oracle.security.xmlsec.keys.retrieval
Class PKCS12KeyRetriever

java.lang.Object
oracle.security.xmlsec.keys.retrieval.KeyRetriever
oracle.security.xmlsec.keys.retrieval.PKCS12KeyRetriever

public class PKCS12KeyRetriever

extends KeyRetriever

Class to retrieve keys and certificates from a PKCS #12 file.

Note: StorageAuthenticators used with this class must override the StorageAuthenticator.getPassword() method.

Since:

2.0

Constructor Summary

PKCS12KeyRetriever(java.io.InputStream p12Stream)
Creates a new PKCS12KeyRetriever instance.

PKCS12KeyRetriever(oracle.security.crypto.cert.PKCS12 pkcs12)
Creates a new PKCS12KeyRetriever instance.

Method Summary

oracle.security.crypto.cert.X509	retrieveCertificate(KeyInfoData keyInfo) Finds a certificate in the PKCS#12 by matching information in the given KeyInfoData's KeyName or X509Data elements.
PrivateKey	retrievePrivateKey(KeyInfoData keyInfo) Finds a private key in the PKCS#12 by matching information in the given KeyInfoData's KeyName element.
PublicKey	retrievePublicKey(KeyInfoData keyInfo) Finds a public key in the PKCS#12 by retrieving the certificate that matches information in the given KeyInfoData's KeyName or X509Data elements.

Methods inherited from class oracle.security.xmlsec.keys.retrieval.KeyRetriever

addKeyRetriever, getAuthenticator, getCertificate, getCertificate, getPrivateKey, getPrivateKey, getPublicKey, getPublicKey, getSymmetricKey, getSymmetricKey, retrieveCertificate, retrievePrivateKey, retrievePublicKey, retrieveSymmetricKey, retrieveSymmetricKey, setAuthenticator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKCS12KeyRetriever

public PKCS12KeyRetriever(java.io.InputStream p12Stream)
                   throws java.io.IOException

Creates a new PKCS12KeyRetriever instance.

Parameters:

p12Stream - An input stream containing the PKCS #12.

PKCS12KeyRetriever

public PKCS12KeyRetriever(oracle.security.crypto.cert.PKCS12 pkcs12)
                   throws java.io.IOException

Creates a new PKCS12KeyRetriever instance.

Parameters:

pkcs12 - The PKCS #12 object.

Method Detail

retrievePublicKey

public PublicKey retrievePublicKey(KeyInfoData keyInfo)
                            throws KeyRetrievalException

Finds a public key in the PKCS#12 by retrieving the certificate that matches information in the given KeyInfoData's KeyName or X509Data elements.

For a KeyName element, any of the following values may be used:

• Subject name -- the X.500 directory name of the certificate's subject.
• Common name -- the common name (CN) component of the subject name.
• Email address -- the email address of the subject, contained in either the certificate subject name or in a Subject Alternative Name extension.
• Friendly name -- the PKCS#12 friendly name of the certificate.
• Local key ID -- the PKCS#12 local key ID for the certificate.

For a X509Data element, any of the following child element types may be used:

• X509SubjectName -- the X.500 directory name ofthe certificate's subject.
• X509IssuerSerial -- the X.500 directory name of the certificate's issuer and the serial number of the certificate.
• X509SKI -- the certificate key ID contained in a Subject Key Identifier extension.

Overrides:

retrievePublicKey in class KeyRetriever

Parameters:

keyInfo - A KeyInfoData to be used to locate the public key.

Returns:

A PublicKey, or null if none could be located.

Throws:

KeyRetrievalException

See Also:

KeyName, X509Data

retrieveCertificate

public oracle.security.crypto.cert.X509 retrieveCertificate(KeyInfoData keyInfo)
                                                     throws KeyRetrievalException

Finds a certificate in the PKCS#12 by matching information in the given KeyInfoData's KeyName or X509Data elements.

For a KeyName element, any of the following values may be used:

• Subject name -- the X.500 directory name of the certificate's subject.
• Common name -- the common name (CN) component of the subject name.
• Email address -- the email address of the subject, contained in either the certificate subject name or in a Subject Alternative Name extension.
• Friendly name -- the PKCS#12 friendly name of the certificate.
• Local key ID -- the PKCS#12 local key ID for the certificate.

For a X509Data element, any of the following child element types may be used:

• X509SubjectName -- the X.500 directory name ofthe certificate's subject.
• X509IssuerSerial -- the X.500 directory name of the certificate's issuer and the serial number of the certificate.
• X509SKI -- the certificate key ID contained in a Subject Key Identifier extension.

Overrides:

retrieveCertificate in class KeyRetriever

Parameters:

keyInfo - A KeyInfoData to be used to locate the certificate.

Returns:

A X509, or null if none could be located.

Throws:

KeyRetrievalException

See Also:

KeyName, X509Data

retrievePrivateKey

public PrivateKey retrievePrivateKey(KeyInfoData keyInfo)
                              throws KeyRetrievalException

Finds a private key in the PKCS#12 by matching information in the given KeyInfoData's KeyName element.

For a KeyName element, any of the following values may be used:

• Friendly name -- the PKCS#12 friendly name of the private key.
• Local key ID -- the PKCS#12 local key ID for the private key.

Overrides:

retrievePrivateKey in class KeyRetriever

Parameters:

keyInfo - A KeyInfoData to be used to locate the private key.

Returns:

A PrivateKey, or null if none could be located.

Throws:

KeyRetrievalException

See Also:

KeyName