org.apache.ws.security.components.crypto
Class Merlin

java.lang.Object
  extended by org.apache.ws.security.components.crypto.CryptoBase
      extended by org.apache.ws.security.components.crypto.Merlin
All Implemented Interfaces:
Crypto
Direct Known Subclasses:
MerlinDevice

public class Merlin
extends CryptoBase

A Crypto implementation based on two Java KeyStore objects, one being the keystore, and one being the truststore.


Field Summary
protected static java.security.cert.CertificateFactory certFact
           
protected  java.security.cert.CertStore crlCertStore
           
static java.lang.String CRYPTO_CERT_PROVIDER
           
static java.lang.String CRYPTO_KEYSTORE_PROVIDER
           
protected  java.security.KeyStore keystore
           
static java.lang.String KEYSTORE_ALIAS
           
static java.lang.String KEYSTORE_FILE
           
static java.lang.String KEYSTORE_PASSWORD
           
static java.lang.String KEYSTORE_TYPE
           
static java.lang.String LOAD_CA_CERTS
           
protected  boolean loadCACerts
           
static java.lang.String OLD_KEYSTORE_FILE
           
protected  java.util.Properties properties
           
protected  java.security.KeyStore truststore
           
static java.lang.String TRUSTSTORE_FILE
           
static java.lang.String TRUSTSTORE_PASSWORD
           
static java.lang.String TRUSTSTORE_TYPE
           
static java.lang.String X509_CRL_FILE
           
 
Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase
certFactMap, cryptoProvider, defaultAlias, NAME_CONSTRAINTS_OID, SKI_OID
 
Constructor Summary
Merlin()
           
Merlin(java.util.Properties properties)
           
Merlin(java.util.Properties properties, java.lang.ClassLoader loader)
           
 
Method Summary
 java.security.cert.CertificateFactory getCertificateFactory()
          Singleton certificate factory for this Crypto instance.
 java.security.cert.CertStore getCRLCertStore()
          Get the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.
 java.lang.String getDefaultX509Identifier()
          Retrieves the identifier name of the default certificate.
 java.security.KeyStore getKeyStore()
          Gets the Keystore that was loaded
 java.security.PrivateKey getPrivateKey(java.lang.String identifier, java.lang.String password)
          Gets the private key corresponding to the identifier.
 java.security.PrivateKey getPrivateKey(java.security.cert.X509Certificate certificate, javax.security.auth.callback.CallbackHandler callbackHandler)
          Gets the private key corresponding to the certificate.
 java.security.KeyStore getTrustStore()
          Gets the trust store that was loaded by the underlying implementation
 java.security.cert.X509Certificate[] getX509Certificates(CryptoType cryptoType)
          Get an X509Certificate (chain) corresponding to the CryptoType argument.
 java.lang.String getX509Identifier(java.security.cert.X509Certificate cert)
          Get the implementation-specific identifier corresponding to the cert parameter.
 java.security.KeyStore load(java.io.InputStream input, java.lang.String storepass, java.lang.String provider, java.lang.String type)
          Loads the keystore from an InputStream .
static java.io.InputStream loadInputStream(java.lang.ClassLoader loader, java.lang.String location)
          Load a KeyStore object as an InputStream, using the ClassLoader and location arguments
 void loadProperties(java.util.Properties properties)
           
 void loadProperties(java.util.Properties properties, java.lang.ClassLoader loader)
           
 void setCRLCertStore(java.security.cert.CertStore crlCertStore)
          Set the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.
 void setKeyStore(java.security.KeyStore keyStore)
          Set the Keystore on this Crypto instance
 void setTrustStore(java.security.KeyStore trustStore)
          Set the trust store on this Crypto instance
 boolean verifyTrust(java.security.PublicKey publicKey)
          Evaluate whether a given public key should be trusted.
 boolean verifyTrust(java.security.cert.X509Certificate[] certs)
          Deprecated. 
 boolean verifyTrust(java.security.cert.X509Certificate[] certs, boolean enableRevocation)
          Evaluate whether a given certificate chain should be trusted.
 
Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getSKIBytesFromCert, loadCertificate, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OLD_KEYSTORE_FILE

public static final java.lang.String OLD_KEYSTORE_FILE
See Also:
Constant Field Values

CRYPTO_KEYSTORE_PROVIDER

public static final java.lang.String CRYPTO_KEYSTORE_PROVIDER
See Also:
Constant Field Values

CRYPTO_CERT_PROVIDER

public static final java.lang.String CRYPTO_CERT_PROVIDER
See Also:
Constant Field Values

KEYSTORE_FILE

public static final java.lang.String KEYSTORE_FILE
See Also:
Constant Field Values

KEYSTORE_PASSWORD

public static final java.lang.String KEYSTORE_PASSWORD
See Also:
Constant Field Values

KEYSTORE_TYPE

public static final java.lang.String KEYSTORE_TYPE
See Also:
Constant Field Values

KEYSTORE_ALIAS

public static final java.lang.String KEYSTORE_ALIAS
See Also:
Constant Field Values

LOAD_CA_CERTS

public static final java.lang.String LOAD_CA_CERTS
See Also:
Constant Field Values

TRUSTSTORE_FILE

public static final java.lang.String TRUSTSTORE_FILE
See Also:
Constant Field Values

TRUSTSTORE_PASSWORD

public static final java.lang.String TRUSTSTORE_PASSWORD
See Also:
Constant Field Values

TRUSTSTORE_TYPE

public static final java.lang.String TRUSTSTORE_TYPE
See Also:
Constant Field Values

X509_CRL_FILE

public static final java.lang.String X509_CRL_FILE
See Also:
Constant Field Values

certFact

protected static java.security.cert.CertificateFactory certFact

properties

protected java.util.Properties properties

keystore

protected java.security.KeyStore keystore

truststore

protected java.security.KeyStore truststore

crlCertStore

protected java.security.cert.CertStore crlCertStore

loadCACerts

protected boolean loadCACerts
Constructor Detail

Merlin

public Merlin()

Merlin

public Merlin(java.util.Properties properties)
       throws CredentialException,
              java.io.IOException
Throws:
CredentialException
java.io.IOException

Merlin

public Merlin(java.util.Properties properties,
              java.lang.ClassLoader loader)
       throws CredentialException,
              java.io.IOException
Throws:
CredentialException
java.io.IOException
Method Detail

loadProperties

public void loadProperties(java.util.Properties properties)
                    throws CredentialException,
                           java.io.IOException
Throws:
CredentialException
java.io.IOException

loadProperties

public void loadProperties(java.util.Properties properties,
                           java.lang.ClassLoader loader)
                    throws CredentialException,
                           java.io.IOException
Throws:
CredentialException
java.io.IOException

loadInputStream

public static java.io.InputStream loadInputStream(java.lang.ClassLoader loader,
                                                  java.lang.String location)
                                           throws CredentialException,
                                                  java.io.IOException
Load a KeyStore object as an InputStream, using the ClassLoader and location arguments

Throws:
CredentialException
java.io.IOException

load

public java.security.KeyStore load(java.io.InputStream input,
                                   java.lang.String storepass,
                                   java.lang.String provider,
                                   java.lang.String type)
                            throws CredentialException
Loads the keystore from an InputStream .

Parameters:
input - InputStream to read from
Throws:
CredentialException

getKeyStore

public java.security.KeyStore getKeyStore()
Gets the Keystore that was loaded

Returns:
the Keystore

setKeyStore

public void setKeyStore(java.security.KeyStore keyStore)
Set the Keystore on this Crypto instance

Parameters:
keyStore - the Keystore to set

getTrustStore

public java.security.KeyStore getTrustStore()
Gets the trust store that was loaded by the underlying implementation

Returns:
the trust store

setTrustStore

public void setTrustStore(java.security.KeyStore trustStore)
Set the trust store on this Crypto instance

Parameters:
trustStore - the trust store to set

setCRLCertStore

public void setCRLCertStore(java.security.cert.CertStore crlCertStore)
Set the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

Parameters:
crlCertStore - the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

getCRLCertStore

public java.security.cert.CertStore getCRLCertStore()
Get the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

Returns:
the CertStore from which to obtain a list of CRLs for Certificate Revocation checking.

getCertificateFactory

public java.security.cert.CertificateFactory getCertificateFactory()
                                                            throws WSSecurityException
Singleton certificate factory for this Crypto instance.

Specified by:
getCertificateFactory in interface Crypto
Overrides:
getCertificateFactory in class CryptoBase
Returns:
Returns a CertificateFactory to construct X509 certificates
Throws:
WSSecurityException

getDefaultX509Identifier

public java.lang.String getDefaultX509Identifier()
                                          throws WSSecurityException
Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.

Specified by:
getDefaultX509Identifier in interface Crypto
Overrides:
getDefaultX509Identifier in class CryptoBase
Returns:
name of the default X509 certificate.
Throws:
WSSecurityException

getX509Certificates

public java.security.cert.X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                                         throws WSSecurityException
Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias, which for this implementation means an alias of the keystore or truststore.

Throws:
WSSecurityException

getX509Identifier

public java.lang.String getX509Identifier(java.security.cert.X509Certificate cert)
                                   throws WSSecurityException
Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier corresponds to a KeyStore alias.

Parameters:
cert - The X509Certificate for which to search for an identifier
Returns:
the identifier corresponding to the cert parameter
Throws:
WSSecurityException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.security.cert.X509Certificate certificate,
                                              javax.security.auth.callback.CallbackHandler callbackHandler)
                                       throws WSSecurityException
Gets the private key corresponding to the certificate.

Parameters:
certificate - The X509Certificate corresponding to the private key
callbackHandler - The callbackHandler needed to get the password
Returns:
The private key
Throws:
WSSecurityException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String identifier,
                                              java.lang.String password)
                                       throws WSSecurityException
Gets the private key corresponding to the identifier.

Parameters:
identifier - The implementation-specific identifier corresponding to the key
password - The password needed to get the key
Returns:
The private key
Throws:
WSSecurityException

verifyTrust

@Deprecated
public boolean verifyTrust(java.security.cert.X509Certificate[] certs)
                    throws WSSecurityException
Deprecated. 

Evaluate whether a given certificate chain should be trusted. Uses the CertPath API to validate a given certificate chain.

Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(java.security.cert.X509Certificate[] certs,
                           boolean enableRevocation)
                    throws WSSecurityException
Evaluate whether a given certificate chain should be trusted. Uses the CertPath API to validate a given certificate chain.

Parameters:
certs - Certificate chain to validate
enableRevocation - whether to enable CRL verification or not
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

verifyTrust

public boolean verifyTrust(java.security.PublicKey publicKey)
                    throws WSSecurityException
Evaluate whether a given public key should be trusted.

Parameters:
publicKey - The PublicKey to be evaluated
Returns:
whether the PublicKey parameter is trusted or not
Throws:
WSSecurityException


Copyright © 2004-2011 The Apache Software Foundation. All Rights Reserved.