Search in sources :

Example 1 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.

the class PrivateKeyResolver method resolveX509Data.

private PrivateKey resolveX509Data(Element element, String baseURI) {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509Data?");
    try {
        X509Data x509Data = new X509Data(element, baseURI);
        int len = x509Data.lengthSKI();
        for (int i = 0; i < len; i++) {
            XMLX509SKI x509SKI = x509Data.itemSKI(i);
            PrivateKey privKey = resolveX509SKI(x509SKI);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthIssuerSerial();
        for (int i = 0; i < len; i++) {
            XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
            PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthSubjectName();
        for (int i = 0; i < len; i++) {
            XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
            PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthCertificate();
        for (int i = 0; i < len; i++) {
            XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
            PrivateKey privKey = resolveX509Certificate(x509Cert);
            if (privKey != null) {
                return privKey;
            }
        }
    } catch (XMLSecurityException e) {
        log.log(java.util.logging.Level.FINE, "XMLSecurityException", e);
    } catch (KeyStoreException e) {
        log.log(java.util.logging.Level.FINE, "KeyStoreException", e);
    }
    return null;
}
Also used : XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) PrivateKey(java.security.PrivateKey) XMLX509SKI(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SKI) XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial) KeyStoreException(java.security.KeyStoreException) X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data) XMLX509SubjectName(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)

Example 2 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project xades4j by luisgoncalves.

the class SignatureUtils method processKeyInfo.

static KeyInfoRes processKeyInfo(KeyInfo keyInfo) throws CertificateValidationException {
    if (null == keyInfo || !keyInfo.containsX509Data()) {
        throw new InvalidKeyInfoDataException("No X509Data to identify the leaf certificate");
    }
    List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
    XMLX509IssuerSerial issuerSerial = null;
    X509CertSelector certSelector = new X509CertSelector();
    // XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
    // that appear MUST refer to the certificate or certificates containing the
    // validation key."
    // "All certificates appearing in an X509Data element MUST relate to the
    // validation key by either containing it or being part of a certification
    // chain that terminates in a certificate containing the validation key".
    // Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
    // first to be found is used to select the leaf certificate. If none of those
    // elements is present, the first ds:X509Certificate is assumed as the signing
    // certificate.
    boolean hasSelectionCriteria = false;
    try {
        for (int i = 0; i < keyInfo.lengthX509Data(); ++i) {
            X509Data x509Data = keyInfo.itemX509Data(i);
            if (!hasSelectionCriteria) {
                if (x509Data.containsIssuerSerial()) {
                    issuerSerial = x509Data.itemIssuerSerial(0);
                    certSelector.setIssuer(new X500Principal(issuerSerial.getIssuerName()));
                    certSelector.setSerialNumber(issuerSerial.getSerialNumber());
                    hasSelectionCriteria = true;
                } else if (x509Data.containsSubjectName()) {
                    certSelector.setSubject(new X500Principal(x509Data.itemSubjectName(0).getSubjectName()));
                    hasSelectionCriteria = true;
                }
            }
            // Collect all certificates as they may be needed to build the cert path.
            if (x509Data.containsCertificate()) {
                for (int j = 0; j < x509Data.lengthCertificate(); ++j) {
                    keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
                }
            }
        }
        if (!hasSelectionCriteria) {
            if (keyInfoCerts.isEmpty()) {
                // find the "bottom" certificate.
                throw new InvalidKeyInfoDataException("No criteria to select the leaf certificate");
            }
            certSelector.setCertificate(keyInfoCerts.get(0));
        }
    } catch (XMLSecurityException ex) {
        throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
    }
    return new KeyInfoRes(keyInfoCerts, certSelector, issuerSerial);
}
Also used : ArrayList(java.util.ArrayList) X500Principal(javax.security.auth.x500.X500Principal) X509CertSelector(java.security.cert.X509CertSelector) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) X509Data(org.apache.xml.security.keys.content.X509Data) X509Certificate(java.security.cert.X509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 3 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class PrivateKeyResolver method resolveX509Data.

private PrivateKey resolveX509Data(Element element, String baseURI) {
    LOG.debug("Can I resolve X509Data?");
    try {
        X509Data x509Data = new X509Data(element, baseURI);
        int len = x509Data.lengthSKI();
        for (int i = 0; i < len; i++) {
            XMLX509SKI x509SKI = x509Data.itemSKI(i);
            PrivateKey privKey = resolveX509SKI(x509SKI);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthIssuerSerial();
        for (int i = 0; i < len; i++) {
            XMLX509IssuerSerial x509Serial = x509Data.itemIssuerSerial(i);
            PrivateKey privKey = resolveX509IssuerSerial(x509Serial);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthSubjectName();
        for (int i = 0; i < len; i++) {
            XMLX509SubjectName x509SubjectName = x509Data.itemSubjectName(i);
            PrivateKey privKey = resolveX509SubjectName(x509SubjectName);
            if (privKey != null) {
                return privKey;
            }
        }
        len = x509Data.lengthCertificate();
        for (int i = 0; i < len; i++) {
            XMLX509Certificate x509Cert = x509Data.itemCertificate(i);
            PrivateKey privKey = resolveX509Certificate(x509Cert);
            if (privKey != null) {
                return privKey;
            }
        }
    } catch (XMLSecurityException e) {
        LOG.debug("XMLSecurityException", e);
    } catch (KeyStoreException e) {
        LOG.debug("KeyStoreException", e);
    }
    return null;
}
Also used : XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) PrivateKey(java.security.PrivateKey) XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) KeyStoreException(java.security.KeyStoreException) X509Data(org.apache.xml.security.keys.content.X509Data) XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 4 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class PrivateKeyResolver method resolveX509IssuerSerial.

/*
     * Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
     */
private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
    LOG.debug("Can I resolve X509IssuerSerial?");
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
                if (certSerial.equals(x509Serial)) {
                    LOG.debug("match !!! ");
                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    } catch (Exception e) {
                        LOG.debug("Cannot recover the key", e);
                    // Keep searching
                    }
                }
            }
        }
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyStoreException(java.security.KeyStoreException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class XMLX509IssuerSerialTest method testGetIssuerName.

@org.junit.Test
public void testGetIssuerName() throws Exception {
    // Make sure hex encoded value is not escaped (see ...)
    String issuer = "9.99.999=#abc123";
    XMLX509IssuerSerial is = new XMLX509IssuerSerial(doc, issuer, 0);
    assertEquals(issuer, is.getIssuerName());
    // System.out.println(is.getIssuerName());
    issuer = "CN=#abc123";
    is = new XMLX509IssuerSerial(doc, issuer, 0);
    assertEquals("CN=\\#abc123", is.getIssuerName());
// System.out.println(is.getIssuerName());
}
Also used : XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)

Aggregations

X509Certificate (java.security.cert.X509Certificate)7 XMLX509IssuerSerial (org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)7 PrivateKey (java.security.PrivateKey)5 X509Data (org.apache.xml.security.keys.content.X509Data)5 KeyStoreException (java.security.KeyStoreException)4 Certificate (java.security.cert.Certificate)4 SecretKey (javax.crypto.SecretKey)4 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)4 XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)3 XMLX509IssuerSerial (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)3 Key (java.security.Key)3 PublicKey (java.security.PublicKey)3 XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)3 X509Data (com.sun.org.apache.xml.internal.security.keys.content.X509Data)2 XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)2 KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)2 KeyStore (java.security.KeyStore)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ArrayList (java.util.ArrayList)2 DocumentBuilder (javax.xml.parsers.DocumentBuilder)2