Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.servicemix.soap.handlers.security
Class BaseCrypto

java.lang.Object
  extended by org.apache.servicemix.soap.handlers.security.BaseCrypto
All Implemented Interfaces:
org.apache.ws.security.components.crypto.Crypto
Direct Known Subclasses:
KeystoreInstanceCrypto, StandaloneCrypto
public abstract class BaseCrypto
extends Object
implements org.apache.ws.security.components.crypto.Crypto

Constructor Summary
BaseCrypto()
           
 
Method Summary
protected abstract  String[] getAliases()
           
 String[] getAliasesForDN(String subjectDN)
          Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

The search gets all alias names of the keystore and gets the certificate (chain) for each alias.
 String getAliasForX509Cert(byte[] skiBytes)
          Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.
 String getAliasForX509Cert(Certificate cert)
          Return a X509 Certificate alias in the keystore according to a given Certificate

 String getAliasForX509Cert(String issuer)
          Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.
 String getAliasForX509Cert(String issuer, BigInteger serialNumber)
          Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.
 String getAliasForX509CertThumb(byte[] thumb)
          Lookup a X509 Certificate in the keystore according to a given Thumbprint.
protected abstract  Certificate getCertificate(String alias)
           
protected abstract  String getCertificateAlias(Certificate cert)
           
protected abstract  Certificate[] getCertificateChain(String alias)
           
protected  Certificate getCertificateChainOrCertificate(String alias)
           
 byte[] getCertificateData(boolean reverse, X509Certificate[] certs)
          get a byte array given an array of X509 certificates.
 CertificateFactory getCertificateFactory()
          Singleton certificate factory for this Crypto instance.
 X509Certificate[] getCertificates(String alias)
          Gets the list of certificates for a given alias.
 String getDefaultX509Alias()
           
 KeyStore getKeyStore()
           
abstract  PrivateKey getPrivateKey(String alias, String password)
          Gets the private key identified by alias and password.
 String getProvider()
           
 byte[] getSKIBytesFromCert(X509Certificate cert)
          Reads the SubjectKeyIdentifier information from the certificate.
protected abstract  String[] getTrustCertificates()
           
 X509Certificate[] getX509Certificates(byte[] data, boolean reverse)
           
 X509Certificate loadCertificate(InputStream in)
          load a X509Certificate from the input stream.
 void setDefaultX509Alias(String defaultX509Alias)
           
 void setProvider(String provider)
           
protected  Vector splitAndTrim(String inString)
           
 boolean validateCertPath(X509Certificate[] certs)
          Uses the CertPath API to validate a given certificate chain

 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BaseCrypto

public BaseCrypto()
Method Detail

setDefaultX509Alias

public void setDefaultX509Alias(String defaultX509Alias)
Parameters:
defaultX509Alias - the defaultX509Alias to set

getProvider

public String getProvider()
Returns:
the provider

setProvider

public void setProvider(String provider)
Parameters:
provider - the provider to set

getAliasForX509Cert

public String getAliasForX509Cert(Certificate cert)
                           throws org.apache.ws.security.WSSecurityException
Return a X509 Certificate alias in the keystore according to a given Certificate

Specified by:
getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
cert - The certificate to lookup
Returns:
alias name of the certificate that matches the given certificate or null if no such certificate was found.
Throws:
org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(String issuer)
                           throws org.apache.ws.security.WSSecurityException
Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.

Specified by:
getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
issuer - The issuer's name for the certificate
Returns:
alias name of the certificate that matches the issuer name or null if no such certificate was found.
Throws:
org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(byte[] skiBytes)
                           throws org.apache.ws.security.WSSecurityException
Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.

The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.

Specified by:
getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
skiBytes - The SKI info bytes
Returns:
alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
Throws:
org.apache.ws.security.WSSecurityException - if problems during keystore handling or wrong certificate (no SKI data)

getAliasForX509Cert

public String getAliasForX509Cert(String issuer,
                                  BigInteger serialNumber)
                           throws org.apache.ws.security.WSSecurityException
Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.

Specified by:
getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
issuer - The issuer's name for the certificate
serialNumber - The serial number of the certificate from the named issuer
Returns:
alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
Throws:
org.apache.ws.security.WSSecurityException

getAliasForX509CertThumb

public String getAliasForX509CertThumb(byte[] thumb)
                                throws org.apache.ws.security.WSSecurityException
Lookup a X509 Certificate in the keystore according to a given Thumbprint.

The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.

Specified by:
getAliasForX509CertThumb in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
thumb - The SHA1 thumbprint info bytes
Returns:
alias name of the certificate that matches the thumbprint or null if no such certificate was found.
Throws:
org.apache.ws.security.WSSecurityException - if problems during keystore handling or wrong certificate

getAliasesForDN

public String[] getAliasesForDN(String subjectDN)
                         throws org.apache.ws.security.WSSecurityException
Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

The search gets all alias names of the keystore and gets the certificate (chain) for each alias. Then the DN of the certificate is compared with the parameters.

Specified by:
getAliasesForDN in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
subjectDN - The DN of subject to look for in the keystore
Returns:
Vector with all alias of certificates with the same DN as given in the parameters
Throws:
org.apache.ws.security.WSSecurityException

getCertificateData

public byte[] getCertificateData(boolean reverse,
                                 X509Certificate[] certs)
                          throws org.apache.ws.security.WSSecurityException
get a byte array given an array of X509 certificates.

Specified by:
getCertificateData in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
reverse - If set the first certificate in the array data will the last in the byte array
certs - The certificates to convert
Returns:
The byte array for the certficates ordered according to the reverse flag
Throws:
org.apache.ws.security.WSSecurityException

getCertificateFactory

public CertificateFactory getCertificateFactory()
                                         throws org.apache.ws.security.WSSecurityException
Singleton certificate factory for this Crypto instance.

Specified by:
getCertificateFactory in interface org.apache.ws.security.components.crypto.Crypto
Returns:
Returns a CertificateFactory to construct X509 certficates
Throws:
org.apache.ws.security.WSSecurityException

getCertificates

public X509Certificate[] getCertificates(String alias)
                                  throws org.apache.ws.security.WSSecurityException
Gets the list of certificates for a given alias.

Specified by:
getCertificates in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
alias - Lookup certificate chain for this alias
Returns:
Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
Throws:
org.apache.ws.security.WSSecurityException

getDefaultX509Alias

public String getDefaultX509Alias()
Specified by:
getDefaultX509Alias in interface org.apache.ws.security.components.crypto.Crypto

getKeyStore

public KeyStore getKeyStore()
Specified by:
getKeyStore in interface org.apache.ws.security.components.crypto.Crypto

getPrivateKey

public abstract PrivateKey getPrivateKey(String alias,
                                         String password)
                                  throws Exception
Gets the private key identified by alias and password.

Specified by:
getPrivateKey in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
alias - The alias (KeyStore) of the key owner
password - The password needed to access the private key
Returns:
The private key
Throws:
Exception

getSKIBytesFromCert

public byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws org.apache.ws.security.WSSecurityException
Reads the SubjectKeyIdentifier information from the certificate.

If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.

Specified by:
getSKIBytesFromCert in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
cert - The certificate to read SKI
Returns:
The byte array conating the binary SKI data
Throws:
org.apache.ws.security.WSSecurityException

getX509Certificates

public X509Certificate[] getX509Certificates(byte[] data,
                                             boolean reverse)
                                      throws org.apache.ws.security.WSSecurityException
Specified by:
getX509Certificates in interface org.apache.ws.security.components.crypto.Crypto
Throws:
org.apache.ws.security.WSSecurityException

loadCertificate

public X509Certificate loadCertificate(InputStream in)
                                throws org.apache.ws.security.WSSecurityException
load a X509Certificate from the input stream.

Specified by:
loadCertificate in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
in - The InputStream array containg the X509 data
Returns:
An X509 certificate
Throws:
org.apache.ws.security.WSSecurityException

validateCertPath

public boolean validateCertPath(X509Certificate[] certs)
                         throws org.apache.ws.security.WSSecurityException
Uses the CertPath API to validate a given certificate chain

Specified by:
validateCertPath in interface org.apache.ws.security.components.crypto.Crypto
Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
org.apache.ws.security.WSSecurityException

splitAndTrim

protected Vector splitAndTrim(String inString)

getCertificateChainOrCertificate

protected Certificate getCertificateChainOrCertificate(String alias)
                                                throws KeyStoreException
Throws:
KeyStoreException

getAliases

protected abstract String[] getAliases()
                                throws KeyStoreException
Throws:
KeyStoreException

getCertificateChain

protected abstract Certificate[] getCertificateChain(String alias)
                                              throws KeyStoreException
Throws:
KeyStoreException

getCertificate

protected abstract Certificate getCertificate(String alias)
                                       throws KeyStoreException
Throws:
KeyStoreException

getCertificateAlias

protected abstract String getCertificateAlias(Certificate cert)
                                       throws KeyStoreException
Throws:
KeyStoreException

getTrustCertificates

protected abstract String[] getTrustCertificates()
                                          throws KeyStoreException
Throws:
KeyStoreException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2008 Apache Software Foundation. All Rights Reserved.