interface CryptoService<T : AuthenticationCredentials, U : KeyConfig>
Crypto service that encompasses certain cryptographic operations such as signing of data.
abstract fun authenticate(credentials: T): Unit
Authenticate a user against the underlying crypto provider using given credentials. |
|
abstract fun containsKey(alias: String): Boolean
Check if this CryptoService contains an entry for the given alias. |
|
abstract fun generateAndStoreKeyPair(keyConfig: U): PublicKey
Generate a key pair and a basic self-signed certificate and store within the underlying key store. |
|
abstract fun generateRandomLong(): Long
Generate a random Long using the underlying Provider. |
|
abstract fun getAuthenticatedUsers(): List<String>
Return the list of users currently authenticated against the underlying crypto provider. |
|
abstract fun getCertificate(alias: String): Certificate
Returns the Certificate of the entry for the given alias. |
|
abstract fun getPublicKey(alias: String): PublicKey
Returns the PublicKey of the entry for the given alias. |
|
abstract fun getSigner(alias: String, password: String? = null): <ERROR CLASS>
Returns ContentSigner for the key identified by the input alias. |
|
abstract fun isAuthenticated(): Boolean
Boolean flag indicating whether further authentication is needed to use stored keys. |
|
abstract fun logOut(): Unit
Reset the authentication state for the underlying crypto provider. |
|
abstract fun sign(alias: String, data: ByteArray, signAlgorithm: String? = null, password: String? = null): ByteArray
Sign a ByteArray using the private key identified by the input alias. Returns the signature bytes formatted according to the signature scheme. The signAlgorithm if specified determines the signature scheme used for signing, if not specified then the signature scheme is based on the private key scheme. |
|
abstract fun updateCertificate(keyConfig: U, certificateChain: List<X509Certificate>): Unit
Update the certificate chain within the underlying key store. |
val signatureSchemeForCurve: Map<String, <ERROR CLASS>> |
class AzureKeyVaultCryptoService : CryptoService<AzureKeyVaultCredentials, AzureKeyVaultKeyConfig>
Implementation of a CryptoService that is backed by an Azure Key Vault cloud HSM. |
|
class BCCryptoService : CryptoService<BCKeyStoreCredentials, BCKeyConfig>
Basic implementation of a CryptoService that uses BouncyCastle for cryptographic operations and a local Java KeyStore in the form of KeyStore to store private keys. |
|
abstract class JCACryptoService<T : AuthenticationCredentials, U : KeyConfig> : CryptoService<T, U>
This is the base class that facilitates easy integration of further HSM vendors that provide a JCA provider. For every vendor we want to support there has to be a new CryptoService that implements CryptoService and optionally inherits from this class if it makes sense. Not all vendors fully implement the JCA API and some of the methods of this class will have to be overridden with vendor-specific implementations. |
|
class UtimacoCryptoService : CryptoService<UtimacoAuthenticationCredentials, UtimacoKeyConfig>
Implementation of a CryptoService that is backed by a Utimaco HSM. |