Summary:
Nested Classes
| Protected Ctors
| Methods
| Protected Methods
| Inherited Methods
| [Expand All]
| java.lang.Object | |
| ↳ | xades4j.providers.impl.KeyStoreKeyingDataProvider |
 Known Direct Subclasses
|
Class Overview
A KeyStore-based implementation of KeyingDataProvider. The keystore is
loaded on first access (thread-safe).
The following procedure is done to get the signing certificate:
- Get all the X509Certificates in private key entries
- Invoke the supplied
SigningCertSelectorto choose the certificate and thus the entry - Get the entry alias matching the selected certificate
- Get the certificate chain for that entry
The following procedure is done to get the signing key:
- Get the entry alias matching the provided certificate
- Get the protection to access that entry
- Return the entry's private key
Summary
| Nested Classes | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| KeyStoreKeyingDataProvider.KeyEntryPasswordProvider | Provides a password to access a keystore entry. | ||||||||||
| KeyStoreKeyingDataProvider.KeyStoreBuilderCreator | Gets a builder that will create the keystore instance. | ||||||||||
| KeyStoreKeyingDataProvider.KeyStorePasswordProvider | Provides a password to load the keystore. | ||||||||||
| KeyStoreKeyingDataProvider.SigningCertSelector | Used to select a certificate from the available certificates. | ||||||||||
| Protected Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Gets the signing certificate chain to be used in an ongoing signature operation.
| |||||||||||
Gets the signing key that matches a signing certificate.
| |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Gets a protection parameter to access the specified entry.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
java.lang.Object
| |||||||||||
|
From interface
xades4j.providers.KeyingDataProvider
| |||||||||||
Protected Constructors
protected KeyStoreKeyingDataProvider (KeyStoreKeyingDataProvider.KeyStoreBuilderCreator builderCreator, KeyStoreKeyingDataProvider.SigningCertSelector certificateSelector, KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain)
Parameters
| returnFullChain | return the full certificate chain, if available |
|---|
Public Methods
public List<X509Certificate> getSigningCertificateChain ()
Gets the signing certificate chain to be used in an ongoing signature operation. At least the signing certificate must be present. Other certificates may be present, possibly up to the trust anchor.
Returns
- the signing certificate (chain)
public PrivateKey getSigningKey (X509Certificate signingCert)
Gets the signing key that matches a signing certificate. The certificate
supplied to this method is ALWAYS the first of the collection returned in
the previous call to getSigningCertificateChain.
Parameters
| signingCert | the certificate for which the corresponding key should be returned |
|---|
Returns
- the private key that matches
signingCert
Protected Methods
protected abstract KeyStore.ProtectionParameter getKeyProtection (String entryAlias, X509Certificate entryCert, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider)
Gets a protection parameter to access the specified entry.
Parameters
| entryAlias | the alias of the entry that is being accessed |
|---|---|
| entryCert | the cerificate in the entry |
| entryPasswordProvider | the password provider that should be used to
get the actual password (may be null) |
Returns
- the protection