Example 26 with PublicKey
use of java.security.PublicKey in project OpenAM by OpenRock.
the class SAMLConfigValidator method getPublicKey.
/**
* Return java.security.PublicKey for the specified keyAlias
*
* @param keyStore KeyStore to use for certificate retrieval
* @param keyAlias Key alias name
* @return PublicKey which matches the keyAlias, return null if
* the PublicKey could not be found.
*/
private java.security.PublicKey getPublicKey(KeyStore keyStore, String keyAlias) {
if (keyAlias == null || keyAlias.length() == 0) {
return null;
}
java.security.PublicKey pkey = null;
try {
java.security.cert.X509Certificate cert = (X509Certificate) keyStore.getCertificate(keyAlias);
pkey = cert.getPublicKey();
} catch (Exception e) {
Debug.getInstance(DEBUG_NAME).error("SAMLConfigValidator.getPublicKey: " + "Exception in retriving public-key from keystore", e);
}
return pkey;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
PublicKey(java.security.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
Example 27 with PublicKey
use of java.security.PublicKey in project OpenAM by OpenRock.
the class WSFederationMetaSecurityUtils method verifySignature.
/**
* Verifies signatures in entity descriptor represented by the
* <code>Document</code>.
* @param doc The document.
* @throws WSFederationMetaException if unable to verify the entity
* descriptor.
*/
public static void verifySignature(Document doc) throws WSFederationMetaException {
String classMethod = "WSFederationMetaSecurityUtils.verifySignature: ";
NodeList sigElements = null;
try {
Element nscontext = org.apache.xml.security.utils.XMLUtils.createDSctx(doc, "ds", Constants.SignatureSpecNS);
sigElements = XPathAPI.selectNodeList(doc, "//ds:Signature", nscontext);
} catch (Exception ex) {
debug.error(classMethod, ex);
throw new WSFederationMetaException(ex);
}
int numSigs = sigElements.getLength();
if (debug.messageEnabled()) {
debug.message(classMethod + "# of signatures = " + numSigs);
}
if (numSigs == 0) {
return;
}
initializeKeyStore();
for (int i = 0; i < numSigs; i++) {
Element sigElement = (Element) sigElements.item(i);
String sigParentName = sigElement.getParentNode().getLocalName();
Object[] objs = { sigParentName };
if (debug.messageEnabled()) {
debug.message(classMethod + "verifying signature under " + sigParentName);
}
try {
XMLSignature signature = new XMLSignature(sigElement, "");
signature.addResourceResolver(new com.sun.identity.saml.xmlsig.OfflineResolver());
KeyInfo ki = signature.getKeyInfo();
X509Certificate x509cert = null;
if (ki != null && ki.containsX509Data()) {
if (keyStore != null) {
StorageResolver sr = new StorageResolver(new KeyStoreResolver(keyStore));
ki.addStorageResolver(sr);
}
x509cert = ki.getX509Certificate();
}
if (x509cert == null) {
if (debug.messageEnabled()) {
debug.message(classMethod + "" + "try to find cert in KeyDescriptor");
}
String xpath = "following-sibling::*[local-name()=\"" + TAG_KEY_DESCRIPTOR + "\" and namespace-uri()=\"" + NS_META + "\"]";
Node node = XPathAPI.selectSingleNode(sigElement, xpath);
if (node != null) {
Element kd = (Element) node;
String use = kd.getAttributeNS(null, ATTR_USE);
if (use.equals("signing")) {
NodeList nl = kd.getChildNodes();
for (int j = 0; j < nl.getLength(); j++) {
Node child = nl.item(j);
if (child.getNodeType() == Node.ELEMENT_NODE) {
String localName = child.getLocalName();
String ns = child.getNamespaceURI();
if (TAG_KEY_INFO.equals(localName) && NS_XMLSIG.equals(ns)) {
ki = new KeyInfo((Element) child, "");
if (ki.containsX509Data()) {
if (keyStore != null) {
KeyStoreResolver ksr = new KeyStoreResolver(keyStore);
StorageResolver sr = new StorageResolver(ksr);
ki.addStorageResolver(sr);
}
x509cert = ki.getX509Certificate();
}
}
break;
}
}
}
}
}
if (x509cert == null) {
throw new WSFederationMetaException("verify_no_cert", objs);
}
if (checkCert && ((keyProvider == null) || (keyProvider.getCertificateAlias(x509cert) == null))) {
throw new WSFederationMetaException("untrusted_cert", objs);
}
PublicKey pk = x509cert.getPublicKey();
if (!signature.checkSignatureValue(pk)) {
throw new WSFederationMetaException("verify_fail", objs);
}
} catch (WSFederationMetaException sme) {
throw sme;
} catch (Exception ex) {
debug.error(classMethod, ex);
throw new WSFederationMetaException(Locale.getString(WSFederationMetaUtils.bundle, "verify_fail", objs) + "\n" + ex.getMessage());
}
}
}
Also used :
StorageResolver(org.apache.xml.security.keys.storage.StorageResolver)
PublicKey(java.security.PublicKey)
NodeList(org.w3c.dom.NodeList)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
FederationConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
Element(org.w3c.dom.Element)
TokenSigningKeyInfoElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenSigningKeyInfoElement)
Node(org.w3c.dom.Node)
JAXBException(javax.xml.bind.JAXBException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Example 28 with PublicKey
use of java.security.PublicKey in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldVerifyAuthIdAndFail.
@Test
public void shouldVerifyAuthIdAndFail() throws SignatureException, SSOException, SMSException {
//Given
SignedJwt signedJwt = mock(SignedJwt.class);
PublicKey publicKey = mock(PublicKey.class);
SigningHandler signingHandler = mock(SigningHandler.class);
given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willReturn(signedJwt);
given(signedJwt.verify(signingHandler)).willReturn(false);
mockGetSigningKey("REALM_DN", false);
//When
boolean exceptionCaught = false;
try {
authIdHelper.verifyAuthId("REALM_DN", "AUTH_ID");
fail();
} catch (RestAuthException e) {
exceptionCaught = true;
}
//Then
verify(jwtBuilderFactory).reconstruct("AUTH_ID", SignedJwt.class);
verify(signedJwt).verify(Matchers.<SigningHandler>anyObject());
assertTrue(exceptionCaught);
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
PublicKey(java.security.PublicKey)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
Test(org.testng.annotations.Test)
Example 29 with PublicKey
use of java.security.PublicKey in project android_frameworks_base by ResurrectionRemix.
the class KeySetManagerServiceTest method testAddSigningKSToPackageUpgradeDiffSuper.
/*
* Upgrade an app (same pkgName) with different keyset which contains a public
* key from the previous keyset. Verify old keyset removed and pub key ref
* count is accurate.
*/
public void testAddSigningKSToPackageUpgradeDiffSuper() throws ReflectiveOperationException {
/* create PackageSetting and add to Settings mPackages */
PackageSetting ps = generateFakePackageSetting("packageA");
mPackagesMap.put(ps.name, ps);
/* collect signing key and add */
ArraySet<PublicKey> signingKeys = new ArraySet<PublicKey>();
PublicKey keyA = PackageParser.parsePublicKey(KeySetStrings.ctsKeySetPublicKeyA);
signingKeys.add(keyA);
mKsms.addSigningKeySetToPackageLPw(ps, signingKeys);
/* now with additional key */
PublicKey keyB = PackageParser.parsePublicKey(KeySetStrings.ctsKeySetPublicKeyB);
signingKeys.add(keyB);
mKsms.addSigningKeySetToPackageLPw(ps, signingKeys);
assertEquals(0, KeySetUtils.getKeySetRefCount(mKsms, 1));
assertEquals(1, KeySetUtils.getKeySetRefCount(mKsms, 2));
assertEquals(0, KeySetUtils.getPubKeyRefCount(mKsms, 1));
assertEquals(1, KeySetUtils.getPubKeyRefCount(mKsms, 2));
assertEquals(1, KeySetUtils.getPubKeyRefCount(mKsms, 3));
/* the pub key is removed w/prev keyset and may be either 2 or 3 */
assertTrue(keyA.equals(KeySetUtils.getPubKey(mKsms, 2)) || keyA.equals(KeySetUtils.getPubKey(mKsms, 3)));
assertTrue(keyB.equals(KeySetUtils.getPubKey(mKsms, 2)) || keyB.equals(KeySetUtils.getPubKey(mKsms, 3)));
assertFalse(KeySetUtils.getPubKey(mKsms, 2).equals(KeySetUtils.getPubKey(mKsms, 3)));
LongSparseArray<ArraySet<Long>> ksMapping = KeySetUtils.getKeySetMapping(mKsms);
assertEquals(1, ksMapping.size());
ArraySet<Long> mapping = ksMapping.get(2);
assertEquals(2, mapping.size());
assertTrue(mapping.contains(new Long(2)));
assertTrue(mapping.contains(new Long(3)));
assertEquals(2, ps.keySetData.getProperSigningKeySet());
}Example 30 with PublicKey
use of java.security.PublicKey in project android_frameworks_base by ResurrectionRemix.
the class KeySetManagerServiceTest method testAddDefinedKSToPackageThree.
/* add defined keyset, remove it, add again and make sure diff id. */
public void testAddDefinedKSToPackageThree() throws ReflectiveOperationException {
/* create PackageSetting and add to Settings mPackages */
PackageSetting ps = generateFakePackageSetting("packageA");
mPackagesMap.put(ps.name, ps);
/* collect key and add */
ArrayMap<String, ArraySet<PublicKey>> definedKS = new ArrayMap<String, ArraySet<PublicKey>>();
ArraySet<PublicKey> keys1 = new ArraySet<PublicKey>();
PublicKey keyA = PackageParser.parsePublicKey(KeySetStrings.ctsKeySetPublicKeyA);
keys1.add(keyA);
definedKS.put("aliasA", keys1);
mKsms.addDefinedKeySetsToPackageLPw(ps, definedKS);
/* now upgrade to different set */
ArraySet<PublicKey> keys2 = new ArraySet<PublicKey>();
PublicKey keyB = PackageParser.parsePublicKey(KeySetStrings.ctsKeySetPublicKeyB);
keys2.add(keyB);
definedKS.remove("aliasA");
definedKS.put("aliasB", keys2);
mKsms.addDefinedKeySetsToPackageLPw(ps, definedKS);
/* upgrade back to original */
definedKS.remove("aliasB");
definedKS.put("aliasA", keys1);
mKsms.addDefinedKeySetsToPackageLPw(ps, definedKS);
assertEquals(0, KeySetUtils.getKeySetRefCount(mKsms, 1));
assertEquals(0, KeySetUtils.getKeySetRefCount(mKsms, 2));
assertEquals(1, KeySetUtils.getKeySetRefCount(mKsms, 3));
assertEquals(0, KeySetUtils.getPubKeyRefCount(mKsms, 1));
assertEquals(0, KeySetUtils.getPubKeyRefCount(mKsms, 2));
assertEquals(1, KeySetUtils.getPubKeyRefCount(mKsms, 3));
assertEquals(keyA, KeySetUtils.getPubKey(mKsms, 3));
LongSparseArray<ArraySet<Long>> ksMapping = KeySetUtils.getKeySetMapping(mKsms);
assertEquals(1, ksMapping.size());
ArraySet<Long> mapping = ksMapping.get(3);
assertEquals(1, mapping.size());
assertTrue(mapping.contains(new Long(3)));
assertEquals(new Long(3), ps.keySetData.getAliases().get("aliasA"));
}Aggregations
PublicKey (java.security.PublicKey)1113
PrivateKey (java.security.PrivateKey)278
KeyFactory (java.security.KeyFactory)184
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)170
KeyPair (java.security.KeyPair)167
X509Certificate (java.security.cert.X509Certificate)165
IOException (java.io.IOException)151
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)134
RSAPublicKey (java.security.interfaces.RSAPublicKey)123
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)110
Signature (java.security.Signature)108
InvalidKeyException (java.security.InvalidKeyException)96
ArraySet (android.util.ArraySet)94
Test (org.junit.Test)92
ByteArrayInputStream (java.io.ByteArrayInputStream)77
BigInteger (java.math.BigInteger)75
CertificateException (java.security.cert.CertificateException)71
Cipher (javax.crypto.Cipher)68
KeyPairGenerator (java.security.KeyPairGenerator)65
SignatureException (java.security.SignatureException)65
