org.xipki.security

Class SecurityFactoryImpl

java.lang.Object

org.xipki.security.AbstractSecurityFactory

org.xipki.security.SecurityFactoryImpl

All Implemented Interfaces:

SecurityFactory

public class SecurityFactoryImpl
extends AbstractSecurityFactory

An implementation of SecurityFactory.

Since:

2.0.0

Author:

Lijun Liao

Constructor Summary

Constructors

Constructor and Description
SecurityFactoryImpl()

Method Summary

Modifier and Type	Method and Description
KeyCertPair	createPrivateKeyAndCert(String type, SignerConf conf, X509Cert cert) Create secret key and certificate pair.
ConcurrentContentSigner	createSigner(String type, SignerConf conf, X509Cert[] certificateChain) Creates signer.
byte[]	extractMinimalKeyStore(String keystoreType, byte[] keystoreBytes, String keyname, char[] password, X509Cert[] newCertChain) Extracts the keystore with minimal required information.
PublicKey	generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo) Create PublicKey from the subjectPublicKeyInfo.
org.bouncycastle.operator.ContentVerifierProvider	getContentVerifierProvider(PublicKey publicKey, DHSigStaticKeyCertPair ownerKeyAndCert) Gets the ContentVerifierProvider from the public key.
int	getDfltSignerParallelism()
org.xipki.password.PasswordResolver	getPasswordResolver()
SecureRandom	getRandom4Key()
SecureRandom	getRandom4Sign()
Set<String>	getSupportedSignerTypes() Retrieves the types of supported signers.
boolean	isStrongRandom4KeyEnabled()
boolean	isStrongRandom4SignEnabled()
void	refreshTokenForSignerType(String signerType)
void	setDefaultSignerParallelism(int defaultSignerParallelism)
void	setPasswordResolver(org.xipki.password.PasswordResolver passwordResolver)
void	setSignerFactoryRegister(SignerFactoryRegister signerFactoryRegister)
void	setStrongRandom4KeyEnabled(boolean strongRandom4KeyEnabled)
void	setStrongRandom4SignEnabled(boolean strongRandom4SignEnabled)
boolean	verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, AlgorithmValidator algoValidator, DHSigStaticKeyCertPair ownerKeyAndCert) Verifies the signature of CSR.

Methods inherited from class org.xipki.security.AbstractSecurityFactory

createSigner, getContentVerifierProvider, getContentVerifierProvider, verifyPopo, verifyPopo, verifyPopo

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityFactoryImpl

public SecurityFactoryImpl()

Method Detail

getSupportedSignerTypes

public Set<String> getSupportedSignerTypes()

Description copied from interface: SecurityFactory

Retrieves the types of supported signers.

Returns:

lower-case types of supported signers, never null.

isStrongRandom4KeyEnabled

public boolean isStrongRandom4KeyEnabled()

setStrongRandom4KeyEnabled

public void setStrongRandom4KeyEnabled(boolean strongRandom4KeyEnabled)

isStrongRandom4SignEnabled

public boolean isStrongRandom4SignEnabled()

setStrongRandom4SignEnabled

public void setStrongRandom4SignEnabled(boolean strongRandom4SignEnabled)

createSigner

public ConcurrentContentSigner createSigner(String type,
                                            SignerConf conf,
                                            X509Cert[] certificateChain)
                                     throws org.xipki.util.ObjectCreationException

Description copied from interface: SecurityFactory

Creates signer.

Parameters:

type - Type of the signer. Must not be null.

conf - Configuration of the signer. Could be null.

certificateChain - Certificates of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.

Returns:

the new signer

Throws:

org.xipki.util.ObjectCreationException - if could not create the signer

getContentVerifierProvider

public org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
                                                                                    DHSigStaticKeyCertPair ownerKeyAndCert)
                                                                             throws InvalidKeyException

Description copied from interface: SecurityFactory

Gets the ContentVerifierProvider from the public key.

Parameters:

publicKey - Signature verification key. Must not be null.

ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoC. May be null.

Returns:

the ContentVerifierProvider

Throws:

InvalidKeyException - If the publicKey is invalid or unsupported.

generatePublicKey

public PublicKey generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                            throws InvalidKeyException

Description copied from interface: SecurityFactory

Create PublicKey from the subjectPublicKeyInfo.

Parameters:

subjectPublicKeyInfo - From which the public key will be created. Must not be null.

Returns:

the created public key.

Throws:

InvalidKeyException - if could not create public key.

verifyPopo

public boolean verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                          AlgorithmValidator algoValidator,
                          DHSigStaticKeyCertPair ownerKeyAndCert)

Description copied from interface: SecurityFactory

Verifies the signature of CSR.

Parameters:

csr - CSR to be verified. Must not be null.

algoValidator - Signature algorithms validator. null to accept all algorithms

ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoC. May be null.

Returns:

true if the signature is valid and the signature algorithm is accepted, false otherwise.

getDfltSignerParallelism

public int getDfltSignerParallelism()

setDefaultSignerParallelism

public void setDefaultSignerParallelism(int defaultSignerParallelism)

setSignerFactoryRegister

public void setSignerFactoryRegister(SignerFactoryRegister signerFactoryRegister)

setPasswordResolver

public void setPasswordResolver(org.xipki.password.PasswordResolver passwordResolver)

getPasswordResolver

public org.xipki.password.PasswordResolver getPasswordResolver()

createPrivateKeyAndCert

public KeyCertPair createPrivateKeyAndCert(String type,
                                           SignerConf conf,
                                           X509Cert cert)
                                    throws org.xipki.util.ObjectCreationException

Description copied from interface: SecurityFactory

Create secret key and certificate pair.

Parameters:

type - Type of the signer. Must not be null.

conf - Configuration of the signer. Could be null.

cert - Certificate of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.

Returns:

the new pair of key and certificate

Throws:

org.xipki.util.ObjectCreationException - if could not create the object

getRandom4Key

public SecureRandom getRandom4Key()

getRandom4Sign

public SecureRandom getRandom4Sign()

extractMinimalKeyStore

public byte[] extractMinimalKeyStore(String keystoreType,
                                     byte[] keystoreBytes,
                                     String keyname,
                                     char[] password,
                                     X509Cert[] newCertChain)
                              throws KeyStoreException

Description copied from interface: SecurityFactory

Extracts the keystore with minimal required information.

1. If keyname is set, and its associated entry is a key entry, then only this entry is remained.
2. if keyname is null and there exists at least one key entry, then only the first entry is remained.
3. otherwise, KeyStoreException will be thrown.

Parameters:

keystoreType - Type of the keystore. Must not be null.

keystoreBytes - Content of the keystpre. Must not be null.

keyname - Name (alias) of the key. Could be null.

password - Password of the keystore and key. Must not be null.

newCertChain - New certificates. If not null, the certificates in the keystore will be replaced.

Returns:

the minimal keystore

Throws:

KeyStoreException - If case 3 occurs.

refreshTokenForSignerType

public void refreshTokenForSignerType(String signerType)
                               throws XiSecurityException

Throws:

XiSecurityException