Example 1 with KeyResolverSpi
use of org.apache.xml.security.keys.keyresolver.KeyResolverSpi in project santuario-java by apache.
the class KeyInfo method getX509CertificateFromStaticResolvers.
/**
* This method uses each System-wide {@link KeyResolver} to search the
* child elements. Each combination of {@link KeyResolver} and child element
* is checked against all {@link StorageResolver}s.
*
* @return The certificate contained in this KeyInfo
* @throws KeyResolverException
*/
X509Certificate getX509CertificateFromStaticResolvers() throws KeyResolverException {
LOG.debug("Start getX509CertificateFromStaticResolvers() with {} resolvers", KeyResolver.length());
String uri = this.getBaseURI();
Iterator<KeyResolverSpi> it = KeyResolver.iterator();
while (it.hasNext()) {
KeyResolverSpi keyResolver = it.next();
keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
}
}
return null;
}
Also used :
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with KeyResolverSpi
use of org.apache.xml.security.keys.keyresolver.KeyResolverSpi in project santuario-java by apache.
the class KeyInfo method getX509CertificateFromInternalResolvers.
/**
* Method getX509CertificateFromInternalResolvers
*
* @return The certificate contained in this KeyInfo
* @throws KeyResolverException
*/
X509Certificate getX509CertificateFromInternalResolvers() throws KeyResolverException {
LOG.debug("Start getX509CertificateFromInternalResolvers() with {} resolvers", +this.lengthInternalKeyResolver());
String uri = this.getBaseURI();
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
keyResolver.setSecureValidation(secureValidation);
X509Certificate cert = applyCurrentResolver(uri, keyResolver);
if (cert != null) {
return cert;
}
}
return null;
}
Also used :
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with KeyResolverSpi
use of org.apache.xml.security.keys.keyresolver.KeyResolverSpi in project santuario-java by apache.
the class KeyInfo method getPrivateKeyFromInternalResolvers.
/**
* Searches the per-KeyInfo KeyResolvers for private keys
*
* @return the private key contained in this KeyInfo
* @throws KeyResolverException
*/
PrivateKey getPrivateKeyFromInternalResolvers() throws KeyResolverException {
for (KeyResolverSpi keyResolver : internalKeyResolvers) {
LOG.debug("Try {}", keyResolver.getClass().getName());
keyResolver.setSecureValidation(secureValidation);
Node currentChild = getFirstChild();
String uri = this.getBaseURI();
while (currentChild != null) {
if (currentChild.getNodeType() == Node.ELEMENT_NODE) {
// not using StorageResolvers at the moment
// since they cannot return private keys
PrivateKey pk = keyResolver.engineLookupAndResolvePrivateKey((Element) currentChild, uri, null);
if (pk != null) {
return pk;
}
}
currentChild = currentChild.getNextSibling();
}
}
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
Node(org.w3c.dom.Node)
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
Example 4 with KeyResolverSpi
use of org.apache.xml.security.keys.keyresolver.KeyResolverSpi in project santuario-java by apache.
the class KeyResolverTest method testResolvePrivateKey.
/**
* Encrypt some data, embedded the data encryption key
* in the message using the key transport algorithm rsa-1_5.
* Decrypt the data by resolving the Key Encryption Key.
* This test verifies if a KeyResolver can return a PrivateKey.
*/
@org.junit.Test
public void testResolvePrivateKey() throws Exception {
// See if AES-128 is available...
String algorithmId = JCEMapper.translateURItoJCEID(org.apache.xml.security.utils.EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
boolean haveAES = false;
if (algorithmId != null) {
try {
if (Cipher.getInstance(algorithmId) != null) {
haveAES = true;
}
} catch (NoSuchAlgorithmException nsae) {
//
} catch (NoSuchPaddingException nspe) {
//
}
}
if (!haveAES) {
return;
}
// Create a sample XML document
Document document = XMLUtils.createDocumentBuilder(false).newDocument();
Element rootElement = document.createElement("root");
document.appendChild(rootElement);
Element elem = document.createElement("elem");
Text text = document.createTextNode("text");
elem.appendChild(text);
rootElement.appendChild(elem);
// Create a data encryption key
byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
SecretKeySpec dataEncryptKey = new SecretKeySpec(keyBytes, "AES");
// Create public and private keys
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd6" + "ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045b" + "bddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e08" + "1539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("10001", 16));
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger("8710a2bcb2f3fdac177f0ae0461c2dd0ebf72e0d88a5400583a7d8bdabd" + "6ae009d30cfdf6acb5b6a64cdc730bc630a39d946d08babffe62ea20a87e37c93b3b0e8a8e576045" + "bbddfbde83ca9bfa180fe6a5f5eee60661936d728314e809201ef52cd71d9fa3c8ce83f9d30ab5e0" + "81539219e7e45dd6a60be65ac95d2049b8f21", 16), new BigInteger("20c39e569c2aa80cc91e5e6b0d56e49e5bbf78827bf56a546c1d996c597" + "5187cb9a50fa828e5efe51d52f5d112c20bc700b836facadca6e0051afcdfe866841e37d207c0295" + "36ff8674b301e2198b2c56abb0a0313f8ff84c1fcd6fa541aa6e5d9c018fab4784d2940def5dc709" + "ddc714d73b6c23b5d178eaa5933577b8e8ae9", 16));
RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
// Encrypt the data encryption key with the key encryption key
XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
keyCipher.init(XMLCipher.WRAP_MODE, pubKey);
EncryptedKey encryptedKey = keyCipher.encryptKey(document, dataEncryptKey);
String keyName = "testResolvePrivateKey";
KeyInfo kekInfo = new KeyInfo(document);
kekInfo.addKeyName(keyName);
encryptedKey.setKeyInfo(kekInfo);
// Encrypt the data
XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
xmlCipher.init(XMLCipher.ENCRYPT_MODE, dataEncryptKey);
EncryptedData encryptedData = xmlCipher.getEncryptedData();
KeyInfo keyInfo = new KeyInfo(document);
keyInfo.add(encryptedKey);
encryptedData.setKeyInfo(keyInfo);
xmlCipher.doFinal(document, rootElement, true);
Element encryptedDataElement = (Element) rootElement.getFirstChild();
assertEquals("EncryptedData", encryptedDataElement.getLocalName());
// Decrypt the data by resolving the private key used as the KEK
// First test with an internal KeyResolver
MyPrivateKeyResolver.pk = privKey;
MyPrivateKeyResolver.pkName = keyName;
decryptDocument(document, new MyPrivateKeyResolver());
// Now test with a static KeyResolver
KeyResolver.registerAtStart(MyPrivateKeyResolver.class.getName(), false);
KeyResolverSpi resolver = KeyResolver.iterator().next();
assertEquals(MyPrivateKeyResolver.class.getName(), resolver.getClass().getName());
decryptDocument(document, null);
}
Also used :
EncryptedKey(org.apache.xml.security.encryption.EncryptedKey)
Element(org.w3c.dom.Element)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
XMLCipher(org.apache.xml.security.encryption.XMLCipher)
Text(org.w3c.dom.Text)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
Document(org.w3c.dom.Document)
RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
BigInteger(java.math.BigInteger)
EncryptedData(org.apache.xml.security.encryption.EncryptedData)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
KeyFactory(java.security.KeyFactory)
Example 5 with KeyResolverSpi
use of org.apache.xml.security.keys.keyresolver.KeyResolverSpi in project santuario-java by apache.
the class KeyResolverTest method testKeyResolvers.
/**
* Test key resolvers through a KeyInfo.
*/
@org.junit.Test
public void testKeyResolvers() throws Exception {
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
char[] pwd = "secret".toCharArray();
KeyStore ks = KeyStore.getInstance("JCEKS");
FileInputStream fis = null;
if (BASEDIR != null && !"".equals(BASEDIR)) {
fis = new FileInputStream(BASEDIR + SEP + "src/test/resources/test.jceks");
} else {
fis = new FileInputStream("src/test/resources/test.jceks");
}
ks.load(fis, pwd);
X509Certificate cert = (X509Certificate) ks.getCertificate("rsakey");
PublicKey publicKey = cert.getPublicKey();
PrivateKey privateKey = (PrivateKey) ks.getKey("rsakey", pwd);
SecretKey secretKey = (SecretKey) ks.getKey("des3key", pwd);
StorageResolver storage = new StorageResolver(new KeyStoreResolver(ks));
KeyResolverSpi privateKeyResolver = new PrivateKeyResolver(ks, pwd);
KeyResolverSpi secretKeyResolver = new SecretKeyResolver(ks, pwd);
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
Document doc = db.newDocument();
KeyInfo ki;
X509Data x509data;
// X509Certificate hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509Certificate(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
assertNull(ki.getPrivateKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// Issuer/Serial hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509IssuerSerial(doc, cert.getIssuerX500Principal().getName(), cert.getSerialNumber()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SubjectName hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SubjectName(doc, cert.getSubjectX500Principal().getName()));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// SKI hint
ki = new KeyInfo(doc);
ki.addStorageResolver(storage);
x509data = new X509Data(doc);
x509data.add(new XMLX509SKI(doc, cert));
ki.add(x509data);
assertEquals(publicKey, ki.getPublicKey());
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
// KeyName hint
String rsaKeyName = "rsakey";
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, publicKey));
assertEquals(publicKey, ki.getPublicKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(privateKeyResolver);
assertEquals(privateKey, ki.getPrivateKey());
ki = new KeyInfo(doc);
ki.addKeyName(rsaKeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(rsaKeyName, privateKey));
assertEquals(privateKey, ki.getPrivateKey());
String des3KeyName = "des3key";
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(secretKeyResolver);
assertEquals(secretKey, ki.getSecretKey());
ki = new KeyInfo(doc);
ki.addKeyName(des3KeyName);
ki.registerInternalKeyResolver(new SingleKeyResolver(des3KeyName, secretKey));
assertEquals(secretKey, ki.getSecretKey());
}
Also used :
SingleKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SingleKeyResolver)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
StorageResolver(org.apache.xml.security.keys.storage.StorageResolver)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
PrivateKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.PrivateKeyResolver)
XMLX509IssuerSerial(org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial)
Document(org.w3c.dom.Document)
KeyStore(java.security.KeyStore)
X509Data(org.apache.xml.security.keys.content.X509Data)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
XMLX509SubjectName(org.apache.xml.security.keys.content.x509.XMLX509SubjectName)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
SecretKey(javax.crypto.SecretKey)
KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLX509SKI(org.apache.xml.security.keys.content.x509.XMLX509SKI)
SecretKeyResolver(org.apache.xml.security.keys.keyresolver.implementations.SecretKeyResolver)
KeyResolverSpi(org.apache.xml.security.keys.keyresolver.KeyResolverSpi)
Aggregations
KeyResolverSpi (org.apache.xml.security.keys.keyresolver.KeyResolverSpi)10
Node (org.w3c.dom.Node)6
StorageResolver (org.apache.xml.security.keys.storage.StorageResolver)5
PrivateKey (java.security.PrivateKey)3
PublicKey (java.security.PublicKey)3
X509Certificate (java.security.cert.X509Certificate)3
SecretKey (javax.crypto.SecretKey)3
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
RSAPublicKey (java.security.interfaces.RSAPublicKey)2
KeyInfo (org.apache.xml.security.keys.KeyInfo)2
Document (org.w3c.dom.Document)2
FileInputStream (java.io.FileInputStream)1
BigInteger (java.math.BigInteger)1
KeyFactory (java.security.KeyFactory)1
KeyStore (java.security.KeyStore)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
RSAPrivateKeySpec (java.security.spec.RSAPrivateKeySpec)1
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)1
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
