CertificateStore (Red Hat JBoss Enterprise Application Platform 7.2.0.Beta public API)

java.lang.Object
- org.apache.wss4j.common.crypto.CryptoBase
- - org.apache.wss4j.common.crypto.CertificateStore

All Implemented Interfaces:

Crypto
```
public class CertificateStore
extends CryptoBase
```
A Crypto implementation based on a simple array of X509Certificate(s). PrivateKeys are not supported, so this cannot be used for signature creation, or decryption.

Field Summary
- Fields inherited from class org.apache.wss4j.common.crypto.CryptoBase
  certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID

Constructor Summary

Constructors
Constructor and Description

CertificateStore(X509Certificate[] trustedCerts)
Constructor

Constructors
Constructor and Description
`CertificateStore(X509Certificate[] trustedCerts)` Constructor

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`PrivateKey`	`getPrivateKey(PublicKey publicKey, CallbackHandler callbackHandler)` Gets the private key corresponding to the given PublicKey.
`PrivateKey`	`getPrivateKey(String identifier, String password)` Gets the private key corresponding to the identifier.
`PrivateKey`	`getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)` Gets the private key corresponding to the certificate.
`X509Certificate[]`	`getX509Certificates(CryptoType cryptoType)` Get an X509Certificate (chain) corresponding to the CryptoType argument.
`String`	`getX509Identifier(X509Certificate cert)` Get the implementation-specific identifier corresponding to the cert parameter.
`void`	`verifyTrust(PublicKey publicKey)` Evaluate whether a given public key should be trusted.
`protected void`	`verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints)` Evaluate whether a given certificate chain should be trusted.
`void`	`verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints, Collection<Pattern> issuerCertConstraints)` Evaluate whether a given certificate chain should be trusted.

Methods inherited from class org.apache.wss4j.common.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificateFactory, getCertificatesFromBytes, getCryptoProvider, getDefaultX509Identifier, getNameConstraints, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesIssuerDnPattern, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CertificateStore
```
public CertificateStore(X509Certificate[] trustedCerts)
```
    Constructor
- Method Detail
  - getX509Certificates
```
public X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                      throws WSSecurityException
```
    Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. In this case, it duplicates the TYPE.SUBJECT_DN functionality.
    
    Throws:
    
    WSSecurityException
  - getX509Identifier
```
public String getX509Identifier(X509Certificate cert)
                         throws WSSecurityException
```
    Get the implementation-specific identifier corresponding to the cert parameter. In this case, the identifier refers to the subject DN.
    
    Parameters:
    
    cert - The X509Certificate for which to search for an identifier
    
    Returns:
    
    the identifier corresponding to the cert parameter
    
    Throws:
    
    WSSecurityException
  - getPrivateKey
```
public PrivateKey getPrivateKey(X509Certificate certificate,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
```
    Gets the private key corresponding to the certificate. Not supported.
    
    Parameters:
    
    certificate - The X509Certificate corresponding to the private key
    
    callbackHandler - The callbackHandler needed to get the password
    
    Returns:
    
    The private key
    
    Throws:
    
    WSSecurityException
  - getPrivateKey
```
public PrivateKey getPrivateKey(PublicKey publicKey,
                                CallbackHandler callbackHandler)
                         throws WSSecurityException
```
    Gets the private key corresponding to the given PublicKey.
    
    Parameters:
    
    publicKey - The PublicKey corresponding to the private key
    
    callbackHandler - The callbackHandler needed to get the password
    
    Returns:
    
    The private key
    
    Throws:
    
    WSSecurityException
  - getPrivateKey
```
public PrivateKey getPrivateKey(String identifier,
                                String password)
                         throws WSSecurityException
```
    Gets the private key corresponding to the identifier. Not supported.
    
    Parameters:
    
    identifier - The implementation-specific identifier corresponding to the key
    
    password - The password needed to get the key
    
    Returns:
    
    The private key
    
    Throws:
    
    WSSecurityException
  - verifyTrust
```
protected void verifyTrust(X509Certificate[] certs,
                           boolean enableRevocation,
                           Collection<Pattern> subjectCertConstraints)
                    throws WSSecurityException
```
    Evaluate whether a given certificate chain should be trusted.
    
    Parameters:
    
    certs - Certificate chain to validate
    
    enableRevocation - whether to enable CRL verification or not
    
    subjectCertConstraints - A set of constraints on the Subject DN of the certificates
    
    Throws:
    
    WSSecurityException - if the certificate chain is invalid
  - verifyTrust
```
public void verifyTrust(X509Certificate[] certs,
                        boolean enableRevocation,
                        Collection<Pattern> subjectCertConstraints,
                        Collection<Pattern> issuerCertConstraints)
                 throws WSSecurityException
```
    Description copied from interface: Crypto
    
    Evaluate whether a given certificate chain should be trusted.
    
    Parameters:
    
    certs - Certificate chain to validate
    
    enableRevocation - whether to enable CRL verification or not
    
    subjectCertConstraints - A set of constraints on the Subject DN of the certificates
    
    issuerCertConstraints - A set of constraints on the Issuer DN of the certificates
    
    Throws:
    
    WSSecurityException - if the certificate chain is invalid
  - verifyTrust
```
public void verifyTrust(PublicKey publicKey)
                 throws WSSecurityException
```
    Evaluate whether a given public key should be trusted.
    
    Parameters:
    
    publicKey - The PublicKey to be evaluated
    
    Throws:
    
    WSSecurityException - if the PublicKey is invalid

Class CertificateStore

Field Summary

Fields inherited from class org.apache.wss4j.common.crypto.CryptoBase

Constructor Summary

Method Summary

Methods inherited from class org.apache.wss4j.common.crypto.CryptoBase

Methods inherited from class java.lang.Object

Constructor Detail

CertificateStore

Method Detail

getX509Certificates

getX509Identifier

getPrivateKey

getPrivateKey

getPrivateKey

verifyTrust

verifyTrust

verifyTrust