Search in sources :

Example 1 with XMLX509Certificate

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.

the class X509CertificateResolver method engineLookupResolveX509Certificate.

/**
     * Method engineResolveX509Certificate
     * @inheritDoc
     * @param element
     * @param BaseURI
     * @param storage
     *
     * @throws KeyResolverException
     */
public X509Certificate engineLookupResolveX509Certificate(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
    try {
        Element[] els = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509CERTIFICATE);
        if ((els == null) || (els.length == 0)) {
            Element el = XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
            if (el != null) {
                return engineLookupResolveX509Certificate(el, BaseURI, storage);
            }
            return null;
        }
        // populate Object array
        for (int i = 0; i < els.length; i++) {
            XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], BaseURI);
            X509Certificate cert = xmlCert.getX509Certificate();
            if (cert != null) {
                return cert;
            }
        }
        return null;
    } catch (XMLSecurityException ex) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
        }
        throw new KeyResolverException("generic.EmptyMessage", ex);
    }
}
Also used : XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) Element(org.w3c.dom.Element) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)

Example 2 with XMLX509Certificate

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.

the class PrivateKeyResolver method resolveX509Data.

private PrivateKey resolveX509Data(Element element, String baseURI) {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
    try {
        X509Data x509Data = new X509Data(element, baseURI);
        int len = x509Data.lengthSKI();
        for (int i = 0; i < len; i++) {
            XMLX509SKI x509SKI = x509Data.itemSKI(i);
            PrivateKey privKey = resolveX509SKI(x509SKI);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthIssuerSerial();
        for (int i = 0; i < len; i++) {
            XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
            PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthSubjectName();
        for (int i = 0; i < len; i++) {
            XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
            PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthCertificate();
        for (int i = 0; i < len; i++) {
            XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
            PrivateKey privKey = resolveX509Certificate(x509Cert);
            if (privKey != null) {
                return privKey;
            }
        }
    } catch (XMLSecurityException e) {
        log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
    } catch (KeyStoreException e) {
        log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
    }
    return null;
}
Also used : XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) PrivateKey(java.security.PrivateKey) XMLX509SKI(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI) XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial) KeyStoreException(java.security.KeyStoreException) X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data) XMLX509SubjectName(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)

Example 3 with XMLX509Certificate

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.

the class PrivateKeyResolver method resolveX509Certificate.

/*
     * Search for a private key entry in the KeyStore with the same Certificate.
     */
private PrivateKey resolveX509Certificate(XMLX509Certificate x509Cert) throws XMLSecurityException, KeyStoreException {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Certificate?");
    byte[] x509CertBytes = x509Cert.getCertificateBytes();
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                byte[] certBytes = null;
                try {
                    certBytes = cert.getEncoded();
                } catch (CertificateEncodingException e1) {
                }
                if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
                    log.log(java.util.logging.Level.FINE, "match !!! ");
                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    } catch (Exception e) {
                        log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
                    // Keep searching
                    }
                }
            }
        }
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyStoreException(java.security.KeyStoreException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)

Example 4 with XMLX509Certificate

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project ddf by codice.

the class X509PathTokenValidator method validateToken.

/**
     * Validate a Token using the given TokenValidatorParameters.
     *
     * @param tokenParameters
     * @return TokenValidatorResponse
     */
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    LOGGER.trace("Validating X.509 Token");
    STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
    Crypto sigCrypto = stsProperties.getSignatureCrypto();
    CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
    RequestData requestData = new RequestData();
    requestData.setSigVerCrypto(sigCrypto);
    requestData.setWssConfig(WSSConfig.getNewInstance());
    requestData.setCallbackHandler(callbackHandler);
    requestData.setMsgContext(tokenParameters.getMessageContext());
    requestData.setSubjectCertConstraints(certConstraints.getCompiledSubjectContraints());
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    validateTarget.setState(STATE.INVALID);
    response.setToken(validateTarget);
    BinarySecurity binarySecurity = null;
    BinarySecurityTokenType binarySecurityType = null;
    if (validateTarget.isBinarySecurityToken()) {
        binarySecurityType = (BinarySecurityTokenType) validateTarget.getToken();
        // Test the encoding type
        String encodingType = binarySecurityType.getEncodingType();
        if (!BASE64_ENCODING.equals(encodingType)) {
            LOGGER.trace("Bad encoding type attribute specified: {}", encodingType);
            return response;
        }
        //
        // Turn the received JAXB object into a DOM element
        //
        Document doc = DOMUtils.createDocument();
        binarySecurity = new X509Security(doc);
        binarySecurity.setEncodingType(encodingType);
        binarySecurity.setValueType(binarySecurityType.getValueType());
        String data = binarySecurityType.getValue();
        Node textNode = doc.createTextNode(data);
        binarySecurity.getElement().appendChild(textNode);
    } else if (validateTarget.isDOMElement()) {
        try {
            Document doc = DOMUtils.createDocument();
            binarySecurity = new X509Security(doc);
            binarySecurity.setEncodingType(BASE64_ENCODING);
            X509Data x509Data = new X509Data((Element) validateTarget.getToken(), "");
            if (x509Data.containsCertificate()) {
                XMLX509Certificate xmlx509Certificate = x509Data.itemCertificate(0);
                if (xmlx509Certificate == null) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
                }
                X509Certificate cert = xmlx509Certificate.getX509Certificate();
                ((X509Security) binarySecurity).setX509Certificate(cert);
            }
        } catch (WSSecurityException ex) {
            LOGGER.debug("Unable to set certificate", ex);
            return response;
        } catch (XMLSecurityException ex) {
            LOGGER.debug("Unable to get certificates", ex);
            return response;
        }
    } else {
        return response;
    }
    //
    try {
        Credential credential = new Credential();
        credential.setBinarySecurityToken(binarySecurity);
        if (merlin != null) {
            byte[] token = binarySecurity.getToken();
            if (token != null) {
                if (binarySecurityType != null) {
                    if (binarySecurityType.getValueType().equals(X509_PKI_PATH)) {
                        X509Certificate[] certificates = merlin.getCertificatesFromBytes(token);
                        if (certificates != null) {
                            credential.setCertificates(certificates);
                        }
                    } else {
                        X509Certificate singleCert = merlin.loadCertificate(new ByteArrayInputStream(token));
                        credential.setCertificates(new X509Certificate[] { singleCert });
                    }
                }
            } else {
                LOGGER.debug("Binary Security Token bytes were null.");
            }
        }
        Credential returnedCredential = validator.validate(credential, requestData);
        X500Principal subjectX500Principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
        response.setPrincipal(subjectX500Principal);
        if (response.getAdditionalProperties() == null) {
            response.setAdditionalProperties(new HashMap<>());
        }
        try {
            String emailAddress = SubjectUtils.getEmailAddress(subjectX500Principal);
            if (emailAddress != null) {
                response.getAdditionalProperties().put(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI, emailAddress);
            }
            String country = SubjectUtils.getCountry(subjectX500Principal);
            if (country != null) {
                response.getAdditionalProperties().put(SubjectUtils.COUNTRY_CLAIM_URI, country);
            }
        } catch (Exception e) {
            LOGGER.debug("Unable to set email address or country from certificate.", e);
        }
        validateTarget.setState(STATE.VALID);
        validateTarget.setPrincipal(subjectX500Principal);
    } catch (WSSecurityException ex) {
        LOGGER.debug("Unable to validate credentials.", ex);
    }
    return response;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) X509Data(org.apache.xml.security.keys.content.X509Data) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) X509Security(org.apache.wss4j.common.token.X509Security) Credential(org.apache.wss4j.dom.validate.Credential) BinarySecurity(org.apache.wss4j.common.token.BinarySecurity) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) ByteArrayInputStream(java.io.ByteArrayInputStream) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)

Aggregations

XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)3 XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)3 X509Certificate (java.security.cert.X509Certificate)3 KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)2 KeyStoreException (java.security.KeyStoreException)2 PrivateKey (java.security.PrivateKey)2 Element (org.w3c.dom.Element)2 X509Data (com.sun.org.apache.xml.internal.security.keys.content.X509Data)1 XMLX509IssuerSerial (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)1 XMLX509SKI (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)1 XMLX509SubjectName (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 Key (java.security.Key)1 PublicKey (java.security.PublicKey)1 Certificate (java.security.cert.Certificate)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 SecretKey (javax.crypto.SecretKey)1 CallbackHandler (javax.security.auth.callback.CallbackHandler)1 X500Principal (javax.security.auth.x500.X500Principal)1