Class AbstractPkiCredential

java.lang.Object
se.swedenconnect.security.credential.AbstractPkiCredential
All Implemented Interfaces:
DisposableBean, InitializingBean, PkiCredential
Direct Known Subclasses:
AbstractReloadablePkiCredential, BasicCredential

public abstract class AbstractPkiCredential extends Object implements PkiCredential
Abstract base class for classes implementing the PkiCredential interface.
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Constructor Details

    • AbstractPkiCredential

      public AbstractPkiCredential()
      Default constructor.
  • Method Details

    • getPublicKey

      public PublicKey getPublicKey()
      Gets the public key.
      Specified by:
      getPublicKey in interface PkiCredential
      Returns:
      the public key
    • setPublicKey

      public void setPublicKey(PublicKey publicKey)
      Assigns the public key of the key pair.
      Parameters:
      publicKey - the public key.
    • getCertificate

      public X509Certificate getCertificate()
      Gets the certificate holding the public key of the key pair. May be null depending on whether certificates are handled by the implementing class.
      Specified by:
      getCertificate in interface PkiCredential
      Returns:
      the certificate, or null if no certificate is configured for the credential
    • setCertificate

      public void setCertificate(X509Certificate certificate)
      Assigns a certificate to an already created credential holding only a key pair. It is the caller's responsibility to ensure that the certificate matches the present private key.
      Specified by:
      setCertificate in interface PkiCredential
      Parameters:
      certificate - the certificate to add
    • setCertificate

      public void setCertificate(Resource certificateResource) throws CertificateException
      Assigns the certificate by assigning a resource pointing to a DER- och PEM-encoded certificate.
      Parameters:
      certificateResource - the certificate resource
      Throws:
      CertificateException - if the supplied resource cannot be decoded into a X509Certificate instance
    • getCertificateChain

      public List<X509Certificate> getCertificateChain()
      Gets a certificate chain for the credential, where the first element is the entity certificate (PkiCredential.getCertificate()). If no certificate is configured for the credential an empty list is returned.
      Specified by:
      getCertificateChain in interface PkiCredential
      Returns:
      a list of certificates, or an empty list
    • setCertificateChain

      public void setCertificateChain(List<X509Certificate> certificates)
      Assigns a certificate chain to an already created credential holding only a key pair. The entity certificate is placed first in the list. It is the caller's responsibility to ensure that the certificate matches the present private key.
      Specified by:
      setCertificateChain in interface PkiCredential
      Parameters:
      certificates - the chain
    • getPrivateKey

      public PrivateKey getPrivateKey()
      Gets the private key.
      Specified by:
      getPrivateKey in interface PkiCredential
      Returns:
      the private key
    • setPrivateKey

      public void setPrivateKey(PrivateKey privateKey)
      Assigns the private key.
      Parameters:
      privateKey - the private key
    • setPrivateKey

      public void setPrivateKey(Resource privateKeyResource) throws KeyException
      Assigns a private key resource.
      Parameters:
      privateKeyResource - a resource holding the key in DER, PEM, or unencrypted PKCS#8 format.
      Throws:
      KeyException - if the key decode fails
    • setPrivateKey

      public void setPrivateKey(Resource privateKeyResource, char[] password) throws KeyException
      Assigns a private key resource holding an encrypted private key. The following formats are supported:
      • DER or PEM encoded PKCS#8 format
      • PEM encoded OpenSSL "traditional" format
      Parameters:
      privateKeyResource - a resource holding the key in DER, PEM, or PKCS#8 format.
      password - the key password
      Throws:
      KeyException - if the key decode/decrypt fails
    • getName

      public String getName()
      Gets the name of the credential. If no name has been explicitly assigned, the default name is used.
      Specified by:
      getName in interface PkiCredential
      Returns:
      the name
    • getDefaultName

      protected abstract String getDefaultName()
      If the credential name property is not explicitly assigned using setName(String) a name is calculated based on a credential's properties.

      Implementations must not assume that the object has been correctly initialized.

      Returns:
      the credential name
    • setName

      public void setName(String name)
      Assigns the credential name.
      Parameters:
      name - the name
    • afterPropertiesSet

      public void afterPropertiesSet() throws Exception
      The default implementation verfies that the public key and the private key is available. Implementations that needs to be initialized (for example by loading the keys) should override this method.
      Specified by:
      afterPropertiesSet in interface InitializingBean
      Throws:
      Exception
    • destroy

      public void destroy() throws Exception
      Implementations that need to perform clean-up actions should override this method. The default implementation does nothing.
      Specified by:
      destroy in interface DisposableBean
      Throws:
      Exception