public class MerlinAKI extends Merlin
crlCertStore, CRYPTO_CERT_PROVIDER, CRYPTO_KEYSTORE_PROVIDER, ENCRYPTED_PASSWORD_PREFIX, ENCRYPTED_PASSWORD_SUFFIX, keystore, KEYSTORE_ALIAS, KEYSTORE_FILE, KEYSTORE_PASSWORD, KEYSTORE_PRIVATE_PASSWORD, KEYSTORE_TYPE, LOAD_CA_CERTS, loadCACerts, OLD_KEYSTORE_FILE, OLD_PREFIX, passwordEncryptor, PREFIX, privatePasswordSet, properties, truststore, TRUSTSTORE_FILE, TRUSTSTORE_PASSWORD, TRUSTSTORE_PROVIDER, TRUSTSTORE_TYPE, X509_CRL_FILE
certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID
Constructor and Description |
---|
MerlinAKI() |
MerlinAKI(boolean loadCACerts,
String cacertsPasswd) |
MerlinAKI(Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor) |
Modifier and Type | Method and Description |
---|---|
void |
verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
createPKIXParameters, decryptPassword, getCertificateFactory, getCRLCertStore, getDefaultX509Identifier, getKeyStore, getPrivateKey, getPrivateKey, getPrivateKey, getTrustStore, getX509Certificates, getX509Identifier, load, loadInputStream, loadProperties, setCRLCertStore, setKeyStore, setPasswordEncryptor, setTrustStore, verifyTrust
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider, verifyDirectTrust
public MerlinAKI()
public MerlinAKI(boolean loadCACerts, String cacertsPasswd)
public MerlinAKI(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor) throws WSSecurityException, IOException
WSSecurityException
IOException
public void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) throws WSSecurityException
verifyTrust
in interface Crypto
verifyTrust
in class Merlin
certs
- Certificate chain to validateenableRevocation
- whether to enable CRL verification or notsubjectCertConstraints
- A set of constraints on the Subject DN of the certificatesWSSecurityException
- if the certificate chain is invalidCopyright © 2017 JBoss by Red Hat. All rights reserved.