org.apache.ws.security.components.crypto
Class Merlin

java.lang.Object
  extended byorg.apache.ws.security.components.crypto.Merlin
All Implemented Interfaces:
Crypto

public class Merlin
extends java.lang.Object
implements Crypto

JDK1.4 based implementation of Crypto (uses keystore).

Author:
Davanum Srinivas (dims@yahoo.com).

Field Summary
protected static java.security.cert.CertificateFactory certFact
           
protected  java.security.KeyStore keystore
           
protected  java.util.Properties properties
           
 
Constructor Summary
Merlin(java.util.Properties properties)
          Constructor.
 
Method Summary
 java.lang.String[] getAliasesForDN(java.lang.String subjectDN)
          Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

The search gets all alias names of the keystore and gets the certificate (chain) for each alias.

 java.lang.String getAliasForX509Cert(byte[] skiBytes)
          Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.
 java.lang.String getAliasForX509Cert(java.security.cert.Certificate cert)
          Return a X509 Certificate alias in the keystore according to a given Certificate

 java.lang.String getAliasForX509Cert(java.lang.String issuer)
          Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.
 java.lang.String getAliasForX509Cert(java.lang.String issuer, java.math.BigInteger serialNumber)
          Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.
 byte[] getCertificateData(boolean reverse, java.security.cert.X509Certificate[] certs)
          get a byte array given an array of X509 certificates.
 java.security.cert.CertificateFactory getCertificateFactory()
          Singleton certificate factory for this Crypto instance.
 java.security.cert.X509Certificate[] getCertificates(java.lang.String alias)
          Gets the list of certificates for a given alias.
 java.lang.String getDefaultX509Alias()
          Retrieves the alias name of the default certificate which has been specified as a property.
 java.security.KeyStore getKeyStore()
          Gets the Keystore that was loaded by the underlying implementation
 java.security.PrivateKey getPrivateKey(java.lang.String alias, java.lang.String password)
          Gets the private key identified by alias and password.
 byte[] getSKIBytesFromCert(java.security.cert.X509Certificate cert)
          Reads the SubjectKeyIdentifier information from the certificate.
 java.security.cert.X509Certificate[] getX509Certificates(byte[] data, boolean reverse)
          Construct an array of X509Certificate's from the byte array.
 void load(java.io.InputStream input)
          Loads the the keystore from an InputStream .
 java.security.cert.X509Certificate loadCertificate(java.io.InputStream in)
          load a X509Certificate from the input stream.
 void setKeyStore(java.security.KeyStore ks)
          A Hook for subclasses to set the keystore without having to load it from an InputStream.
 boolean validateCertPath(java.security.cert.X509Certificate[] certs)
          Uses the CertPath API to validate a given certificate chain
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

certFact

protected static java.security.cert.CertificateFactory certFact

properties

protected java.util.Properties properties

keystore

protected java.security.KeyStore keystore
Constructor Detail

Merlin

public Merlin(java.util.Properties properties)
       throws CredentialException,
              java.io.IOException
Constructor.

Parameters:
properties -
Throws:
CredentialException
java.io.IOException
Method Detail

getCertificateFactory

public java.security.cert.CertificateFactory getCertificateFactory()
                                                            throws WSSecurityException
Singleton certificate factory for this Crypto instance.

Specified by:
getCertificateFactory in interface Crypto
Returns:
Returns a CertificateFactory to construct X509 certficates
Throws:
WSSecurityException

loadCertificate

public java.security.cert.X509Certificate loadCertificate(java.io.InputStream in)
                                                   throws WSSecurityException
load a X509Certificate from the input stream.

Specified by:
loadCertificate in interface Crypto
Parameters:
in - The InputStream array containg the X509 data
Returns:
Returns a X509 certificate
Throws:
WSSecurityException

getX509Certificates

public java.security.cert.X509Certificate[] getX509Certificates(byte[] data,
                                                                boolean reverse)
                                                         throws WSSecurityException
Construct an array of X509Certificate's from the byte array.

Specified by:
getX509Certificates in interface Crypto
Parameters:
data - The byte array containg the X509 data
reverse - If set the first certificate in input data will the last in the array
Returns:
An array of X509 certificates, ordered according to the reverse flag
Throws:
WSSecurityException

getCertificateData

public byte[] getCertificateData(boolean reverse,
                                 java.security.cert.X509Certificate[] certs)
                          throws WSSecurityException
get a byte array given an array of X509 certificates.

Specified by:
getCertificateData in interface Crypto
Parameters:
reverse - If set the first certificate in the array data will the last in the byte array
certs - The certificates to convert
Returns:
The byte array for the certficates ordered according to the reverse flag
Throws:
WSSecurityException

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.lang.String alias,
                                              java.lang.String password)
                                       throws java.lang.Exception
Gets the private key identified by alias and password.

Specified by:
getPrivateKey in interface Crypto
Parameters:
alias - The alias (KeyStore) of the key owner
password - The password needed to access the private key
Returns:
The private key
Throws:
java.lang.Exception

getAliasForX509Cert

public java.lang.String getAliasForX509Cert(java.lang.String issuer)
                                     throws WSSecurityException
Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.

Specified by:
getAliasForX509Cert in interface Crypto
Parameters:
issuer - The issuer's name for the certificate
Returns:
alias name of the certificate that matches the issuer name or null if no such certificate was found.
Throws:
WSSecurityException

getAliasForX509Cert

public java.lang.String getAliasForX509Cert(java.lang.String issuer,
                                            java.math.BigInteger serialNumber)
                                     throws WSSecurityException
Lookup a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.

Specified by:
getAliasForX509Cert in interface Crypto
Parameters:
issuer - The issuer's name for the certificate
serialNumber - The serial number of the certificate from the named issuer
Returns:
alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
Throws:
WSSecurityException

getAliasForX509Cert

public java.lang.String getAliasForX509Cert(byte[] skiBytes)
                                     throws WSSecurityException
Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.

The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.

Specified by:
getAliasForX509Cert in interface Crypto
Parameters:
skiBytes - The SKI info bytes
Returns:
alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.
Throws:
WSSecurityException - if problems during keystore handling or wrong certificate (no SKI data)

getAliasForX509Cert

public java.lang.String getAliasForX509Cert(java.security.cert.Certificate cert)
                                     throws WSSecurityException
Return a X509 Certificate alias in the keystore according to a given Certificate

Specified by:
getAliasForX509Cert in interface Crypto
Parameters:
cert - The certificate to lookup
Returns:
alias name of the certificate that matches the given certificate or null if no such certificate was found.
Throws:
WSSecurityException

getDefaultX509Alias

public java.lang.String getDefaultX509Alias()
Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.

Specified by:
getDefaultX509Alias in interface Crypto
Returns:
alias name of the default X509 certificate

getCertificates

public java.security.cert.X509Certificate[] getCertificates(java.lang.String alias)
                                                     throws WSSecurityException
Gets the list of certificates for a given alias.

Specified by:
getCertificates in interface Crypto
Parameters:
alias - Lookup certificate chain for this alias
Returns:
Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore
Throws:
WSSecurityException

setKeyStore

public void setKeyStore(java.security.KeyStore ks)
A Hook for subclasses to set the keystore without having to load it from an InputStream.

Parameters:
ks - existing keystore

load

public void load(java.io.InputStream input)
          throws CredentialException
Loads the the keystore from an InputStream .

Parameters:
input - InputStream to read from
Throws:
CredentialException

getSKIBytesFromCert

public byte[] getSKIBytesFromCert(java.security.cert.X509Certificate cert)
                           throws WSSecurityException
Reads the SubjectKeyIdentifier information from the certificate.

Specified by:
getSKIBytesFromCert in interface Crypto
Parameters:
cert - The certificate to read SKI
Returns:
The byte array conating the binary SKI data
Throws:
WSSecurityException

getKeyStore

public java.security.KeyStore getKeyStore()
Description copied from interface: Crypto
Gets the Keystore that was loaded by the underlying implementation

Specified by:
getKeyStore in interface Crypto
Returns:
the Keystore

validateCertPath

public boolean validateCertPath(java.security.cert.X509Certificate[] certs)
                         throws WSSecurityException
Uses the CertPath API to validate a given certificate chain

Specified by:
validateCertPath in interface Crypto
Parameters:
certs - Certificate chain to validate
Returns:
true if the certificate chain is valid, false otherwise
Throws:
WSSecurityException

getAliasesForDN

public java.lang.String[] getAliasesForDN(java.lang.String subjectDN)
                                   throws WSSecurityException
Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

The search gets all alias names of the keystore and gets the certificate (chain) for each alias. Then the DN of the certificate is compared with the parameters.

Specified by:
getAliasesForDN in interface Crypto
Parameters:
subjectDN - The DN of subject to look for in the keystore
Returns:
Vector with all alias of certificates with the same DN as given in the parameters
Throws:
WSSecurityException