Examples with XMLX509IssuerSerial com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial used on opensource projects

Example 1 with XMLX509IssuerSerial

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.

the class PrivateKeyResolver method resolveX509Data.

private PrivateKey resolveX509Data(Element element, String baseURI) {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
    try {
        X509Data x509Data = new X509Data(element, baseURI);
        int len = x509Data.lengthSKI();
        for (int i = 0; i < len; i++) {
            XMLX509SKI x509SKI = x509Data.itemSKI(i);
            PrivateKey privKey = resolveX509SKI(x509SKI);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthIssuerSerial();
        for (int i = 0; i < len; i++) {
            XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
            PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthSubjectName();
        for (int i = 0; i < len; i++) {
            XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
            PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthCertificate();
        for (int i = 0; i < len; i++) {
            XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
            PrivateKey privKey = resolveX509Certificate(x509Cert);
            if (privKey != null) {
                return privKey;
            }
        }
    } catch (XMLSecurityException e) {
        log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
    } catch (KeyStoreException e) {
        log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
    }
    return null;
}

Example 2 with XMLX509IssuerSerial

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial in project xades4j by luisgoncalves.

the class SignatureUtils method processKeyInfo.

static KeyInfoRes processKeyInfo(KeyInfo keyInfo) throws CertificateValidationException {
    if (null == keyInfo || !keyInfo.containsX509Data()) {
        throw new InvalidKeyInfoDataException("No X509Data to identify the leaf certificate");
    }
    List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
    XMLX509IssuerSerial issuerSerial = null;
    X509CertSelector certSelector = new X509CertSelector();
    // XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
    // that appear MUST refer to the certificate or certificates containing the
    // validation key."
    // "All certificates appearing in an X509Data element MUST relate to the
    // validation key by either containing it or being part of a certification
    // chain that terminates in a certificate containing the validation key".
    // Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
    // first to be found is used to select the leaf certificate. If none of those
    // elements is present, the first ds:X509Certificate is assumed as the signing
    // certificate.
    boolean hasSelectionCriteria = false;
    try {
        for (int i = 0; i < keyInfo.lengthX509Data(); ++i) {
            X509Data x509Data = keyInfo.itemX509Data(i);
            if (!hasSelectionCriteria) {
                if (x509Data.containsIssuerSerial()) {
                    issuerSerial = x509Data.itemIssuerSerial(0);
                    certSelector.setIssuer(new X500Principal(issuerSerial.getIssuerName()));
                    certSelector.setSerialNumber(issuerSerial.getSerialNumber());
                    hasSelectionCriteria = true;
                } else if (x509Data.containsSubjectName()) {
                    certSelector.setSubject(new X500Principal(x509Data.itemSubjectName(0).getSubjectName()));
                    hasSelectionCriteria = true;
                }
            }
            // Collect all certificates as they may be needed to build the cert path.
            if (x509Data.containsCertificate()) {
                for (int j = 0; j < x509Data.lengthCertificate(); ++j) {
                    keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
                }
            }
        }
        if (!hasSelectionCriteria) {
            if (keyInfoCerts.isEmpty()) {
                // find the "bottom" certificate.
                throw new InvalidKeyInfoDataException("No criteria to select the leaf certificate");
            }
            certSelector.setCertificate(keyInfoCerts.get(0));
        }
    } catch (XMLSecurityException ex) {
        throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
    }
    return new KeyInfoRes(keyInfoCerts, certSelector, issuerSerial);
}

Example 3 with XMLX509IssuerSerial

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class PrivateKeyResolver method resolveX509Data.

private PrivateKey resolveX509Data(Element element, String baseURI) {
    LOG.debug("Can I resolve X509Data?");
    try {
        X509Data x509Data = new X509Data(element, baseURI);
        int len = x509Data.lengthSKI();
        for (int i = 0; i < len; i++) {
            XMLX509SKI x509SKI = x509Data.itemSKI(i);
            PrivateKey privKey = resolveX509SKI(x509SKI);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthIssuerSerial();
        for (int i = 0; i < len; i++) {
            XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
            PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthSubjectName();
        for (int i = 0; i < len; i++) {
            XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
            PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthCertificate();
        for (int i = 0; i < len; i++) {
            XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
            PrivateKey privKey = resolveX509Certificate(x509Cert);
            if (privKey != null) {
                return privKey;
            }
        }
    } catch (XMLSecurityException e) {
        LOG.debug("XMLSecurityException", e);
    } catch (KeyStoreException e) {
        LOG.debug("KeyStoreException", e);
    }
    return null;
}

Example 4 with XMLX509IssuerSerial

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class PrivateKeyResolver method resolveX509IssuerSerial.

/*
     * Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
     */
private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
    LOG.debug("Can I resolve X509IssuerSerial?");
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
                if (certSerial.equals(x509Serial)) {
                    LOG.debug("match !!! ");
                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    } catch (Exception e) {
                        LOG.debug("Cannot recover the key", e);
                    // Keep searching
                    }
                }
            }
        }
    }
    return null;
}

Example 5 with XMLX509IssuerSerial

use of com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class XMLX509IssuerSerialTest method testGetIssuerName.

@org.junit.Test
public void testGetIssuerName() throws Exception {
    // Make sure hex encoded value is not escaped (see ...)
    String issuer = "9.99.999=#abc123";
    XMLX509IssuerSerial is = new XMLX509IssuerSerial(doc, issuer, 0);
    assertEquals(issuer, is.getIssuerName());
    // System.out.println(is.getIssuerName());
    issuer = "CN=#abc123";
    is = new XMLX509IssuerSerial(doc, issuer, 0);
    assertEquals("CN=\\#abc123", is.getIssuerName());
// System.out.println(is.getIssuerName());
}