Example 1 with RetrievalMethod
use of org.apache.xml.security.keys.content.RetrievalMethod in project santuario-java by apache.
the class RetrievalMethodResolver method engineLookupAndResolvePublicKey.
/**
* Method engineResolvePublicKey
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
*/
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) {
if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
return null;
}
try {
// Create a retrieval method over the given element
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
// a raw certificate, direct parsing is done!
X509Certificate cert = getRawCertificate(resource);
if (cert != null) {
return cert.getPublicKey();
}
return null;
}
Element e = obtainReferenceElement(resource, secureValidation);
// which points to this element
if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
if (secureValidation) {
if (LOG.isDebugEnabled()) {
String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
LOG.debug(error);
}
return null;
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
return null;
}
}
return resolveKey(e, baseURI, storage);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
LOG.debug("CertificateException", ex);
} catch (IOException ex) {
LOG.debug("IOException", ex);
} catch (ParserConfigurationException e) {
LOG.debug("ParserConfigurationException", e);
} catch (SAXException e) {
LOG.debug("SAXException", e);
}
return null;
}
Also used :
RetrievalMethod(org.apache.xml.security.keys.content.RetrievalMethod)
Element(org.w3c.dom.Element)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
SAXException(org.xml.sax.SAXException)
Example 2 with RetrievalMethod
use of org.apache.xml.security.keys.content.RetrievalMethod in project santuario-java by apache.
the class RetrievalMethodResolver method engineLookupResolveX509Certificate.
/**
* Method engineResolveX509Certificate
* {@inheritDoc}
* @param element
* @param baseURI
* @param storage
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) {
if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
return null;
}
try {
RetrievalMethod rm = new RetrievalMethod(element, baseURI);
String type = rm.getType();
XMLSignatureInput resource = resolveInput(rm, baseURI, secureValidation);
if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
return getRawCertificate(resource);
}
Element e = obtainReferenceElement(resource, secureValidation);
// which points to this element
if (XMLUtils.elementIsInSignatureSpace(e, Constants._TAG_RETRIEVALMETHOD)) {
if (secureValidation) {
if (LOG.isDebugEnabled()) {
String error = "Error: It is forbidden to have one RetrievalMethod " + "point to another with secure validation";
LOG.debug(error);
}
return null;
}
RetrievalMethod rm2 = new RetrievalMethod(e, baseURI);
XMLSignatureInput resource2 = resolveInput(rm2, baseURI, secureValidation);
Element e2 = obtainReferenceElement(resource2, secureValidation);
if (e2 == element) {
LOG.debug("Error: Can't have RetrievalMethods pointing to each other");
return null;
}
}
return resolveCertificate(e, baseURI, storage);
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
} catch (CertificateException ex) {
LOG.debug("CertificateException", ex);
} catch (IOException ex) {
LOG.debug("IOException", ex);
} catch (ParserConfigurationException e) {
LOG.debug("ParserConfigurationException", e);
} catch (SAXException e) {
LOG.debug("SAXException", e);
}
return null;
}
Also used :
RetrievalMethod(org.apache.xml.security.keys.content.RetrievalMethod)
Element(org.w3c.dom.Element)
XMLSignatureInput(org.apache.xml.security.signature.XMLSignatureInput)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
SAXException(org.xml.sax.SAXException)
Aggregations
IOException (java.io.IOException)2
CertificateException (java.security.cert.CertificateException)2
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2
RetrievalMethod (org.apache.xml.security.keys.content.RetrievalMethod)2
XMLSignatureInput (org.apache.xml.security.signature.XMLSignatureInput)2
Element (org.w3c.dom.Element)2
SAXException (org.xml.sax.SAXException)2
X509Certificate (java.security.cert.X509Certificate)1
XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)1
