Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

xades4j.providers.impl
Class KeyStoreKeyingDataProvider

java.lang.Object
  extended by xades4j.providers.impl.KeyStoreKeyingDataProvider
All Implemented Interfaces:
KeyingDataProvider
Direct Known Subclasses:
FileSystemKeyStoreKeyingDataProvider, PKCS11KeyStoreKeyingDataProvider
public abstract class KeyStoreKeyingDataProvider
extends Object
implements KeyingDataProvider

A KeyStore-based implementation of KeyingDataProvider. The keystore is loaded on first access.

The following procedure is done to get the signing certificate:

  1. Get all the X509Certificates in private key entries
  2. Invoke the supplied SigningCertSelector to choose the certificate and thus the entry
  3. Get the entry alias matching the selected certificate
  4. Get the certificate chain for that entry

The following procedure is done to get the signing key:

  1. Get the entry alias matching the provided certificate
  2. Get the protection to access that entry
  3. Return the entry's private key

Author:
Luís
See Also:
FileSystemKeyStoreKeyingDataProvider, PKCS11KeyStoreKeyingDataProvider

Nested Class Summary
static interface KeyStoreKeyingDataProvider.KeyEntryPasswordProvider
          Provides a password to access a keystore entry.
protected static interface KeyStoreKeyingDataProvider.KeyStoreBuilderCreator
          Gets a builder that will create the keystore instance.
static interface KeyStoreKeyingDataProvider.KeyStorePasswordProvider
          Provides a password to load the keystore.
static interface KeyStoreKeyingDataProvider.SigningCertSelector
          Used to select a certificate from the available certificates.
 
Constructor Summary
protected KeyStoreKeyingDataProvider(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)
           
 
Method Summary
protected abstract  KeyStore.ProtectionParameter getKeyProtection(String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)
          Gets a protection parameter to access the specified entry.
 List<X509Certificate> getSigningCertificateChain()
          Gets the signing certificate chain to be used in an ongoing signature operation.
 PrivateKey getSigningKey(X509Certificate signingCert)
          Gets the signing key that matches a signing certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

KeyStoreKeyingDataProvider

protected KeyStoreKeyingDataProvider(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator,
                                     KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector,
                                     KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider,
                                     KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider,
                                     boolean returnFullChain)
                              throws KeyStoreException
Parameters:
builderCreator -
certificateSelector -
storePasswordProvider -
entryPasswordProvider -
returnFullChain - return the full certificate chain, if available
Throws:
KeyStoreException
Method Detail

getSigningCertificateChain

public List<X509Certificate> getSigningCertificateChain()
                                                 throws SigningCertChainException,
                                                        UnexpectedJCAException
Description copied from interface: KeyingDataProvider
Gets the signing certificate chain to be used in an ongoing signature operation. At least the signing certificate must be present. Other certificates may be present, possibly up to the trust anchor.

Specified by:
getSigningCertificateChain in interface KeyingDataProvider
Returns:
the signing certificate (chain)
Throws:
SigningCertChainException - if the signing certificate (chain) couldn't be obtained
UnexpectedJCAException - when an unexpected platform error occurs

getSigningKey

public PrivateKey getSigningKey(X509Certificate signingCert)
                         throws SigningKeyException,
                                UnexpectedJCAException
Description copied from interface: KeyingDataProvider
Gets the signing key that matches a signing certificate. The certificate supplied to this method is ALWAYS the first of the collection returned in the previous call to getSigningCertificateChain.

Specified by:
getSigningKey in interface KeyingDataProvider
Parameters:
signingCert - the certificate for which the corresponding key should be returned
Returns:
the private key that matches signingCert
Throws:
SigningKeyException - if the signing key couldn't be obtained
UnexpectedJCAException - when an unexpected platform error occurs

getKeyProtection

protected abstract KeyStore.ProtectionParameter getKeyProtection(String entryAlias,
                                                                 X509Certificate entryCert,
                                                                 KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)
Gets a protection parameter to access the specified entry.

Parameters:
entryAlias - the alias of the entry that is being accessed
entryCert - the cerificate in the entry
entryPasswordProvider - the password provider that should be used to get the actual password (may be null)
Returns:
the protection
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012. All Rights Reserved.