Package org.zkoss.zkex.license

Class LicenseNotary

java.lang.Object

org.zkoss.zkex.license.LicenseNotary

public class LicenseNotary
extends java.lang.Object

This notary knows how to sign and verify a GenericCertificate.

This class is not thread safe.

Version:

$Id$

Author:

Christian Schlichtherle

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	LicenseNotary()	Creates a new License Notary.
	LicenseNotary(KeyStoreParam param)	Creates a new License Notary.

Method Summary

Modifier and Type	Method	Description
protected java.security.KeyStore	getKeyStore()	Returns a loaded/initialized keyStore.
KeyStoreParam	getKeyStoreParam()	Returns the keyStore configuration parameters.
protected java.security.PrivateKey	getPrivateKey()	Returns the private key from the keyStore.
protected java.security.PublicKey	getPublicKey()	Returns the public key from the keyStore
protected java.security.Signature	getSignatureEngine()	Returns a valid signature engine to be used for signing and verifying a GenericCertificate - null is never returned.
void	setKeyStoreParam(KeyStoreParam param)	Sets the keyStore configuration parameters.
GenericCertificate	sign(java.lang.Object content)	Encodes and signs the given content and returns a locked generic certificate holding the encoded content and its digital signature.
void	verify(GenericCertificate certificate)	Verifies the digital signature of the encoded content in the given certificate and locks it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LicenseNotary

protected LicenseNotary()

Creates a new License Notary.

Warning: The notary created by this constructor is not valid and cannot be used unless setKeyStoreParam(KeyStoreParam) is called!

LicenseNotary

public LicenseNotary(KeyStoreParam param)

Creates a new License Notary.

Parameters:

param - the keyStore configuration parameters - may not be null.

Throws:

java.lang.NullPointerException - if the given parameter object does not obey the contract of its interface due to a null pointer.

IllegalPasswordException - if any password in the parameter object does not comply to the current policy.

Method Detail

getKeyStoreParam

public KeyStoreParam getKeyStoreParam()

Returns the keyStore configuration parameters.

setKeyStoreParam

public void setKeyStoreParam(KeyStoreParam param)

Sets the keyStore configuration parameters. Calling this method resets the notary as if it had just been created.

Parameters:

param - the keyStore configuration parameters - may not be null.

Throws:

java.lang.NullPointerException - if the given parameter object does not obey the contract of its interface due to a null pointer.

IllegalPasswordException - if any password in the parameter object does not comply to the current policy.

sign

public GenericCertificate sign(java.lang.Object content)
                        throws java.lang.Exception

Encodes and signs the given content and returns a locked generic certificate holding the encoded content and its digital signature.

Please note the following:

• Because this method locks the certificate, a subsequent call to sign(GenericCertificate, Object) or verify(GenericCertificate) is redundant and will throw a PropertyVetoException. Use GenericCertificate.isLocked() to detect whether a generic certificate has been successfuly signed or verified before or call GenericCertificate.getContent() and expect an Exception to be thrown if it hasn't.
• There is no way to unlock the returned certificate. Call the copy constructor of GenericCertificate if you need an unlocked copy of the certificate.

Parameters:

content - the object to sign. This must either be a JavaBean or an instance of any other class which is supported by PersistenceService - maybe null.

Returns:

A locked generic certificate holding the encoded content and its digital signature.

Throws:

java.lang.Exception - for various reasons.

verify

public void verify(GenericCertificate certificate)
            throws java.lang.Exception

Verifies the digital signature of the encoded content in the given certificate and locks it.

Please note the following:

• This method will throw a PropertyVetoException if the certificate is already locked, i.e. if it has been signed or verified before.
• Because this method locks the certificate, a subsequent call to sign(GenericCertificate, Object) or verify(GenericCertificate) is redundant and will throw a PropertyVetoException. Use GenericCertificate.isLocked() to detect whether a generic certificate has been successfuly signed or verified before or call GenericCertificate.getContent() and expect an Exception to be thrown if it hasn't.
• There is no way to unlock the certificate. Call the copy constructor of GenericCertificate if you need an unlocked copy of the certificate.

Parameters:

certificate - the generic certificate to verify - may not be null.

Throws:

java.lang.Exception - a subclass of this class may be thrown for various reasons.

getPrivateKey

protected java.security.PrivateKey getPrivateKey()
                                          throws LicenseNotaryException,
                                                 java.io.IOException,
                                                 java.security.cert.CertificateException,
                                                 java.security.NoSuchAlgorithmException,
                                                 java.security.UnrecoverableKeyException

Returns the private key from the keyStore.

Throws:

LicenseNotaryException - if the parameters used to access the corresponding key store are insufficient or incorrect. Note that you should always use Throwable.getLocalizedMessage() to get a (possibly localized) meaningful detail message.

java.io.IOException - if there is an I/O or format problem with the keyStore data.

java.security.cert.CertificateException - if any of the certificates in the keyStore could not be loaded.

java.security.NoSuchAlgorithmException - if the algorithm used to check the integrity of the keyStore cannot be found.

java.security.UnrecoverableKeyException - if the key cannot get recovered (e.g. the given password is wrong).

getPublicKey

protected java.security.PublicKey getPublicKey()
                                        throws LicenseNotaryException,
                                               java.io.IOException,
                                               java.security.cert.CertificateException,
                                               java.security.NoSuchAlgorithmException

Returns the public key from the keyStore

Throws:

LicenseNotaryException - if the parameters used to access the corresponding key store are insufficient or incorrect. Note that you should always use Throwable.getLocalizedMessage() to get a (possibly localized) meaningful detail message.

java.io.IOException - if there is an I/O or format problem with the keyStore data.

java.security.cert.CertificateException - if any of the certificates in the keyStore could not be loaded.

java.security.NoSuchAlgorithmException - if the algorithm used to check the integrity of the keyStore cannot be found.

getSignatureEngine

protected java.security.Signature getSignatureEngine()

Returns a valid signature engine to be used for signing and verifying a GenericCertificate - null is never returned.

getKeyStore

protected java.security.KeyStore getKeyStore()
                                      throws java.io.IOException,
                                             java.security.cert.CertificateException,
                                             java.security.NoSuchAlgorithmException

Returns a loaded/initialized keyStore.

Throws:

java.io.IOException - if there is an I/O or format problem with the keyStore data.

java.security.cert.CertificateException - if any of the certificates in the keyStore could not be loaded.

java.security.NoSuchAlgorithmException - if the algorithm used to check the integrity of the keyStore cannot be found.