Example 6 with KeyResolverException
use of com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException in project jdk8u_jdk by JetBrains.
the class X509DigestResolver method resolveCertificate.
/**
* Resolves from the storage resolver the actual certificate represented by the digest.
*
* @param element
* @param baseURI
* @param storage
* @return
* @throws XMLSecurityException
*/
private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException {
XMLX509Digest[] x509Digests = null;
Element[] x509childNodes = XMLUtils.selectDs11Nodes(element.getFirstChild(), Constants._TAG_X509DIGEST);
if (x509childNodes == null || x509childNodes.length <= 0) {
return null;
}
try {
checkStorage(storage);
x509Digests = new XMLX509Digest[x509childNodes.length];
for (int i = 0; i < x509childNodes.length; i++) {
x509Digests[i] = new XMLX509Digest(x509childNodes[i], baseURI);
}
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
for (int i = 0; i < x509Digests.length; i++) {
XMLX509Digest keyInfoDigest = x509Digests[i];
byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm());
if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found certificate with: " + cert.getSubjectX500Principal().getName());
}
return cert;
}
}
}
} catch (XMLSecurityException ex) {
throw new KeyResolverException("empty", ex);
}
return null;
}
Also used :
XMLX509Digest(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Digest)
Element(org.w3c.dom.Element)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
X509Certificate(java.security.cert.X509Certificate)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 7 with KeyResolverException
use of com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException in project jdk8u_jdk by JetBrains.
the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.
/** @inheritDoc */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
}
X509Data x509data = null;
try {
x509data = new X509Data(element, baseURI);
} catch (XMLSignatureException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "I can't");
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "I can't");
}
return null;
}
if (!x509data.containsIssuerSerial()) {
return null;
}
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "", ex);
}
throw ex;
}
int noOfISS = x509data.lengthIssuerSerial();
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: " + certSerial.getIssuerName());
log.log(java.util.logging.Level.FINE, "Found Certificate Serial: " + certSerial.getSerialNumber().toString());
}
for (int i = 0; i < noOfISS; i++) {
XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found Element Issuer: " + xmliss.getIssuerName());
log.log(java.util.logging.Level.FINE, "Found Element Serial: " + xmliss.getSerialNumber().toString());
}
if (certSerial.equals(xmliss)) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "match !!! ");
}
return cert;
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "no match...");
}
}
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
throw new KeyResolverException("generic.EmptyMessage", ex);
}
}
Also used :
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)
X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data)
XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException)
XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 8 with KeyResolverException
use of com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException in project jdk8u_jdk by JetBrains.
the class XMLCipher method decryptToByteArray.
/**
* Decrypt an EncryptedData element to a byte array.
*
* When passed in an EncryptedData node, returns the decryption
* as a byte array.
*
* Does not modify the source document.
* @param element
* @return the bytes resulting from the decryption
* @throws XMLEncryptionException
*/
public byte[] decryptToByteArray(Element element) throws XMLEncryptionException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Decrypting to ByteArray...");
}
if (cipherMode != DECRYPT_MODE) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher unexpectedly not in DECRYPT_MODE...");
}
EncryptedData encryptedData = factory.newEncryptedData(element);
if (key == null) {
KeyInfo ki = encryptedData.getKeyInfo();
if (ki != null) {
try {
// Add an EncryptedKey resolver
String encMethodAlgorithm = encryptedData.getEncryptionMethod().getAlgorithm();
EncryptedKeyResolver resolver = new EncryptedKeyResolver(encMethodAlgorithm, kek);
if (internalKeyResolvers != null) {
int size = internalKeyResolvers.size();
for (int i = 0; i < size; i++) {
resolver.registerInternalKeyResolver(internalKeyResolvers.get(i));
}
}
ki.registerInternalKeyResolver(resolver);
ki.setSecureValidation(secureValidation);
key = ki.getSecretKey();
} catch (KeyResolverException kre) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, kre.getMessage(), kre);
}
}
}
if (key == null) {
log.log(java.util.logging.Level.SEVERE, "XMLCipher::decryptElement called without a key and unable to resolve");
throw new XMLEncryptionException("encryption.nokey");
}
}
// Obtain the encrypted octets
XMLCipherInput cipherInput = new XMLCipherInput(encryptedData);
cipherInput.setSecureValidation(secureValidation);
byte[] encryptedBytes = cipherInput.getBytes();
// Now create the working cipher
String jceAlgorithm = JCEMapper.translateURItoJCEID(encryptedData.getEncryptionMethod().getAlgorithm());
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "JCE Algorithm = " + jceAlgorithm);
}
Cipher c;
try {
if (requestedJCEProvider == null) {
c = Cipher.getInstance(jceAlgorithm);
} else {
c = Cipher.getInstance(jceAlgorithm, requestedJCEProvider);
}
} catch (NoSuchAlgorithmException nsae) {
throw new XMLEncryptionException("empty", nsae);
} catch (NoSuchProviderException nspre) {
throw new XMLEncryptionException("empty", nspre);
} catch (NoSuchPaddingException nspae) {
throw new XMLEncryptionException("empty", nspae);
}
// Calculate the IV length and copy out
// For now, we only work with Block ciphers, so this will work.
// This should probably be put into the JCE mapper.
int ivLen = c.getBlockSize();
String alg = encryptedData.getEncryptionMethod().getAlgorithm();
if (AES_128_GCM.equals(alg) || AES_192_GCM.equals(alg) || AES_256_GCM.equals(alg)) {
ivLen = 12;
}
byte[] ivBytes = new byte[ivLen];
// You may be able to pass the entire piece in to IvParameterSpec
// and it will only take the first x bytes, but no way to be certain
// that this will work for every JCE provider, so lets copy the
// necessary bytes into a dedicated array.
System.arraycopy(encryptedBytes, 0, ivBytes, 0, ivLen);
IvParameterSpec iv = new IvParameterSpec(ivBytes);
try {
c.init(cipherMode, key, iv);
} catch (InvalidKeyException ike) {
throw new XMLEncryptionException("empty", ike);
} catch (InvalidAlgorithmParameterException iape) {
throw new XMLEncryptionException("empty", iape);
}
try {
return c.doFinal(encryptedBytes, ivLen, encryptedBytes.length - ivLen);
} catch (IllegalBlockSizeException ibse) {
throw new XMLEncryptionException("empty", ibse);
} catch (BadPaddingException bpe) {
throw new XMLEncryptionException("empty", bpe);
}
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
KeyInfo(com.sun.org.apache.xml.internal.security.keys.KeyInfo)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
NoSuchProviderException(java.security.NoSuchProviderException)
EncryptedKeyResolver(com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)
Example 9 with KeyResolverException
use of com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException in project jdk8u_jdk by JetBrains.
the class RetrievalMethodResolver method getDocFromBytes.
/**
* Parses a byte array and returns the parsed Element.
*
* @param bytes
* @return the Document Element after parsing bytes
* @throws KeyResolverException if something goes wrong
*/
private static Element getDocFromBytes(byte[] bytes) throws KeyResolverException {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
throw new KeyResolverException("empty", ex);
} catch (IOException ex) {
throw new KeyResolverException("empty", ex);
} catch (ParserConfigurationException ex) {
throw new KeyResolverException("empty", ex);
}
}
Also used :
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
Document(org.w3c.dom.Document)
SAXException(org.xml.sax.SAXException)
Aggregations
KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)9
XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)5
X509Certificate (java.security.cert.X509Certificate)5
Certificate (java.security.cert.Certificate)4
Element (org.w3c.dom.Element)4
ByteArrayInputStream (java.io.ByteArrayInputStream)2
IOException (java.io.IOException)2
DocumentBuilder (javax.xml.parsers.DocumentBuilder)2
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)2
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2
Document (org.w3c.dom.Document)2
SAXException (org.xml.sax.SAXException)2
KeyInfo (com.sun.org.apache.xml.internal.security.keys.KeyInfo)1
X509Data (com.sun.org.apache.xml.internal.security.keys.content.X509Data)1
XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)1
XMLX509Digest (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Digest)1
XMLX509IssuerSerial (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)1
XMLX509SKI (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI)1
XMLX509SubjectName (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)1
EncryptedKeyResolver (com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.EncryptedKeyResolver)1
