org.apache.ws.security.components.crypto.Crypto Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of wss4j Show documentation
Show all versions of wss4j Show documentation
The Apache WSS4J project provides a Java implementation of the primary security standards
for Web Services, namely the OASIS Web Services Security (WS-Security) specifications
from the OASIS Web Services Security TC.
/*
* Copyright 2003-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.ws.security.components.crypto;
import org.apache.ws.security.WSSecurityException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
* Crypto.
*
*
* @author Davanum Srinivas ([email protected]).
*/
public interface Crypto {
/**
* load a X509Certificate from the input stream.
*
*
* @param in The InputStream array containing the X509 data
* @return An X509 certificate
* @throws WSSecurityException
*/
X509Certificate loadCertificate(InputStream in) throws WSSecurityException;
/**
* Construct an array of X509Certificate's from the byte array.
*
*
* @param data The byte array containing the X509 data
* @param reverse If set the first certificate in input data will
* the last in the array
* @return An array of X509 certificates, ordered according to
* the reverse flag
* @throws WSSecurityException
*/
X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException;
/**
* get a byte array given an array of X509 certificates.
*
*
* @param reverse If set the first certificate in the array data will
* the last in the byte array
* @param certs The certificates to convert
* @return The byte array for the certificates ordered according
* to the reverse flag
* @throws WSSecurityException
*/
byte[] getCertificateData(boolean reverse, X509Certificate[] certs) throws WSSecurityException;
/**
* Gets the private key identified by alias and password.
*
*
* @param alias The alias (KeyStore) of the key owner
* @param password The password needed to access the private key
* @return The private key
* @throws Exception
*/
public PrivateKey getPrivateKey(String alias, String password) throws Exception;
/**
* get the list of certificates for a given alias. This method
* reads a new certificate chain and overwrites a previously
* stored certificate chain.
*
*
* @param alias Lookup certificate chain for this alias
* @return Array of X509 certificates for this alias name, or
* null if this alias does not exist in the keystore
*/
public X509Certificate[] getCertificates(String alias) throws WSSecurityException;
/**
* Return a X509 Certificate alias in the keystore according to a given Certificate
*
*
* @param cert The certificate to lookup
* @return alias name of the certificate that matches the given certificate
* or null if no such certificate was found.
*
* See comment above
*
* See comment above
*/
/*
* See comment above
*/
public String getAliasForX509Cert(Certificate cert) throws WSSecurityException;
/**
* Lookup a X509 Certificate in the keystore according to a given
* the issuer of a Certificate.
*
* The search gets all alias names of the keystore and gets the certificate chain
* for each alias. Then the Issuer of each certificate of the chain
* is compared with the parameters.
*
* @param issuer The issuer's name for the certificate
* @return alias name of the certificate that matches the issuer name
* or null if no such certificate was found.
*/
public String getAliasForX509Cert(String issuer) throws WSSecurityException;
/**
* Search a X509 Certificate in the keystore according to a given serial number and
* the issuer of a Certificate.
*
* The search gets all alias names of the keystore and gets the certificate chain
* for each alias. Then the SerialNumber and Issuer of each certificate of the chain
* is compared with the parameters.
*
* @param issuer The issuer's name for the certificate
* @param serialNumber The serial number of the certificate from the named issuer
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException;
/**
* Lookup a X509 Certificate in the keystore according to a given
* SubjectKeyIdentifier.
*
* The search gets all alias names of the keystore and gets the certificate chain
* or certificate for each alias. Then the SKI for each user certificate
* is compared with the SKI parameter.
*
* @param skiBytes The SKI info bytes
* @return alias name of the certificate that matches serialNumber and issuer name
* or null if no such certificate was found.
*/
public String getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException;
/**
* Retrieves the alias name of the default certificate which has been
* specified as a property. This should be the certificate that is used for
* signature and encryption. This alias corresponds to the certificate that
* should be used whenever KeyInfo is not present in a signed or
* an encrypted message. May return null.
*
* @return alias name of the default X509 certificate.
*/
public String getDefaultX509Alias();
/**
* Reads the SubjectKeyIdentifier information from the certificate.
*
*
* @param cert The certificate to read SKI
* @return The byte array containing the binary SKI data
*/
public byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException;
/**
* Lookup a X509 Certificate in the keystore according to a given
* Thumbprint.
*
* The search gets all alias names of the keystore, then reads the certificate chain
* or certificate for each alias. Then the thumbprint for each user certificate
* is compared with the thumbprint parameter.
*
* @param thumb The SHA1 thumbprint info bytes
* @return alias name of the certificate that matches the thumbprint
* or null if no such certificate was found.
* @throws WSSecurityException if problems during keystore handling or wrong certificate
*/
public String getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException;
/**
* Gets the Keystore that was loaded by the underlying implementation
*
* @return the Keystore
*/
public KeyStore getKeyStore();
/**
* Gets the CertificateFactory instantiated by the underlying implementation
*
* @return the CertificateFactory
* @throws WSSecurityException
*/
public CertificateFactory getCertificateFactory() throws WSSecurityException;
/**
* Uses the CertPath API to validate a given certificate chain
*
*
* @param certs Certificate chain to validate
* @return true if the certificate chain is valid, false otherwise
* @throws WSSecurityException
*/
public boolean validateCertPath(X509Certificate[] certs) throws WSSecurityException;
/**
* Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
*
*
* @param subjectDN The DN of subject to look for in the keystore
* @return Vector with all alias of certificates with the same DN as given in the parameters
* @throws WSSecurityException
*/
public String[] getAliasesForDN(String subjectDN) throws WSSecurityException;
}