Package se.swedenconnect.security.credential.container

Class ManagedPkiCredential

java.lang.Object
se.swedenconnect.security.credential.AbstractPkiCredential
se.swedenconnect.security.credential.AbstractReloadablePkiCredential
se.swedenconnect.security.credential.container.ManagedPkiCredential
All Implemented Interfaces:
PkiCredential, ReloadablePkiCredential
public class ManagedPkiCredential extends AbstractReloadablePkiCredential
A managed PkiCredential is used when a PkiCredentialContainer returns credentials. The recipient of a managed credential may invoke destroy() to remove the credential from the container, and also update the certifcate of the managed credential.
Author:
Martin Lindström

  • Constructor Details

    • ManagedPkiCredential

      public ManagedPkiCredential(@Nonnull PkiCredential managedCredential, @Nonnull Consumer<PkiCredential> destroyCallback, @Nullable Consumer<X509Certificate[]> updateCertificateCallback)
      Constructor setting the credential to be managed and callbacks to be used by the underlying container.
      Parameters:
      managedCredential - the credential being managed
      destroyCallback - a callback that is invoked if the destroy() method is called
      updateCertificateCallback - optional callback that is invoked if setCertificate(X509Certificate) or setCertificateChain(List) is called. This gives the owner of the managed credential the possibility to update the underlying credential

  • Method Details

    • setCertificate

      public void setCertificate(@Nonnull X509Certificate certificate)
      Assigns a new certificate for the credential. This certificate must still form a valid key pair given the private key.
      Parameters:
      certificate - the new certificate

    • setCertificateChain

      public void setCertificateChain(@Nonnull List<X509Certificate> certificates)
      Assigns a new certificate chain for the credential. This first certificate (entity certificate) must still form a valid key pair given the private key.
      Parameters:
      certificates - the new certificate chain (entity certificate must be placed first)

    • getCertificateChain

      @Nonnull public List<X509Certificate> getCertificateChain()
      If a certificate or certificate chain has been added after the creation of the managed credential, this chain will be returned, otherwise the credential's original chain.
      Returns:
      a list of certificates, or an empty list

    • getPublicKey

      @Nonnull public PublicKey getPublicKey()
      Gets the public key.
      Specified by:
      getPublicKey in interface PkiCredential
      Overrides:
      getPublicKey in class AbstractPkiCredential
      Returns:
      the public key

    • getPrivateKey

      @Nonnull public PrivateKey getPrivateKey()
      Returns the PrivateKey of the managed credential.
      Returns:
      the private key

    • isHardwareCredential

      public boolean isHardwareCredential()
      Predicate that tells whether this credential resides in a hardware module.
      Returns:
      true if the credential resides in a hardware module and false otherwise

    • getName

      @Nonnull public String getName()
      Gets the name of the credential. If no name has been explicitly assigned, the default name is used.
      Specified by:
      getName in interface PkiCredential
      Overrides:
      getName in class AbstractPkiCredential
      Returns:
      the name

    • setName

      public void setName(@Nonnull String name)
      Will
      Overrides:
      setName in class AbstractPkiCredential
      Parameters:
      name - the name

    • getDefaultName

      @Nonnull protected String getDefaultName()
      Description copied from class: AbstractPkiCredential
      If the credential name property is not explicitly assigned using AbstractPkiCredential.setName(String) a name is calculated based on a credential's properties.
      Specified by:
      getDefaultName in class AbstractPkiCredential
      Returns:
      the credential name

    • destroy

      public void destroy()
      If not already destroyed, the method will invoke the PkiCredential.destroy() method on the managed credential, and then invoke the destroy callback to inform the owning container about that the credential should be removed.

    • reload

      public void reload() throws Exception
      If the managed credential implements ReloadablePkiCredential, the ReloadablePkiCredential.reload() method will be called on the managed credential.
      Throws:
      Exception - for reloading errors