Example 11 with XMLSecurityException
use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.
the class SignedInfo method getInclusiveNamespaces.
public String getInclusiveNamespaces() {
String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
if (!(c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#") || c14nMethodURI.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"))) {
return null;
}
Element inclusiveElement = XMLUtils.getNextElement(c14nMethod.getFirstChild());
if (inclusiveElement != null) {
try {
String inclusiveNamespaces = new InclusiveNamespaces(inclusiveElement, InclusiveNamespaces.ExclusiveCanonicalizationNamespace).getInclusiveNamespaces();
return inclusiveNamespaces;
} catch (XMLSecurityException e) {
return null;
}
}
return null;
}
Also used :
Element(org.w3c.dom.Element)
InclusiveNamespaces(com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Example 12 with XMLSecurityException
use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.
the class SignedInfo method reparseSignedInfoElem.
private static Element reparseSignedInfoElem(Element element) throws XMLSecurityException {
/*
* If a custom canonicalizationMethod is used, canonicalize
* ds:SignedInfo, reparse it into a new document
* and replace the original not-canonicalized ds:SignedInfo by
* the re-parsed canonicalized one.
*/
Element c14nMethod = XMLUtils.getNextElement(element.getFirstChild());
String c14nMethodURI = c14nMethod.getAttributeNS(null, Constants._ATT_ALGORITHM);
if (!(c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N_EXCL_WITH_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS) || c14nMethodURI.equals(Canonicalizer.ALGO_ID_C14N11_WITH_COMMENTS))) {
// so reparse the SignedInfo to be sure
try {
Canonicalizer c14nizer = Canonicalizer.getInstance(c14nMethodURI);
byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
Document newdoc = db.parse(new ByteArrayInputStream(c14nizedBytes));
Node imported = element.getOwnerDocument().importNode(newdoc.getDocumentElement(), true);
element.getParentNode().replaceChild(imported, element);
return (Element) imported;
} catch (ParserConfigurationException ex) {
throw new XMLSecurityException("empty", ex);
} catch (IOException ex) {
throw new XMLSecurityException("empty", ex);
} catch (SAXException ex) {
throw new XMLSecurityException("empty", ex);
}
}
return element;
}
Also used :
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
SAXException(org.xml.sax.SAXException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
Canonicalizer(com.sun.org.apache.xml.internal.security.c14n.Canonicalizer)
Example 13 with XMLSecurityException
use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.
the class X509CertificateResolver method engineLookupResolveX509Certificate.
/**
* Method engineResolveX509Certificate
* @inheritDoc
* @param element
* @param BaseURI
* @param storage
*
* @throws KeyResolverException
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
try {
Element[] els = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509CERTIFICATE);
if ((els == null) || (els.length == 0)) {
Element el = XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
if (el != null) {
return engineLookupResolveX509Certificate(el, BaseURI, storage);
}
return null;
}
// populate Object array
for (int i = 0; i < els.length; i++) {
XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], BaseURI);
X509Certificate cert = xmlCert.getX509Certificate();
if (cert != null) {
return cert;
}
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
throw new KeyResolverException("generic.EmptyMessage", ex);
}
}
Also used :
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
Element(org.w3c.dom.Element)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Example 14 with XMLSecurityException
use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.
the class PrivateKeyResolver method resolveX509Data.
private PrivateKey resolveX509Data(Element element, String baseURI) {
log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
try {
X509Data x509Data = new X509Data(element, baseURI);
int len = x509Data.lengthSKI();
for (int i = 0; i < len; i++) {
XMLX509SKI x509SKI = x509Data.itemSKI(i);
PrivateKey privKey = resolveX509SKI(x509SKI);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthIssuerSerial();
for (int i = 0; i < len; i++) {
XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthSubjectName();
for (int i = 0; i < len; i++) {
XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthCertificate();
for (int i = 0; i < len; i++) {
XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
PrivateKey privKey = resolveX509Certificate(x509Cert);
if (privKey != null) {
return privKey;
}
}
} catch (XMLSecurityException e) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
} catch (KeyStoreException e) {
log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
}
return null;
}
Also used :
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
PrivateKey(java.security.PrivateKey)
XMLX509SKI(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)
XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)
KeyStoreException(java.security.KeyStoreException)
X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data)
XMLX509SubjectName(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Example 15 with XMLSecurityException
use of com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException in project jdk8u_jdk by JetBrains.
the class X509DigestResolver method resolveCertificate.
/**
* Resolves from the storage resolver the actual certificate represented by the digest.
*
* @param element
* @param baseURI
* @param storage
* @return
* @throws XMLSecurityException
*/
private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
XMLX509Digest[] x509Digests = null;
Element[] x509childNodes = XMLUtils.selectDs11Nodes(element.getFirstChild(), Constants._TAG_X509DIGEST);
if (x509childNodes == null || x509childNodes.length <= 0) {
return null;
}
try {
checkStorage(storage);
x509Digests = new XMLX509Digest[x509childNodes.length];
for (int i = 0; i < x509childNodes.length; i++) {
x509Digests[i] = new XMLX509Digest(x509childNodes[i], baseURI);
}
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
for (int i = 0; i < x509Digests.length; i++) {
XMLX509Digest keyInfoDigest = x509Digests[i];
byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm());
if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found certificate with: " + cert.getSubjectX500Principal().getName());
}
return cert;
}
}
}
} catch (XMLSecurityException ex) {
throw new KeyResolverException("empty", ex);
}
return null;
}
Also used :
XMLX509Digest(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Digest)
Element(org.w3c.dom.Element)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
X509Certificate(java.security.cert.X509Certificate)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)32
Element (org.w3c.dom.Element)15
IOException (java.io.IOException)11
X509Certificate (java.security.cert.X509Certificate)9
CanonicalizationException (com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException)8
KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)8
PublicKey (java.security.PublicKey)7
XMLSignatureInput (com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput)6
Certificate (java.security.cert.Certificate)6
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)6
SAXException (org.xml.sax.SAXException)6
InvalidCanonicalizerException (com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException)5
XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)5
TransformationException (com.sun.org.apache.xml.internal.security.transforms.TransformationException)5
Transforms (com.sun.org.apache.xml.internal.security.transforms.Transforms)4
InclusiveNamespaces (com.sun.org.apache.xml.internal.security.transforms.params.InclusiveNamespaces)4
XMLX509SKI (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)3
UnsyncBufferedOutputStream (com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream)3
OutputStream (java.io.OutputStream)3
KeyFactory (java.security.KeyFactory)3
