Crypto (Apache WSS4J 1.6.19 API)

All Known Implementing Classes:

CertificateStore, CryptoBase, Merlin, MerlinDevice
```
public interface Crypto
```

Method Summary

Methods
Modifier and Type	Method and Description
`byte[]`	`getBytesFromCertificates(X509Certificate[] certs)` Get a byte array given an array of X509 certificates.
`CertificateFactory`	`getCertificateFactory()` Get the CertificateFactory instance on this Crypto instance
`X509Certificate[]`	`getCertificatesFromBytes(byte[] data)` Construct an array of X509Certificate's from the byte array.
`String`	`getCryptoProvider()` Get the crypto provider associated with this implementation
`String`	`getDefaultX509Identifier()` Retrieves the identifier name of the default certificate.
`PrivateKey`	`getPrivateKey(String identifier, String password)` Gets the private key corresponding to the identifier.
`PrivateKey`	`getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)` Gets the private key corresponding to the certificate.
`byte[]`	`getSKIBytesFromCert(X509Certificate cert)` Reads the SubjectKeyIdentifier information from the certificate.
`X509Certificate[]`	`getX509Certificates(CryptoType cryptoType)` Get an X509Certificate (chain) corresponding to the CryptoType argument.
`String`	`getX509Identifier(X509Certificate cert)` Get the implementation-specific identifier corresponding to the cert parameter, e.g.
`X509Certificate`	`loadCertificate(InputStream in)` Load a X509Certificate from the input stream.
`void`	`setCertificateFactory(String provider, CertificateFactory certFactory)` Sets the CertificateFactory instance on this Crypto instance
`void`	`setCryptoProvider(String provider)` Set the crypto provider associated with this implementation
`void`	`setDefaultX509Identifier(String identifier)` Sets the identifier name of the default certificate.
`boolean`	`verifyTrust(PublicKey publicKey)` Evaluate whether a given public key should be trusted.
`boolean`	`verifyTrust(X509Certificate[] certs)` Deprecated.
`boolean`	`verifyTrust(X509Certificate[] certs, boolean enableRevocation)` Evaluate whether a given certificate chain should be trusted.

- Method Detail
  - getCryptoProvider
```
String getCryptoProvider()
```
    Get the crypto provider associated with this implementation
    
    Returns:
    the crypto provider
  - setCryptoProvider
```
void setCryptoProvider(String provider)
```
    Set the crypto provider associated with this implementation
    
    Parameters:
    provider - the crypto provider to set
  - getDefaultX509Identifier
```
String getDefaultX509Identifier()
                                throws WSSecurityException
```
    Retrieves the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. May return null. The identifier is implementation specific, e.g. it could be the KeyStore alias.
    
    Returns:
    name of the default X509 certificate.
    
    Throws:
    
    WSSecurityException
  - setDefaultX509Identifier
```
void setDefaultX509Identifier(String identifier)
```
    Sets the identifier name of the default certificate. This should be the certificate that is used for signature and encryption. This identifier corresponds to the certificate that should be used whenever KeyInfo is not present in a signed or an encrypted message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
    
    Parameters:
    identifier - name of the default X509 certificate.
  - setCertificateFactory
```
void setCertificateFactory(String provider,
                         CertificateFactory certFactory)
```
    Sets the CertificateFactory instance on this Crypto instance
    
    Parameters:
    provider - the CertificateFactory provider name
    certFactory - the CertificateFactory the CertificateFactory instance to set
  - getCertificateFactory
```
CertificateFactory getCertificateFactory()
                                         throws WSSecurityException
```
    Get the CertificateFactory instance on this Crypto instance
    
    Returns:
    Returns a CertificateFactory to construct X509 certificates
    
    Throws:
    
    WSSecurityException
  - loadCertificate
```
X509Certificate loadCertificate(InputStream in)
                                throws WSSecurityException
```
    Load a X509Certificate from the input stream.
    
    Parameters:
    in - The InputStream containing the X509 data
    
    Returns:
    An X509 certificate
    
    Throws:
    
    WSSecurityException
  - getSKIBytesFromCert
```
byte[] getSKIBytesFromCert(X509Certificate cert)
                           throws WSSecurityException
```
    Reads the SubjectKeyIdentifier information from the certificate.
    If the the certificate does not contain a SKI extension then try to compute the SKI according to RFC3280 using the SHA-1 hash value of the public key. The second method described in RFC3280 is not support. Also only RSA public keys are supported. If we cannot compute the SKI throw a WSSecurityException.
    
    Parameters:
    cert - The certificate to read SKI
    
    Returns:
    The byte array containing the binary SKI data
    
    Throws:
    
    WSSecurityException
  - getBytesFromCertificates
```
byte[] getBytesFromCertificates(X509Certificate[] certs)
                                throws WSSecurityException
```
    Get a byte array given an array of X509 certificates.
    
    Parameters:
    certs - The certificates to convert
    
    Returns:
    The byte array for the certificates
    
    Throws:
    
    WSSecurityException
  - getCertificatesFromBytes
```
X509Certificate[] getCertificatesFromBytes(byte[] data)
                                           throws WSSecurityException
```
    Construct an array of X509Certificate's from the byte array.
    
    Parameters:
    data - The byte array containing the X509 data
    
    Returns:
    An array of X509 certificates
    
    Throws:
    
    WSSecurityException
  - getX509Certificates
```
X509Certificate[] getX509Certificates(CryptoType cryptoType)
                                      throws WSSecurityException
```
    Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported types are as follows: TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation specific, for example - it could be a java KeyStore alias.
    
    Throws:
    
    WSSecurityException
  - getX509Identifier
```
String getX509Identifier(X509Certificate cert)
                         throws WSSecurityException
```
    Get the implementation-specific identifier corresponding to the cert parameter, e.g. the identifier could be a KeyStore alias.
    
    Parameters:
    cert - The X509Certificate for which to search for an identifier
    
    Returns:
    the identifier corresponding to the cert parameter
    
    Throws:
    
    WSSecurityException
  - getPrivateKey
```
PrivateKey getPrivateKey(X509Certificate certificate,
                       CallbackHandler callbackHandler)
                         throws WSSecurityException
```
    Gets the private key corresponding to the certificate.
    
    Parameters:
    certificate - The X509Certificate corresponding to the private key
    callbackHandler - The callbackHandler needed to get the password
    
    Returns:
    The private key
    
    Throws:
    
    WSSecurityException
  - getPrivateKey
```
PrivateKey getPrivateKey(String identifier,
                       String password)
                         throws WSSecurityException
```
    Gets the private key corresponding to the identifier.
    
    Parameters:
    identifier - The implementation-specific identifier corresponding to the key
    password - The password needed to get the key
    
    Returns:
    The private key
    
    Throws:
    
    WSSecurityException
  - verifyTrust
```
@Deprecated
boolean verifyTrust(X509Certificate[] certs)
                    throws WSSecurityException
```
    Deprecated.
    
    Evaluate whether a given certificate chain should be trusted.
    
    Parameters:
    certs - Certificate chain to validate
    
    Returns:
    true if the certificate chain is valid, false otherwise
    
    Throws:
    
    WSSecurityException
  - verifyTrust
```
boolean verifyTrust(X509Certificate[] certs,
                  boolean enableRevocation)
                    throws WSSecurityException
```
    Evaluate whether a given certificate chain should be trusted.
    
    Parameters:
    certs - Certificate chain to validate
    enableRevocation - whether to enable CRL verification or not
    
    Returns:
    true if the certificate chain is valid, false otherwise
    
    Throws:
    
    WSSecurityException
  - verifyTrust
```
boolean verifyTrust(PublicKey publicKey)
                    throws WSSecurityException
```
    Evaluate whether a given public key should be trusted.
    
    Parameters:
    publicKey - The PublicKey to be evaluated
    
    Returns:
    whether the PublicKey parameter is trusted or not
    
    Throws:
    
    WSSecurityException

Interface Crypto

Method Summary

Method Detail

getCryptoProvider

setCryptoProvider

getDefaultX509Identifier

setDefaultX509Identifier

setCertificateFactory

getCertificateFactory

loadCertificate

getSKIBytesFromCert

getBytesFromCertificates

getCertificatesFromBytes

getX509Certificates

getX509Identifier

getPrivateKey

getPrivateKey

verifyTrust

verifyTrust

verifyTrust