public abstract class CryptoBase extends Object implements Crypto
Modifier and Type | Field and Description |
---|---|
protected CertificateFactory |
certificateFactory |
static String |
NAME_CONSTRAINTS_OID
OID For the NameConstraints Extension to X.509
http://java.sun.com/j2se/1.4.2/docs/api/
http://www.ietf.org/rfc/rfc3280.txt (s.
|
static String |
SKI_OID |
Modifier | Constructor and Description |
---|---|
protected |
CryptoBase()
Constructor
|
Modifier and Type | Method and Description |
---|---|
protected Object |
createBCX509Name(String s) |
byte[] |
getBytesFromCertificates(X509Certificate[] certs)
Get a byte array given an array of X509 certificates.
|
CertificateFactory |
getCertificateFactory()
Get the CertificateFactory instance on this Crypto instance
|
X509Certificate[] |
getCertificatesFromBytes(byte[] data)
Construct an array of X509Certificate's from the byte array.
|
String |
getCryptoProvider()
Get the crypto provider associated with this implementation
|
String |
getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
protected byte[] |
getNameConstraints(X509Certificate cert)
Extracts the NameConstraints sequence from the certificate.
|
byte[] |
getSKIBytesFromCert(X509Certificate cert)
Reads the SubjectKeyIdentifier information from the certificate.
|
String |
getTrustProvider()
Get the crypto provider used for truststore operation associated with this implementation.
|
X509Certificate |
loadCertificate(InputStream in)
Load a X509Certificate from the input stream.
|
protected boolean |
matchesIssuerDnPattern(X509Certificate cert,
Collection<Pattern> issuerDNPatterns) |
protected boolean |
matchesName(String name,
Collection<Pattern> patterns) |
protected boolean |
matchesSubjectDnPattern(X509Certificate cert,
Collection<Pattern> subjectDNPatterns) |
void |
setCertificateFactory(CertificateFactory certFactory)
Sets the CertificateFactory instance on this Crypto instance
|
void |
setCryptoProvider(String provider)
Set the crypto provider associated with this implementation
|
void |
setDefaultX509Identifier(String identifier)
Sets the identifier name of the default certificate.
|
void |
setTrustProvider(String provider)
Set the crypto provider used for truststore operations associated with this implementation
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getPrivateKey, getPrivateKey, getPrivateKey, getX509Certificates, getX509Identifier, verifyTrust, verifyTrust
public static final String SKI_OID
public static final String NAME_CONSTRAINTS_OID
protected CertificateFactory certificateFactory
public String getCryptoProvider()
getCryptoProvider
in interface Crypto
public void setCryptoProvider(String provider)
setCryptoProvider
in interface Crypto
provider
- the crypto provider to setpublic void setTrustProvider(String provider)
setTrustProvider
in interface Crypto
provider
- the name of the providerpublic String getTrustProvider()
getTrustProvider
in interface Crypto
public String getDefaultX509Identifier() throws WSSecurityException
getDefaultX509Identifier
in interface Crypto
WSSecurityException
public void setDefaultX509Identifier(String identifier)
setDefaultX509Identifier
in interface Crypto
identifier
- name of the default X509 certificate.public void setCertificateFactory(CertificateFactory certFactory)
setCertificateFactory
in interface Crypto
certFactory
- the CertificateFactory the CertificateFactory instance to setpublic CertificateFactory getCertificateFactory() throws WSSecurityException
getCertificateFactory
in interface Crypto
CertificateFactory
to construct
X509 certificatesWSSecurityException
public X509Certificate loadCertificate(InputStream in) throws WSSecurityException
loadCertificate
in interface Crypto
in
- The InputStream
containing the X509CertificateWSSecurityException
public byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException
getSKIBytesFromCert
in interface Crypto
cert
- The certificate to read SKIWSSecurityException
public byte[] getBytesFromCertificates(X509Certificate[] certs) throws WSSecurityException
getBytesFromCertificates
in interface Crypto
certs
- The certificates to convertWSSecurityException
public X509Certificate[] getCertificatesFromBytes(byte[] data) throws WSSecurityException
getCertificatesFromBytes
in interface Crypto
data
- The byte
array containing the X509 dataWSSecurityException
protected boolean matchesSubjectDnPattern(X509Certificate cert, Collection<Pattern> subjectDNPatterns)
protected boolean matchesIssuerDnPattern(X509Certificate cert, Collection<Pattern> issuerDNPatterns)
protected boolean matchesName(String name, Collection<Pattern> patterns)
protected byte[] getNameConstraints(X509Certificate cert) throws WSSecurityException
DERDecoder.TYPE_SEQUENCE
or where the sequence has been encoded as an DERDecoder.TYPE_OCTET_STRING
.
By contract, the values retrieved from calls to X509Extension.getExtensionValue(String)
should always be DER-encoded OCTET strings; however, because of ambiguity in the RFC and
the potential for a future breaking change to this contract, testing whether the bytes
returned are tagged as a sequence or an encoded octet string is prudent. Considering the fact
that it is a single byte comparison, the performance hit is negligible.
cert
- the certificate to extract NameConstraints fromWSSecurityException
- if a processing error occurs decoding the Octet StringCopyright © 2018 JBoss by Red Hat. All rights reserved.