Package org.certificateservices.messages.csmessages

Class X509KeySelector

  • Direct Known Subclasses:
    X509KeySelector
    public class X509KeySelector
extends javax.xml.crypto.KeySelector
    Code taken from the SUN Oracle examples. A KeySelector that returns PublicKeys of trusted X509Certificates stored in a KeyStore.

    This KeySelector uses the specified KeyStore to find a trusted X509Certificate that matches information specified in the KeyInfo passed to the select(javax.xml.crypto.dsig.keyinfo.KeyInfo, javax.xml.crypto.KeySelector.Purpose, javax.xml.crypto.AlgorithmMethod, javax.xml.crypto.XMLCryptoContext) method. The public key from the first match is returned. If no match, null is returned. See the select method for more information.

    NOTE!: This X509KeySelector requires J2SE 1.4 because it uses the java.security.cert.X509CertSelector and javax.security.auth.x500.X500Principal classes to parse X.500 DNs and match on certificate attributes.

    • Nested Class Summary

      • Nested classes/interfaces inherited from class javax.xml.crypto.KeySelector

        javax.xml.crypto.KeySelector.Purpose

    • Constructor Summary

      Constructors 
      Constructor Description
      X509KeySelector​(java.security.KeyStore keyStore)
      Creates an X509KeySelector.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      javax.xml.crypto.KeySelectorResult select​(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo, javax.xml.crypto.KeySelector.Purpose purpose, javax.xml.crypto.AlgorithmMethod method, javax.xml.crypto.XMLCryptoContext context)
      Finds a key from the keystore satisfying the specified constraints.

      • Methods inherited from class javax.xml.crypto.KeySelector

        singletonKeySelector

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X509KeySelector

        public X509KeySelector​(java.security.KeyStore keyStore)
                throws java.security.KeyStoreException
        Creates an X509KeySelector.
        Parameters:
        keyStore - the keystore
        Throws:
        java.security.KeyStoreException - if the keystore has not been initialized
        java.lang.NullPointerException - if keyStore is null

    • Method Detail

      • select

        public javax.xml.crypto.KeySelectorResult select​(javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo,
                                                 javax.xml.crypto.KeySelector.Purpose purpose,
                                                 javax.xml.crypto.AlgorithmMethod method,
                                                 javax.xml.crypto.XMLCryptoContext context)
                                          throws javax.xml.crypto.KeySelectorException
        Finds a key from the keystore satisfying the specified constraints.

        This method compares data contained in KeyInfo entries with information stored in the KeyStore. The implementation iterates over the KeyInfo types and returns the first PublicKey of an X509Certificate in the keystore that is compatible with the specified AlgorithmMethod according to the following rules for each keyinfo type: X509Data X509Certificate: if it contains a KeyUsage extension that asserts the digitalSignature bit and matches an X509Certificate in the KeyStore. X509Data X509IssuerSerial: if the serial number and issuer DN match an X509Certificate in the KeyStore. X509Data X509SubjectName: if the subject DN matches an X509Certificate in the KeyStore. X509Data X509SKI: if the subject key identifier matches an X509Certificate in the KeyStore. KeyName: if the keyname matches an alias in the KeyStore. RetrievalMethod: supports rawX509Certificate and X509Data types. If rawX509Certificate type, it must match an X509Certificate in the KeyStore.

        Specified by:
        select in class javax.xml.crypto.KeySelector
        Parameters:
        keyInfo - a KeyInfo (may be null)
        purpose - the key's purpose
        method - the algorithm method that this key is to be used for. Only keys that are compatible with the algorithm and meet the constraints of the specified algorithm should be returned.
        context - XMLCryptoContext that may contain additional useful information for finding an appropriate key
        Returns:
        a key selector result
        Throws:
        javax.xml.crypto.KeySelectorException - if an exceptional condition occurs while attempting to find a key. Note that an inability to find a key is not considered an exception (null should be returned in that case). However, an error condition (ex: network communications failure) that prevented the KeySelector from finding a potential key should be considered an exception.
        java.lang.ClassCastException - if the data type of method is not supported by this key selector