Examples with X509Data org.apache.xml.security.keys.content.X509Data used on opensource projects

Example 21 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class KeyUtils method prinoutKeyInfo.

/**
 * Method prinoutKeyInfo
 *
 * @param ki
 * @param os
 * @throws XMLSecurityException
 */
public static void prinoutKeyInfo(KeyInfo ki, PrintStream os) throws XMLSecurityException {
    for (int i = 0; i < ki.lengthKeyName(); i++) {
        KeyName x = ki.itemKeyName(i);
        os.println("KeyName(" + i + ")=\"" + x.getKeyName() + "\"");
    }
    for (int i = 0; i < ki.lengthKeyValue(); i++) {
        KeyValue x = ki.itemKeyValue(i);
        PublicKey pk = x.getPublicKey();
        os.println("KeyValue Nr. " + i);
        os.println(pk);
    }
    for (int i = 0; i < ki.lengthMgmtData(); i++) {
        MgmtData x = ki.itemMgmtData(i);
        os.println("MgmtData(" + i + ")=\"" + x.getMgmtData() + "\"");
    }
    for (int i = 0; i < ki.lengthX509Data(); i++) {
        X509Data x = ki.itemX509Data(i);
        os.println("X509Data(" + i + ")=\"" + (x.containsCertificate() ? "Certificate " : "") + (x.containsIssuerSerial() ? "IssuerSerial " : "") + "\"");
    }
}

Example 22 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.

/**
 * {@inheritDoc}
 */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    LOG.debug("Can I resolve {}?", element.getTagName());
    X509Data x509data = null;
    try {
        x509data = new X509Data(element, baseURI);
    } catch (XMLSignatureException ex) {
        LOG.debug("I can't");
        return null;
    } catch (XMLSecurityException ex) {
        LOG.debug("I can't");
        return null;
    }
    if (!x509data.containsIssuerSerial()) {
        return null;
    }
    try {
        if (storage == null) {
            Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
            KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
            LOG.debug("", ex);
            throw ex;
        }
        int noOfISS = x509data.lengthIssuerSerial();
        Iterator<Certificate> storageIterator = storage.getIterator();
        while (storageIterator.hasNext()) {
            X509Certificate cert = (X509Certificate) storageIterator.next();
            XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
            LOG.debug("Found Certificate Issuer: {}", certSerial.getIssuerName());
            LOG.debug("Found Certificate Serial: {}", certSerial.getSerialNumber().toString());
            for (int i = 0; i < noOfISS; i++) {
                XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
                LOG.debug("Found Element Issuer:     {}", xmliss.getIssuerName());
                LOG.debug("Found Element Serial:     {}", xmliss.getSerialNumber().toString());
                if (certSerial.equals(xmliss)) {
                    LOG.debug("match !!! ");
                    return cert;
                }
                LOG.debug("no match...");
            }
        }
        return null;
    } catch (XMLSecurityException ex) {
        LOG.debug("XMLSecurityException", ex);
        throw new KeyResolverException(ex);
    }
}

Example 23 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class XMLEncryption11Test method decryptElement.

/**
 * Method decryptElement
 *
 * Take a key, encryption type and a document, find an encrypted element
 * decrypt it and return the resulting document
 *
 * @param filename File to decrypt from
 * @param key The Key to use for decryption
 */
private Document decryptElement(Document doc, Key rsaKey, X509Certificate rsaCert) throws Exception {
    // Create the XMLCipher element
    XMLCipher cipher = XMLCipher.getInstance();
    // Need to pre-load the Encrypted Data so we can get the key info
    Element ee = (Element) doc.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
    cipher.init(XMLCipher.DECRYPT_MODE, null);
    EncryptedData encryptedData = cipher.loadEncryptedData(doc, ee);
    KeyInfo ki = encryptedData.getKeyInfo();
    EncryptedKey encryptedKey = ki.itemEncryptedKey(0);
    KeyInfo kiek = encryptedKey.getKeyInfo();
    X509Data certData = kiek.itemX509Data(0);
    XMLX509Certificate xcert = certData.itemCertificate(0);
    X509Certificate cert = xcert.getX509Certificate();
    assertTrue(rsaCert.equals(cert));
    XMLCipher cipher2 = XMLCipher.getInstance();
    cipher2.init(XMLCipher.UNWRAP_MODE, rsaKey);
    Key key = cipher2.decryptKey(encryptedKey, encryptedData.getEncryptionMethod().getAlgorithm());
    cipher.init(XMLCipher.DECRYPT_MODE, key);
    Document dd = cipher.doFinal(doc, ee);
    return dd;
}

Example 24 with X509Data

use of org.apache.xml.security.keys.content.X509Data in project santuario-java by apache.

the class XMLEncryption11Test method createEncryptedKey.

/**
 * Create an EncryptedKey object using the given parameters.
 */
private EncryptedKey createEncryptedKey(Document doc, X509Certificate rsaCert, Key sessionKey, String encryptionMethod, String digestMethod, String mgfAlgorithm, byte[] oaepParams) throws Exception {
    // Create the XMLCipher element
    XMLCipher cipher = XMLCipher.getInstance(encryptionMethod, null, digestMethod);
    cipher.init(XMLCipher.WRAP_MODE, rsaCert.getPublicKey());
    EncryptedKey encryptedKey = cipher.encryptKey(doc, sessionKey, mgfAlgorithm, oaepParams);
    KeyInfo builderKeyInfo = encryptedKey.getKeyInfo();
    if (builderKeyInfo == null) {
        builderKeyInfo = new KeyInfo(doc);
        encryptedKey.setKeyInfo(builderKeyInfo);
    }
    X509Data x509Data = new X509Data(doc);
    x509Data.addCertificate(rsaCert);
    builderKeyInfo.add(x509Data);
    return encryptedKey;
}