public class CertificateStore extends CryptoBase
certificateFactory, NAME_CONSTRAINTS_OID, SKI_OID
Constructor and Description |
---|
CertificateStore(X509Certificate[] trustedCerts)
Constructor
|
Modifier and Type | Method and Description |
---|---|
PrivateKey |
getPrivateKey(PublicKey publicKey,
CallbackHandler callbackHandler)
Gets the private key corresponding to the given PublicKey.
|
PrivateKey |
getPrivateKey(String identifier,
String password)
Gets the private key corresponding to the identifier.
|
PrivateKey |
getPrivateKey(X509Certificate certificate,
CallbackHandler callbackHandler)
Gets the private key corresponding to the certificate.
|
X509Certificate[] |
getX509Certificates(CryptoType cryptoType)
Get an X509Certificate (chain) corresponding to the CryptoType argument.
|
String |
getX509Identifier(X509Certificate cert)
Get the implementation-specific identifier corresponding to the cert parameter.
|
void |
verifyTrust(PublicKey publicKey)
Evaluate whether a given public key should be trusted.
|
protected void |
verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
void |
verifyTrust(X509Certificate[] certs,
boolean enableRevocation,
Collection<Pattern> subjectCertConstraints,
Collection<Pattern> issuerCertConstraints)
Evaluate whether a given certificate chain should be trusted.
|
createBCX509Name, getBytesFromCertificates, getCertificateFactory, getCertificatesFromBytes, getCryptoProvider, getDefaultX509Identifier, getNameConstraints, getSKIBytesFromCert, getTrustProvider, loadCertificate, matchesIssuerDnPattern, matchesName, matchesSubjectDnPattern, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier, setTrustProvider
public CertificateStore(X509Certificate[] trustedCerts)
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException
WSSecurityException
public String getX509Identifier(X509Certificate cert) throws WSSecurityException
cert
- The X509Certificate for which to search for an identifierWSSecurityException
public PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) throws WSSecurityException
certificate
- The X509Certificate corresponding to the private keycallbackHandler
- The callbackHandler needed to get the passwordWSSecurityException
public PrivateKey getPrivateKey(PublicKey publicKey, CallbackHandler callbackHandler) throws WSSecurityException
publicKey
- The PublicKey corresponding to the private keycallbackHandler
- The callbackHandler needed to get the passwordWSSecurityException
public PrivateKey getPrivateKey(String identifier, String password) throws WSSecurityException
identifier
- The implementation-specific identifier corresponding to the keypassword
- The password needed to get the keyWSSecurityException
protected void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints) throws WSSecurityException
certs
- Certificate chain to validateenableRevocation
- whether to enable CRL verification or notsubjectCertConstraints
- A set of constraints on the Subject DN of the certificatesWSSecurityException
- if the certificate chain is invalidpublic void verifyTrust(X509Certificate[] certs, boolean enableRevocation, Collection<Pattern> subjectCertConstraints, Collection<Pattern> issuerCertConstraints) throws WSSecurityException
Crypto
certs
- Certificate chain to validateenableRevocation
- whether to enable CRL verification or notsubjectCertConstraints
- A set of constraints on the Subject DN of the certificatesissuerCertConstraints
- A set of constraints on the Issuer DN of the certificatesWSSecurityException
- if the certificate chain is invalidpublic void verifyTrust(PublicKey publicKey) throws WSSecurityException
publicKey
- The PublicKey to be evaluatedWSSecurityException
- if the PublicKey is invalidCopyright © 2021 JBoss by Red Hat. All rights reserved.