org.dihedron.crypto.operations.sign

Class SigningStreamConfigurator

java.lang.Object

org.dihedron.crypto.operations.sign.SigningStreamConfigurator

@License
public class SigningStreamConfigurator
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
protected SignatureAlgorithm	algorithm The digest and encryption algorithm combination used to create the signature.
protected String	alias The alias identifying the certificate to be used for signing.
static boolean	DEFAULT_ENCAPSULATE_DATA Whether by default data should be encapsulated along with the signature.
static boolean	DEFAULT_VERIFY_CERTIFICATE Whether by default the signing certificate must be verified.
protected boolean	encapsulateData Whether the signer should encapsulate data along with the signature.
protected KeyRing	keyring The key ring (as a wrapper and helper to access the key store).
protected Provider	provider The security provider.
protected List<X509Certificate>	trustAnchors A collection of certificates to be used as trust anchors in PKIX certification path buildup and verification.
protected boolean	verifyCertificate Whether the signer should verify the certificate before signing.

Constructor Summary

Constructors

Constructor and Description
SigningStreamConfigurator() Default constructor.

Method Summary

Methods

Modifier and Type	Method and Description
SigningStreamConfigurator	addTrustAnchor(Certificate trustAnchor) Adds the given trust anchor certificate to the set that will be used for PKIX certificate verification path buildup.
SigningStreamConfigurator	addTrustAnchors(Collection<X509Certificate> trustAnchors) Adds the given collection of trust anchor certificates to the set that will be used for PKIX certificate verification path buildup.
SigningStreamConfigurator	clearTrustAnchors() Resets the collection of trust anchor certificates to be used for PKIX certificate verification path buildup.
SignatureAlgorithm	getAlgorithm() Returns the value of the algorithm.
String	getAlias() Returns the value of the alias.
X509Certificate	getCertificate() Retrieves the signing certificate, possibly checking it against the list of trust anchor certificates (if provided).
KeyRing	getKeyRing() Returns the value of the key ring.
Key	getPrivateKey() Returns the private key corresponding to the given alias.
Provider	getProvider() Returns the value of the provider.
Collection<X509Certificate>	getTrustAnchors() Returns the collection of trust anchor certificates.
boolean	isEncapsulateData() Returns whether the signer should encapsulate data along with the signature.
boolean	isVerifyCertificate() Returns whether the signer should verify the certificate before signing.
SigningStreamConfigurator	setAlgorithm(SignatureAlgorithm algorithm) Sets the new value of the algorithm.
SigningStreamConfigurator	setAlias(String alias) Sets the new value of the signing certificate alias.
SigningStreamConfigurator	setEncapsulateData(boolean encapsulateData) Sets whether the signer should encapsulate data along with the signature.
SigningStreamConfigurator	setKeyRing(KeyRing keyring) Sets the new value of the key ring.
SigningStreamConfigurator	setProvider(Provider provider) Sets the new value of the provider.
SigningStreamConfigurator	setVerifyCertificate(boolean verifyCertificate) Sets whether the signer should verify the certificate before signing.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_ENCAPSULATE_DATA

public static final boolean DEFAULT_ENCAPSULATE_DATA

Whether by default data should be encapsulated along with the signature.

See Also:

Constant Field Values

DEFAULT_VERIFY_CERTIFICATE

public static final boolean DEFAULT_VERIFY_CERTIFICATE

Whether by default the signing certificate must be verified.

See Also:

Constant Field Values

algorithm

protected SignatureAlgorithm algorithm

The digest and encryption algorithm combination used to create the signature.

alias

protected String alias

The alias identifying the certificate to be used for signing.

keyring

protected KeyRing keyring

The key ring (as a wrapper and helper to access the key store).

provider

protected Provider provider

The security provider.

trustAnchors

protected List<X509Certificate> trustAnchors

A collection of certificates to be used as trust anchors in PKIX certification path buildup and verification.

encapsulateData

protected boolean encapsulateData

Whether the signer should encapsulate data along with the signature.

verifyCertificate

protected boolean verifyCertificate

Whether the signer should verify the certificate before signing.

Constructor Detail

SigningStreamConfigurator

public SigningStreamConfigurator()

Default constructor.

Method Detail

getAlgorithm

public SignatureAlgorithm getAlgorithm()

Returns the value of the algorithm.

Returns:

the value of the algorithm.

setAlgorithm

public SigningStreamConfigurator setAlgorithm(SignatureAlgorithm algorithm)

Sets the new value of the algorithm.

Parameters:

algorithm - the algorithm to set.

Returns:

the object itself, for method chaining.

getAlias

public String getAlias()

Returns the value of the alias.

Returns:

the value of the alias.

setAlias

public SigningStreamConfigurator setAlias(String alias)

Sets the new value of the signing certificate alias.

Parameters:

alias - the alias to set.

Returns:

the object itself, for method chaining.

getKeyRing

public KeyRing getKeyRing()

Returns the value of the key ring.

Returns:

the value of the key ring.

setKeyRing

public SigningStreamConfigurator setKeyRing(KeyRing keyring)

Sets the new value of the key ring.

Parameters:

keyring - the key ring to set.

Returns:

the object itself, for chaining.

getProvider

public Provider getProvider()

Returns the value of the provider.

Returns:

the value of the provider.

setProvider

public SigningStreamConfigurator setProvider(Provider provider)

Sets the new value of the provider.

Parameters:

provider - the provider to set.

Returns:

the object itself, for method chaining.

isEncapsulateData

public boolean isEncapsulateData()

Returns whether the signer should encapsulate data along with the signature.

Returns:

whether the signer should encapsulate data along with the signature.

setEncapsulateData

public SigningStreamConfigurator setEncapsulateData(boolean encapsulateData)

Sets whether the signer should encapsulate data along with the signature.

Parameters:

encapsulateData - whether the signer should encapsulate data along with the signature.

Returns:

the object itself, for method chaining.

isVerifyCertificate

public boolean isVerifyCertificate()

Returns whether the signer should verify the certificate before signing.

Returns:

whether the signer should verify the certificate before signing.

setVerifyCertificate

public SigningStreamConfigurator setVerifyCertificate(boolean verifyCertificate)

Sets whether the signer should verify the certificate before signing.

Parameters:

verifyCertificate - whether the signer should verify the certificate before signing.

Returns:

the object itself, for method chaining.

getTrustAnchors

public Collection<X509Certificate> getTrustAnchors()

Returns the collection of trust anchor certificates.

Returns:

the collection of trust anchor certificates.

addTrustAnchor

public SigningStreamConfigurator addTrustAnchor(Certificate trustAnchor)

Adds the given trust anchor certificate to the set that will be used for PKIX certificate verification path buildup.

Parameters:

trustAnchor - the trust anchor certificate to add.

Returns:

the object itself, for method chaining.

addTrustAnchors

public SigningStreamConfigurator addTrustAnchors(Collection<X509Certificate> trustAnchors)

Adds the given collection of trust anchor certificates to the set that will be used for PKIX certificate verification path buildup.

Parameters:

trustAnchors - the collection of trust anchor certificates to add.

Returns:

the object itself, for method chaining.

clearTrustAnchors

public SigningStreamConfigurator clearTrustAnchors()

Resets the collection of trust anchor certificates to be used for PKIX certificate verification path buildup.

Returns:

the object itself, for method chaining.

toString

public String toString()

Overrides:

toString in class Object

See Also:

Object.toString()

getPrivateKey

public Key getPrivateKey()
                  throws CryptoException

Returns the private key corresponding to the given alias.

Returns:

the private key corresponding to the given alias.

Throws:

CryptoException

getCertificate

public X509Certificate getCertificate()
                               throws CryptoException,
                                      KeyStoreException,
                                      GeneralSecurityException,
                                      CertificateExpiredException,
                                      CertificateNotYetValidException

Retrieves the signing certificate, possibly checking it against the list of trust anchor certificates (if provided).

Parameters:

trustAnchors - an optional list of trust anchor certificate collections.

Returns:

the certificate, if validated.

Throws:

CryptoException

KeyStoreException

CertificateExpiredException

CertificateNotYetValidException

GeneralSecurityException