public class Merlin extends CryptoBase
Modifier and Type | Field and Description |
---|---|
protected CertStore |
crlCertStore |
static String |
CRYPTO_CERT_PROVIDER |
static String |
CRYPTO_KEYSTORE_PROVIDER |
static String |
ENCRYPTED_PASSWORD_PREFIX |
static String |
ENCRYPTED_PASSWORD_SUFFIX |
protected KeyStore |
keystore |
static String |
KEYSTORE_ALIAS |
static String |
KEYSTORE_FILE |
static String |
KEYSTORE_PASSWORD |
static String |
KEYSTORE_PRIVATE_PASSWORD |
static String |
KEYSTORE_TYPE |
static String |
LOAD_CA_CERTS |
protected boolean |
loadCACerts |
static String |
OLD_KEYSTORE_FILE |
static String |
OLD_PREFIX |
protected PasswordEncryptor |
passwordEncryptor |
static String |
PREFIX |
protected boolean |
privatePasswordSet |
protected Properties |
properties |
protected KeyStore |
truststore |
static String |
TRUSTSTORE_FILE |
static String |
TRUSTSTORE_PASSWORD |
static String |
TRUSTSTORE_TYPE |
static String |
X509_CRL_FILE |
certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID
Constructor and Description |
---|
Merlin() |
Merlin(boolean loadCACerts,
String cacertsPasswd) |
Merlin(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
Modifier and Type | Method and Description |
---|---|
protected PKIXParameters |
createPKIXParameters(Set<TrustAnchor> trustAnchors,
boolean enableRevocation) |
protected String |
decryptPassword(String password,
PasswordEncryptor passwordEncryptor) |
CertificateFactory |
getCertificateFactory()
Singleton certificate factory for this Crypto instance.
|
CertStore |
getCRLCertStore()
Get the CertStore from which to obtain a list of CRLs for Certificate Revocation
checking.
|
String |
getDefaultX509Identifier()
Retrieves the identifier name of the default certificate.
|
KeyStore |
getKeyStore()
Gets the Keystore that was loaded
|
PrivateKey |
getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
KeyStore |
getTrustStore()
Gets the trust store that was loaded by the underlying implementation
|
X509Certificate[] |
getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
String |
getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
protected KeyStore |
load(InputStream input,
String storepass,
String provider,
String type)
Loads the keystore from an
InputStream . |
static InputStream |
loadInputStream(ClassLoader loader,
String location)
Load a KeyStore object as an InputStream, using the ClassLoader and location arguments
|
void |
loadProperties(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
void |
setCRLCertStore(CertStore crlCertStore)
Set the CertStore from which to obtain a list of CRLs for Certificate Revocation
checking.
|
void |
setKeyStore(KeyStore keyStore)
Set the Keystore on this Crypto instance
|
void |
setPasswordEncryptor(PasswordEncryptor passwordEncryptor) |
void |
setTrustStore(KeyStore trustStore)
Set the trust store on this Crypto instance
|
void |
verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
void |
verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getSKIBytesFromCert, loadCertificate, matches, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, verifyDirectTrust
public static final String ENCRYPTED_PASSWORD_PREFIX
public static final String ENCRYPTED_PASSWORD_SUFFIX
public static final String PREFIX
public static final String OLD_PREFIX
public static final String OLD_KEYSTORE_FILE
public static final String CRYPTO_KEYSTORE_PROVIDER
public static final String CRYPTO_CERT_PROVIDER
public static final String KEYSTORE_FILE
public static final String KEYSTORE_PASSWORD
public static final String KEYSTORE_TYPE
public static final String KEYSTORE_ALIAS
public static final String KEYSTORE_PRIVATE_PASSWORD
public static final String LOAD_CA_CERTS
public static final String TRUSTSTORE_FILE
public static final String TRUSTSTORE_PASSWORD
public static final String TRUSTSTORE_TYPE
public static final String X509_CRL_FILE
protected Properties properties
protected KeyStore keystore
protected KeyStore truststore
protected CertStore crlCertStore
protected boolean loadCACerts
protected boolean privatePasswordSet
protected PasswordEncryptor passwordEncryptor
public Merlin()
public Merlin(boolean loadCACerts, String cacertsPasswd)
public Merlin(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor) throws WSSecurityException, IOException
WSSecurityException
IOException
public void loadProperties(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor) throws WSSecurityException, IOException
WSSecurityException
IOException
public static InputStream loadInputStream(ClassLoader loader, String location) throws WSSecurityException, IOException
WSSecurityException
IOException
protected KeyStore load(InputStream input, String storepass, String provider, String type) throws WSSecurityException
InputStream
.
input
- InputStream
to read fromWSSecurityException
public KeyStore getKeyStore()
public void setKeyStore(KeyStore keyStore)
keyStore
- the Keystore to setpublic KeyStore getTrustStore()
public void setTrustStore(KeyStore trustStore)
trustStore
- the trust store to setpublic void setCRLCertStore(CertStore crlCertStore)
crlCertStore
- the CertStore from which to obtain a list of CRLs for Certificate
Revocation checking.public CertStore getCRLCertStore()
public CertificateFactory getCertificateFactory() throws WSSecurityException
getCertificateFactory
in interface Crypto
getCertificateFactory
in class CryptoBase
CertificateFactory
to construct
X509 certificatesWSSecurityException
public String getDefaultX509Identifier() throws WSSecurityException
getDefaultX509Identifier
in interface Crypto
getDefaultX509Identifier
in class CryptoBase
WSSecurityException
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException
WSSecurityException
public String getX509Identifier(X509Certificate cert) throws WSSecurityException
cert
- The X509Certificate for which to search for an identifierWSSecurityException
public PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) throws WSSecurityException
certificate
- The X509Certificate corresponding to the private keycallbackHandler
- The callbackHandler needed to get the passwordWSSecurityException
public PrivateKey getPrivateKey(String identifier, String password) throws WSSecurityException
identifier
- The implementation-specific identifier corresponding to the keypassword
- The password needed to get the keyWSSecurityException
public void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) throws WSSecurityException
certs
- Certificate chain to validateenableRevocation
- whether to enable CRL verification or notsubjectCertConstraints
- A set of constraints on the Subject DN of the certificatesWSSecurityException
- if the certificate chain is invalidprotected PKIXParameters createPKIXParameters(Set<TrustAnchor> trustAnchors, boolean enableRevocation) throws InvalidAlgorithmParameterException
public void verifyTrust(PublicKey publicKey) throws WSSecurityException
publicKey
- The PublicKey to be evaluatedWSSecurityException
- if the PublicKey is invalidprotected String decryptPassword(String password, PasswordEncryptor passwordEncryptor)
public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor)
Copyright © 2016 JBoss by Red Hat. All rights reserved.