org.wso2.carbon.webapp.ext.cxf.crypto

Class CXFServerCrypto

java.lang.Object

org.apache.ws.security.components.crypto.CryptoBase

org.apache.ws.security.components.crypto.AbstractCrypto

org.apache.ws.security.components.crypto.Merlin

org.wso2.carbon.webapp.ext.cxf.crypto.CXFServerCrypto

All Implemented Interfaces:

org.apache.ws.security.components.crypto.Crypto

public class CXFServerCrypto
extends org.apache.ws.security.components.crypto.Merlin

ServerCrypto implementation to support a collection of keystores holding different trusted certs and CA certs in CXF run time

Field Summary

Fields

Modifier and Type	Field and Description
static String	PROP_ID_CACERT_PASS
static String	PROP_ID_CERT_PROVIDER
static String	PROP_ID_DEFAULT_ALIAS
static String	PROP_ID_TENANT_DOMAIN
static String	PROP_ID_TENANT_ID
static String	PROP_ID_TRUST_STORES
static String	PROP_ID_XKMS_SERVICE_PASS_PHRASE
static String	PROP_ID_XKMS_SERVICE_URL

Fields inherited from class org.apache.ws.security.components.crypto.Merlin

NAME_CONSTRAINTS_OID

Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase

certFactMap, keystore

Constructor Summary

Constructors

Constructor and Description
CXFServerCrypto(Properties prop)
CXFServerCrypto(Properties prop, ClassLoader loader)

Method Summary

Methods

Modifier and Type	Method and Description
String[]	getAliasesForDN(String subjectDN)
String	getAliasForX509Cert(byte[] skiBytes)
String	getAliasForX509Cert(Certificate cert)
String	getAliasForX509Cert(String issuer)
String	getAliasForX509Cert(String issuer, BigInteger serialNumber)
String	getAliasForX509CertThumb(byte[] thumb)
byte[]	getCertificateData(boolean reverse, X509Certificate[] certs)
CertificateFactory	getCertificateFactory()
X509Certificate[]	getCertificates(String alias) This first looks into the primary keystore and then looks at the other trust stores
String	getDefaultX509Alias()
KeyStore	getKeyStore()
PrivateKey	getPrivateKey(String identifier, String password) Gets the private key corresponding to the identifier.
PrivateKey	getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) Gets the private key corresponding to the certificate.
byte[]	getSKIBytesFromCert(X509Certificate cert)
X509Certificate[]	getX509Certificates(byte[] data, boolean reverse)
X509Certificate	loadCertificate(InputStream in)
boolean	validateCertPath(X509Certificate[] certs)

Methods inherited from class org.apache.ws.security.components.crypto.AbstractCrypto

getCryptoProvider, load

Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase

setKeyStore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROP_ID_TRUST_STORES

public static final String PROP_ID_TRUST_STORES

See Also:

Constant Field Values

PROP_ID_CERT_PROVIDER

public static final String PROP_ID_CERT_PROVIDER

See Also:

Constant Field Values

PROP_ID_DEFAULT_ALIAS

public static final String PROP_ID_DEFAULT_ALIAS

See Also:

Constant Field Values

PROP_ID_CACERT_PASS

public static final String PROP_ID_CACERT_PASS

See Also:

Constant Field Values

PROP_ID_XKMS_SERVICE_PASS_PHRASE

public static final String PROP_ID_XKMS_SERVICE_PASS_PHRASE

See Also:

Constant Field Values

PROP_ID_TENANT_ID

public static final String PROP_ID_TENANT_ID

See Also:

Constant Field Values

PROP_ID_TENANT_DOMAIN

public static final String PROP_ID_TENANT_DOMAIN

See Also:

Constant Field Values

PROP_ID_XKMS_SERVICE_URL

public static final String PROP_ID_XKMS_SERVICE_URL

See Also:

Constant Field Values

Constructor Detail

CXFServerCrypto

public CXFServerCrypto(Properties prop)
                throws org.apache.ws.security.components.crypto.CredentialException,
                       IOException

Throws:

org.apache.ws.security.components.crypto.CredentialException

IOException

CXFServerCrypto

public CXFServerCrypto(Properties prop,
               ClassLoader loader)
                throws org.apache.ws.security.components.crypto.CredentialException,
                       IOException

Throws:

org.apache.ws.security.components.crypto.CredentialException

IOException

Method Detail

loadCertificate

public X509Certificate loadCertificate(InputStream in)
                                throws org.apache.ws.security.WSSecurityException

Specified by:

loadCertificate in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

loadCertificate in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.loadCertificate(java.io.InputStream)

getX509Certificates

public X509Certificate[] getX509Certificates(byte[] data,
                                    boolean reverse)
                                      throws org.apache.ws.security.WSSecurityException

Specified by:

getX509Certificates in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getX509Certificates in class org.apache.ws.security.components.crypto.Merlin

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getX509Certificates(byte[], boolean)

getCertificateData

public byte[] getCertificateData(boolean reverse,
                        X509Certificate[] certs)
                          throws org.apache.ws.security.WSSecurityException

Specified by:

getCertificateData in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getCertificateData in class org.apache.ws.security.components.crypto.Merlin

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getCertificateData(boolean, java.security.cert.X509Certificate[])

getCertificates

public X509Certificate[] getCertificates(String alias)
                                  throws org.apache.ws.security.WSSecurityException

This first looks into the primary keystore and then looks at the other trust stores

Specified by:

getCertificates in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getCertificates in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getCertificates(String)

getAliasForX509Cert

public String getAliasForX509Cert(Certificate cert)
                           throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasForX509Cert in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasForX509Cert(java.security.cert.Certificate)

getAliasForX509Cert

public String getAliasForX509Cert(String issuer)
                           throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasForX509Cert in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasForX509Cert(String)

getAliasForX509Cert

public String getAliasForX509Cert(String issuer,
                         BigInteger serialNumber)
                           throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasForX509Cert in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasForX509Cert(String, java.math.BigInteger)

getAliasForX509Cert

public String getAliasForX509Cert(byte[] skiBytes)
                           throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasForX509Cert in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasForX509Cert(byte[])

getDefaultX509Alias

public String getDefaultX509Alias()

Specified by:

getDefaultX509Alias in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getDefaultX509Alias in class org.apache.ws.security.components.crypto.AbstractCrypto

See Also:

Crypto.getDefaultX509Alias()

getSKIBytesFromCert

public byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws org.apache.ws.security.WSSecurityException

Specified by:

getSKIBytesFromCert in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getSKIBytesFromCert in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getSKIBytesFromCert(java.security.cert.X509Certificate)

getAliasForX509CertThumb

public String getAliasForX509CertThumb(byte[] thumb)
                                throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasForX509CertThumb in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasForX509CertThumb in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasForX509CertThumb(byte[])

getKeyStore

public KeyStore getKeyStore()

Specified by:

getKeyStore in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getKeyStore in class org.apache.ws.security.components.crypto.CryptoBase

See Also:

Crypto.getKeyStore()

getCertificateFactory

public CertificateFactory getCertificateFactory()
                                         throws org.apache.ws.security.WSSecurityException

Specified by:

getCertificateFactory in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getCertificateFactory in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getCertificateFactory()

validateCertPath

public boolean validateCertPath(X509Certificate[] certs)
                         throws org.apache.ws.security.WSSecurityException

Specified by:

validateCertPath in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

validateCertPath in class org.apache.ws.security.components.crypto.Merlin

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.validateCertPath(java.security.cert.X509Certificate[])

getAliasesForDN

public String[] getAliasesForDN(String subjectDN)
                         throws org.apache.ws.security.WSSecurityException

Specified by:

getAliasesForDN in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getAliasesForDN in class org.apache.ws.security.components.crypto.CryptoBase

Throws:

org.apache.ws.security.WSSecurityException

See Also:

Crypto.getAliasesForDN(String)

getPrivateKey

public PrivateKey getPrivateKey(String identifier,
                       String password)
                         throws org.apache.ws.security.WSSecurityException

Gets the private key corresponding to the identifier. Within carbon server, we will be reading them from server configuration according to the tenant

Specified by:

getPrivateKey in interface org.apache.ws.security.components.crypto.Crypto

Overrides:

getPrivateKey in class org.apache.ws.security.components.crypto.CryptoBase

Parameters:

identifier - The implementation-specific identifier corresponding to the key

password - The password needed to get the key

Returns:

The private key

Throws:

org.apache.ws.security.WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(X509Certificate certificate,
                       CallbackHandler callbackHandler)
                         throws org.apache.ws.security.WSSecurityException

Gets the private key corresponding to the certificate.

Parameters:

certificate - The X509Certificate corresponding to the private key

callbackHandler - The callbackHandler needed to get the password

Returns:

The private key

Throws:

org.apache.ws.security.WSSecurityException