Examples with DerValue sun.security.util.DerValue used on opensource projects

Search in sources :

Example 76 with DerValue

use of sun.security.util.DerValue in project Payara by payara.

the class BaseContainerCallbackHandler method processPrivateKey.

private void processPrivateKey(PrivateKeyCallback privKeyCallback) {
    KeyStore[] kstores = secSup.getKeyStores();
    _logger.log(Level.FINE, "JASPIC: In PrivateKeyCallback Processor");
    // Make sure we have a keystore
    if (kstores == null || kstores.length == 0) {
        // cannot get any information
        privKeyCallback.setKey(null, null);
        return;
    }
    // get the request type
    PrivateKeyCallback.Request req = privKeyCallback.getRequest();
    PrivateKey privKey = null;
    Certificate[] certs = null;
    if (req == null) {
        // no request type - set default key
        PrivateKeyEntry pke = getDefaultPrivateKeyEntry(kstores);
        if (pke != null) {
            privKey = pke.getPrivateKey();
            certs = pke.getCertificateChain();
        }
        privKeyCallback.setKey(privKey, certs);
        return;
    }
    // find key based on request type
    try {
        if (req instanceof PrivateKeyCallback.AliasRequest) {
            PrivateKeyCallback.AliasRequest aReq = (PrivateKeyCallback.AliasRequest) req;
            String alias = aReq.getAlias();
            PrivateKeyEntry privKeyEntry;
            if (alias == null) {
                // use default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                privKeyEntry = sslUtils.getPrivateKeyEntryFromTokenAlias(alias);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else if (req instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
            PrivateKeyCallback.IssuerSerialNumRequest isReq = (PrivateKeyCallback.IssuerSerialNumRequest) req;
            X500Principal issuer = isReq.getIssuer();
            BigInteger serialNum = isReq.getSerialNum();
            if (issuer != null && serialNum != null) {
                boolean found = false;
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            // check issuer/serial
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            if (eeCert.getIssuerX500Principal().equals(issuer) && eeCert.getSerialNumber().equals(serialNum)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
            PrivateKeyCallback.SubjectKeyIDRequest skReq = (PrivateKeyCallback.SubjectKeyIDRequest) req;
            byte[] subjectKeyID = skReq.getSubjectKeyID();
            if (subjectKeyID != null) {
                boolean found = false;
                // In DER, subjectKeyID will be an OCTET STRING of OCTET STRING
                DerValue derValue1 = new DerValue(DerValue.tag_OctetString, subjectKeyID);
                DerValue derValue2 = new DerValue(DerValue.tag_OctetString, derValue1.toByteArray());
                byte[] derSubjectKeyID = derValue2.toByteArray();
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            // Extension: SubjectKeyIdentifier
                            byte[] derSubKeyID = eeCert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
                            if (derSubKeyID != null && Arrays.equals(derSubKeyID, derSubjectKeyID)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.DigestRequest) {
            PrivateKeyCallback.DigestRequest dReq = (PrivateKeyCallback.DigestRequest) req;
            byte[] digest = dReq.getDigest();
            String algorithm = dReq.getAlgorithm();
            PrivateKeyEntry privKeyEntry = null;
            if (digest == null) {
                // get default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                if (algorithm == null) {
                    algorithm = DEFAULT_DIGEST_ALGORITHM;
                }
                MessageDigest md = MessageDigest.getInstance(algorithm);
                privKeyEntry = getPrivateKeyEntry(kstores, md, digest);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "invalid request type: " + req.getClass().getName());
            }
        }
    } catch (Exception e) {
        // KeyStoreException
        if (_logger.isLoggable(FINE)) {
            _logger.log(FINE, "JASPIC: In PrivateKeyCallback Processor: " + " Error reading key !", e);
        }
    } finally {
        privKeyCallback.setKey(privKey, certs);
    }
}
Also used : PrivateKey(java.security.PrivateKey) DerValue(sun.security.util.DerValue) MessageDigest(java.security.MessageDigest) Enumeration(java.util.Enumeration) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

DerValue (sun.security.util.DerValue)76 IOException (java.io.IOException)30 DerInputStream (sun.security.util.DerInputStream)26 ObjectIdentifier (sun.security.util.ObjectIdentifier)17 CertificateException (java.security.cert.CertificateException)14 DerOutputStream (sun.security.util.DerOutputStream)11 BigInteger (java.math.BigInteger)10 KeyStoreException (java.security.KeyStoreException)10 UnrecoverableKeyException (java.security.UnrecoverableKeyException)10 X509Certificate (java.security.cert.X509Certificate)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 UnrecoverableEntryException (java.security.UnrecoverableEntryException)8 CertificateFactory (java.security.cert.CertificateFactory)8 X500Principal (javax.security.auth.x500.X500Principal)7 DestroyFailedException (javax.security.auth.DestroyFailedException)6 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)5 AlgorithmId (sun.security.x509.AlgorithmId)5 AlgorithmParameters (java.security.AlgorithmParameters)4 KeyFactory (java.security.KeyFactory)4 PrivateKey (java.security.PrivateKey)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial