Example 1 with KeyInfoType
use of org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType in project cxf by apache.
the class RequestParser method parseUseKey.
/**
* Parse the UseKey structure to get a ReceivedKey containing a cert/public-key/secret-key.
* @param useKey The UseKey object
* @param messageContext The message context object
* @return the ReceivedKey that has been parsed
* @throws STSException
*/
private static ReceivedKey parseUseKey(UseKeyType useKey, Map<String, Object> messageContext) throws STSException {
byte[] x509 = null;
if (useKey.getAny() instanceof JAXBElement<?>) {
JAXBElement<?> useKeyJaxb = (JAXBElement<?>) useKey.getAny();
Object obj = useKeyJaxb.getValue();
if (KeyInfoType.class == useKeyJaxb.getDeclaredType() || obj instanceof KeyInfoType) {
KeyInfoType keyInfoType = KeyInfoType.class.cast(useKeyJaxb.getValue());
LOG.fine("Found KeyInfo UseKey type");
for (Object keyInfoContent : keyInfoType.getContent()) {
X509DataType x509DataType = extractType(keyInfoContent, X509DataType.class);
if (null != x509DataType) {
LOG.fine("Found X509Data KeyInfo type");
for (Object x509Object : x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
x509 = extractType(x509Object, byte[].class);
if (null != x509) {
LOG.fine("Found X509Certificate UseKey type");
break;
}
}
}
}
} else if (SecurityTokenReferenceType.class == useKeyJaxb.getDeclaredType() || obj instanceof SecurityTokenReferenceType) {
SecurityTokenReferenceType strType = SecurityTokenReferenceType.class.cast(useKeyJaxb.getValue());
Element token = fetchTokenElementFromReference(strType, messageContext);
try {
x509 = Base64Utility.decode(token.getTextContent().trim());
LOG.fine("Found X509Certificate UseKey type via reference");
} catch (Exception e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
}
} else if (useKey.getAny() instanceof Element) {
if (isTokenReferenced(useKey.getAny())) {
Element token = fetchTokenElementFromReference(useKey.getAny(), messageContext);
try {
x509 = Base64Utility.decode(token.getTextContent().trim());
LOG.fine("Found X509Certificate UseKey type via reference");
} catch (Exception e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
} else {
Element element = (Element) useKey.getAny();
if ("KeyInfo".equals(element.getLocalName())) {
return parseKeyInfoElement((Element) useKey.getAny());
}
NodeList x509CertData = element.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_X509CERTIFICATE);
if (x509CertData != null && x509CertData.getLength() > 0) {
try {
x509 = Base64Utility.decode(x509CertData.item(0).getTextContent().trim());
LOG.fine("Found X509Certificate UseKey type");
} catch (Exception e) {
LOG.log(Level.WARNING, "", e);
throw new STSException(e.getMessage(), e, STSException.INVALID_REQUEST);
}
}
}
} else {
LOG.log(Level.WARNING, "An unknown element was received");
throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
}
if (x509 != null) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(x509));
LOG.fine("Successfully parsed X509 Certificate from UseKey");
ReceivedKey receivedKey = new ReceivedKey();
receivedKey.setX509Cert(cert);
return receivedKey;
} catch (CertificateException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in parsing certificate: ", ex, STSException.INVALID_REQUEST);
}
}
return null;
}
Also used :
X509DataType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
CertificateException(java.security.cert.CertificateException)
JAXBElement(javax.xml.bind.JAXBElement)
CertificateFactory(java.security.cert.CertificateFactory)
KeyException(java.security.KeyException)
URISyntaxException(java.net.URISyntaxException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
MarshalException(javax.xml.crypto.MarshalException)
CertificateException(java.security.cert.CertificateException)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
NoSuchProviderException(java.security.NoSuchProviderException)
X509Certificate(java.security.cert.X509Certificate)
KeyInfoType(org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SecurityTokenReferenceType(org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)
Aggregations
ByteArrayInputStream (java.io.ByteArrayInputStream)1
URISyntaxException (java.net.URISyntaxException)1
KeyException (java.security.KeyException)1
NoSuchProviderException (java.security.NoSuchProviderException)1
CertificateException (java.security.cert.CertificateException)1
CertificateFactory (java.security.cert.CertificateFactory)1
X509Certificate (java.security.cert.X509Certificate)1
JAXBElement (javax.xml.bind.JAXBElement)1
MarshalException (javax.xml.crypto.MarshalException)1
STSException (org.apache.cxf.ws.security.sts.provider.STSException)1
SecurityTokenReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)1
KeyInfoType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.KeyInfoType)1
X509DataType (org.apache.cxf.ws.security.sts.provider.model.xmldsig.X509DataType)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
Element (org.w3c.dom.Element)1
NodeList (org.w3c.dom.NodeList)1
