use of org.apache.xml.security.keys.keyresolver.KeyResolverException in project santuario-java by apache.
the class X509IssuerSerialResolver method engineLookupResolveX509Certificate.
/**
* {@inheritDoc}
*/
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException {
LOG.debug("Can I resolve {}?", element.getTagName());
X509Data x509data = null;
try {
x509data = new X509Data(element, baseURI);
} catch (XMLSignatureException ex) {
LOG.debug("I can't");
return null;
} catch (XMLSecurityException ex) {
LOG.debug("I can't");
return null;
}
if (!x509data.containsIssuerSerial()) {
return null;
}
try {
if (storage == null) {
Object[] exArgs = { Constants._TAG_X509ISSUERSERIAL };
KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs);
LOG.debug("", ex);
throw ex;
}
int noOfISS = x509data.lengthIssuerSerial();
Iterator<Certificate> storageIterator = storage.getIterator();
while (storageIterator.hasNext()) {
X509Certificate cert = (X509Certificate) storageIterator.next();
XMLX509IssuerSerial certSerial = new XMLX509IssuerSerial(element.getOwnerDocument(), cert);
LOG.debug("Found Certificate Issuer: {}", certSerial.getIssuerName());
LOG.debug("Found Certificate Serial: {}", certSerial.getSerialNumber().toString());
for (int i = 0; i < noOfISS; i++) {
XMLX509IssuerSerial xmliss = x509data.itemIssuerSerial(i);
LOG.debug("Found Element Issuer: {}", xmliss.getIssuerName());
LOG.debug("Found Element Serial: {}", xmliss.getSerialNumber().toString());
if (certSerial.equals(xmliss)) {
LOG.debug("match !!! ");
return cert;
}
LOG.debug("no match...");
}
}
return null;
} catch (XMLSecurityException ex) {
LOG.debug("XMLSecurityException", ex);
throw new KeyResolverException(ex);
}
}
Aggregations