PKCS11NoTestCredential (Sweden Connect - OpenSAML PKCS11 extension library

java.lang.Object
- org.opensaml.security.credential.AbstractCredential
- - org.opensaml.security.credential.BasicCredential
  - - org.opensaml.security.x509.BasicX509Credential
    - - se.swedenconnect.opensaml.pkcs11.credential.PKCS11Credential
      - se.swedenconnect.opensaml.pkcs11.credential.PKCS11NoTestCredential

All Implemented Interfaces:

Credential, MutableCredential, X509Credential
```
public class PKCS11NoTestCredential
extends PKCS11Credential
```
This credential class extends the OpenSAML BasicX509Credential and provides simple credentials for PKCS#11 keys based on one or more configured providers.
This is a simplified extension of the PKCS11Credential class, which do not attempt to reload the key in case the connection to the key in the PKCS"11 token has been disrupted or lost.

Author:

Stefan Santesson (stefan@idsec.se), Martin Lindström (martin@idsec.se)

Field Summary
- Fields inherited from class se.swedenconnect.opensaml.pkcs11.credential.PKCS11Credential
  privateKeyMap

Constructor Summary

Constructors
Constructor and Description
`PKCS11NoTestCredential(X509Certificate entityCertificate, List<String> providerNameList, String alias, CustomKeyExtractor customKeyExtractor)` Initializes the PKCS#11 credential.
`PKCS11NoTestCredential(X509Certificate entityCertificate, List<String> providerNameList, String alias, String pin)` Initializes the PKCS#11 credential.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`PrivateKey`	`getPrivateKey()` Overrides the default method to get an random available private key from any of the configured PKCS#11 providers.

Methods inherited from class se.swedenconnect.opensaml.pkcs11.credential.PKCS11Credential
getCurrentKeyProvider, getRandomProviderFromPool

Methods inherited from class org.opensaml.security.x509.BasicX509Credential
getCredentialType, getCRLs, getEntityCertificate, getEntityCertificateChain, getPublicKey, getSecretKey, setCRLs, setEntityCertificate, setEntityCertificateChain, setPublicKey, setSecretKey

Methods inherited from class org.opensaml.security.credential.BasicCredential
setEntityId, setPrivateKey, setUsageType

Methods inherited from class org.opensaml.security.credential.AbstractCredential
getCredentialContextSet, getEntityId, getKeyNames, getUsageType

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.security.credential.Credential
getCredentialContextSet, getEntityId, getKeyNames, getUsageType

- Constructor Detail
  - PKCS11NoTestCredential
```
public PKCS11NoTestCredential(X509Certificate entityCertificate,
                              List<String> providerNameList,
                              String alias,
                              CustomKeyExtractor customKeyExtractor)
                       throws Exception
```
    Initializes the PKCS#11 credential.
    
    Parameters:
    
    entityCertificate - the entity certificate for this credential
    
    providerNameList - the name of the security provider holding the private key object
    
    alias - the alias of the private key
    
    customKeyExtractor - the custom key extractor for extracting the PrivateKey handler object from the providers
    
    Throws:
    
    UnrecoverableKeyException - if the private key can not be recovered
    
    NoSuchAlgorithmException - if the selected algorithm is not supported
    
    KeyStoreException - general keystore exception
    
    NoSuchProviderException - if no provider for PKCS11 is available
    
    IOException - general IO errors
    
    Exception
  - PKCS11NoTestCredential
```
public PKCS11NoTestCredential(X509Certificate entityCertificate,
                              List<String> providerNameList,
                              String alias,
                              String pin)
                       throws Exception
```
    Initializes the PKCS#11 credential.
    
    Parameters:
    
    entityCertificate - the entity certificate for this credential
    
    providerNameList - the name of the security provider holding the private key object
    
    alias - the alias of the private key
    
    pin - the pin for the private key
    
    Throws:
    
    UnrecoverableKeyException - if the private key can not be recovered
    
    NoSuchAlgorithmException - if the selected algorithm is not supported
    
    KeyStoreException - general keystore exception
    
    NoSuchProviderException - if no provider for PKCS11 is available
    
    IOException - general IO errors
    
    Exception
- Method Detail
  - getPrivateKey
```
public PrivateKey getPrivateKey()
```
    Overrides the default method to get an random available private key from any of the configured PKCS#11 providers. No test of the private key is performed before the private key object is returned.
    
    Specified by:
    
    getPrivateKey in interface Credential
    
    Overrides:
    
    getPrivateKey in class PKCS11Credential
    
    Returns:
    
    the private key object

Class PKCS11NoTestCredential

Field Summary

Fields inherited from class se.swedenconnect.opensaml.pkcs11.credential.PKCS11Credential

Constructor Summary

Method Summary

Methods inherited from class se.swedenconnect.opensaml.pkcs11.credential.PKCS11Credential

Methods inherited from class org.opensaml.security.x509.BasicX509Credential

Methods inherited from class org.opensaml.security.credential.BasicCredential

Methods inherited from class org.opensaml.security.credential.AbstractCredential

Methods inherited from class java.lang.Object

Methods inherited from interface org.opensaml.security.credential.Credential

Constructor Detail

PKCS11NoTestCredential

PKCS11NoTestCredential

Method Detail

getPrivateKey