Search in sources :

Example 1 with KeyInfoType

use of org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType in project cxf by apache.

the class RequestParser method parseUseKey.

/**
 * Parse the UseKey structure to get a ReceivedKey containing a cert/public-key/secret-key.
 * @param useKey The UseKey object
 * @param messageContext The message context object
 * @return the ReceivedKey that has been parsed
 * @throws STSException
 */
private static ReceivedKey parseUseKey(UseKeyType useKey, Map<String, Object> messageContext) throws STSException {
    byte[] x509 = null;
    if (useKey.getAny() instanceof JAXBElement<?>) {
        JAXBElement<?> useKeyJaxb = (JAXBElement<?>) useKey.getAny();
        Object obj = useKeyJaxb.getValue();
        if (KeyInfoType.class == useKeyJaxb.getDeclaredType() || obj instanceof KeyInfoType) {
            KeyInfoType keyInfoType = KeyInfoType.class.cast(useKeyJaxb.getValue());
            LOG.fine("Found KeyInfo UseKey type");
            for (Object keyInfoContent : keyInfoType.getContent()) {
                X509DataType x509DataType = extractType(keyInfoContent, X509DataType.class);
                if (null != x509DataType) {
                    LOG.fine("Found X509Data KeyInfo type");
                    for (Object x509Object : x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
                        x509 = extractType(x509Object, byte[].class);
                        if (null != x509) {
                            LOG.fine("Found X509Certificate UseKey type");
                            break;
                        }
                    }
                }
            }
        } else if (SecurityTokenReferenceType.class == useKeyJaxb.getDeclaredType() || obj instanceof SecurityTokenReferenceType) {
            SecurityTokenReferenceType strType = SecurityTokenReferenceType.class.cast(useKeyJaxb.getValue());
            Element token = fetchTokenElementFromReference(strType, messageContext);
            try {
                x509 = Base64Utility.decode(token.getTextContent().trim());
                LOG.fine("Found X509Certificate UseKey type via reference");
            } catch (Exception e) {
                LOG.log(Level.WARNING, "", e);
                throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
            }
        }
    } else if (useKey.getAny() instanceof Element) {
        if (isTokenReferenced(useKey.getAny())) {
            Element token = fetchTokenElementFromReference(useKey.getAny(), messageContext);
            try {
                x509 = Base64Utility.decode(token.getTextContent().trim());
                LOG.fine("Found X509Certificate UseKey type via reference");
            } catch (Exception e) {
                LOG.log(Level.WARNING, "", e);
                throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
            }
        } else {
            Element element = (Element) useKey.getAny();
            if ("KeyInfo".equals(element.getLocalName())) {
                return parseKeyInfoElement((Element) useKey.getAny());
            }
            NodeList x509CertData = element.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE);
            if (x509CertData != null && x509CertData.getLength() > 0) {
                try {
                    x509 = Base64Utility.decode(x509CertData.item(0).getTextContent().trim());
                    LOG.fine("Found X509Certificate UseKey type");
                } catch (Exception e) {
                    LOG.log(Level.WARNING, "", e);
                    throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
                }
            }
        }
    } else {
        LOG.log(Level.WARNING, "An unknown element was received");
        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
    }
    if (x509 != null) {
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(x509));
            LOG.fine("Successfully parsed X509 Certificate from UseKey");
            ReceivedKey receivedKey = new ReceivedKey();
            receivedKey.setX509Cert(cert);
            return receivedKey;
        } catch (CertificateException ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in parsing certificate: ", ex, STSException.INVALID_REQUEST);
        }
    }
    return null;
}
Also used : X509DataType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) STSException(org.apache.cxf.ws.security.sts.provider.STSException) CertificateException(java.security.cert.CertificateException) JAXBElement(javax.xml.bind.JAXBElement) CertificateFactory(java.security.cert.CertificateFactory) KeyException(java.security.KeyException) URISyntaxException(java.net.URISyntaxException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) MarshalException(javax.xml.crypto.MarshalException) CertificateException(java.security.cert.CertificateException) STSException(org.apache.cxf.ws.security.sts.provider.STSException) NoSuchProviderException(java.security.NoSuchProviderException) X509Certificate(java.security.cert.X509Certificate) KeyInfoType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType) ByteArrayInputStream(java.io.ByteArrayInputStream) SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)

Aggregations

ByteArrayInputStream (java.io.ByteArrayInputStream)1 URISyntaxException (java.net.URISyntaxException)1 KeyException (java.security.KeyException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 CertificateException (java.security.cert.CertificateException)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 JAXBElement (javax.xml.bind.JAXBElement)1 MarshalException (javax.xml.crypto.MarshalException)1 STSException (org.apache.cxf.ws.security.sts.provider.STSException)1 SecurityTokenReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)1 KeyInfoType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType)1 X509DataType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 Element (org.w3c.dom.Element)1 NodeList (org.w3c.dom.NodeList)1