SecurityFactory (XiPKI :: security 5.3.4 API)

All Known Implementing Classes:

AbstractSecurityFactory, SecurityFactoryImpl
```
public interface SecurityFactory
```
This is the core interface. It specifies the method to create ConcurrentContentSigner, ContentVerifierProvider, to verify POPO, to the random, etc.

Since:

2.0.0

Author:

Lijun Liao

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`KeyCertPair`	`createPrivateKeyAndCert(String type, SignerConf conf, X509Certificate cert)` Create secret key and certificate pair.
`ConcurrentContentSigner`	`createSigner(String type, SignerConf conf, X509Certificate cert)` Creates signer.
`ConcurrentContentSigner`	`createSigner(String type, SignerConf conf, X509Certificate[] certs)` Creates signer.
`byte[]`	`extractMinimalKeyStore(String keystoreType, byte[] keystoreBytes, String keyname, char[] password, X509Certificate[] newCertChain)` Extracts the keystore with minimal required information.
`PublicKey`	`generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)` Create PublicKey from the `subjectPublicKeyInfo`.
`org.bouncycastle.operator.ContentVerifierProvider`	`getContentVerifierProvider(PublicKey publicKey)` Gets the ContentVerifierProvider from the public key.
`org.bouncycastle.operator.ContentVerifierProvider`	`getContentVerifierProvider(PublicKey publicKey, DHSigStaticKeyCertPair ownerKeyAndCert)` Gets the ContentVerifierProvider from the public key.
`org.bouncycastle.operator.ContentVerifierProvider`	`getContentVerifierProvider(X509Certificate cert)` Gets the ContentVerifierProvider from the certificate.
`org.bouncycastle.operator.ContentVerifierProvider`	`getContentVerifierProvider(org.bouncycastle.cert.X509CertificateHolder cert)` Gets the ContentVerifierProvider from the certificate.
`int`	`getDfltSignerParallelism()`
`org.xipki.password.PasswordResolver`	`getPasswordResolver()`
`SecureRandom`	`getRandom4Key()`
`SecureRandom`	`getRandom4Sign()`
`Set<String>`	`getSupportedSignerTypes()` Retrieves the types of supported signers.
`void`	`refreshTokenForSignerType(String signerType)`
`boolean`	`verifyPopo(org.bouncycastle.asn1.pkcs.CertificationRequest csr, AlgorithmValidator algoValidator)` Verifies the signature of CSR.
`boolean`	`verifyPopo(org.bouncycastle.asn1.pkcs.CertificationRequest csr, AlgorithmValidator algoValidator, DHSigStaticKeyCertPair ownerKeyAndCert)` Verifies the signature of CSR.
`boolean`	`verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, AlgorithmValidator algoValidator)` Verifies the signature of CSR.
`boolean`	`verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, AlgorithmValidator algoValidator, DHSigStaticKeyCertPair ownerKeyAndCert)` Verifies the signature of CSR.

- Method Detail
  - getPasswordResolver
```
org.xipki.password.PasswordResolver getPasswordResolver()
```
  - getSupportedSignerTypes
```
Set<String> getSupportedSignerTypes()
```
    Retrieves the types of supported signers.
    
    Returns:
    
    lower-case types of supported signers, never null.
  - createPrivateKeyAndCert
```
KeyCertPair createPrivateKeyAndCert(String type,
                                    SignerConf conf,
                                    X509Certificate cert)
                             throws org.xipki.util.ObjectCreationException
```
    Create secret key and certificate pair.
    
    Parameters:
    
    type - Type of the signer. Must not be null.
    
    conf - Configuration of the signer. Could be null.
    
    cert - Certificate of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.
    
    Returns:
    
    the new pair of key and certificate
    
    Throws:
    
    org.xipki.util.ObjectCreationException - if could not create the object
  - createSigner
```
ConcurrentContentSigner createSigner(String type,
                                     SignerConf conf,
                                     X509Certificate cert)
                              throws org.xipki.util.ObjectCreationException
```
    Creates signer.
    
    Parameters:
    
    type - Type of the signer. Must not be null.
    
    conf - Configuration of the signer. Could be null.
    
    cert - Certificate of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.
    
    Returns:
    
    the new signer
    
    Throws:
    
    org.xipki.util.ObjectCreationException - if could not create the signer
  - createSigner
```
ConcurrentContentSigner createSigner(String type,
                                     SignerConf conf,
                                     X509Certificate[] certs)
                              throws org.xipki.util.ObjectCreationException
```
    Creates signer.
    
    Parameters:
    
    type - Type of the signer. Must not be null.
    
    conf - Configuration of the signer. Could be null.
    
    certs - Certificates of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.
    
    Returns:
    
    the new signer
    
    Throws:
    
    org.xipki.util.ObjectCreationException - if could not create the signer
  - getContentVerifierProvider
```
org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey)
                                                                      throws InvalidKeyException
```
    Gets the ContentVerifierProvider from the public key.
    
    Parameters:
    
    publicKey - Signature verification key. Must not be null.
    
    Returns:
    
    the ContentVerifierProvider
    
    Throws:
    
    InvalidKeyException - If the publicKey is invalid or unsupported.
  - getContentVerifierProvider
```
org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
                                                                             DHSigStaticKeyCertPair ownerKeyAndCert)
                                                                      throws InvalidKeyException
```
    Gets the ContentVerifierProvider from the public key.
    
    Parameters:
    
    publicKey - Signature verification key. Must not be null.
    
    ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoC. May be null.
    
    Returns:
    
    the ContentVerifierProvider
    
    Throws:
    
    InvalidKeyException - If the publicKey is invalid or unsupported.
  - getContentVerifierProvider
```
org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(X509Certificate cert)
                                                                      throws InvalidKeyException
```
    Gets the ContentVerifierProvider from the certificate.
    
    Parameters:
    
    cert - Certificate that contains the signature verification key. Must not be null.
    
    Returns:
    
    the ContentVerifierProvider
    
    Throws:
    
    InvalidKeyException - If the publicKey contained in the certificate is invalid or unsupported.
  - getContentVerifierProvider
```
org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(org.bouncycastle.cert.X509CertificateHolder cert)
                                                                      throws InvalidKeyException
```
    Gets the ContentVerifierProvider from the certificate.
    
    Parameters:
    
    cert - Certificate that contains the signature verification key. Must not be null.
    
    Returns:
    
    the ContentVerifierProvider
    
    Throws:
    
    InvalidKeyException - If the publicKey contained in the certificate is invalid or unsupported.
  - verifyPopo
```
boolean verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                   AlgorithmValidator algoValidator)
```
    Verifies the signature of CSR.
    
    Parameters:
    
    csr - CSR to be verified. Must not be null.
    
    algoValidator - Signature algorithms validator. null to accept all algorithms
    
    Returns:
    
    true if the signature is valid and the signature algorithm is accepted, false otherwise.
  - verifyPopo
```
boolean verifyPopo(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                   AlgorithmValidator algoValidator,
                   DHSigStaticKeyCertPair ownerKeyAndCert)
```
    Verifies the signature of CSR.
    
    Parameters:
    
    csr - CSR to be verified. Must not be null.
    
    algoValidator - Signature algorithms validator. null to accept all algorithms
    
    ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoC. May be null.
    
    Returns:
    
    true if the signature is valid and the signature algorithm is accepted, false otherwise.
  - verifyPopo
```
boolean verifyPopo(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                   AlgorithmValidator algoValidator)
```
    Verifies the signature of CSR.
    
    Parameters:
    
    csr - CSR to be verified. Must not be null.
    
    algoValidator - Signature algorithms validator. null to accept all algorithms
    
    Returns:
    
    true if the signature is valid and the signature algorithm is accepted, false otherwise.
  - verifyPopo
```
boolean verifyPopo(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                   AlgorithmValidator algoValidator,
                   DHSigStaticKeyCertPair ownerKeyAndCert)
```
    Verifies the signature of CSR.
    
    Parameters:
    
    csr - CSR to be verified. Must not be null.
    
    algoValidator - Signature algorithms validator. null to accept all algorithms
    
    ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoC. May be null.
    
    Returns:
    
    true if the signature is valid and the signature algorithm is accepted, false otherwise.
  - generatePublicKey
```
PublicKey generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                     throws InvalidKeyException
```
    Create PublicKey from the subjectPublicKeyInfo.
    
    Parameters:
    
    subjectPublicKeyInfo - From which the public key will be created. Must not be null.
    
    Returns:
    
    the created public key.
    
    Throws:
    
    InvalidKeyException - if could not create public key.
  - extractMinimalKeyStore
```
byte[] extractMinimalKeyStore(String keystoreType,
                              byte[] keystoreBytes,
                              String keyname,
                              char[] password,
                              X509Certificate[] newCertChain)
                       throws KeyStoreException
```
    Extracts the keystore with minimal required information.
    1. If keyname is set, and its associated entry is a key entry, then only this entry is remained.
    2. if keyname is null and there exists at least one key entry, then only the first entry is remained.
    3. otherwise, KeyStoreException will be thrown.
    Parameters:
    
    keystoreType - Type of the keystore. Must not be null.
    
    keystoreBytes - Content of the keystpre. Must not be null.
    
    keyname - Name (alias) of the key. Could be null.
    
    password - Password of the keystore and key. Must not be null.
    
    newCertChain - New certificates. If not null, the certificates in the keystore will be replaced.
    
    Returns:
    
    the minimal keystore
    
    Throws:
    
    KeyStoreException - If case 3 occurs.
  - getRandom4Sign
```
SecureRandom getRandom4Sign()
```
  - getRandom4Key
```
SecureRandom getRandom4Key()
```
  - getDfltSignerParallelism
```
int getDfltSignerParallelism()
```
  - refreshTokenForSignerType
```
void refreshTokenForSignerType(String signerType)
                        throws XiSecurityException
```
    Throws:
    
    XiSecurityException

Interface SecurityFactory

Method Summary

Method Detail

getPasswordResolver

getSupportedSignerTypes

createPrivateKeyAndCert

createSigner

createSigner

getContentVerifierProvider

getContentVerifierProvider

getContentVerifierProvider

getContentVerifierProvider

verifyPopo

verifyPopo

verifyPopo

verifyPopo

generatePublicKey

extractMinimalKeyStore

getRandom4Sign

getRandom4Key

getDfltSignerParallelism

refreshTokenForSignerType