Search in sources :

Example 1 with X509SubjectNameResolver

use of org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver in project OpenAM by OpenRock.

the class AMSignatureProvider method getX509PublicKey.

/**
     * Get the X509Certificate embedded in the KeyInfo
     * @param keyinfo KeyInfo
     * @return a X509Certificate
     */
protected PublicKey getX509PublicKey(Document doc, KeyInfo keyinfo) {
    PublicKey pk = null;
    try {
        if (keyinfo != null) {
            if (isJKSKeyStore) {
                StorageResolver storageResolver = new StorageResolver(new KeyStoreResolver(((JKSKeyProvider) keystore).getKeyStore()));
                keyinfo.addStorageResolver(storageResolver);
                keyinfo.registerInternalKeyResolver(new X509IssuerSerialResolver());
                keyinfo.registerInternalKeyResolver(new X509CertificateResolver());
                keyinfo.registerInternalKeyResolver(new X509SKIResolver());
                keyinfo.registerInternalKeyResolver(new X509SubjectNameResolver());
            }
            if (keyinfo.containsX509Data()) {
                if (SAMLUtilsCommon.debug.messageEnabled()) {
                    SAMLUtilsCommon.debug.message("Found X509Data" + " element in the KeyInfo");
                }
                X509Certificate certificate = keyinfo.getX509Certificate();
                // the validity of the cert. 
                if (checkCert) {
                    // validate the X509Certificate
                    if (keystore.getCertificateAlias(certificate) == null) {
                        SAMLUtilsCommon.debug.error("verifyXMLSignature:" + " certificate is not trusted.");
                        throw new XMLSignatureException(SAMLUtilsCommon.bundle.getString("untrustedCertificate"));
                    } else {
                        if (SAMLUtilsCommon.debug.messageEnabled()) {
                            SAMLUtilsCommon.debug.message("verifyXMLSignature:" + " certificate is trused.");
                        }
                    }
                } else {
                    if (SAMLUtilsCommon.debug.messageEnabled()) {
                        SAMLUtilsCommon.debug.message("Skip checking whether the" + " cert in the cert db.");
                    }
                }
                pk = getPublicKey(certificate);
            } else {
                // Do we need to check if the public key is in the
                // keystore!?
                pk = getWSSTokenProfilePublicKey(doc);
            }
        }
    } catch (Exception e) {
        SAMLUtilsCommon.debug.error("getX509Certificate(KeyInfo) Exception: ", e);
    }
    return pk;
}
Also used : KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver) X509CertificateResolver(org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver) StorageResolver(org.apache.xml.security.keys.storage.StorageResolver) X509SKIResolver(org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver) X509SubjectNameResolver(org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver) X509IssuerSerialResolver(org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver) TransformerException(javax.xml.transform.TransformerException)

Example 2 with X509SubjectNameResolver

use of org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver in project OpenAM by OpenRock.

the class AMEncryptionProvider method getPrivateKey.

/**
     * Returns the private key for X509Certificate embedded in the KeyInfo
     * @param keyinfo KeyInfo
     * @return a private key for X509Certificate
     */
protected java.security.PrivateKey getPrivateKey(KeyInfo keyinfo) {
    PrivateKey pk = null;
    try {
        if (keyinfo != null) {
            StorageResolver storageResolver = new StorageResolver(new KeyStoreResolver(keyProvider.getKeyStore()));
            keyinfo.addStorageResolver(storageResolver);
            keyinfo.registerInternalKeyResolver(new X509IssuerSerialResolver());
            keyinfo.registerInternalKeyResolver(new X509CertificateResolver());
            keyinfo.registerInternalKeyResolver(new X509SKIResolver());
            keyinfo.registerInternalKeyResolver(new X509SubjectNameResolver());
            if (keyinfo.containsX509Data()) {
                if (EncryptionUtils.debug.messageEnabled()) {
                    EncryptionUtils.debug.message("Found X509Data" + " element in the KeyInfo");
                }
                X509Certificate certificate = keyinfo.getX509Certificate();
                String certAlias = keyProvider.getCertificateAlias(certificate);
                pk = keyProvider.getPrivateKey(certAlias);
            }
        }
    } catch (Exception e) {
        EncryptionUtils.debug.error("getPrivateKey(KeyInfo) Exception: ", e);
    }
    return pk;
}
Also used : PrivateKey(java.security.PrivateKey) KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver) X509CertificateResolver(org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver) StorageResolver(org.apache.xml.security.keys.storage.StorageResolver) X509SKIResolver(org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver) X509SubjectNameResolver(org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver) X509IssuerSerialResolver(org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

X509CertificateResolver (org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver)2 X509IssuerSerialResolver (org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver)2 X509SKIResolver (org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver)2 X509SubjectNameResolver (org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver)2 StorageResolver (org.apache.xml.security.keys.storage.StorageResolver)2 KeyStoreResolver (org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)2 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 TransformerException (javax.xml.transform.TransformerException)1