Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.xwiki.crypto.x509.internal
Class DefaultX509CryptoService

java.lang.Object
  extended by org.xwiki.crypto.x509.internal.DefaultX509CryptoService
All Implemented Interfaces:
X509CryptoService
@Component
@InstantiationStrategy(value=SINGLETON)
public class DefaultX509CryptoService
extends java.lang.Object
implements X509CryptoService

Service allowing a user to sign text, determine the validity and signer of already signed text, and create keys.

Since:
2.5M1
Version:
$Id$

Constructor Summary
DefaultX509CryptoService()
           
 
Method Summary
 XWikiX509Certificate certFromPEM(java.lang.String pemFormatCert)
          Deserialize an X509 certificate from a PEM formatted string.
 XWikiX509Certificate[] certsFromSpkac(java.lang.String spkacSerialization, int daysOfValidity)
          Creates an array of Base64 encoded DER formatted X509Certificates containing: 1.
 XWikiX509KeyPair keyPairFromBase64(java.lang.String keyPairAsBase64)
          Deserialize an XWikiX509KeyPair from a base64 encoded String.
 XWikiX509KeyPair newCertAndPrivateKey(int daysOfValidity, java.lang.String password)
          Creates an XWikiX509Certificate and matching private key.
 java.lang.String signText(java.lang.String textToSign, XWikiX509KeyPair toSignWith, java.lang.String password)
          Produce a pkcs#7 signature for the given text.
 XWikiX509Certificate verifyText(java.lang.String signedText, java.lang.String base64Signature)
          Verify a pkcs#7 signature and return the certificate of the user who signed it.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultX509CryptoService

public DefaultX509CryptoService()
Method Detail

certsFromSpkac

public XWikiX509Certificate[] certsFromSpkac(java.lang.String spkacSerialization,
                                             int daysOfValidity)
                                      throws java.security.GeneralSecurityException
Creates an array of Base64 encoded DER formatted X509Certificates containing: 1. A certificate from the given SPKAC 2. A certificate authority certificate which will validate the first certificate in the array. Safari, Firefox, Opera, return through the element an SPKAC request (see the specification in html5)

Specified by:
certsFromSpkac in interface X509CryptoService
Parameters:
spkacSerialization - a SPKAC Certificate Signing Request
daysOfValidity - number of days before the certificate should become invalid.
Returns:
an array of 2 X509Certificates in Base64 encoded DER format.
Throws:
java.security.GeneralSecurityException - if something goes wrong while creating the certificate.
See Also:
X509CryptoService.certsFromSpkac(java.lang.String, int)

newCertAndPrivateKey

public XWikiX509KeyPair newCertAndPrivateKey(int daysOfValidity,
                                             java.lang.String password)
                                      throws java.security.GeneralSecurityException
Creates an XWikiX509Certificate and matching private key. This certificate will be self signed since it is expected to be used only on the server. This certificate will also have it's non-repudiation bit cleared because it is expected to reside on the server where it is more vulnerable than a client side certificate.

Specified by:
newCertAndPrivateKey in interface X509CryptoService
Parameters:
daysOfValidity - number of days before the certificate should become invalid.
password - the password to set on the resulting XWikiX509KeyPair.
Returns:
object containing certificate and private key.
Throws:
java.security.GeneralSecurityException - if something goes wrong while creating the certificate.
See Also:
org.xwiki.crypto.x509.X509CryptoService#newCertAndPrivateKey(int)

signText

public java.lang.String signText(java.lang.String textToSign,
                                 XWikiX509KeyPair toSignWith,
                                 java.lang.String password)
                          throws java.security.GeneralSecurityException
Produce a pkcs#7 signature for the given text. Text will be signed with the key belonging to the author of the code which calls this.

Specified by:
signText in interface X509CryptoService
Parameters:
textToSign - the text which the user wishes to sign.
toSignWith - the certificate and matching private key to sign the text with.
password - to access the private key in the key pair.
Returns:
a signature which can be used to validate the signed text.
Throws:
java.security.GeneralSecurityException - if anything goes wrong during signing.
See Also:
org.xwiki.crypto.x509.X509CryptoService#signText(java.lang.String, org.xwiki.crypto.data.XWikiX509KeyPair)

verifyText

public XWikiX509Certificate verifyText(java.lang.String signedText,
                                       java.lang.String base64Signature)
                                throws java.security.GeneralSecurityException
Verify a pkcs#7 signature and return the certificate of the user who signed it.

Specified by:
verifyText in interface X509CryptoService
Parameters:
signedText - the text which has been signed.
base64Signature - the signature on the text in Base64 encoded DER format.
Returns:
the certificate used to sign the text or null if it's invalid.
Throws:
java.security.GeneralSecurityException - if anything goes wrong.
See Also:
X509CryptoService.verifyText(java.lang.String, java.lang.String)

certFromPEM

public XWikiX509Certificate certFromPEM(java.lang.String pemFormatCert)
                                 throws java.security.GeneralSecurityException
Deserialize an X509 certificate from a PEM formatted string.

Specified by:
certFromPEM in interface X509CryptoService
Parameters:
pemFormatCert - a String created by XWikiX509Certificate.toPEMString() or from OpenSSL or any other standards compliant X509 certificate generator in PEM format.
Returns:
an XWikiX509Certificate which extends X509Certificate and can be used by methods in this class as well as with third party encryption tools.
Throws:
java.security.GeneralSecurityException - If there isn't a valid XWikiX509Certificate.CERT_BEGIN or XWikiX509Certificate.CERT_END tag, or if there is an exception parsing the content inbetween.
See Also:
X509CryptoService.certFromPEM(java.lang.String)

keyPairFromBase64

public XWikiX509KeyPair keyPairFromBase64(java.lang.String keyPairAsBase64)
                                   throws java.security.GeneralSecurityException
Deserialize an XWikiX509KeyPair from a base64 encoded String.

Specified by:
keyPairFromBase64 in interface X509CryptoService
Parameters:
keyPairAsBase64 - a String created by calling XWikiX509KeyPair.serializeAsBase64()
Returns:
a new XWikiX509KeyPair
Throws:
java.security.GeneralSecurityException - if the data has become corrupted or if something fails during the deserialization process.
See Also:
X509CryptoService.keyPairFromBase64(java.lang.String)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2011 XWiki. All Rights Reserved.