nbi.xmlsec
Class PEPClientKeySelector

java.lang.Object
  extended byjavax.xml.crypto.KeySelector
      extended bynbi.xmlsec.PEPClientKeySelector

public class PEPClientKeySelector
extends KeySelector

Implements the KeySelector interface for the DOMValidateContext in the method PEPClient.validateSignature(InputStream). Currently, this implementation supports only validation of X509Certificates as KeyInfo Content objects.

Since:
Version:
$Revision: 1.6 $
Author:
Lutz Suhrbier

Nested Class Summary
 
Nested classes inherited from class javax.xml.crypto.KeySelector
KeySelector.Purpose
 
Field Summary
(package private) static Logger logger
           
 
Constructor Summary
PEPClientKeySelector()
          Default constructor.
 
Method Summary
 KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context)
          Selects and validates the first X509Certificates from the list of KeyInfo Content objects.
private  void validateCertificate(X509Certificate cert)
          Validates an X509Certificate.
 
Methods inherited from class javax.xml.crypto.KeySelector
singletonKeySelector
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

static Logger logger
Constructor Detail

PEPClientKeySelector

public PEPClientKeySelector()
Default constructor.

Method Detail

select

public KeySelectorResult select(KeyInfo keyInfo,
                                KeySelector.Purpose purpose,
                                AlgorithmMethod method,
                                XMLCryptoContext context)
                         throws KeySelectorException
Selects and validates the first X509Certificates from the list of KeyInfo Content objects.

Returns:
The public key from the certificate.
Throws:
KeySelectorException - Signals any error during certificate validation.
See Also:
KeySelector.select(javax.xml.crypto.dsig.keyinfo.KeyInfo, javax.xml.crypto.KeySelector.Purpose, javax.xml.crypto.AlgorithmMethod, javax.xml.crypto.XMLCryptoContext)

validateCertificate

private void validateCertificate(X509Certificate cert)
                          throws NoSuchAlgorithmException,
                                 CertificateException,
                                 IOException,
                                 KeyStoreException,
                                 CertPathValidatorException,
                                 InvalidAlgorithmParameterException,
                                 CertPathBuilderException
Validates an X509Certificate. The validation comprises a validity check and the certification path. The validation takes places according to the default PKIX validation process. It uses the default (SSL)trust store defined in the system properties "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword".

Parameters:
cert - The X509Certificate to validate.
Throws:
NoSuchAlgorithmException
CertificateException
IOException
KeyStoreException
CertPathValidatorException
InvalidAlgorithmParameterException
CertPathBuilderException


Copyright © 2006 Lutz Suhrbier, Freie Universität Berlin. All Rights Reserved.