lv.pasts.eme.security

Interface KeyAccessor

All Known Implementing Classes:

CardAccessor, KeyStoreManager

public interface KeyAccessor

KeyAccessor interface is the top level interface for cryptographic key accessors. It defines the functionality to access cryptographic keys and certificates.

Since:

1.3.3

Method Summary

Modifier and Type	Method and Description
boolean	containsAlias(String alias) Returns true if keystore contains the given alias.
X509Certificate	getCertificate(String alias) Returns the X509Certificate associated with the given alias.
CertificateEntry[]	getClientAuthenticationCertificateEntries() Returns the CertificateEntry array containing available client authentication certificates.
CertificateEntry[]	getDocumentSigningCertificateEntries() Returns the CertificateEntry array containing available signing certificates.
KeyStore.Builder	getKeyStoreBuilder(String alias) Returns KeyStore.Builder instance for KeyStore containing the given alias.
PrivateKey	getPrivateKey(String alias) Returns the PrivateKey associated with the given alias.
String	selectClientAuthenticationCertificate() Requests user to select the client authentication certificate and returns the alias name of the selected item, or null if action is cancelled.
String	selectDocumentSigningCertificate() Requests user to select the signing certificate and returns the alias name of the selected item, or null if action is cancelled.
byte[]	signData(byte[] data, String alias) Returns the signature bytes of all the given data.

Method Detail

getDocumentSigningCertificateEntries

CertificateEntry[] getDocumentSigningCertificateEntries()
                                                 throws KeyStoreException

Returns the CertificateEntry array containing available signing certificates.

Document signing certificates are resolved by the Extended Key Usage extension, containing the "Document signing" object identifier (OID 1.3.6.1.4.1.311.10.3.12).

Returns:

the CertificateEntry array containing signing certificates.

Throws:

KeyStoreException - if certificate data cannot be retrieved.

getClientAuthenticationCertificateEntries

CertificateEntry[] getClientAuthenticationCertificateEntries()
                                                      throws KeyStoreException

Returns the CertificateEntry array containing available client authentication certificates.

Client authentication certificates are resolved by the Extended Key Usage extension, containing the "Client Authentication" object identifier (OID 1.3.6.1.5.5.7.3.2).

Returns:

the CertificateEntry array containing client authentication certificates.

Throws:

KeyStoreException - if certificate data cannot be retrieved.

selectDocumentSigningCertificate

String selectDocumentSigningCertificate()
                                 throws KeyStoreException

Requests user to select the signing certificate and returns the alias name of the selected item, or null if action is cancelled.

Returns:

the alias name.

Throws:

KeyStoreException - if keystore cannot be accessed.

selectClientAuthenticationCertificate

String selectClientAuthenticationCertificate()
                                      throws KeyStoreException

Requests user to select the client authentication certificate and returns the alias name of the selected item, or null if action is cancelled.

Returns:

the alias name.

Throws:

KeyStoreException - if keystore cannot be accessed.

containsAlias

boolean containsAlias(String alias)
               throws KeyStoreException

Returns true if keystore contains the given alias.

Parameters:

alias - the alias name.

Returns:

true if keystore contains the alias name.

Throws:

KeyStoreException - if keystore cannot be accessed.

getCertificate

X509Certificate getCertificate(String alias)
                        throws KeyStoreException

Returns the X509Certificate associated with the given alias.

An alias of the certificate can be obtained from the CertificateEntry object returned by either getDocumentSigningCertificateEntries() or getClientAuthenticationCertificateEntries() method.

Parameters:

alias - the alias name.

Returns:

the requested certificate, or null if the given alias does not exist.

Throws:

KeyStoreException - if certificate data cannot be accessed.

getPrivateKey

PrivateKey getPrivateKey(String alias)
                  throws KeyStoreException

Returns the PrivateKey associated with the given alias.

An alias of the key can be obtained from the CertificateEntry object returned by either getDocumentSigningCertificateEntries() or getClientAuthenticationCertificateEntries() method.

Parameters:

alias - the alias name.

Returns:

the requested key, or null if the given alias does not exist.

Throws:

KeyStoreException - if key data cannot be accessed.

signData

byte[] signData(byte[] data,
                String alias)
         throws KeyStoreException,
                SignatureException

Returns the signature bytes of all the given data. Signature is calculated using the 'SHA1withRSA' algorithm.

Parameters:

data - the byte array to use for the signature calculation.

alias - the alias name representing a private key of the identity whose signature is going to be generated.

An alias of the key can be obtained from the CertificateEntry object returned by either getDocumentSigningCertificateEntries() or getClientAuthenticationCertificateEntries() method.

Returns:

the signature bytes of all the given data.

Throws:

KeyStoreException - if key data cannot be accessed.

SignatureException - if the given data cannot be signed.

getKeyStoreBuilder

KeyStore.Builder getKeyStoreBuilder(String alias)
                             throws KeyStoreException

Returns KeyStore.Builder instance for KeyStore containing the given alias.

Parameters:

alias - the alias name.

Returns:

KeyStore.Builder instance.

Throws:

KeyStoreException - if KeyStore cannot be accessed.