org.springframework.ws.soap.security.xwss.callback

Class KeyStoreCallbackHandler

java.lang.Object

org.springframework.ws.soap.security.callback.AbstractCallbackHandler

org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler

org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler

All Implemented Interfaces:

CallbackHandler, org.springframework.beans.factory.InitializingBean

public class KeyStoreCallbackHandler
extends CryptographyCallbackHandler
implements org.springframework.beans.factory.InitializingBean

Callback handler that uses Java Security KeyStores to handle cryptographic callbacks. Allows for specific key stores to be set for various cryptographic operations.

This handler requires one or more key stores to be set. You can configure them in your application context by using a KeyStoreFactoryBean. The exact stores to be set depends on the cryptographic operations that are to be performed by this handler. The table underneath show the key store to be used for each operation:

Cryptographic operation	Key store used
Certificate validation	first keyStore, then trustStore
Decryption based on private key	keyStore
Decryption based on symmetric key	symmetricStore
Encryption based on certificate	trustStore
Encryption based on symmetric key	symmetricStore
Signing	keyStore
Signature verification	trustStore

Default key stores

If the symmetricStore is not set, it will default to the keyStore. If the key or trust store is not set, this handler will use the standard Java mechanism to load or create it. See loadDefaultKeyStore() and loadDefaultTrustStore().

Examples

For instance, if you want to use the KeyStoreCallbackHandler to validate incoming certificates or signatures, you would use a trust store, like so:

 <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
           <property name="trustStore" ref="trustStore"/>
 </bean>

 <bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
           <property name="location" value="classpath:truststore.jks"/>
           <property name="password" value="changeit"/>
 </bean>
 

If you want to use it to decrypt incoming certificates or sign outgoing messages, you would use a key store, like so:

 <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
           <property name="keyStore" ref="keyStore"/>
           <property name="privateKeyPassword" value="changeit"/>
 </bean>

 <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
           <property name="location" value="classpath:keystore.jks"/>
           <property name="password" value="changeit"/>
 </bean>
 

Handled callbacks

This class handles CertificateValidationCallbacks, DecryptionKeyCallbacks, EncryptionKeyCallbacks, SignatureKeyCallbacks, and SignatureVerificationKeyCallbacks. It throws an UnsupportedCallbackException for others.

Since:

1.0.0

Author:

Arjen Poutsma

See Also:

KeyStore, KeyStoreFactoryBean, CertificateValidationCallback, DecryptionKeyCallback, EncryptionKeyCallback, SignatureKeyCallback, SignatureVerificationKeyCallback, The standard Java trust store mechanism

Field Summary

Fields inherited from class org.springframework.ws.soap.security.callback.AbstractCallbackHandler

logger

Constructor Summary

Constructors

Constructor and Description
KeyStoreCallbackHandler()

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected PKIXBuilderParameters	createBuilderParameters(KeyStore trustStore, X509CertSelector certSelector) Creates a PKIXBuilderParameters instance with the given parameters.
protected X509Certificate	getCertificate(PublicKey pk)
protected X509Certificate	getCertificate(String alias)
protected X509Certificate	getCertificateFromTrustStore(byte[] subjectKeyIdentifier)
protected X509Certificate	getCertificateFromTrustStore(PublicKey pk)
protected X509Certificate	getCertificateFromTrustStore(String alias)
protected X509Certificate	getCertificateFromTrustStore(String issuerName, BigInteger serialNumber)
protected PrivateKey	getPrivateKey(byte[] keyIdentifier)
protected PrivateKey	getPrivateKey(PublicKey publicKey)
protected PrivateKey	getPrivateKey(String alias)
protected PrivateKey	getPrivateKey(String issuerName, BigInteger serialNumber)
protected PrivateKey	getPrivateKey(X509Certificate certificate)
protected byte[]	getSubjectKeyIdentifier(X509Certificate cert)
protected SecretKey	getSymmetricKey(String alias)
protected void	handleAliasPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.AliasPrivKeyCertRequest request) Template method that handles SignatureKeyCallbacks with AliasPrivKeyCertRequests.
protected void	handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.AliasSymmetricKeyRequest request) Template method that handles DecryptionKeyCallbacks with AliasSymmetricKeyRequests.
protected void	handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasSymmetricKeyRequest request) Template method that handles EncryptionKeyCallbacks with AliasSymmetricKeyRequests.
protected void	handleAliasX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasX509CertificateRequest request) Template method that handles EncryptionKeyCallbacks with AliasX509CertificateRequests.
protected void	handleCertificateValidationCallback(com.sun.xml.wss.impl.callback.CertificateValidationCallback callback) Template method that handles CertificateValidationCallbacks.
protected void	handleDefaultPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.DefaultPrivKeyCertRequest request) Template method that handles SignatureKeyCallbacks with DefaultPrivKeyCertRequests.
protected void	handleDefaultX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.DefaultX509CertificateRequest request) Template method that handles EncryptionKeyCallbacks with DefaultX509CertificateRequests.
protected void	handlePublicKeyBasedPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request) Template method that handles SignatureKeyCallbacks with PublicKeyBasedPrivKeyCertRequests.
protected void	handlePublicKeyBasedPrivKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request) Template method that handles DecryptionKeyCallbacks with PublicKeyBasedPrivKeyRequests.
protected void	handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback, com.sun.xml.wss.impl.callback.EncryptionKeyCallback.PublicKeyBasedRequest request) Template method that handles EncryptionKeyCallbacks with PublicKeyBasedRequests.
protected void	handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.PublicKeyBasedRequest request) Template method that handles SignatureKeyCallbacks with PublicKeyBasedRequests.
protected void	handleX509CertificateBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509CertificateBasedRequest request) Template method that handles DecryptionKeyCallbacks with X509CertificateBasedRequests.
protected void	handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509IssuerSerialBasedRequest request) Template method that handles DecryptionKeyCallbacks with X509IssuerSerialBasedRequests.
protected void	handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request) Template method that handles SignatureKeyCallbacks with X509IssuerSerialBasedRequests.
protected void	handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback, com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request) Template method that handles DecryptionKeyCallbacks with X509SubjectKeyIdentifierBasedRequests.
protected void	handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback, com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request) Template method that handles SignatureKeyCallbacks with PublicKeyBasedPrivKeyCertRequests.
protected void	loadDefaultKeyStore() Loads the key store indicated by system properties.
protected void	loadDefaultTrustStore() Loads a default trust store.
void	setDefaultAlias(String defaultAlias) Sets the key store alias for the default certificate and private key.
void	setKeyStore(KeyStore keyStore) Sets the default key store.
void	setPrivateKeyPassword(String privateKeyPassword) Sets the password used to retrieve private keys from the keystore.
void	setRevocationEnabled(boolean revocationEnabled) Determines if certificate revocation checking is enabled or not.
void	setSymmetricKeyPassword(String symmetricKeyPassword) Sets the password used to retrieve keys from the symmetric keystore.
void	setSymmetricStore(KeyStore symmetricStore) Sets the key store used for encryption and decryption using symmetric keys.
void	setTrustStore(KeyStore trustStore) Sets the key store used for signature verifications and encryptions.

Methods inherited from class org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler

handleDecryptionKeyCallback, handleEncryptionKeyCallback, handleInternal, handlePrivateKeyRequest, handlePrivKeyCertRequest, handleSignatureKeyCallback, handleSignatureVerificationKeyCallback, handleSymmetricKeyRequest, handleSymmetricKeyRequest, handleX509CertificateRequest, handleX509CertificateRequest

Methods inherited from class org.springframework.ws.soap.security.callback.AbstractCallbackHandler

handle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreCallbackHandler

public KeyStoreCallbackHandler()

Method Detail

setDefaultAlias

public void setDefaultAlias(String defaultAlias)

Sets the key store alias for the default certificate and private key.

setKeyStore

public void setKeyStore(KeyStore keyStore)

Sets the default key store. This property is required for decription based on private keys, and signing. If this property is not set, a default key store is loaded.

See Also:

KeyStoreFactoryBean, loadDefaultTrustStore()

setPrivateKeyPassword

public void setPrivateKeyPassword(String privateKeyPassword)

Sets the password used to retrieve private keys from the keystore. This property is required for decription based on private keys, and signing.

setSymmetricKeyPassword

public void setSymmetricKeyPassword(String symmetricKeyPassword)

Sets the password used to retrieve keys from the symmetric keystore. If this property is not set, it default to the private key password.

See Also:

setPrivateKeyPassword(String)

setSymmetricStore

public void setSymmetricStore(KeyStore symmetricStore)

Sets the key store used for encryption and decryption using symmetric keys. If this property is not set, it defaults to the keyStore property.

See Also:

KeyStoreFactoryBean, setKeyStore(java.security.KeyStore)

setTrustStore

public void setTrustStore(KeyStore trustStore)

Sets the key store used for signature verifications and encryptions. If this property is not set, a default key store will be loaded.

See Also:

KeyStoreFactoryBean, loadDefaultTrustStore()

setRevocationEnabled

public void setRevocationEnabled(boolean revocationEnabled)

Determines if certificate revocation checking is enabled or not. Default is false.

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

handleAliasPrivKeyCertRequest

protected final void handleAliasPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
                                                   com.sun.xml.wss.impl.callback.SignatureKeyCallback.AliasPrivKeyCertRequest request)
                                            throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with AliasPrivKeyCertRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleAliasPrivKeyCertRequest in class CryptographyCallbackHandler

Throws:

IOException

handleAliasSymmetricKeyRequest

protected final void handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
                                                    com.sun.xml.wss.impl.callback.DecryptionKeyCallback.AliasSymmetricKeyRequest request)
                                             throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles DecryptionKeyCallbacks with AliasSymmetricKeyRequests. Called from handleSymmetricKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleAliasSymmetricKeyRequest in class CryptographyCallbackHandler

Throws:

IOException

handleAliasSymmetricKeyRequest

protected final void handleAliasSymmetricKeyRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
                                                    com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasSymmetricKeyRequest request)
                                             throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles EncryptionKeyCallbacks with AliasSymmetricKeyRequests. Called from handleSymmetricKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleAliasSymmetricKeyRequest in class CryptographyCallbackHandler

Throws:

IOException

handleAliasX509CertificateRequest

protected final void handleAliasX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
                                                       com.sun.xml.wss.impl.callback.EncryptionKeyCallback.AliasX509CertificateRequest request)
                                                throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles EncryptionKeyCallbacks with AliasX509CertificateRequests. Called from handleX509CertificateRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleAliasX509CertificateRequest in class CryptographyCallbackHandler

Throws:

IOException

handleCertificateValidationCallback

protected final void handleCertificateValidationCallback(com.sun.xml.wss.impl.callback.CertificateValidationCallback callback)

Description copied from class: CryptographyCallbackHandler

Template method that handles CertificateValidationCallbacks. Called from handleInternal(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleCertificateValidationCallback in class CryptographyCallbackHandler

handleDefaultPrivKeyCertRequest

protected final void handleDefaultPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
                                                     com.sun.xml.wss.impl.callback.SignatureKeyCallback.DefaultPrivKeyCertRequest request)
                                              throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with DefaultPrivKeyCertRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleDefaultPrivKeyCertRequest in class CryptographyCallbackHandler

Throws:

IOException

handleDefaultX509CertificateRequest

protected final void handleDefaultX509CertificateRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
                                                         com.sun.xml.wss.impl.callback.EncryptionKeyCallback.DefaultX509CertificateRequest request)
                                                  throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles EncryptionKeyCallbacks with DefaultX509CertificateRequests. Called from handleX509CertificateRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleDefaultX509CertificateRequest in class CryptographyCallbackHandler

Throws:

IOException

handlePublicKeyBasedPrivKeyCertRequest

protected final void handlePublicKeyBasedPrivKeyCertRequest(com.sun.xml.wss.impl.callback.SignatureKeyCallback callback,
                                                            com.sun.xml.wss.impl.callback.SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest request)
                                                     throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with PublicKeyBasedPrivKeyCertRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handlePublicKeyBasedPrivKeyCertRequest in class CryptographyCallbackHandler

Throws:

IOException

handlePublicKeyBasedPrivKeyRequest

protected final void handlePublicKeyBasedPrivKeyRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
                                                        com.sun.xml.wss.impl.callback.DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest request)
                                                 throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles DecryptionKeyCallbacks with PublicKeyBasedPrivKeyRequests. Called from handlePrivateKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handlePublicKeyBasedPrivKeyRequest in class CryptographyCallbackHandler

Throws:

IOException

handlePublicKeyBasedRequest

protected final void handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.EncryptionKeyCallback callback,
                                                 com.sun.xml.wss.impl.callback.EncryptionKeyCallback.PublicKeyBasedRequest request)
                                          throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles EncryptionKeyCallbacks with PublicKeyBasedRequests. Called from handleX509CertificateRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handlePublicKeyBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handlePublicKeyBasedRequest

protected final void handlePublicKeyBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
                                                 com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.PublicKeyBasedRequest request)
                                          throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with PublicKeyBasedRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handlePublicKeyBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handleX509CertificateBasedRequest

protected final void handleX509CertificateBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
                                                       com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509CertificateBasedRequest request)
                                                throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles DecryptionKeyCallbacks with X509CertificateBasedRequests. Called from handlePrivateKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleX509CertificateBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handleX509IssuerSerialBasedRequest

protected final void handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
                                                        com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509IssuerSerialBasedRequest request)
                                                 throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles DecryptionKeyCallbacks with X509IssuerSerialBasedRequests. Called from handlePrivateKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleX509IssuerSerialBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handleX509IssuerSerialBasedRequest

protected final void handleX509IssuerSerialBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
                                                        com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request)
                                                 throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with X509IssuerSerialBasedRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleX509IssuerSerialBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handleX509SubjectKeyIdentifierBasedRequest

protected final void handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.DecryptionKeyCallback callback,
                                                                com.sun.xml.wss.impl.callback.DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request)
                                                         throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles DecryptionKeyCallbacks with X509SubjectKeyIdentifierBasedRequests. Called from handlePrivateKeyRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleX509SubjectKeyIdentifierBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

handleX509SubjectKeyIdentifierBasedRequest

protected final void handleX509SubjectKeyIdentifierBasedRequest(com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback callback,
                                                                com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request)
                                                         throws IOException

Description copied from class: CryptographyCallbackHandler

Template method that handles SignatureKeyCallbacks with PublicKeyBasedPrivKeyCertRequests. Called from handlePrivKeyCertRequest(). Default implementation throws an UnsupportedCallbackException.

Overrides:

handleX509SubjectKeyIdentifierBasedRequest in class CryptographyCallbackHandler

Throws:

IOException

getCertificate

protected X509Certificate getCertificate(String alias)
                                  throws IOException

Throws:

IOException

getCertificate

protected X509Certificate getCertificate(PublicKey pk)
                                  throws IOException

Throws:

IOException

getCertificateFromTrustStore

protected X509Certificate getCertificateFromTrustStore(String alias)
                                                throws IOException

Throws:

IOException

getCertificateFromTrustStore

protected X509Certificate getCertificateFromTrustStore(byte[] subjectKeyIdentifier)
                                                throws IOException

Throws:

IOException

getCertificateFromTrustStore

protected X509Certificate getCertificateFromTrustStore(PublicKey pk)
                                                throws IOException

Throws:

IOException

getCertificateFromTrustStore

protected X509Certificate getCertificateFromTrustStore(String issuerName,
                                                       BigInteger serialNumber)
                                                throws IOException

Throws:

IOException

getPrivateKey

protected PrivateKey getPrivateKey(String alias)
                            throws IOException

Throws:

IOException

getPrivateKey

protected PrivateKey getPrivateKey(PublicKey publicKey)
                            throws IOException

Throws:

IOException

getPrivateKey

protected PrivateKey getPrivateKey(X509Certificate certificate)
                            throws IOException

Throws:

IOException

getPrivateKey

protected PrivateKey getPrivateKey(byte[] keyIdentifier)
                            throws IOException

Throws:

IOException

getPrivateKey

protected PrivateKey getPrivateKey(String issuerName,
                                   BigInteger serialNumber)
                            throws IOException

Throws:

IOException

getSubjectKeyIdentifier

protected final byte[] getSubjectKeyIdentifier(X509Certificate cert)

getSymmetricKey

protected SecretKey getSymmetricKey(String alias)
                             throws IOException

Throws:

IOException

loadDefaultKeyStore

protected void loadDefaultKeyStore()

Loads the key store indicated by system properties. Delegates to KeyStoreUtils.loadDefaultKeyStore().

loadDefaultTrustStore

protected void loadDefaultTrustStore()

Loads a default trust store. Delegates to KeyStoreUtils.loadDefaultTrustStore().

createBuilderParameters

protected PKIXBuilderParameters createBuilderParameters(KeyStore trustStore,
                                                        X509CertSelector certSelector)
                                                 throws GeneralSecurityException

Creates a PKIXBuilderParameters instance with the given parameters. Default implementation simply instantiates one, without setting additional parameters.

Parameters:

trustStore - the trust store to use

certSelector - the certificate selector to use

Returns:

the builder parameters

Throws:

GeneralSecurityException - in case of errors

See Also:

setRevocationEnabled(boolean)