Class AbstractPkiCredential
java.lang.Object
se.swedenconnect.security.credential.AbstractPkiCredential
- All Implemented Interfaces:
DisposableBean
,InitializingBean
,PkiCredential
- Direct Known Subclasses:
AbstractReloadablePkiCredential
,BasicCredential
Abstract base class for classes implementing the
PkiCredential
interface.- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
The default implementation verfies that the public key and the private key is available.void
destroy()
Implementations that need to perform clean-up actions should override this method.Gets the certificate holding the public key of the key pair.Gets a certificate chain for the credential, where the first element is the entity certificate (PkiCredential.getCertificate()
).protected abstract String
If the credentialname
property is not explicitly assigned usingsetName(String)
a name is calculated based on a credential's properties.getName()
Gets the name of the credential.Gets the private key.Gets the public key.void
setCertificate
(X509Certificate certificate) Assigns a certificate to an already created credential holding only a key pair.void
setCertificate
(Resource certificateResource) Assigns the certificate by assigning a resource pointing to a DER- och PEM-encoded certificate.void
setCertificateChain
(List<X509Certificate> certificates) Assigns a certificate chain to an already created credential holding only a key pair.void
Assigns the credential name.void
setPrivateKey
(PrivateKey privateKey) Assigns the private key.void
setPrivateKey
(Resource privateKeyResource) Assigns a private key resource.void
setPrivateKey
(Resource privateKeyResource, char[] password) Assigns a private key resource holding an encrypted private key.void
setPublicKey
(PublicKey publicKey) Assigns the public key of the key pair.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface se.swedenconnect.security.credential.PkiCredential
init, isHardwareCredential
-
Constructor Details
-
AbstractPkiCredential
public AbstractPkiCredential()Default constructor.
-
-
Method Details
-
getPublicKey
Gets the public key.- Specified by:
getPublicKey
in interfacePkiCredential
- Returns:
- the public key
-
setPublicKey
Assigns the public key of the key pair.- Parameters:
publicKey
- the public key.
-
getCertificate
Gets the certificate holding the public key of the key pair. May be null depending on whether certificates are handled by the implementing class.- Specified by:
getCertificate
in interfacePkiCredential
- Returns:
- the certificate, or null if no certificate is configured for the credential
-
setCertificate
Assigns a certificate to an already created credential holding only a key pair. It is the caller's responsibility to ensure that the certificate matches the present private key.- Specified by:
setCertificate
in interfacePkiCredential
- Parameters:
certificate
- the certificate to add
-
setCertificate
Assigns the certificate by assigning a resource pointing to a DER- och PEM-encoded certificate.- Parameters:
certificateResource
- the certificate resource- Throws:
CertificateException
- if the supplied resource cannot be decoded into a X509Certificate instance
-
getCertificateChain
Gets a certificate chain for the credential, where the first element is the entity certificate (PkiCredential.getCertificate()
). If no certificate is configured for the credential an empty list is returned.- Specified by:
getCertificateChain
in interfacePkiCredential
- Returns:
- a list of certificates, or an empty list
-
setCertificateChain
Assigns a certificate chain to an already created credential holding only a key pair. The entity certificate is placed first in the list. It is the caller's responsibility to ensure that the certificate matches the present private key.- Specified by:
setCertificateChain
in interfacePkiCredential
- Parameters:
certificates
- the chain
-
getPrivateKey
Gets the private key.- Specified by:
getPrivateKey
in interfacePkiCredential
- Returns:
- the private key
-
setPrivateKey
Assigns the private key.- Parameters:
privateKey
- the private key
-
setPrivateKey
Assigns a private key resource.- Parameters:
privateKeyResource
- a resource holding the key in DER, PEM, or unencrypted PKCS#8 format.- Throws:
KeyException
- if the key decode fails
-
setPrivateKey
Assigns a private key resource holding an encrypted private key. The following formats are supported:- DER or PEM encoded PKCS#8 format
- PEM encoded OpenSSL "traditional" format
- Parameters:
privateKeyResource
- a resource holding the key in DER, PEM, or PKCS#8 format.password
- the key password- Throws:
KeyException
- if the key decode/decrypt fails
-
getName
Gets the name of the credential. If no name has been explicitly assigned, the default name is used.- Specified by:
getName
in interfacePkiCredential
- Returns:
- the name
-
getDefaultName
If the credentialname
property is not explicitly assigned usingsetName(String)
a name is calculated based on a credential's properties.Implementations must not assume that the object has been correctly initialized.
- Returns:
- the credential name
-
setName
Assigns the credential name.- Parameters:
name
- the name
-
afterPropertiesSet
The default implementation verfies that the public key and the private key is available. Implementations that needs to be initialized (for example by loading the keys) should override this method.- Specified by:
afterPropertiesSet
in interfaceInitializingBean
- Throws:
Exception
-
destroy
Implementations that need to perform clean-up actions should override this method. The default implementation does nothing.- Specified by:
destroy
in interfaceDisposableBean
- Throws:
Exception
-