CXFServerCrypto (WSO2 Carbon - CXF Extras 4.9.12 API)

java.lang.Object
- org.apache.ws.security.components.crypto.CryptoBase
- - org.apache.ws.security.components.crypto.Merlin
  - - org.wso2.carbon.webapp.ext.cxf.crypto.CXFServerCrypto

All Implemented Interfaces:

org.apache.ws.security.components.crypto.Crypto
```
public class CXFServerCrypto
extends org.apache.ws.security.components.crypto.Merlin
```
ServerCrypto implementation to support a collection of keystores holding different trusted certs and CA certs in CXF run time

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`PROP_ID_CACERT_PASS`
`static String`	`PROP_ID_CERT_PROVIDER`
`static String`	`PROP_ID_DEFAULT_ALIAS`
`static String`	`PROP_ID_TENANT_DOMAIN`
`static String`	`PROP_ID_TENANT_ID`
`static String`	`PROP_ID_TRUST_STORES`
`static String`	`PROP_ID_XKMS_SERVICE_PASS_PHRASE`
`static String`	`PROP_ID_XKMS_SERVICE_URL`

Fields inherited from class org.apache.ws.security.components.crypto.Merlin
crlCertStore, CRYPTO_CERT_PROVIDER, CRYPTO_KEYSTORE_PROVIDER, keystore, KEYSTORE_ALIAS, KEYSTORE_FILE, KEYSTORE_PASSWORD, KEYSTORE_PRIVATE_PASSWORD, KEYSTORE_TYPE, LOAD_CA_CERTS, loadCACerts, OLD_KEYSTORE_FILE, privatePasswordSet, truststore, TRUSTSTORE_FILE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, X509_CRL_FILE

Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase
certFactMap, cryptoProvider, defaultAlias, NAME_CONSTRAINTS_OID

Constructor Summary

Constructors
Constructor and Description

CXFServerCrypto(Properties prop)

CXFServerCrypto(Properties prop, ClassLoader loader)

Constructors
Constructor and Description
`CXFServerCrypto(Properties prop)`
`CXFServerCrypto(Properties prop, ClassLoader loader)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`String[]`	`getAliasesForDN(String subjectDN)`
`String`	`getAliasForX509Cert(byte[] skiBytes)`
`String`	`getAliasForX509Cert(Certificate cert)`
`String`	`getAliasForX509Cert(String issuer)`
`String`	`getAliasForX509Cert(String issuer, BigInteger serialNumber)`
`String`	`getAliasForX509CertThumb(byte[] thumb)`
`byte[]`	`getCertificateData(boolean reverse, X509Certificate[] certs)`
`CertificateFactory`	`getCertificateFactory()`
`X509Certificate[]`	`getCertificates(String alias)` This first looks into the primary keystore and then looks at the other trust stores
`String`	`getDefaultX509Alias()`
`KeyStore`	`getKeyStore()`
`PrivateKey`	`getPrivateKey(String identifier, String password)` Gets the private key corresponding to the identifier.
`PrivateKey`	`getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)` Gets the private key corresponding to the certificate.
`byte[]`	`getSKIBytesFromCert(X509Certificate cert)`
`X509Certificate[]`	`getX509Certificates(byte[] data, boolean reverse)`
`X509Certificate`	`loadCertificate(InputStream in)`
`boolean`	`validateCertPath(X509Certificate[] certs)`

Methods inherited from class org.apache.ws.security.components.crypto.Merlin
getCRLCertStore, getDefaultX509Identifier, getTrustStore, getX509Certificates, getX509Identifier, load, loadInputStream, loadProperties, loadProperties, setCRLCertStore, setKeyStore, setTrustStore, verifyTrust, verifyTrust, verifyTrust

Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase
createBCX509Name, getBytesFromCertificates, getCertificatesFromBytes, getCryptoProvider, setCertificateFactory, setCryptoProvider, setDefaultX509Identifier

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PROP_ID_TRUST_STORES
```
public static final String PROP_ID_TRUST_STORES
```
    See Also:
    
    Constant Field Values
  - PROP_ID_CERT_PROVIDER
```
public static final String PROP_ID_CERT_PROVIDER
```
    See Also:
    
    Constant Field Values
  - PROP_ID_DEFAULT_ALIAS
```
public static final String PROP_ID_DEFAULT_ALIAS
```
    See Also:
    
    Constant Field Values
  - PROP_ID_CACERT_PASS
```
public static final String PROP_ID_CACERT_PASS
```
    See Also:
    
    Constant Field Values
  - PROP_ID_XKMS_SERVICE_PASS_PHRASE
```
public static final String PROP_ID_XKMS_SERVICE_PASS_PHRASE
```
    See Also:
    
    Constant Field Values
  - PROP_ID_TENANT_ID
```
public static final String PROP_ID_TENANT_ID
```
    See Also:
    
    Constant Field Values
  - PROP_ID_TENANT_DOMAIN
```
public static final String PROP_ID_TENANT_DOMAIN
```
    See Also:
    
    Constant Field Values
  - PROP_ID_XKMS_SERVICE_URL
```
public static final String PROP_ID_XKMS_SERVICE_URL
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CXFServerCrypto
```
public CXFServerCrypto(Properties prop)
                throws org.apache.ws.security.components.crypto.CredentialException,
                       IOException
```
    Throws:
    
    org.apache.ws.security.components.crypto.CredentialException
    
    IOException
  - CXFServerCrypto
```
public CXFServerCrypto(Properties prop,
                       ClassLoader loader)
                throws org.apache.ws.security.components.crypto.CredentialException,
                       IOException
```
    Throws:
    
    org.apache.ws.security.components.crypto.CredentialException
    
    IOException
- Method Detail
  - loadCertificate
```
public X509Certificate loadCertificate(InputStream in)
                                throws org.apache.ws.security.WSSecurityException
```
    Specified by:
    
    loadCertificate in interface org.apache.ws.security.components.crypto.Crypto
    
    Overrides:
    
    loadCertificate in class org.apache.ws.security.components.crypto.CryptoBase
    
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    Crypto.loadCertificate(java.io.InputStream)
  - getX509Certificates
```
public X509Certificate[] getX509Certificates(byte[] data,
                                             boolean reverse)
                                      throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
  - getCertificateData
```
public byte[] getCertificateData(boolean reverse,
                                 X509Certificate[] certs)
                          throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getCertificateData(boolean, java.security.cert.X509Certificate[])
  - getCertificates
```
public X509Certificate[] getCertificates(String alias)
                                  throws org.apache.ws.security.WSSecurityException
```
    This first looks into the primary keystore and then looks at the other trust stores
    
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getCertificates(String)
  - getAliasForX509Cert
```
public String getAliasForX509Cert(Certificate cert)
                           throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(java.security.cert.Certificate)
  - getAliasForX509Cert
```
public String getAliasForX509Cert(String issuer)
                           throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(String)
  - getAliasForX509Cert
```
public String getAliasForX509Cert(String issuer,
                                  BigInteger serialNumber)
                           throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(String, java.math.BigInteger)
  - getAliasForX509Cert
```
public String getAliasForX509Cert(byte[] skiBytes)
                           throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasForX509Cert(byte[])
  - getDefaultX509Alias
```
public String getDefaultX509Alias()
```
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getDefaultX509Alias()
  - getSKIBytesFromCert
```
public byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws org.apache.ws.security.WSSecurityException
```
    Specified by:
    
    getSKIBytesFromCert in interface org.apache.ws.security.components.crypto.Crypto
    
    Overrides:
    
    getSKIBytesFromCert in class org.apache.ws.security.components.crypto.CryptoBase
    
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    Crypto.getSKIBytesFromCert(java.security.cert.X509Certificate)
  - getAliasForX509CertThumb
```
public String getAliasForX509CertThumb(byte[] thumb)
                                throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasForX509CertThumb(byte[])
  - getKeyStore
```
public KeyStore getKeyStore()
```
    Overrides:
    
    getKeyStore in class org.apache.ws.security.components.crypto.Merlin
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getKeyStore()
  - getCertificateFactory
```
public CertificateFactory getCertificateFactory()
                                         throws org.apache.ws.security.WSSecurityException
```
    Specified by:
    
    getCertificateFactory in interface org.apache.ws.security.components.crypto.Crypto
    
    Overrides:
    
    getCertificateFactory in class org.apache.ws.security.components.crypto.Merlin
    
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    Crypto.getCertificateFactory()
  - validateCertPath
```
public boolean validateCertPath(X509Certificate[] certs)
                         throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#validateCertPath(java.security.cert.X509Certificate[])
  - getAliasesForDN
```
public String[] getAliasesForDN(String subjectDN)
                         throws org.apache.ws.security.WSSecurityException
```
    Throws:
    
    org.apache.ws.security.WSSecurityException
    
    See Also:
    
    org.apache.ws.security.components.crypto.Crypto#getAliasesForDN(String)
  - getPrivateKey
```
public PrivateKey getPrivateKey(String identifier,
                                String password)
                         throws org.apache.ws.security.WSSecurityException
```
    Gets the private key corresponding to the identifier. Within carbon server, we will be reading them from server configuration according to the tenant
    
    Specified by:
    
    getPrivateKey in interface org.apache.ws.security.components.crypto.Crypto
    
    Overrides:
    
    getPrivateKey in class org.apache.ws.security.components.crypto.Merlin
    
    Parameters:
    
    identifier - The implementation-specific identifier corresponding to the key
    
    password - The password needed to get the key
    
    Returns:
    
    The private key
    
    Throws:
    
    org.apache.ws.security.WSSecurityException
  - getPrivateKey
```
public PrivateKey getPrivateKey(X509Certificate certificate,
                                CallbackHandler callbackHandler)
                         throws org.apache.ws.security.WSSecurityException
```
    Gets the private key corresponding to the certificate.
    
    Specified by:
    
    getPrivateKey in interface org.apache.ws.security.components.crypto.Crypto
    
    Overrides:
    
    getPrivateKey in class org.apache.ws.security.components.crypto.Merlin
    
    Parameters:
    
    certificate - The X509Certificate corresponding to the private key
    
    callbackHandler - The callbackHandler needed to get the password
    
    Returns:
    
    The private key
    
    Throws:
    
    org.apache.ws.security.WSSecurityException

Class CXFServerCrypto

Field Summary

Fields inherited from class org.apache.ws.security.components.crypto.Merlin

Fields inherited from class org.apache.ws.security.components.crypto.CryptoBase

Constructor Summary

Method Summary

Methods inherited from class org.apache.ws.security.components.crypto.Merlin

Methods inherited from class org.apache.ws.security.components.crypto.CryptoBase

Methods inherited from class java.lang.Object

Field Detail

PROP_ID_TRUST_STORES

PROP_ID_CERT_PROVIDER

PROP_ID_DEFAULT_ALIAS

PROP_ID_CACERT_PASS

PROP_ID_XKMS_SERVICE_PASS_PHRASE

PROP_ID_TENANT_ID

PROP_ID_TENANT_DOMAIN

PROP_ID_XKMS_SERVICE_URL

Constructor Detail

CXFServerCrypto

CXFServerCrypto

Method Detail

loadCertificate

getX509Certificates

getCertificateData

getCertificates

getAliasForX509Cert

getAliasForX509Cert

getAliasForX509Cert

getAliasForX509Cert

getDefaultX509Alias

getSKIBytesFromCert

getAliasForX509CertThumb

getKeyStore

getCertificateFactory

validateCertPath

getAliasesForDN

getPrivateKey

getPrivateKey