Search in sources :

Example 1 with KeyNameSecurityToken

use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.

the class XmlSecInInterceptor method checkSignatureTrust.

private void checkSignatureTrust(Crypto sigCrypto, Message msg, TokenSecurityEvent<?> event) throws XMLSecurityException {
    SecurityToken token = event.getSecurityToken();
    if (token != null) {
        X509Certificate[] certs = token.getX509Certificates();
        if (certs == null && token.getPublicKey() == null && token instanceof KeyNameSecurityToken) {
            certs = getX509CertificatesForKeyName(sigCrypto, msg, (KeyNameSecurityToken) token);
        }
        PublicKey publicKey = token.getPublicKey();
        X509Certificate cert = null;
        if (certs != null && certs.length > 0) {
            cert = certs[0];
        }
        // validate trust
        try {
            new TrustValidator().validateTrust(sigCrypto, cert, publicKey, getSubjectContraints(msg));
        } catch (WSSecurityException e) {
            String error = "Signature validation failed";
            throw new XMLSecurityException("empty", new Object[] { error });
        }
        if (persistSignature) {
            msg.setContent(X509Certificate.class, cert);
        }
    }
}
Also used : SecurityToken(org.apache.xml.security.stax.securityToken.SecurityToken) KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken) TrustValidator(org.apache.cxf.rs.security.common.TrustValidator) PublicKey(java.security.PublicKey) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken) X509Certificate(java.security.cert.X509Certificate) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 2 with KeyNameSecurityToken

use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.

the class XmlSecInInterceptor method getX509CertificatesForKeyName.

private X509Certificate[] getX509CertificatesForKeyName(Crypto sigCrypto, Message msg, KeyNameSecurityToken token) throws XMLSecurityException {
    X509Certificate[] certs;
    KeyNameSecurityToken keyNameSecurityToken = token;
    String keyName = keyNameSecurityToken.getKeyName();
    String alias = null;
    if (sigProps != null && sigProps.getKeyNameAliasMap() != null) {
        alias = sigProps.getKeyNameAliasMap().get(keyName);
    }
    try {
        certs = RSSecurityUtils.getCertificates(sigCrypto, alias);
    } catch (Exception e) {
        throw new XMLSecurityException("empty", new Object[] { "Error during Signature Trust " + "validation" });
    }
    return certs;
}
Also used : KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) PatternSyntaxException(java.util.regex.PatternSyntaxException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Aggregations

X509Certificate (java.security.cert.X509Certificate)2 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2 KeyNameSecurityToken (org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)2 IOException (java.io.IOException)1 PublicKey (java.security.PublicKey)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 TrustValidator (org.apache.cxf.rs.security.common.TrustValidator)1 SecurityToken (org.apache.xml.security.stax.securityToken.SecurityToken)1