org.apache.wss4j.common.crypto

Class MerlinAKI

java.lang.Object

org.apache.wss4j.common.crypto.CryptoBase

org.apache.wss4j.common.crypto.Merlin

org.apache.wss4j.common.crypto.MerlinAKI

All Implemented Interfaces:

Crypto

public class MerlinAKI
extends Merlin

A Crypto implementation based on two Java KeyStore objects, one being the keystore, and one being the truststore. It differs from Merlin in that it searches the truststore for the issuing cert using the AuthorityKeyIdentifier bytes of the certificate, as opposed to the issuer DN.

Field Summary

Fields inherited from class org.apache.wss4j.common.crypto.Merlin

crlCertStore, CRYPTO_CERT_PROVIDER, CRYPTO_KEYSTORE_PROVIDER, ENCRYPTED_PASSWORD_PREFIX, ENCRYPTED_PASSWORD_SUFFIX, keystore, KEYSTORE_ALIAS, KEYSTORE_FILE, KEYSTORE_PASSWORD, KEYSTORE_PRIVATE_PASSWORD, KEYSTORE_TYPE, LOAD_CA_CERTS, loadCACerts, OLD_KEYSTORE_FILE, OLD_PREFIX, passwordEncryptor, PREFIX, privatePasswordSet, properties, truststore, TRUSTSTORE_FILE, TRUSTSTORE_PASSWORD, TRUSTSTORE_PROVIDER, TRUSTSTORE_TYPE, X509_CRL_FILE

Fields inherited from class org.apache.wss4j.common.crypto.CryptoBase

certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID

Constructor Summary

Constructors

Constructor and Description
MerlinAKI()
MerlinAKI(boolean loadCACerts, String cacertsPasswd)
MerlinAKI(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor)

Method Summary

Modifier and Type	Method and Description
void	verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) Evaluate whether a given certificate chain should be trusted.

Methods inherited from class org.apache.wss4j.common.crypto.Merlin

createPKIXParameters, decryptPassword, getCertificateFactory, getCRLCertStore, getDefaultX509Identifier, getKeyStore, getPrivateKey, getPrivateKey, getPrivateKey, getTrustStore, getX509Certificates, getX509Identifier, load, loadInputStream, loadProperties, setCRLCertStore, setKeyStore, setPasswordEncryptor, setTrustStore, verifyTrust

Methods inherited from class org.apache.wss4j.common.crypto.CryptoBase

createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider, verifyDirectTrust

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MerlinAKI

public MerlinAKI()

MerlinAKI

public MerlinAKI(boolean loadCACerts,
                 String cacertsPasswd)

MerlinAKI

public MerlinAKI(Properties properties,
                 ClassLoader loader,
                 PasswordEncryptor passwordEncryptor)
          throws WSSecurityException,
                 IOException

Throws:

WSSecurityException

IOException

Method Detail

verifyTrust

public void verifyTrust(X509Certificate[] certs,
                        boolean enableRevocation,
                        Collection<Pattern> subjectCertConstraints)
                 throws WSSecurityException

Evaluate whether a given certificate chain should be trusted.

Specified by:

verifyTrust in interface Crypto

Overrides:

verifyTrust in class Merlin

Parameters:

certs - Certificate chain to validate

enableRevocation - whether to enable CRL verification or not

subjectCertConstraints - A set of constraints on the Subject DN of the certificates

Throws:

WSSecurityException - if the certificate chain is invalid