Search in sources :

Example 6 with XMLX509SubjectName

use of org.apache.xml.security.keys.content.x509.XMLX509SubjectName in project santuario-java by apache.

the class KeyResolverTest method testKeyResolvers.

/**
 * Test key resolvers through a KeyInfo.
 */
@org.junit.Test
public void testKeyResolvers() throws Exception {
    // 
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
        return;
    }
    char[] pwd = "secret".toCharArray();
    KeyStore ks = KeyStore.getInstance("JCEKS");
    FileInputStream fis = null;
    if (BASEDIR != null && !"".equals(BASEDIR)) {
        fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
    } else {
        fis = new FileInputStream("src/test/resources/test.jceks");
    }
    ks.load(fis, pwd);
    X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
    PublicKey publicKey = cert.getPublicKey();
    PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
    SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
    StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
    KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
    KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
    DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
    Document doc = db.newDocument();
    KeyInfo ki;
    X509Data x509data;
    // X509Certificate hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509Certificate(doc, cert));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    assertNull(ki.getPrivateKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // Issuer/Serial hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // SubjectName hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // SKI hint
    ki = new KeyInfo(doc);
    ki.addStorageResolver(storage);
    x509data = new X509Data(doc);
    x509data.add(new XMLX509SKI(doc, cert));
    ki.add(x509data);
    assertEquals(publicKey, ki.getPublicKey());
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    // KeyName hint
    String rsaKeyName = "rsakey";
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
    assertEquals(publicKey, ki.getPublicKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(privateKeyResolver);
    assertEquals(privateKey, ki.getPrivateKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(rsaKeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
    assertEquals(privateKey, ki.getPrivateKey());
    String des3KeyName = "des3key";
    ki = new KeyInfo(doc);
    ki.addKeyName(des3KeyName);
    ki.registerInternalKeyResolver(secretKeyResolver);
    assertEquals(secretKey, ki.getSecretKey());
    ki = new KeyInfo(doc);
    ki.addKeyName(des3KeyName);
    ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
    assertEquals(secretKey, ki.getSecretKey());
}
Also used : SingleKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SingleKeyResolver) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) StorageResolver(org.apache.xml.security.keys.storage.StorageResolver) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) PrivateKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.PrivateKeyResolver) XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) X509Data(org.apache.xml.security.keys.content.X509Data) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) SecretKey(javax.crypto.SecretKey) KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver) DocumentBuilder(javax.xml.parsers.DocumentBuilder) KeyInfo(org.apache.xml.security.keys.KeyInfo) XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI) SecretKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SecretKeyResolver) KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)

Example 7 with XMLX509SubjectName

use of org.apache.xml.security.keys.content.x509.XMLX509SubjectName in project santuario-java by apache.

the class PrivateKeyResolver method resolveX509SubjectName.

/*
     * Search for a private key entry in the KeyStore with the same Subject Name.
     */
private PrivateKey resolveX509SubjectName(XMLX509SubjectName x509SubjectName) throws KeyStoreException {
    LOG.debug("Can I resolve X509SubjectName?");
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Certificate cert = keyStore.getCertificate(alias);
            if (cert instanceof X509Certificate) {
                XMLX509SubjectName certSN = new XMLX509SubjectName(x509SubjectName.getDocument(), (X509Certificate) cert);
                if (certSN.equals(x509SubjectName)) {
                    LOG.debug("match !!! ");
                    try {
                        Key key = keyStore.getKey(alias, password);
                        if (key instanceof PrivateKey) {
                            return (PrivateKey) key;
                        }
                    } catch (Exception e) {
                        LOG.debug("Cannot recover the key", e);
                    // Keep searching
                    }
                }
            }
        }
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) KeyStoreException(java.security.KeyStoreException) KeyResolverException(org.apache.xml.security.keys.keyresolver.KeyResolverException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

PrivateKey (java.security.PrivateKey)5 X509Certificate (java.security.cert.X509Certificate)5 KeyStoreException (java.security.KeyStoreException)4 Certificate (java.security.cert.Certificate)4 XMLX509SubjectName (org.apache.xml.security.keys.content.x509.XMLX509SubjectName)4 XMLSecurityException (com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException)3 XMLX509SubjectName (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509SubjectName)3 PublicKey (java.security.PublicKey)3 SecretKey (javax.crypto.SecretKey)3 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)3 XMLX509Certificate (org.apache.xml.security.keys.content.x509.XMLX509Certificate)3 XMLX509Certificate (com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate)2 KeyResolverException (com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException)2 Key (java.security.Key)2 CertificateEncodingException (java.security.cert.CertificateEncodingException)2 X509Data (org.apache.xml.security.keys.content.X509Data)2 XMLX509IssuerSerial (org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)2 XMLX509SKI (org.apache.xml.security.keys.content.x509.XMLX509SKI)2 KeyResolverException (org.apache.xml.security.keys.keyresolver.KeyResolverException)2 Element (org.w3c.dom.Element)2