup a X509 Certificate in the keystore according to a given Thumbprint.
      java.security.cert.CertificateFactory getCertificateFactory()
      Singleton certificate factory for this Crypto instance.
      java.security.cert.X509Certificate[] getCertificates​(java.lang.String alias)
      Gets the list of certificates for a given alias.
      java.lang.String getDefaultX509Alias()
      Retrieves the alias name of the default certificate which has been specified as a property.
      java.security.KeyStore getKeyStore()
      Gets the Keystore that was loaded by the underlying implementation
      java.security.PrivateKey getPrivateKey​(java.lang.String alias, java.lang.String password)
      Gets the private key identified by alias and password.
      byte[] getSKIBytesFromCert​(java.security.cert.X509Certificate cert)
      Reads the SubjectKeyIdentifier information from the certificate.
      void load​(java.io.InputStream input)
      Loads the the keystore from an InputStream .
      java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
      load a X509Certificate from the input stream.
      void setKeyStore​(java.security.KeyStore ks)
      A Hook for subclasses to set the keystore without having to load it from an InputStream.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • certFact

        protected static java.security.cert.CertificateFactory certFact

      • properties

        protected java.util.Properties properties

      • keystore

        protected java.security.KeyStore keystore

    • Constructor Detail

      • AbstractCrypto

        public AbstractCrypto​(java.util.Properties properties)
               throws CredentialException,
                      java.io.IOException
        Constructor
        Parameters:
        properties -
        Throws:
        CredentialException
        java.io.IOException

      • AbstractCrypto

        public AbstractCrypto​(java.util.Properties properties,
                      java.lang.ClassLoader loader)
               throws CredentialException,
                      java.io.IOException
        This allows providing a custom class loader to load the resources, etc
        Parameters:
        properties -
        loader -
        Throws:
        CredentialException
        java.io.IOException

    • Method Detail

      • getCertificateFactory

        public java.security.cert.CertificateFactory getCertificateFactory()
                                                            throws WSSecurityException
        Singleton certificate factory for this Crypto instance.

        Specified by:
        getCertificateFactory in interface Crypto
        Returns:
        Returns a CertificateFactory to construct X509 certficates
        Throws:
        WSSecurityException

      • loadCertificate

        public java.security.cert.X509Certificate loadCertificate​(java.io.InputStream in)
                                                   throws WSSecurityException
        load a X509Certificate from the input stream.

        Specified by:
        loadCertificate in interface Crypto
        Parameters:
        in - The InputStream array containg the X509 data
        Returns:
        Returns a X509 certificate
        Throws:
        WSSecurityException

      • getPrivateKey

        public java.security.PrivateKey getPrivateKey​(java.lang.String alias,
                                              java.lang.String password)
                                       throws java.lang.Exception
        Gets the private key identified by alias and password.

        Specified by:
        getPrivateKey in interface Crypto
        Parameters:
        alias - The alias (KeyStore) of the key owner
        password - The password needed to access the private key
        Returns:
        The private key
        Throws:
        java.lang.Exception

      • getAliasForX509Cert

        public java.lang.String getAliasForX509Cert​(java.lang.String issuer)
                                     throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.

        The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.

        Specified by:
        getAliasForX509Cert in interface Crypto
        Parameters:
        issuer - The issuer's name for the certificate
        Returns:
        alias name of the certificate that matches the issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException

      • getAliasForX509Cert

        public java.lang.String getAliasForX509Cert​(java.lang.String issuer,
                                            java.math.BigInteger serialNumber)
                                     throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.

        The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.

        Specified by:
        getAliasForX509Cert in interface Crypto
        Parameters:
        issuer - The issuer's name for the certificate
        serialNumber - The serial number of the certificate from the named issuer
        Returns:
        alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException

      • getAliasForX509Cert

        public java.lang.String getAliasForX509Cert​(byte[] skiBytes)
                                     throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.

        The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.

        Specified by:
        getAliasForX509Cert in interface Crypto
        Parameters:
        skiBytes - The SKI info bytes
        Returns:
        alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
        Throws:
        WSSecurityException - if problems during keystore handling or wrong certificate (no SKI data)

      • getAliasForX509Cert

        public java.lang.String getAliasForX509Cert​(java.security.cert.Certificate cert)
                                     throws WSSecurityException
        Return a X509 Certificate alias in the keystore according to a given Certificate

        Specified by:
        getAliasForX509Cert in interface Crypto
        Parameters:
        cert - The certificate to lookup
        Returns:
        alias name of the certificate that matches the given certificate or null if no such certificate was found.
        Throws:
        WSSecurityException

      • getDefaultX509Alias

        public java.lang.String getDefaultX509Alias()
        Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.
        Specified by:
        getDefaultX509Alias in interface Crypto
        Returns:
        alias name of the default X509 certificate

      • getCertificates

        public java.security.cert.X509Certificate[] getCertificates​(java.lang.String alias)
                                                     throws WSSecurityException
        Gets the list of certificates for a given alias.

        Specified by:
        getCertificates in interface Crypto
        Parameters:
        alias - Lookup certificate chain for this alias
        Returns:
        Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
        Throws:
        WSSecurityException

      • getAliasForX509CertThumb

        public java.lang.String getAliasForX509CertThumb​(byte[] thumb)
                                          throws WSSecurityException
        Lookup a X509 Certificate in the keystore according to a given Thumbprint.

        The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.

        Specified by:
        getAliasForX509CertThumb in interface Crypto
        Parameters:
        thumb - The SHA1 thumbprint info bytes
        Returns:
        alias name of the certificate that matches the thumbprint or null if no such certificate was found.
        Throws:
        WSSecurityException - if problems during keystore handling or wrong certificate

      • setKeyStore

        public void setKeyStore​(java.security.KeyStore ks)
        A Hook for subclasses to set the keystore without having to load it from an InputStream.
        Parameters:
        ks - existing keystore

      • load

        public void load​(java.io.InputStream input)
          throws CredentialException
        Loads the the keystore from an InputStream .

        Parameters:
        input - InputStream to read from
        Throws:
        CredentialException

      • getSKIBytesFromCert

        public byte[] getSKIBytesFromCert​(java.security.cert.X509Certificate cert)
                           throws WSSecurityException
        Reads the SubjectKeyIdentifier information from the certificate.

        If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

        Specified by:
        getSKIBytesFromCert in interface Crypto
        Parameters:
        cert - The certificate to read SKI
        Returns:
        The byte array conating the binary SKI data
        Throws:
        WSSecurityException

      • getKeyStore

        public java.security.KeyStore getKeyStore()
        Description copied from interface: Crypto
        Gets the Keystore that was loaded by the underlying implementation
        Specified by:
        getKeyStore in interface Crypto
        Returns:
        the Keystore

      • getAliasesForDN

        public java.lang.String[] getAliasesForDN​(java.lang.String subjectDN)
                                   throws WSSecurityException
        Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

        The search gets all alias names of the keystore and gets the certificate (chain) for each alias. Then the DN of the certificate is compared with the parameters.

        Specified by:
        getAliasesForDN in interface Crypto
        Parameters:
        subjectDN - The DN of subject to look for in the keystore
        Returns:
        Vector with all alias of certificates with the same DN as given in the parameters
        Throws:
        WSSecurityException