use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.
the class XmlSecInInterceptor method checkSignatureTrust.
private void checkSignatureTrust(Crypto sigCrypto, Message msg, TokenSecurityEvent<?> event) throws XMLSecurityException {
SecurityToken token = event.getSecurityToken();
if (token != null) {
X509Certificate[] certs = token.getX509Certificates();
if (certs == null && token.getPublicKey() == null && token instanceof KeyNameSecurityToken) {
certs = getX509CertificatesForKeyName(sigCrypto, msg, (KeyNameSecurityToken) token);
}
PublicKey publicKey = token.getPublicKey();
X509Certificate cert = null;
if (certs != null && certs.length > 0) {
cert = certs[0];
}
// validate trust
try {
new TrustValidator().validateTrust(sigCrypto, cert, publicKey, getSubjectContraints(msg));
} catch (WSSecurityException e) {
String error = "Signature validation failed";
throw new XMLSecurityException("empty", new Object[] { error });
}
if (persistSignature) {
msg.setContent(X509Certificate.class, cert);
}
}
}
use of org.apache.xml.security.stax.impl.securityToken.KeyNameSecurityToken in project cxf by apache.
the class XmlSecInInterceptor method getX509CertificatesForKeyName.
private X509Certificate[] getX509CertificatesForKeyName(Crypto sigCrypto, Message msg, KeyNameSecurityToken token) throws XMLSecurityException {
X509Certificate[] certs;
KeyNameSecurityToken keyNameSecurityToken = token;
String keyName = keyNameSecurityToken.getKeyName();
String alias = null;
if (sigProps != null && sigProps.getKeyNameAliasMap() != null) {
alias = sigProps.getKeyNameAliasMap().get(keyName);
}
try {
certs = RSSecurityUtils.getCertificates(sigCrypto, alias);
} catch (Exception e) {
throw new XMLSecurityException("empty", new Object[] { "Error during Signature Trust " + "validation" });
}
return certs;
}
Aggregations