use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.
the class PrivateKeyResolver method resolveX509IssuerSerial.
/*
* Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
*/
private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
log.log(java.util.logging.Level.FINE, "Can I resolve X509IssuerSerial?");
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
Certificate cert = keyStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
if (certSerial.equals(x509Serial)) {
log.log(java.util.logging.Level.FINE, "match !!! ");
try {
Key key = keyStore.getKey(alias, password);
if (key instanceof PrivateKey) {
return (PrivateKey) key;
}
} catch (Exception e) {
log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
// Keep searching
}
}
}
}
}
return null;
}
use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.
the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.
/** @inheritDoc */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
}
X509Data x509data = null;
try {
x509data = new X509Data(element, baseURI);
} catch (XMLSignatureException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "I can't");
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "I can't");
}
return null;
}
if (!x509data.containsIssuerSerial()) {
return null;
}
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "", ex);
}
throw ex;
}
int noOfISS = x509data.lengthIssuerSerial();
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: " + certSerial.getIssuerName());
log.log(java.util.logging.Level.FINE, "Found Certificate Serial: " + certSerial.getSerialNumber().toString());
}
for (int i = 0; i < noOfISS; i++) {
XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Found Element Issuer: " + xmliss.getIssuerName());
log.log(java.util.logging.Level.FINE, "Found Element Serial: " + xmliss.getSerialNumber().toString());
}
if (certSerial.equals(xmliss)) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "match !!! ");
}
return cert;
}
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "no match...");
}
}
}
return null;
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
}
throw new KeyResolverException("generic.EmptyMessage", ex);
}
}
use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.
the class SignatureVerificationTest method testIssuerSerial.
@Test
public void testIssuerSerial() throws Exception {
// Read in plaintext document
InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
Document document = builder.parse(sourceDocument);
// Set up the Key
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
Key key = keyStore.getKey("transmitter", "default".toCharArray());
X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
// Sign using DOM
List<String> localNames = new ArrayList<>();
localNames.add("PaymentInfo");
XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key);
// Add KeyInfo
KeyInfo keyInfo = sig.getKeyInfo();
XMLX509IssuerSerial issuerSerial = new XMLX509IssuerSerial(sig.getDocument(), cert);
X509Data x509Data = new X509Data(sig.getDocument());
x509Data.add(issuerSerial);
keyInfo.add(x509Data);
// XMLUtils.outputDOM(document, System.out);
// Convert Document to a Stream Reader
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
XMLStreamReader xmlStreamReader = null;
try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
}
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
// Check the SecurityEvents
checkSecurityEvents(securityEventListener);
checkSignedElementSecurityEvents(securityEventListener);
checkSignatureToken(securityEventListener, cert, null, SecurityTokenConstants.KeyIdentifier_IssuerSerial);
SignedElementSecurityEvent signedElementSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.SignedElement);
X509TokenSecurityEvent x509TokenSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.X509Token);
String signedElementCorrelationID = signedElementSecurityEvent.getCorrelationID();
String x509TokenCorrelationID = x509TokenSecurityEvent.getCorrelationID();
List<SecurityEvent> signatureSecurityEvents = new ArrayList<>();
List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
List<SecurityEvent> securityEvents = securityEventListener.getSecurityEvents();
for (int i = 0; i < securityEvents.size(); i++) {
SecurityEvent securityEvent = securityEvents.get(i);
if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
signedElementSecurityEvents.add(securityEvent);
} else if (securityEvent.getCorrelationID().equals(x509TokenCorrelationID)) {
signatureSecurityEvents.add(securityEvent);
}
}
Assert.assertEquals(4, signatureSecurityEvents.size());
Assert.assertEquals(3, signedElementSecurityEvents.size());
Assert.assertEquals(securityEventListener.getSecurityEvents().size(), signatureSecurityEvents.size() + signedElementSecurityEvents.size());
}
use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.
the class KeyResolverTest method testKeyResolvers.
/**
* Test key resolvers through a KeyInfo.
*/
@org.junit.Test
public void testKeyResolvers() throws Exception {
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
char[] pwd = "secret".toCharArray();
KeyStore ks = KeyStore.getInstance("JCEKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
} else {
fis = new FileInputStream("src/test/resources/test.jceks");
}
ks.load(fis, pwd);
X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.newDocument();
KeyInfo ki;
X509Data x509data;
// X509Certificate hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509Certificate(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
assertNull(ki.getPrivateKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// Issuer/Serial hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SubjectName hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SKI hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SKI(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// KeyName hint
String rsaKeyName = "rsakey";
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
assertEquals(publicKey, ki.getPublicKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
assertEquals(privateKey, ki.getPrivateKey());
String des3KeyName = "des3key";
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(secretKeyResolver);
assertEquals(secretKey, ki.getSecretKey());
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
assertEquals(secretKey, ki.getSecretKey());
}
use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.
the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.
/**
* {@inheritDoc}
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
X509Data x509data = null;
try {
x509data = new X509Data(element, baseURI);
} catch (XMLSignatureException ex) {
LOG.debug("I can't");
return null;
} catch (XMLSecurityException ex) {
LOG.debug("I can't");
return null;
}
if (!x509data.containsIssuerSerial()) {
return null;
}
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
LOG.debug("", ex);
throw ex;
}
int noOfISS = x509data.lengthIssuerSerial();
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
LOG.debug("Found Certificate Issuer: {}", certSerial.getIssuerName());
LOG.debug("Found Certificate Serial: {}", certSerial.getSerialNumber().toString());
for (int i = 0; i < noOfISS; i++) {
XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
LOG.debug("Found Element Issuer: {}", xmliss.getIssuerName());
LOG.debug("Found Element Serial: {}", xmliss.getSerialNumber().toString());
if (certSerial.equals(xmliss)) {
LOG.debug("match !!! ");
return cert;
}
LOG.debug("no match...");
}
}
return null;
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
throw new KeyResolverException(ex);
}
}
Aggregations