Package xades4j.providers.impl

Class KeyStoreKeyingDataProvider

java.lang.Object

xades4j.providers.impl.KeyStoreKeyingDataProvider

All Implemented Interfaces:

KeyingDataProvider

Direct Known Subclasses:

FileSystemKeyStoreKeyingDataProvider, PKCS11KeyStoreKeyingDataProvider

public abstract class KeyStoreKeyingDataProvider
extends Object
implements KeyingDataProvider

A KeyStore-based implementation of KeyingDataProvider. The keystore is loaded on first access (thread-safe).

The following procedure is done to get the signing certificate:

1. Get all the X509Certificates in private key entries
2. Invoke the supplied SigningCertificateSelector to choose the certificate and thus the entry
3. Get the entry alias matching the selected certificate
4. Get the certificate chain for that entry

The following procedure is done to get the signing key:

1. Get the entry alias matching the provided certificate
2. Get the protection to access that entry
3. Return the entry's private key

Author:

Luís

See Also:

• FileSystemKeyStoreKeyingDataProvider
• PKCS11KeyStoreKeyingDataProvider

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	KeyStoreKeyingDataProvider.KeyEntryPasswordProvider	Provides a password to access a keystore entry.
protected static interface	KeyStoreKeyingDataProvider.KeyStoreBuilderCreator	Gets a builder that will create the keystore instance.
static interface	KeyStoreKeyingDataProvider.KeyStorePasswordProvider	Provides a password to load the keystore.
static interface	KeyStoreKeyingDataProvider.SigningCertificateSelector	Used to select a certificate from the available certificates.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	KeyStoreKeyingDataProvider(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator, KeyStoreKeyingDataProvider.SigningCertificateSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)

Method Summary

Modifier and Type	Method	Description
protected abstract KeyStore.ProtectionParameter	getKeyProtection(String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)	Gets a protection parameter to access the specified entry.
List<X509Certificate>	getSigningCertificateChain()	Gets the signing certificate chain to be used in an ongoing signature operation.
PrivateKey	getSigningKey(X509Certificate signingCert)	Gets the signing key that matches a signing certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KeyStoreKeyingDataProvider

protected KeyStoreKeyingDataProvider(KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator,
 KeyStoreKeyingDataProvider.SigningCertificateSelector certificateSelector,
 KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider,
 KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider,
 boolean returnFullChain)

Parameters:

builderCreator -

certificateSelector -

storePasswordProvider -

entryPasswordProvider -

returnFullChain - return the full certificate chain, if available

Method Details

getSigningCertificateChain

public List<X509Certificate> getSigningCertificateChain()
                                                 throws SigningCertChainException,
UnexpectedJCAException

Description copied from interface: KeyingDataProvider

Gets the signing certificate chain to be used in an ongoing signature operation. At least the signing certificate must be present. Other certificates may be present, possibly up to the trust anchor.

Specified by:

getSigningCertificateChain in interface KeyingDataProvider

Returns:

the signing certificate (chain)

Throws:

SigningCertChainException - if the signing certificate (chain) couldn't be obtained

UnexpectedJCAException - when an unexpected platform error occurs

getSigningKey

public PrivateKey getSigningKey(X509Certificate signingCert)
                         throws SigningKeyException,
UnexpectedJCAException

Description copied from interface: KeyingDataProvider

Gets the signing key that matches a signing certificate. The certificate supplied to this method is ALWAYS the first of the collection returned in the previous call to getSigningCertificateChain.

Specified by:

getSigningKey in interface KeyingDataProvider

Parameters:

signingCert - the certificate for which the corresponding key should be returned

Returns:

the private key that matches signingCert

Throws:

SigningKeyException - if the signing key couldn't be obtained

UnexpectedJCAException - when an unexpected platform error occurs

getKeyProtection

protected abstract KeyStore.ProtectionParameter getKeyProtection(String entryAlias,
 X509Certificate entryCert,
 KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)

Gets a protection parameter to access the specified entry.

Parameters:

entryAlias - the alias of the entry that is being accessed

entryCert - the cerificate in the entry

entryPasswordProvider - the password provider that should be used to get the actual password (may be null)

Returns:

the protection