All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.wss4j.common.crypto.Crypto Maven / Gradle / Ivy

There is a newer version: 3.0.4
Show newest version
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.wss4j.common.crypto;

import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.regex.Pattern;

import javax.security.auth.callback.CallbackHandler;

import org.apache.wss4j.common.ext.WSSecurityException;

public interface Crypto {

    //
    // Accessor methods
    //

    /**
     * Get the crypto provider associated with this implementation
     * @return the crypto provider
     */
    String getCryptoProvider();

    /**
     * Set the crypto provider associated with this implementation
     * @param provider the crypto provider name to set
     */
    void setCryptoProvider(String provider);

    /**
     * Get the crypto provider used for truststore operation associated with this implementation.
     * @return a crypto provider name
     */
    String getTrustProvider();

    /**
     * Set the crypto provider used for truststore operations associated with this implementation
     * @param provider the name of the provider
     */
    void setTrustProvider(String provider);

    /**
     * Retrieves the identifier name of the default certificate. This should be the certificate
     * that is used for signature and encryption. This identifier corresponds to the certificate
     * that should be used whenever KeyInfo is not present in a signed or an encrypted
     * message. May return null. The identifier is implementation specific, e.g. it could be the
     * KeyStore alias.
     *
     * @return name of the default X509 certificate.
     */
    String getDefaultX509Identifier() throws WSSecurityException;

    /**
     * Sets the identifier name of the default certificate. This should be the certificate
     * that is used for signature and encryption. This identifier corresponds to the certificate
     * that should be used whenever KeyInfo is not present in a signed or an encrypted
     * message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
     *
     * @param identifier name of the default X509 certificate.
     */
    void setDefaultX509Identifier(String identifier);

    /**
     * Sets the CertificateFactory instance on this Crypto instance
     *
     * @param certFactory the CertificateFactory the CertificateFactory instance to set
     */
    void setCertificateFactory(CertificateFactory certFactory);

    /**
     * Get the CertificateFactory instance on this Crypto instance
     *
     * @return Returns a CertificateFactory to construct
     *         X509 certificates
     * @throws WSSecurityException
     */
    CertificateFactory getCertificateFactory() throws WSSecurityException;

    //
    // Base Crypto functionality methods
    //

    /**
     * Load a X509Certificate from the input stream.
     *
     * @param in The InputStream containing the X509 data
     * @return An X509 certificate
     * @throws WSSecurityException
     */
    X509Certificate loadCertificate(InputStream in) throws WSSecurityException;

    /**
     * Reads the SubjectKeyIdentifier information from the certificate.
     * 

* If the the certificate does not contain a SKI extension then * try to compute the SKI according to RFC3280 using the * SHA-1 hash value of the public key. The second method described * in RFC3280 is not support. Also only RSA public keys are supported. * If we cannot compute the SKI throw a WSSecurityException. * * @param cert The certificate to read SKI * @return The byte array containing the binary SKI data */ byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException; /** * Get a byte array given an array of X509 certificates. *

* * @param certs The certificates to convert * @return The byte array for the certificates * @throws WSSecurityException */ byte[] getBytesFromCertificates(X509Certificate[] certs) throws WSSecurityException; /** * Construct an array of X509Certificate's from the byte array. * * @param data The byte array containing the X509 data * @return An array of X509 certificates * @throws WSSecurityException */ X509Certificate[] getCertificatesFromBytes(byte[] data) throws WSSecurityException; // // Implementation-specific Crypto functionality methods // /** * Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported * types are as follows: * * TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number * TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert * TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert * TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert * TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation * specific, for example - it could be a java KeyStore alias. */ X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException; /** * Get the implementation-specific identifier corresponding to the cert parameter, e.g. the * identifier could be a KeyStore alias. * @param cert The X509Certificate for which to search for an identifier * @return the identifier corresponding to the cert parameter * @throws WSSecurityException */ String getX509Identifier(X509Certificate cert) throws WSSecurityException; /** * Gets the private key corresponding to the certificate. * * @param certificate The X509Certificate corresponding to the private key * @param callbackHandler The callbackHandler needed to get the password * @return The private key */ PrivateKey getPrivateKey( X509Certificate certificate, CallbackHandler callbackHandler ) throws WSSecurityException; /** * Gets the private key corresponding to the identifier. * * @param identifier The implementation-specific identifier corresponding to the key * @param password The password needed to get the key * @return The private key */ PrivateKey getPrivateKey( String identifier, String password ) throws WSSecurityException; /** * Evaluate whether a given certificate chain should be trusted. * * @param certs Certificate chain to validate * @param enableRevocation whether to enable CRL verification or not * @param subjectCertConstraints A set of constraints on the Subject DN of the certificates * @throws WSSecurityException if the certificate chain is invalid */ void verifyTrust( X509Certificate[] certs, boolean enableRevocation, Collection subjectCertConstraints ) throws WSSecurityException; /** * Evaluate whether a given public key should be trusted directly (located * * @param certs Certificate chain to validate * @throws WSSecurityException if the certificate chain is invalid */ void verifyDirectTrust(X509Certificate[] certs) throws WSSecurityException; /** * Evaluate whether a given public key should be trusted. * * @param publicKey The PublicKey to be evaluated * @throws WSSecurityException if the PublicKey is invalid */ void verifyTrust(PublicKey publicKey) throws WSSecurityException; }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy