org.xipki.security

Class SecurityFactoryImpl

java.lang.Object

org.xipki.security.AbstractSecurityFactory

org.xipki.security.SecurityFactoryImpl

All Implemented Interfaces:

SecurityFactory

public class SecurityFactoryImpl
extends AbstractSecurityFactory

An implementation of SecurityFactory.

Since:

2.0.0

Author:

Lijun Liao

Constructor Summary

Constructors

Constructor and Description
SecurityFactoryImpl()

Method Summary

Modifier and Type	Method and Description
KeypairGenerator	createKeypairGenerator(String type, String conf) Creates keypair generator.
ConcurrentContentSigner	createSigner(String type, SignerConf conf, X509Cert[] certificateChain) Creates signer.
PublicKey	generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo) Create PublicKey from the subjectPublicKeyInfo.
org.bouncycastle.operator.ContentVerifierProvider	getContentVerifierProvider(PublicKey publicKey, DHSigStaticKeyCertPair ownerKeyAndCert) Gets the ContentVerifierProvider from the public key.
int	getDfltSignerParallelism()
org.xipki.password.PasswordResolver	getPasswordResolver()
SecureRandom	getRandom4Key()
SecureRandom	getRandom4Sign()
Set<String>	getSupportedKeypairGeneratorTypes() Retrieves the types of supported keypair generators.
Set<String>	getSupportedSignerTypes() Retrieves the types of supported signers.
boolean	isStrongRandom4KeyEnabled()
boolean	isStrongRandom4SignEnabled()
void	setDefaultSignerParallelism(int defaultSignerParallelism)
void	setKeypairGeneratorFactoryRegister(KeypairGeneratorFactoryRegister keypairGeneratorFactoryRegister)
void	setPasswordResolver(org.xipki.password.PasswordResolver passwordResolver)
void	setSignerFactoryRegister(SignerFactoryRegister signerFactoryRegister)
void	setStrongRandom4KeyEnabled(boolean strongRandom4KeyEnabled)
void	setStrongRandom4SignEnabled(boolean strongRandom4SignEnabled)
boolean	verifyPop(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, AlgorithmValidator algoValidator, DHSigStaticKeyCertPair ownerKeyAndCert) Verifies the signature of CSR.

Methods inherited from class org.xipki.security.AbstractSecurityFactory

createSigner, getContentVerifierProvider, getContentVerifierProvider, verifyPop, verifyPop, verifyPop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityFactoryImpl

public SecurityFactoryImpl()

Method Detail

getSupportedSignerTypes

public Set<String> getSupportedSignerTypes()

Description copied from interface: SecurityFactory

Retrieves the types of supported signers.

Returns:

lower-case types of supported signers, never null.

isStrongRandom4KeyEnabled

public boolean isStrongRandom4KeyEnabled()

setStrongRandom4KeyEnabled

public void setStrongRandom4KeyEnabled(boolean strongRandom4KeyEnabled)

isStrongRandom4SignEnabled

public boolean isStrongRandom4SignEnabled()

setStrongRandom4SignEnabled

public void setStrongRandom4SignEnabled(boolean strongRandom4SignEnabled)

createSigner

public ConcurrentContentSigner createSigner(String type,
                                            SignerConf conf,
                                            X509Cert[] certificateChain)
                                     throws org.xipki.util.exception.ObjectCreationException

Description copied from interface: SecurityFactory

Creates signer.

Parameters:

type - Type of the signer. Must not be null.

conf - Configuration of the signer. Could be null.

certificateChain - Certificates of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.

Returns:

the new signer

Throws:

org.xipki.util.exception.ObjectCreationException - if could not create the signer

getSupportedKeypairGeneratorTypes

public Set<String> getSupportedKeypairGeneratorTypes()

Description copied from interface: SecurityFactory

Retrieves the types of supported keypair generators.

Returns:

lower-case types of supported keypair generators, never null.

createKeypairGenerator

public KeypairGenerator createKeypairGenerator(String type,
                                               String conf)
                                        throws org.xipki.util.exception.ObjectCreationException

Description copied from interface: SecurityFactory

Creates keypair generator.

Parameters:

type - Type of the generator. Must not be null.

conf - Configuration of the generator. Could be null.

Returns:

the new keypair generator

Throws:

org.xipki.util.exception.ObjectCreationException - if could not create the keypair generator

getContentVerifierProvider

public org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey,
                                                                                    DHSigStaticKeyCertPair ownerKeyAndCert)
                                                                             throws InvalidKeyException

Description copied from interface: SecurityFactory

Gets the ContentVerifierProvider from the public key.

Parameters:

publicKey - Signature verification key. Must not be null.

ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.

Returns:

the ContentVerifierProvider

Throws:

InvalidKeyException - If the publicKey is invalid or unsupported.

generatePublicKey

public PublicKey generatePublicKey(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                            throws InvalidKeyException

Description copied from interface: SecurityFactory

Create PublicKey from the subjectPublicKeyInfo.

Parameters:

subjectPublicKeyInfo - From which the public key will be created. Must not be null.

Returns:

the created public key.

Throws:

InvalidKeyException - if could not create public key.

verifyPop

public boolean verifyPop(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                         AlgorithmValidator algoValidator,
                         DHSigStaticKeyCertPair ownerKeyAndCert)

Description copied from interface: SecurityFactory

Verifies the signature of CSR.

Parameters:

csr - CSR to be verified. Must not be null.

algoValidator - Signature algorithms validator. null to accept all algorithms

ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.

Returns:

true if the signature is valid and the signature algorithm is accepted, false otherwise.

getDfltSignerParallelism

public int getDfltSignerParallelism()

setDefaultSignerParallelism

public void setDefaultSignerParallelism(int defaultSignerParallelism)

setSignerFactoryRegister

public void setSignerFactoryRegister(SignerFactoryRegister signerFactoryRegister)

setKeypairGeneratorFactoryRegister

public void setKeypairGeneratorFactoryRegister(KeypairGeneratorFactoryRegister keypairGeneratorFactoryRegister)

setPasswordResolver

public void setPasswordResolver(org.xipki.password.PasswordResolver passwordResolver)

getPasswordResolver

public org.xipki.password.PasswordResolver getPasswordResolver()

getRandom4Key

public SecureRandom getRandom4Key()

getRandom4Sign

public SecureRandom getRandom4Sign()