Package net.shibboleth.tool.xmlsectool
Class CredentialHelper
- java.lang.Object
-
- net.shibboleth.tool.xmlsectool.CredentialHelper
-
public final class CredentialHelper extends Object
Helper class for reading in cryptographic credentials.
-
-
Field Summary
Fields Modifier and Type Field Description private static org.slf4j.LoggerLOGClass logger.
-
Constructor Summary
Constructors Modifier Constructor Description privateCredentialHelper()Constructor.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description private static voiddumpSecurityProviders(String message)Dump the list of available security providers for diagnostic purposes.protected static BasicX509CredentialgetCredentialFromKeystore(KeyStore keystore, String keyAlias, String keyPassword)Gets a credential from the given store.protected static BasicX509CredentialgetFileBasedCredentials(String keyFile, String keyPassword, String certificateFile)Reads in the X509 credentials from the filesystem.protected static BasicX509CredentialgetKeystoreCredential(String keystorePath, String keystorePassword, String keystoreProvider, String keystoreType, String keyAlias, String keyPassword)Reads in the X509 credentials from a keystore.protected static BasicX509CredentialgetPKCS11Credential(String pkcs11Config, String keyAlias, String keyPassword)Reads in an X.509 credential from a PKCS11 source.
-
-
-
Method Detail
-
getFileBasedCredentials
protected static BasicX509Credential getFileBasedCredentials(String keyFile, String keyPassword, String certificateFile) throws KeyException, CertificateException
Reads in the X509 credentials from the filesystem.- Parameters:
keyFile- path to the private key filekeyPassword- password for the private key, may be nullcertificateFile- path to the certificate file associated with the private key- Returns:
- the credentials
- Throws:
CertificateException- if there is a problem decoding the certificateKeyException- if there is a problem decoding the private key
-
getKeystoreCredential
protected static BasicX509Credential getKeystoreCredential(String keystorePath, String keystorePassword, String keystoreProvider, String keystoreType, String keyAlias, String keyPassword) throws IOException, GeneralSecurityException
Reads in the X509 credentials from a keystore.- Parameters:
keystorePath- path the keystore filekeystorePassword- keystore passwordkeystoreProvider- keystore providr identifierkeystoreType- keystore typekeyAlias- private key aliaskeyPassword- private key password, may not be null- Returns:
- the credentials
- Throws:
IOException- if there was a problem reading the keystoreGeneralSecurityException- if there was a problem
-
dumpSecurityProviders
private static void dumpSecurityProviders(@Nonnull String message)Dump the list of available security providers for diagnostic purposes.- Parameters:
message- heading message to use before the list of providers
-
getPKCS11Credential
protected static BasicX509Credential getPKCS11Credential(String pkcs11Config, String keyAlias, String keyPassword) throws IOException, GeneralSecurityException
Reads in an X.509 credential from a PKCS11 source.- Parameters:
pkcs11Config- configuration file used by the PKCS#11 providerkeyAlias- private key keystore aliaskeyPassword- private key password, may not be null- Returns:
- the credential
- Throws:
IOException- if it is not possible to read the keystoreGeneralSecurityException- if there is a problem loading the keystore, or loading the credential from it
-
getCredentialFromKeystore
protected static BasicX509Credential getCredentialFromKeystore(KeyStore keystore, String keyAlias, String keyPassword) throws GeneralSecurityException
Gets a credential from the given store.- Parameters:
keystore- keystore from which to extract the credentialskeyAlias- keystore key aliaskeyPassword- private key password- Returns:
- the extracted credential
- Throws:
GeneralSecurityException- if there is a problem getting the credential from the keystore, or if the credential is not of a known type
-
-