org.kth.pdc.grid.services.components
Class PCCrypto

java.lang.Object
  org.kth.pdc.grid.services.components.PCCrypto

All Implemented Interfaces:

org.apache.ws.security.components.crypto.Crypto

public class PCCrypto
extends Object
implements org.apache.ws.security.components.crypto.Crypto

JDK1.4 based implementation of Crypto (uses keystore).

Author:

Davanum Srinivas (dims@yahoo.com).

Field Summary

protected static CertificateFactory

certFact

Constructor Summary

PCCrypto()
Constructor.

Method Summary

String[]	getAliasesForDN(String subjectDN) Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
String	getAliasForX509Cert(byte[] skiBytes) Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.
String	getAliasForX509Cert(Certificate cert) Return a X509 Certificate alias in the keystore according to a given Certificate
String	getAliasForX509Cert(String issuer) Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.
String	getAliasForX509Cert(String issuer, BigInteger serialNumber) Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.
String	getAliasForX509CertThumb(byte[] thumb) Lookup a X509 Certificate in the keystore according to a given Thumbprint.
String	getAliasKrbKey()
byte[]	getCertificateData(boolean reverse, X509Certificate[] certs) get a byte array given an array of X509 certificates.
CertificateFactory	getCertificateFactory() Gets the CertificateFactory instantiated by the underlying implementation
X509Certificate[]	getCertificates(String alias) get the list of certificates for a given alias.
String	getDefaultX509Alias() Retrieves the alias name of the default certificate which has been specified as a property.
KeyStore	getKeyStore() Gets the Keystore that was loaded by the underlying implementation
String	getPasswordKrbKey()
PrivateKey	getPrivateKey(String alias, String password) Gets the private key identified by alias and password.
byte[]	getSKIBytesFromCert(X509Certificate cert) Reads the SubjectKeyIdentifier information from the certificate.
X509Certificate[]	getX509Certificates(byte[] data, boolean reverse) Construct an array of X509Certificate's from the byte array.
X509Certificate	loadCertificate(InputStream in) load a X509Certificate from the input stream.
boolean	validateCertPath(X509Certificate[] certs) Overridden because there's a bug in the base class where they don't use the provider variant for the certificate validator.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

certFact

protected static CertificateFactory certFact

Constructor Detail

PCCrypto

public PCCrypto()

Constructor.

Parameters:

properties -

Throws:

CredentialException

IOException

Method Detail

getX509Certificates

public X509Certificate[] getX509Certificates(byte[] data,
                                             boolean reverse)
                                      throws org.apache.ws.security.WSSecurityException

Construct an array of X509Certificate's from the byte array.

Specified by:

getX509Certificates in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

data - The byte array containg the X509 data

reverse - If set the first certificate in input data will the last in the array

Returns:

An array of X509 certificates, ordered according to the reverse flag

Throws:

org.apache.ws.security.WSSecurityException

getCertificateData

public byte[] getCertificateData(boolean reverse,
                                 X509Certificate[] certs)
                          throws org.apache.ws.security.WSSecurityException

get a byte array given an array of X509 certificates.

Specified by:

getCertificateData in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

reverse - If set the first certificate in the array data will the last in the byte array

certs - The certificates to convert

Returns:

The byte array for the certficates ordered according to the reverse flag

Throws:

org.apache.ws.security.WSSecurityException

validateCertPath

public boolean validateCertPath(X509Certificate[] certs)
                         throws org.apache.ws.security.WSSecurityException

Overridden because there's a bug in the base class where they don't use the provider variant for the certificate validator.

Specified by:

validateCertPath in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

certs - Certificate chain to validate

Returns:

true if the certificate chain is valid, false otherwise

Throws:

org.apache.ws.security.WSSecurityException

loadCertificate

public X509Certificate loadCertificate(InputStream in)
                                throws org.apache.ws.security.WSSecurityException

load a X509Certificate from the input stream.

Specified by:

loadCertificate in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

in - The InputStream array containg the X509 data

Returns:

An X509 certificate

Throws:

org.apache.ws.security.WSSecurityException

getPrivateKey

public PrivateKey getPrivateKey(String alias,
                                String password)
                         throws Exception

Gets the private key identified by alias and password.

Specified by:

getPrivateKey in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

alias - The alias (KeyStore) of the key owner

password - The password needed to access the private key

Returns:

The private key

Throws:

Exception

getCertificates

public X509Certificate[] getCertificates(String alias)
                                  throws org.apache.ws.security.WSSecurityException

get the list of certificates for a given alias. This method reads a new certificate chain and overwrites a previously stored certificate chain.

Specified by:

getCertificates in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

alias - Lookup certificate chain for this alias

Returns:

Array of X509 certificates for this alias name, or null if this alias does not exist in the keystore

Throws:

org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(Certificate cert)
                           throws org.apache.ws.security.WSSecurityException

Return a X509 Certificate alias in the keystore according to a given Certificate

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

cert - The certificate to lookup

Returns:

alias name of the certificate that matches the given certificate or null if no such certificate was found.

See comment above

See comment above

Throws:

org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(String issuer)
                           throws org.apache.ws.security.WSSecurityException

Lookup a X509 Certificate in the keystore according to a given the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the Issuer fo each certificate of the chain is compared with the parameters.

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

issuer - The issuer's name for the certificate

Returns:

alias name of the certificate that matches the issuer name or null if no such certificate was found.

Throws:

org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(String issuer,
                                  BigInteger serialNumber)
                           throws org.apache.ws.security.WSSecurityException

Search a X509 Certificate in the keystore according to a given serial number and the issuer of a Certficate.

The search gets all alias names of the keystore and gets the certificate chain for each alias. Then the SerialNumber and Issuer fo each certificate of the chain is compared with the parameters.

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

issuer - The issuer's name for the certificate

serialNumber - The serial number of the certificate from the named issuer

Returns:

alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.

Throws:

org.apache.ws.security.WSSecurityException

getAliasForX509Cert

public String getAliasForX509Cert(byte[] skiBytes)
                           throws org.apache.ws.security.WSSecurityException

Lookup a X509 Certificate in the keystore according to a given SubjectKeyIdentifier.

The search gets all alias names of the keystore and gets the certificate chain or certificate for each alias. Then the SKI for each user certificate is compared with the SKI parameter.

Specified by:

getAliasForX509Cert in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

skiBytes - The SKI info bytes

Returns:

alias name of the certificate that matches serialNumber and issuer name or null if no such certificate was found.

Throws:

org.apache.ws.security.WSSecurityException

getDefaultX509Alias

public String getDefaultX509Alias()

Retrieves the alias name of the default certificate which has been specified as a property. This should be the certificate that is used for signature and encryption. This alias corresponds to the certificate that should be used whenever KeyInfo is not poresent in a signed or an encrypted message. May return null.

Specified by:

getDefaultX509Alias in interface org.apache.ws.security.components.crypto.Crypto

Returns:

alias name of the default X509 certificate.

getAliasKrbKey

public String getAliasKrbKey()

Specified by:

getAliasKrbKey in interface org.apache.ws.security.components.crypto.Crypto

getPasswordKrbKey

public String getPasswordKrbKey()

Specified by:

getPasswordKrbKey in interface org.apache.ws.security.components.crypto.Crypto

getSKIBytesFromCert

public byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws org.apache.ws.security.WSSecurityException

Reads the SubjectKeyIdentifier information from the certificate.

Specified by:

getSKIBytesFromCert in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

cert - The certificate to read SKI

Returns:

The byte array conating the binary SKI data

Throws:

org.apache.ws.security.WSSecurityException

getAliasForX509CertThumb

public String getAliasForX509CertThumb(byte[] thumb)
                                throws org.apache.ws.security.WSSecurityException

Lookup a X509 Certificate in the keystore according to a given Thumbprint. The search gets all alias names of the keystore, then reads the certificate chain or certificate for each alias. Then the thumbprint for each user certificate is compared with the thumbprint parameter.

Specified by:

getAliasForX509CertThumb in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

thumb - The SHA1 thumbprint info bytes

Returns:

alias name of the certificate that matches the thumbprint or null if no such certificate was found.

Throws:

org.apache.ws.security.WSSecurityException - if problems during keystore handling or wrong certificate

getKeyStore

public KeyStore getKeyStore()

Gets the Keystore that was loaded by the underlying implementation

Specified by:

getKeyStore in interface org.apache.ws.security.components.crypto.Crypto

Returns:

the Keystore

getCertificateFactory

public CertificateFactory getCertificateFactory()
                                         throws org.apache.ws.security.WSSecurityException

Gets the CertificateFactory instantiated by the underlying implementation

Specified by:

getCertificateFactory in interface org.apache.ws.security.components.crypto.Crypto

Returns:

the CertificateFactory

Throws:

org.apache.ws.security.WSSecurityException

getAliasesForDN

public String[] getAliasesForDN(String subjectDN)
                         throws org.apache.ws.security.WSSecurityException

Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate

Specified by:

getAliasesForDN in interface org.apache.ws.security.components.crypto.Crypto

Parameters:

subjectDN - The DN of subject to look for in the keystore

Returns:

Vector with all alias of certificates with the same DN as given in the parameters

Throws:

org.apache.ws.security.WSSecurityException