Example 1 with KeyNameSecurityToken
use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.
the class XmlSecInInterceptor method checkSignatureTrust.
private void checkSignatureTrust(Crypto sigCrypto, Message msg, TokenSecurityEvent<?> event) throws XMLSecurityException {
SecurityToken token = event.getSecurityToken();
if (token != null) {
X509Certificate[] certs = token.getX509Certificates();
if (certs == null && token.getPublicKey() == null && token instanceof KeyNameSecurityToken) {
certs = getX509CertificatesForKeyName(sigCrypto, msg, (KeyNameSecurityToken) token);
}
PublicKey publicKey = token.getPublicKey();
X509Certificate cert = null;
if (certs != null && certs.length > 0) {
cert = certs[0];
}
// validate trust
try {
new TrustValidator().validateTrust(sigCrypto, cert, publicKey, getSubjectContraints(msg));
} catch (WSSecurityException e) {
String error = "Signature validation failed";
throw new XMLSecurityException("empty", new Object[] { error });
}
if (persistSignature) {
msg.setContent(X509Certificate.class, cert);
}
}
}
Also used :
SecurityToken(org.apache.xml.security.stax.securityToken.SecurityToken)
KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)
TrustValidator(org.apache.cxf.rs.security.common.TrustValidator)
PublicKey(java.security.PublicKey)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)
X509Certificate(java.security.cert.X509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Example 2 with KeyNameSecurityToken
use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.
the class XmlSecInInterceptor method getX509CertificatesForKeyName.
private X509Certificate[] getX509CertificatesForKeyName(Crypto sigCrypto, Message msg, KeyNameSecurityToken token) throws XMLSecurityException {
X509Certificate[] certs;
KeyNameSecurityToken keyNameSecurityToken = token;
String keyName = keyNameSecurityToken.getKeyName();
String alias = null;
if (sigProps != null && sigProps.getKeyNameAliasMap() != null) {
alias = sigProps.getKeyNameAliasMap().get(keyName);
}
try {
certs = RSSecurityUtils.getCertificates(sigCrypto, alias);
} catch (Exception e) {
throw new XMLSecurityException("empty", new Object[] { "Error during Signature Trust " + "validation" });
}
return certs;
}
Also used :
KeyNameSecurityToken(org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)
X509Certificate(java.security.cert.X509Certificate)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
PatternSyntaxException(java.util.regex.PatternSyntaxException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Aggregations
X509Certificate (java.security.cert.X509Certificate)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)2
KeyNameSecurityToken (org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken)2
IOException (java.io.IOException)1
PublicKey (java.security.PublicKey)1
PatternSyntaxException (java.util.regex.PatternSyntaxException)1
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
TrustValidator (org.apache.cxf.rs.security.common.TrustValidator)1
SecurityToken (org.apache.xml.security.stax.securityToken.SecurityToken)1
