Package org.xipki.security

Interface SecurityFactory

    • Method Detail

      • getPasswordResolver

        org.xipki.password.PasswordResolver getPasswordResolver()

      • getSupportedSignerTypes

        Set<String> getSupportedSignerTypes()
        Retrieves the types of supported signers.
        Returns:
        lower-case types of supported signers, never null.

      • createSigner

        ConcurrentContentSigner createSigner​(String type,
                                     SignerConf conf,
                                     X509Cert cert)
                              throws org.xipki.util.exception.ObjectCreationException
        Creates signer.
        Parameters:
        type - Type of the signer. Must not be null.
        conf - Configuration of the signer. Could be null.
        cert - Certificate of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.
        Returns:
        the new signer
        Throws:
        org.xipki.util.exception.ObjectCreationException - if could not create the signer

      • createSigner

        ConcurrentContentSigner createSigner​(String type,
                                     SignerConf conf,
                                     X509Cert[] certs)
                              throws org.xipki.util.exception.ObjectCreationException
        Creates signer.
        Parameters:
        type - Type of the signer. Must not be null.
        conf - Configuration of the signer. Could be null.
        certs - Certificates of the signer. If not null, it will be used; otherwise the certificates contained in the token will be used.
        Returns:
        the new signer
        Throws:
        org.xipki.util.exception.ObjectCreationException - if could not create the signer

      • getSupportedKeypairGeneratorTypes

        Set<String> getSupportedKeypairGeneratorTypes()
        Retrieves the types of supported keypair generators.
        Returns:
        lower-case types of supported keypair generators, never null.

      • createKeypairGenerator

        KeypairGenerator createKeypairGenerator​(String type,
                                        String conf)
                                 throws org.xipki.util.exception.ObjectCreationException
        Creates keypair generator.
        Parameters:
        type - Type of the generator. Must not be null.
        conf - Configuration of the generator. Could be null.
        Returns:
        the new keypair generator
        Throws:
        org.xipki.util.exception.ObjectCreationException - if could not create the keypair generator

      • getContentVerifierProvider

        org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider​(PublicKey publicKey)
                                                                      throws InvalidKeyException
        Gets the ContentVerifierProvider from the public key.
        Parameters:
        publicKey - Signature verification key. Must not be null.
        Returns:
        the ContentVerifierProvider
        Throws:
        InvalidKeyException - If the publicKey is invalid or unsupported.

      • getContentVerifierProvider

        org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider​(PublicKey publicKey,
                                                                             DHSigStaticKeyCertPair ownerKeyAndCert)
                                                                      throws InvalidKeyException
        Gets the ContentVerifierProvider from the public key.
        Parameters:
        publicKey - Signature verification key. Must not be null.
        ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.
        Returns:
        the ContentVerifierProvider
        Throws:
        InvalidKeyException - If the publicKey is invalid or unsupported.

      • getContentVerifierProvider

        org.bouncycastle.operator.ContentVerifierProvider getContentVerifierProvider​(X509Cert cert)
                                                                      throws InvalidKeyException
        Gets the ContentVerifierProvider from the certificate.
        Parameters:
        cert - Certificate that contains the signature verification key. Must not be null.
        Returns:
        the ContentVerifierProvider
        Throws:
        InvalidKeyException - If the publicKey contained in the certificate is invalid or unsupported.

      • verifyPop

        boolean verifyPop​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                  AlgorithmValidator algoValidator)
        Verifies the signature of CSR.
        Parameters:
        csr - CSR to be verified. Must not be null.
        algoValidator - Signature algorithms validator. null to accept all algorithms
        Returns:
        true if the signature is valid and the signature algorithm is accepted, false otherwise.

      • verifyPop

        boolean verifyPop​(org.bouncycastle.pkcs.PKCS10CertificationRequest csr,
                  AlgorithmValidator algoValidator,
                  DHSigStaticKeyCertPair ownerKeyAndCert)
        Verifies the signature of CSR.
        Parameters:
        csr - CSR to be verified. Must not be null.
        algoValidator - Signature algorithms validator. null to accept all algorithms
        ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.
        Returns:
        true if the signature is valid and the signature algorithm is accepted, false otherwise.

      • verifyPop

        boolean verifyPop​(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                  AlgorithmValidator algoValidator)
        Verifies the signature of CSR.
        Parameters:
        csr - CSR to be verified. Must not be null.
        algoValidator - Signature algorithms validator. null to accept all algorithms
        Returns:
        true if the signature is valid and the signature algorithm is accepted, false otherwise.

      • verifyPop

        boolean verifyPop​(org.bouncycastle.asn1.pkcs.CertificationRequest csr,
                  AlgorithmValidator algoValidator,
                  DHSigStaticKeyCertPair ownerKeyAndCert)
        Verifies the signature of CSR.
        Parameters:
        csr - CSR to be verified. Must not be null.
        algoValidator - Signature algorithms validator. null to accept all algorithms
        ownerKeyAndCert - The owner's key and certificate for the CSR with Diffie-Hellman PoP. May be null.
        Returns:
        true if the signature is valid and the signature algorithm is accepted, false otherwise.

      • generatePublicKey

        PublicKey generatePublicKey​(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo subjectPublicKeyInfo)
                     throws InvalidKeyException
        Create PublicKey from the subjectPublicKeyInfo.
        Parameters:
        subjectPublicKeyInfo - From which the public key will be created. Must not be null.
        Returns:
        the created public key.
        Throws:
        InvalidKeyException - if could not create public key.

      • getDfltSignerParallelism

        int getDfltSignerParallelism()