Package org.xipki.security

Class AbstractSecurityFactory

java.lang.Object

org.xipki.security.AbstractSecurityFactory

All Implemented Interfaces:

SecurityFactory

Direct Known Subclasses:

SecurityFactoryImpl

public abstract class AbstractSecurityFactory
extends Object
implements SecurityFactory

Abstract implementation of SecurityFactory. It provides some common methods.

Since:

2.0.0

Author:

Lijun Liao (xipki)

Constructor Summary

Constructors

Constructor	Description
AbstractSecurityFactory()

Method Summary

Modifier and Type	Method	Description
ConcurrentContentSigner	createSigner(String type, SignerConf conf, X509Cert cert)	Creates signer.
org.bouncycastle.operator.ContentVerifierProvider	getContentVerifierProvider(PublicKey publicKey)	Gets the ContentVerifierProvider from the public key.
org.bouncycastle.operator.ContentVerifierProvider	getContentVerifierProvider(X509Cert cert)	Gets the ContentVerifierProvider from the certificate.
boolean	verifyPop(org.bouncycastle.asn1.pkcs.CertificationRequest csr, AlgorithmValidator algoValidator)	Verifies the signature of CSR.
boolean	verifyPop(org.bouncycastle.asn1.pkcs.CertificationRequest csr, AlgorithmValidator algoValidator, DHSigStaticKeyCertPair ownerKeyAndCert)	Verifies the signature of CSR.
boolean	verifyPop(org.bouncycastle.pkcs.PKCS10CertificationRequest csr, AlgorithmValidator algoValidator)	Verifies the signature of CSR.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.xipki.security.SecurityFactory

createKeypairGenerator, createSigner, generatePublicKey, getContentVerifierProvider, getDfltSignerParallelism, getPasswordResolver, getRandom4Key, getRandom4Sign, getSupportedKeypairGeneratorTypes, getSupportedSignerTypes, verifyPop

Constructor Detail

AbstractSecurityFactory

public AbstractSecurityFactory()

Method Detail

createSigner

public ConcurrentContentSigner createSigner(String type,
                                            SignerConf conf,
                                            X509Cert cert)
                                     throws org.xipki.util.exception.ObjectCreationException

Description copied from interface: SecurityFactory

Creates signer.

Specified by:

createSigner in interface SecurityFactory

Parameters:

type - Type of the signer. Must not be null.

conf - Configuration of the signer. Could be null.

cert - Certificate of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.

Returns:

the new signer

Throws:

org.xipki.util.exception.ObjectCreationException - if could not create the signer

getContentVerifierProvider

public org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(X509Cert cert)
                                                                             throws InvalidKeyException

Description copied from interface: SecurityFactory

Gets the ContentVerifierProvider from the certificate.

Specified by:

getContentVerifierProvider in interface SecurityFactory

Parameters:

cert - Certificate that contains the signature verification key. Must not be null.

Returns:

the ContentVerifierProvider

Throws:

InvalidKeyException - If the publicKey contained in the certificate is invalid or unsupported.

getContentVerifierProvider

public org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider(PublicKey publicKey)
                                                                             throws InvalidKeyException

Description copied from interface: SecurityFactory

Gets the ContentVerifierProvider from the public key.

Specified by:

getContentVerifierProvider in interface SecurityFactory

Parameters:

publicKey - Signature verification key. Must not be null.

Returns:

the ContentVerifierProvider

Throws:

InvalidKeyException - If the publicKey is invalid or unsupported.

verifyPop

public boolean verifyPop(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                         AlgorithmValidator algoValidator)

Description copied from interface: SecurityFactory

Verifies the signature of CSR.

Specified by:

verifyPop in interface SecurityFactory

Parameters:

csr - CSR to be verified. Must not be null.

algoValidator - Signature algorithms validator. null to accept all algorithms

Returns:

true if the signature is valid and the signature algorithm is accepted, false otherwise.

verifyPop

public boolean verifyPop(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                         AlgorithmValidator algoValidator,
                         DHSigStaticKeyCertPair ownerKeyAndCert)

Description copied from interface: SecurityFactory

Verifies the signature of CSR.

Specified by:

verifyPop in interface SecurityFactory

Parameters:

csr - CSR to be verified. Must not be null.

algoValidator - Signature algorithms validator. null to accept all algorithms

ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.

Returns:

true if the signature is valid and the signature algorithm is accepted, false otherwise.

verifyPop

public boolean verifyPop(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                         AlgorithmValidator algoValidator)

Description copied from interface: SecurityFactory

Verifies the signature of CSR.

Specified by:

verifyPop in interface SecurityFactory

Parameters:

csr - CSR to be verified. Must not be null.

algoValidator - Signature algorithms validator. null to accept all algorithms

Returns:

true if the signature is valid and the signature algorithm is accepted, false otherwise.