use of org.apache.xml.security.keys.content.x509.XMLX509SubjectName in project santuario-java by apache.
the class KeyResolverTest method testKeyResolvers.
/**
* Test key resolvers through a KeyInfo.
*/
@org.junit.Test
public void testKeyResolvers() throws Exception {
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
char[] pwd = "secret".toCharArray();
KeyStore ks = KeyStore.getInstance("JCEKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
} else {
fis = new FileInputStream("src/test/resources/test.jceks");
}
ks.load(fis, pwd);
X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.newDocument();
KeyInfo ki;
X509Data x509data;
// X509Certificate hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509Certificate(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
assertNull(ki.getPrivateKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// Issuer/Serial hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SubjectName hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SKI hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SKI(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// KeyName hint
String rsaKeyName = "rsakey";
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
assertEquals(publicKey, ki.getPublicKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
assertEquals(privateKey, ki.getPrivateKey());
String des3KeyName = "des3key";
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(secretKeyResolver);
assertEquals(secretKey, ki.getSecretKey());
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
assertEquals(secretKey, ki.getSecretKey());
}
use of org.apache.xml.security.keys.content.x509.XMLX509SubjectName in project santuario-java by apache.
the class PrivateKeyResolver method resolveX509SubjectName.
/*
* Search for a private key entry in the KeyStore with the same Subject Name.
*/
private PrivateKey resolveX509SubjectName(XMLX509SubjectName x509SubjectName) throws KeyStoreException {
LOG.debug("Can I resolve X509SubjectName?");
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
Certificate cert = keyStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
XMLX509SubjectName certSN = new XMLX509SubjectName(x509SubjectName.getDocument(), (X509Certificate) cert);
if (certSN.equals(x509SubjectName)) {
LOG.debug("match !!! ");
try {
Key key = keyStore.getKey(alias, password);
if (key instanceof PrivateKey) {
return (PrivateKey) key;
}
} catch (Exception e) {
LOG.debug("Cannot recover the key", e);
// Keep searching
}
}
}
}
}
return null;
}
Aggregations