Example 1 with XMLX509Certificate
use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.
the class X509CertificateResolver method engineLookupResolveX509Certificate.
/**
* Method engineResolveX509Certificate
* @inheritDoc
* @param element
* @param BaseURI
* @param storage
*
* @throws KeyResolverException
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String BaseURI, StorageResolver storage) throws KeyResolverException {
try {
Element[] els = XMLUtils.selectDsNodes(element.getFirstChild(), Constants._TAG_X509CERTIFICATE);
if ((els == null) || (els.length == 0)) {
Element el = XMLUtils.selectDsNode(element.getFirstChild(), Constants._TAG_X509DATA, 0);
if (el != null) {
return engineLookupResolveX509Certificate(el, BaseURI, storage);
}
return null;
}
// populate Object array
for (int i = 0; i < els.length; i++) {
XMLX509Certificate xmlCert = new XMLX509Certificate(els[i], BaseURI);
X509Certificate cert = xmlCert.getX509Certificate();
if (cert != null) {
return cert;
}
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
throw new KeyResolverException("generic.EmptyMessage", ex);
}
}
Also used :
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
Element(org.w3c.dom.Element)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Example 2 with XMLX509Certificate
use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.
the class PrivateKeyResolver method resolveX509Data.
private PrivateKey resolveX509Data(Element element, String baseURI) {
log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
try {
X509Data x509Data = new X509Data(element, baseURI);
int len = x509Data.lengthSKI();
for (int i = 0; i < len; i++) {
XMLX509SKI x509SKI = x509Data.itemSKI(i);
PrivateKey privKey = resolveX509SKI(x509SKI);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthIssuerSerial();
for (int i = 0; i < len; i++) {
XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthSubjectName();
for (int i = 0; i < len; i++) {
XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
if (privKey != null) {
return privKey;
}
}
len = x509Data.lengthCertificate();
for (int i = 0; i < len; i++) {
XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
PrivateKey privKey = resolveX509Certificate(x509Cert);
if (privKey != null) {
return privKey;
}
}
} catch (XMLSecurityException e) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
} catch (KeyStoreException e) {
log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
}
return null;
}
Also used :
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
PrivateKey(java.security.PrivateKey)
XMLX509SKI(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)
XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)
KeyStoreException(java.security.KeyStoreException)
X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data)
XMLX509SubjectName(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
Example 3 with XMLX509Certificate
use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project jdk8u_jdk by JetBrains.
the class PrivateKeyResolver method resolveX509Certificate.
/*
* Search for a private key entry in the KeyStore with the same Certificate.
*/
private PrivateKey resolveX509Certificate(XMLX509Certificate x509Cert) throws XMLSecurityException, KeyStoreException {
log.log(java.util.logging.Level.FINE, "Can I resolve X509Certificate?");
byte[] x509CertBytes = x509Cert.getCertificateBytes();
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
Certificate cert = keyStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
byte[] certBytes = null;
try {
certBytes = cert.getEncoded();
} catch (CertificateEncodingException e1) {
}
if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
log.log(java.util.logging.Level.FINE, "match !!! ");
try {
Key key = keyStore.getKey(alias, password);
if (key instanceof PrivateKey) {
return (PrivateKey) key;
}
} catch (Exception e) {
log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
// Keep searching
}
}
}
}
}
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
KeyStoreException(java.security.KeyStoreException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)
Example 4 with XMLX509Certificate
use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate in project ddf by codice.
the class X509PathTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*
* @param tokenParameters
* @return TokenValidatorResponse
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.trace("Validating X.509 Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
requestData.setWssConfig(WSSConfig.getNewInstance());
requestData.setCallbackHandler(callbackHandler);
requestData.setMsgContext(tokenParameters.getMessageContext());
requestData.setSubjectCertConstraints(certConstraints.getCompiledSubjectContraints());
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
BinarySecurity binarySecurity = null;
BinarySecurityTokenType binarySecurityType = null;
if (validateTarget.isBinarySecurityToken()) {
binarySecurityType = (BinarySecurityTokenType) validateTarget.getToken();
// Test the encoding type
String encodingType = binarySecurityType.getEncodingType();
if (!BASE64_ENCODING.equals(encodingType)) {
LOGGER.trace("Bad encoding type attribute specified: {}", encodingType);
return response;
}
//
// Turn the received JAXB object into a DOM element
//
Document doc = DOMUtils.createDocument();
binarySecurity = new X509Security(doc);
binarySecurity.setEncodingType(encodingType);
binarySecurity.setValueType(binarySecurityType.getValueType());
String data = binarySecurityType.getValue();
Node textNode = doc.createTextNode(data);
binarySecurity.getElement().appendChild(textNode);
} else if (validateTarget.isDOMElement()) {
try {
Document doc = DOMUtils.createDocument();
binarySecurity = new X509Security(doc);
binarySecurity.setEncodingType(BASE64_ENCODING);
X509Data x509Data = new X509Data((Element) validateTarget.getToken(), "");
if (x509Data.containsCertificate()) {
XMLX509Certificate xmlx509Certificate = x509Data.itemCertificate(0);
if (xmlx509Certificate == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
}
X509Certificate cert = xmlx509Certificate.getX509Certificate();
((X509Security) binarySecurity).setX509Certificate(cert);
}
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to set certificate", ex);
return response;
} catch (XMLSecurityException ex) {
LOGGER.debug("Unable to get certificates", ex);
return response;
}
} else {
return response;
}
//
try {
Credential credential = new Credential();
credential.setBinarySecurityToken(binarySecurity);
if (merlin != null) {
byte[] token = binarySecurity.getToken();
if (token != null) {
if (binarySecurityType != null) {
if (binarySecurityType.getValueType().equals(X509_PKI_PATH)) {
X509Certificate[] certificates = merlin.getCertificatesFromBytes(token);
if (certificates != null) {
credential.setCertificates(certificates);
}
} else {
X509Certificate singleCert = merlin.loadCertificate(new ByteArrayInputStream(token));
credential.setCertificates(new X509Certificate[] { singleCert });
}
}
} else {
LOGGER.debug("Binary Security Token bytes were null.");
}
}
Credential returnedCredential = validator.validate(credential, requestData);
X500Principal subjectX500Principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
response.setPrincipal(subjectX500Principal);
if (response.getAdditionalProperties() == null) {
response.setAdditionalProperties(new HashMap<>());
}
try {
String emailAddress = SubjectUtils.getEmailAddress(subjectX500Principal);
if (emailAddress != null) {
response.getAdditionalProperties().put(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI, emailAddress);
}
String country = SubjectUtils.getCountry(subjectX500Principal);
if (country != null) {
response.getAdditionalProperties().put(SubjectUtils.COUNTRY_CLAIM_URI, country);
}
} catch (Exception e) {
LOGGER.debug("Unable to set email address or country from certificate.", e);
}
validateTarget.setState(STATE.VALID);
validateTarget.setPrincipal(subjectX500Principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate credentials.", ex);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
X509Data(org.apache.xml.security.keys.content.X509Data)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
RequestData(org.apache.wss4j.dom.handler.RequestData)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
X509Security(org.apache.wss4j.common.token.X509Security)
Credential(org.apache.wss4j.dom.validate.Credential)
BinarySecurity(org.apache.wss4j.common.token.BinarySecurity)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X500Principal(javax.security.auth.x500.X500Principal)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Aggregations
XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)3
XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)3
X509Certificate (java.security.cert.X509Certificate)3
KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)2
KeyStoreException (java.security.KeyStoreException)2
PrivateKey (java.security.PrivateKey)2
Element (org.w3c.dom.Element)2
X509Data (com.sun.org.apache.xml.internal.security.keys.content.X509Data)1
XMLX509IssuerSerial (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)1
XMLX509SKI (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)1
XMLX509SubjectName (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
Key (java.security.Key)1
PublicKey (java.security.PublicKey)1
Certificate (java.security.cert.Certificate)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
SecretKey (javax.crypto.SecretKey)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
X500Principal (javax.security.auth.x500.X500Principal)1
