use of org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver in project OpenAM by OpenRock.
the class AMSignatureProvider method getX509PublicKey.
/**
* Get the X509Certificate embedded in the KeyInfo
* @param keyinfo KeyInfo
* @return a X509Certificate
*/
protected PublicKey getX509PublicKey(Document doc, KeyInfo keyinfo) {
PublicKey pk = null;
try {
if (keyinfo != null) {
if (isJKSKeyStore) {
StorageResolver storageResolver = new StorageResolver(new KeyStoreResolver(((JKSKeyProvider) keystore).getKeyStore()));
keyinfo.addStorageResolver(storageResolver);
keyinfo.registerInternalKeyResolver(new X509IssuerSerialResolver());
keyinfo.registerInternalKeyResolver(new X509CertificateResolver());
keyinfo.registerInternalKeyResolver(new X509SKIResolver());
keyinfo.registerInternalKeyResolver(new X509SubjectNameResolver());
}
if (keyinfo.containsX509Data()) {
if (SAMLUtilsCommon.debug.messageEnabled()) {
SAMLUtilsCommon.debug.message("Found X509Data" + " element in the KeyInfo");
}
X509Certificate certificate = keyinfo.getX509Certificate();
// the validity of the cert.
if (checkCert) {
// validate the X509Certificate
if (keystore.getCertificateAlias(certificate) == null) {
SAMLUtilsCommon.debug.error("verifyXMLSignature:" + " certificate is not trusted.");
throw new XMLSignatureException(SAMLUtilsCommon.bundle.getString("untrustedCertificate"));
} else {
if (SAMLUtilsCommon.debug.messageEnabled()) {
SAMLUtilsCommon.debug.message("verifyXMLSignature:" + " certificate is trused.");
}
}
} else {
if (SAMLUtilsCommon.debug.messageEnabled()) {
SAMLUtilsCommon.debug.message("Skip checking whether the" + " cert in the cert db.");
}
}
pk = getPublicKey(certificate);
} else {
// Do we need to check if the public key is in the
// keystore!?
pk = getWSSTokenProfilePublicKey(doc);
}
}
} catch (Exception e) {
SAMLUtilsCommon.debug.error("getX509Certificate(KeyInfo) Exception: ", e);
}
return pk;
}
use of org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver in project OpenAM by OpenRock.
the class AMEncryptionProvider method getPrivateKey.
/**
* Returns the private key for X509Certificate embedded in the KeyInfo
* @param keyinfo KeyInfo
* @return a private key for X509Certificate
*/
protected java.security.PrivateKey getPrivateKey(KeyInfo keyinfo) {
PrivateKey pk = null;
try {
if (keyinfo != null) {
StorageResolver storageResolver = new StorageResolver(new KeyStoreResolver(keyProvider.getKeyStore()));
keyinfo.addStorageResolver(storageResolver);
keyinfo.registerInternalKeyResolver(new X509IssuerSerialResolver());
keyinfo.registerInternalKeyResolver(new X509CertificateResolver());
keyinfo.registerInternalKeyResolver(new X509SKIResolver());
keyinfo.registerInternalKeyResolver(new X509SubjectNameResolver());
if (keyinfo.containsX509Data()) {
if (EncryptionUtils.debug.messageEnabled()) {
EncryptionUtils.debug.message("Found X509Data" + " element in the KeyInfo");
}
X509Certificate certificate = keyinfo.getX509Certificate();
String certAlias = keyProvider.getCertificateAlias(certificate);
pk = keyProvider.getPrivateKey(certAlias);
}
}
} catch (Exception e) {
EncryptionUtils.debug.error("getPrivateKey(KeyInfo) Exception: ", e);
}
return pk;
}
Aggregations