Package xades4j.providers.impl
Class KeyStoreKeyingDataProvider
java.lang.Object
xades4j.providers.impl.KeyStoreKeyingDataProvider
- All Implemented Interfaces:
KeyingDataProvider
- Direct Known Subclasses:
FileSystemKeyStoreKeyingDataProvider
,PKCS11KeyStoreKeyingDataProvider
A KeyStore-based implementation of
KeyingDataProvider
. The keystore is
loaded on first access (thread-safe).
The following procedure is done to get the signing certificate:
- Get all the X509Certificates in private key entries
- Invoke the supplied
SigningCertificateSelector
to choose the certificate and thus the entry - Get the entry alias matching the selected certificate
- Get the certificate chain for that entry
The following procedure is done to get the signing key:
- Get the entry alias matching the provided certificate
- Get the protection to access that entry
- Return the entry's private key
- Author:
- Luís
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interface
Provides a password to access a keystore entry.protected static interface
Gets a builder that will create the keystore instance.static interface
Provides a password to load the keystore.static interface
Used to select a certificate from the available certificates. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
KeyStoreKeyingDataProvider
(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator, KeyStoreKeyingDataProvider.SigningCertificateSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain) -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract KeyStore.ProtectionParameter
getKeyProtection
(String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider) Gets a protection parameter to access the specified entry.Gets the signing certificate chain to be used in an ongoing signature operation.getSigningKey
(X509Certificate signingCert) Gets the signing key that matches a signing certificate.
-
Constructor Details
-
KeyStoreKeyingDataProvider
protected KeyStoreKeyingDataProvider(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator, KeyStoreKeyingDataProvider.SigningCertificateSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain) - Parameters:
builderCreator
-certificateSelector
-storePasswordProvider
-entryPasswordProvider
-returnFullChain
- return the full certificate chain, if available
-
-
Method Details
-
getSigningCertificateChain
public List<X509Certificate> getSigningCertificateChain() throws SigningCertChainException, UnexpectedJCAExceptionDescription copied from interface:KeyingDataProvider
Gets the signing certificate chain to be used in an ongoing signature operation. At least the signing certificate must be present. Other certificates may be present, possibly up to the trust anchor.- Specified by:
getSigningCertificateChain
in interfaceKeyingDataProvider
- Returns:
- the signing certificate (chain)
- Throws:
SigningCertChainException
- if the signing certificate (chain) couldn't be obtainedUnexpectedJCAException
- when an unexpected platform error occurs
-
getSigningKey
public PrivateKey getSigningKey(X509Certificate signingCert) throws SigningKeyException, UnexpectedJCAException Description copied from interface:KeyingDataProvider
Gets the signing key that matches a signing certificate. The certificate supplied to this method is ALWAYS the first of the collection returned in the previous call togetSigningCertificateChain
.- Specified by:
getSigningKey
in interfaceKeyingDataProvider
- Parameters:
signingCert
- the certificate for which the corresponding key should be returned- Returns:
- the private key that matches
signingCert
- Throws:
SigningKeyException
- if the signing key couldn't be obtainedUnexpectedJCAException
- when an unexpected platform error occurs
-
getKeyProtection
protected abstract KeyStore.ProtectionParameter getKeyProtection(String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider) Gets a protection parameter to access the specified entry.- Parameters:
entryAlias
- the alias of the entry that is being accessedentryCert
- the cerificate in the entryentryPasswordProvider
- the password provider that should be used to get the actual password (may benull
)- Returns:
- the protection
-