Examples with DOMRetrievalMethod org.jcp.xml.dsig.internal.dom.DOMRetrievalMethod used on opensource projects

Example 1 with DOMRetrievalMethod

use of org.jcp.xml.dsig.internal.dom.DOMRetrievalMethod in project jdk8u_jdk by JetBrains.

the class X509KeySelector method select.

/**
     * Finds a key from the keystore satisfying the specified constraints.
     *
     * <p>This method compares data contained in {@link KeyInfo} entries
     * with information stored in the <code>KeyStore</code>. The implementation
     * iterates over the KeyInfo types and returns the first {@link PublicKey}
     * of an X509Certificate in the keystore that is compatible with the
     * specified AlgorithmMethod according to the following rules for each
     * keyinfo type:
     *
     * X509Data X509Certificate: if it contains a <code>KeyUsage</code>
     *   extension that asserts the <code>digitalSignature</code> bit and
     *   matches an <code>X509Certificate</code> in the <code>KeyStore</code>.
     * X509Data X509IssuerSerial: if the serial number and issuer DN match an
     *    <code>X509Certificate</code> in the <code>KeyStore</code>.
     * X509Data X509SubjectName: if the subject DN matches an
     *    <code>X509Certificate</code> in the <code>KeyStore</code>.
     * X509Data X509SKI: if the subject key identifier matches an
     *    <code>X509Certificate</code> in the <code>KeyStore</code>.
     * KeyName: if the keyname matches an alias in the <code>KeyStore</code>.
     * RetrievalMethod: supports rawX509Certificate and X509Data types. If
     *    rawX509Certificate type, it must match an <code>X509Certificate</code>
     *    in the <code>KeyStore</code>.
     *
     * @param keyInfo a <code>KeyInfo</code> (may be <code>null</code>)
     * @param purpose the key's purpose
     * @param method the algorithm method that this key is to be used for.
     *    Only keys that are compatible with the algorithm and meet the
     *    constraints of the specified algorithm should be returned.
     * @param an <code>XMLCryptoContext</code> that may contain additional
     *    useful information for finding an appropriate key
     * @return a key selector result
     * @throws KeySelectorException if an exceptional condition occurs while
     *    attempting to find a key. Note that an inability to find a key is not
     *    considered an exception (<code>null</code> should be
     *    returned in that case). However, an error condition (ex: network
     *    communications failure) that prevented the <code>KeySelector</code>
     *    from finding a potential key should be considered an exception.
     * @throws ClassCastException if the data type of <code>method</code>
     *    is not supported by this key selector
     */
public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException {
    SignatureMethod sm = (SignatureMethod) method;
    try {
        // return null if keyinfo is null or keystore is empty
        if (keyInfo == null || ks.size() == 0) {
            return new SimpleKeySelectorResult(null);
        }
        // Iterate through KeyInfo types
        Iterator i = keyInfo.getContent().iterator();
        while (i.hasNext()) {
            XMLStructure kiType = (XMLStructure) i.next();
            // check X509Data
            if (kiType instanceof X509Data) {
                X509Data xd = (X509Data) kiType;
                KeySelectorResult ksr = x509DataSelect(xd, sm);
                if (ksr != null) {
                    return ksr;
                }
            // check KeyName
            } else if (kiType instanceof KeyName) {
                KeyName kn = (KeyName) kiType;
                Certificate cert = ks.getCertificate(kn.getName());
                if (cert != null && algEquals(sm.getAlgorithm(), cert.getPublicKey().getAlgorithm())) {
                    return new SimpleKeySelectorResult(cert.getPublicKey());
                }
            // check RetrievalMethod
            } else if (kiType instanceof RetrievalMethod) {
                RetrievalMethod rm = (RetrievalMethod) kiType;
                try {
                    KeySelectorResult ksr = null;
                    if (rm.getType().equals(X509Data.RAW_X509_CERTIFICATE_TYPE)) {
                        OctetStreamData data = (OctetStreamData) rm.dereference(context);
                        CertificateFactory cf = CertificateFactory.getInstance("X.509");
                        X509Certificate cert = (X509Certificate) cf.generateCertificate(data.getOctetStream());
                        ksr = certSelect(cert, sm);
                    } else if (rm.getType().equals(X509Data.TYPE)) {
                        X509Data xd = (X509Data) ((DOMRetrievalMethod) rm).dereferenceAsXMLStructure(context);
                        ksr = x509DataSelect(xd, sm);
                    } else {
                        // skip; keyinfo type is not supported
                        continue;
                    }
                    if (ksr != null) {
                        return ksr;
                    }
                } catch (Exception e) {
                    throw new KeySelectorException(e);
                }
            }
        }
    } catch (KeyStoreException kse) {
        // throw exception if keystore is uninitialized
        throw new KeySelectorException(kse);
    }
    // return null since no match could be found
    return new SimpleKeySelectorResult(null);
}