public class ClientBSTCredentialProvider extends BST11CredentialProvider implements Serializable
Constructor and Description |
---|
ClientBSTCredentialProvider(CertPath certPath,
PrivateKey pk)
Creates client BST credential provider for the indicated certificate file and
private key.
|
ClientBSTCredentialProvider(String clientCertPath,
String clientPrivateKeyPath)
Creates client BST credential provider for the indicated certificate file and
PKCS8 private key file.
|
ClientBSTCredentialProvider(String clientCertPath,
String clientPrivateKeyPath,
String serverCertPath)
Creates client BST credential provider for the indicated certificate file,
PKCS8 private key file and server certificate.
|
ClientBSTCredentialProvider(String keyStoreFileName,
String keyStorePasswd,
String certAlias,
String keyPasswd)
Creates client BST credential provider for the indicated keystore and
certificate alias.
|
ClientBSTCredentialProvider(String keyStoreFileName,
String keyStorePasswd,
String certAlias,
String keyPasswd,
String keyStoreType)
Creates client BST credential provider for the indicated keystore and
certificate alias.
|
ClientBSTCredentialProvider(String keyStoreFileName,
String keyStorePasswd,
String certAlias,
String keyPasswd,
String keyStoreType,
X509Certificate serverCert)
Creates client BST credential provider for the indicated keystore,
certificate alias and server certificate.
|
ClientBSTCredentialProvider(X509Certificate serverCert,
CertPath certPath,
PrivateKey pk)
Creates client BST credential provider for the indicated certificate file and
private key.
|
ClientBSTCredentialProvider(X509Certificate clientCert,
PrivateKey clientPrivateKey,
X509Certificate serverCert)
Creates client BST credential provider for the indicated certificate file,
PKCS8 private key file and server certificate.
|
Modifier and Type | Method and Description |
---|---|
ClientBSTCredentialProvider |
cloneAndReplaceServerCert(X509Certificate serverCert) |
Object |
getCredential(String tokenType,
String issuerName,
ContextHandler ctxHandler,
Purpose p) |
void |
setServerCertificate(X509Certificate serverCert)
set Server's public X509 certificate
|
String |
toString() |
getValueTypes, isForDecryption, isForEncryption, isForIdentity, isForResponseEncryption, isForSigning, isForVerification
public ClientBSTCredentialProvider(String keyStoreFileName, String keyStorePasswd, String certAlias, String keyPasswd) throws Exception
keyStoreFileName
- Keystore file namekeyStorePasswd
- Keystore passwordcertAlias
- Certificate aliaskeyPasswd
- Certificate entry passwordException
- thrown if keystore or certificate entry is missing or corrupt
or if passwords are incorrectpublic ClientBSTCredentialProvider(String keyStoreFileName, String keyStorePasswd, String certAlias, String keyPasswd, String keyStoreType) throws Exception
keyStoreFileName
- Keystore file namekeyStorePasswd
- Keystore passwordcertAlias
- Certificate aliaskeyPasswd
- Certificate entry passwordkeyStoreType
- Keystore type, e.g. "JKS"Exception
- thrown if keystore or certificate entry is missing or corrupt
or if passwords are incorrectpublic ClientBSTCredentialProvider(String keyStoreFileName, String keyStorePasswd, String certAlias, String keyPasswd, String keyStoreType, X509Certificate serverCert) throws Exception
serverCert
will be used to encrypt the message body contents.
If security policy requires message-level integrity (signature) for the server's
response, the certificate passed for the parameter serverCert
will be used to verify the received signature. Any KeyInfo received as part of the
in-bound signature (e.g. certificate thumbprint) must correctly identify the same
server certificate.keyStoreFileName
- Keystore file namekeyStorePasswd
- Keystore passwordcertAlias
- Certificate aliaskeyPasswd
- Certificate entry passwordkeyStoreType
- Keystore type, e.g. "JKS"serverCert
- Server's public X509 certificateException
- thrown if keystore or certificate entry is missing or corrupt
or if passwords are incorrectpublic ClientBSTCredentialProvider(String clientCertPath, String clientPrivateKeyPath) throws Exception
clientCertPath
- File name contiaining client's X509 public certificateclientPrivateKeyPath
- PKCS8 file name continaing client's private keyException
- thrown if certificate or key file are missing or corruptpublic ClientBSTCredentialProvider(String clientCertPath, String clientPrivateKeyPath, String serverCertPath) throws Exception
serverCertPath
will be used to encrypt the message
body contents. If security policy requires message-level integrity (signature)
for the server's response, the certificate read from the file
serverCertPath
will be used to verify the received signature.
Any KeyInfo received as part of the in-bound signature (e.g. certificate thumbprint)
must correctly identify the same server certificate.clientCertPath
- File name contiaining client's X509 public certificateclientPrivateKeyPath
- PKCS8 file name continaing client's private keyserverCertPath
- File name containging server's X509 public certificateException
- thrown if the client certificate, key, or server certificate files
are missing or corruptpublic ClientBSTCredentialProvider(X509Certificate clientCert, PrivateKey clientPrivateKey, X509Certificate serverCert)
serverCert
will be used to encrypt the message body
contents. If security policy requires message-level integrity (signature) for
the server's response, the certificate passed for the parameter
serverCert
will be used to verify the received signature.
Any KeyInfo received as part of the in-bound signature (e.g. certificate
thumbprint) must correctly identify the same server certificate.clientCert
- client's X509 public certificateclientPrivateKey
- client's private keyserverCert
- Server's public X509 certificatepublic ClientBSTCredentialProvider(CertPath certPath, PrivateKey pk)
certPath
- Certpath object for client's X509 public certificatepk
- Client's private keypublic ClientBSTCredentialProvider(X509Certificate serverCert, CertPath certPath, PrivateKey pk)
serverCert
- Server's public X509 certificatecertPath
- Certpath object for client's X509 public certificatepk
- Client's private keypublic void setServerCertificate(X509Certificate serverCert)
serverCert
- Server's public X509 certificatepublic Object getCredential(String tokenType, String issuerName, ContextHandler ctxHandler, Purpose p)
getCredential
in interface CredentialProvider
public ClientBSTCredentialProvider cloneAndReplaceServerCert(X509Certificate serverCert)