Search in sources :

Example 6 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.

the class PrivateKeyResolver method resolveX509IssuerSerial.

/*
     * Search for a private key entry in the KeyStore with the same Issuer/Serial Number pair.
     */
private PrivateKey resolveX509IssuerSerial(XMLX509IssuerSerial x509Serial) throws KeyStoreException {
    log.log(java.util.logging.Level.FINE, "Can I resolve X509IssuerSerial?");
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(x509Serial.getDocument(), (X509Certificate) cert);
                if (certSerial.equals(x509Serial)) {
                    log.log(java.util.logging.Level.FINE, "match !!! ");
                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    } catch (Exception e) {
                        log.log(java.util.logging.Level.FINE, "Cannot recover the key", e);
                    // Keep searching
                    }
                }
            }
        }
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyStoreException(java.security.KeyStoreException) KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) XMLX509Certificate(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)

Example 7 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project jdk8u_jdk by JetBrains.

the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.

/** @inheritDoc */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    if (log.isLoggable(java.util.logging.Level.FINE)) {
        log.log(java.util.logging.Level.FINE, "Can I resolve " + element.getTagName() + "?");
    }
    X509Data x509data = null;
    try {
        x509data = new X509Data(element, baseURI);
    } catch (XMLSignatureException ex) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "I can't");
        }
        return null;
    } catch (XMLSecurityException ex) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "I can't");
        }
        return null;
    }
    if (!x509data.containsIssuerSerial()) {
        return null;
    }
    try {
        if (storage == null) {
            Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
            KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "", ex);
            }
            throw ex;
        }
        int noOfISS = x509data.lengthIssuerSerial();
        Iterator<Certificate> storageIterator = storage.getIterator();
        while (storageIterator.hasNext()) {
            X509Certificate cert = (X509Certificate) storageIterator.next();
            XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "Found Certificate Issuer: " + certSerial.getIssuerName());
                log.log(java.util.logging.Level.FINE, "Found Certificate Serial: " + certSerial.getSerialNumber().toString());
            }
            for (int i = 0; i < noOfISS; i++) {
                XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, "Found Element Issuer:     " + xmliss.getIssuerName());
                    log.log(java.util.logging.Level.FINE, "Found Element Serial:     " + xmliss.getSerialNumber().toString());
                }
                if (certSerial.equals(xmliss)) {
                    if (log.isLoggable(java.util.logging.Level.FINE)) {
                        log.log(java.util.logging.Level.FINE, "match !!! ");
                    }
                    return cert;
                }
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, "no match...");
                }
            }
        }
        return null;
    } catch (XMLSecurityException ex) {
        if (log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
        }
        throw new KeyResolverException("generic.EmptyMessage", ex);
    }
}
Also used : KeyResolverException(com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException) XMLX509IssuerSerial(com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial) X509Data(com.sun.org.apache.xml.internal.security.keys.content.X509Data) XMLSignatureException(com.sun.org.apache.xml.internal.security.signature.XMLSignatureException) XMLSecurityException(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 8 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class SignatureVerificationTest method testIssuerSerial.

@Test
public void testIssuerSerial() throws Exception {
    // Read in plaintext document
    InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml");
    DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
    Document document = builder.parse(sourceDocument);
    // Set up the Key
    KeyStore keyStore = KeyStore.getInstance("jks");
    keyStore.load(this.getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
    Key key = keyStore.getKey("transmitter", "default".toCharArray());
    X509Certificate cert = (X509Certificate) keyStore.getCertificate("transmitter");
    // Sign using DOM
    List<String> localNames = new ArrayList<>();
    localNames.add("PaymentInfo");
    XMLSignature sig = signUsingDOM("http://www.w3.org/2000/09/xmldsig#rsa-sha1", document, localNames, key);
    // Add KeyInfo
    KeyInfo keyInfo = sig.getKeyInfo();
    XMLX509IssuerSerial issuerSerial = new XMLX509IssuerSerial(sig.getDocument(), cert);
    X509Data x509Data = new X509Data(sig.getDocument());
    x509Data.add(issuerSerial);
    keyInfo.add(x509Data);
    // XMLUtils.outputDOM(document, System.out);
    // Convert Document to a Stream Reader
    javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    transformer.transform(new DOMSource(document), new StreamResult(baos));
    XMLStreamReader xmlStreamReader = null;
    try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
        xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
    }
    // Verify signature
    XMLSecurityProperties properties = new XMLSecurityProperties();
    properties.setSignatureVerificationKey(cert.getPublicKey());
    InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
    TestSecurityEventListener securityEventListener = new TestSecurityEventListener();
    XMLStreamReader securityStreamReader = inboundXMLSec.processInMessage(xmlStreamReader, null, securityEventListener);
    document = StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), securityStreamReader);
    // Check the SecurityEvents
    checkSecurityEvents(securityEventListener);
    checkSignedElementSecurityEvents(securityEventListener);
    checkSignatureToken(securityEventListener, cert, null, SecurityTokenConstants.KeyIdentifier_IssuerSerial);
    SignedElementSecurityEvent signedElementSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.SignedElement);
    X509TokenSecurityEvent x509TokenSecurityEvent = securityEventListener.getSecurityEvent(SecurityEventConstants.X509Token);
    String signedElementCorrelationID = signedElementSecurityEvent.getCorrelationID();
    String x509TokenCorrelationID = x509TokenSecurityEvent.getCorrelationID();
    List<SecurityEvent> signatureSecurityEvents = new ArrayList<>();
    List<SecurityEvent> signedElementSecurityEvents = new ArrayList<>();
    List<SecurityEvent> securityEvents = securityEventListener.getSecurityEvents();
    for (int i = 0; i < securityEvents.size(); i++) {
        SecurityEvent securityEvent = securityEvents.get(i);
        if (securityEvent.getCorrelationID().equals(signedElementCorrelationID)) {
            signedElementSecurityEvents.add(securityEvent);
        } else if (securityEvent.getCorrelationID().equals(x509TokenCorrelationID)) {
            signatureSecurityEvents.add(securityEvent);
        }
    }
    Assert.assertEquals(4, signatureSecurityEvents.size());
    Assert.assertEquals(3, signedElementSecurityEvents.size());
    Assert.assertEquals(securityEventListener.getSecurityEvents().size(), signatureSecurityEvents.size() + signedElementSecurityEvents.size());
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) XMLStreamReader(javax.xml.stream.XMLStreamReader) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) X509Data(org.apache.xml.security.keys.content.X509Data) KeyInfo(org.apache.xml.security.keys.KeyInfo) XMLSignature(org.apache.xml.security.signature.XMLSignature) StreamResult(javax.xml.transform.stream.StreamResult) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) ByteArrayOutputStream(java.io.ByteArrayOutputStream) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) Key(java.security.Key) SecretKey(javax.crypto.SecretKey) Test(org.junit.Test)

Example 9 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class KeyResolverTest method testKeyResolvers.

/**
 * Test key resolvers through a KeyInfo.
 */
@org.junit.Test
public void testKeyResolvers() throws Exception {
    // 
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
        return;
    }
    char[] pwd = "secret".toCharArray();
    KeyStore ks = KeyStore.getInstance("JCEKS");
    FileInputStream fis = null;
    if (BASEDIR != null && !"".equals(BASEDIR)) {
        fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
    } else {
        fis = new FileInputStream("src/test/resources/test.jceks");
    }
    ks.load(fis, pwd);
    X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
    PublicKey publicKey = cert.getPublicKey();
    PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
    SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
    StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
    KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
    KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
    DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
    Document doc = db.newDocument();
    KeyInfo ki;
    X509Data x509data;
    // X509Certificate hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509Certificate(doc, cert));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    assertNull(ki.getPrivateKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // Issuer/Serial hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // SubjectName hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // SKI hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509SKI(doc, cert));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // KeyName hint
    String rsaKeyName = "rsakey";
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
    assertEquals(publicKey, ki.getPublicKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
    assertEquals(privateKey, ki.getPrivateKey());
    String des3KeyName = "des3key";
    ki = new KeyInfo(doc);
    ki.addKeyName(des3KeyName);
    ki.registerInternalKeyResolver(secretKeyResolver);
    assertEquals(secretKey, ki.getSecretKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(des3KeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
    assertEquals(secretKey, ki.getSecretKey());
}
Also used : SingleKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SingleKeyResolver) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) StorageResolver(org.apache.xml.security.keys.storage.StorageResolver) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) PrivateKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.PrivateKeyResolver) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) X509Data(org.apache.xml.security.keys.content.X509Data) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) SecretKey(javax.crypto.SecretKey) KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver) DocumentBuilder(javax.xml.parsers.DocumentBuilder) KeyInfo(org.apache.xml.security.keys.KeyInfo) XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI) SecretKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SecretKeyResolver) KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)

Example 10 with XMLX509IssuerSerial

use of org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial in project santuario-java by apache.

the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.

/**
 * {@inheritDoc}
 */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
    LOG.debug("Can I resolve {}?", element.getTagName());
    X509Data x509data = null;
    try {
        x509data = new X509Data(element, baseURI);
    } catch (XMLSignatureException ex) {
        LOG.debug("I can't");
        return null;
    } catch (XMLSecurityException ex) {
        LOG.debug("I can't");
        return null;
    }
    if (!x509data.containsIssuerSerial()) {
        return null;
    }
    try {
        if (storage == null) {
            Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
            KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
            LOG.debug("", ex);
            throw ex;
        }
        int noOfISS = x509data.lengthIssuerSerial();
        Iterator<Certificate> storageIterator = storage.getIterator();
        while (storageIterator.hasNext()) {
            X509Certificate cert = (X509Certificate) storageIterator.next();
            XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
            LOG.debug("Found Certificate Issuer: {}", certSerial.getIssuerName());
            LOG.debug("Found Certificate Serial: {}", certSerial.getSerialNumber().toString());
            for (int i = 0; i < noOfISS; i++) {
                XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
                LOG.debug("Found Element Issuer:     {}", xmliss.getIssuerName());
                LOG.debug("Found Element Serial:     {}", xmliss.getSerialNumber().toString());
                if (certSerial.equals(xmliss)) {
                    LOG.debug("match !!! ");
                    return cert;
                }
                LOG.debug("no match...");
            }
        }
        return null;
    } catch (XMLSecurityException ex) {
        LOG.debug("XMLSecurityException", ex);
        throw new KeyResolverException(ex);
    }
}
Also used : KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) X509Data(org.apache.xml.security.keys.content.X509Data) XMLSignatureException(org.apache.xml.security.signature.XMLSignatureException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

X509Certificate (java.security.cert.X509Certificate)7 XMLX509IssuerSerial (org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)7 PrivateKey (java.security.PrivateKey)5 X509Data (org.apache.xml.security.keys.content.X509Data)5 KeyStoreException (java.security.KeyStoreException)4 Certificate (java.security.cert.Certificate)4 SecretKey (javax.crypto.SecretKey)4 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)4 XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)3 XMLX509IssuerSerial (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509IssuerSerial)3 Key (java.security.Key)3 PublicKey (java.security.PublicKey)3 XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)3 X509Data (com.sun.org.apache.xml.internal.security.keys.content.X509Data)2 XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)2 KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)2 KeyStore (java.security.KeyStore)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 ArrayList (java.util.ArrayList)2 DocumentBuilder (javax.xml.parsers.DocumentBuilder)2