Example 1 with UnexpectedJCAException
use of xades4j.verification.UnexpectedJCAException in project xades4j by luisgoncalves.
the class KeyStoreKeyingDataProvider method ensureInitialized.
private void ensureInitialized() throws UnexpectedJCAException {
synchronized (this.lockObj) {
if (!this.initialized) {
try {
KeyStore.CallbackHandlerProtection storeLoadProtec = null;
if (storePasswordProvider != null)
// Create the load protection with callback.
storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
PasswordCallback c = (PasswordCallback) callbacks[0];
c.setPassword(storePasswordProvider.getPassword());
}
});
else
// If no load password provider is supplied is because it shouldn't
// be needed. Create a dummy protection because the keystore
// builder needs it to be non-null.
storeLoadProtec = new KeyStore.CallbackHandlerProtection(new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
throw new UnsupportedOperationException("No KeyStorePasswordProvider");
}
});
this.keyStore = builderCreator.getBuilder(storeLoadProtec).getKeyStore();
} catch (KeyStoreException ex) {
throw new UnexpectedJCAException("The keystore couldn't be initialized", ex);
}
this.initialized = true;
}
}
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Callback(javax.security.auth.callback.Callback)
UnexpectedJCAException(xades4j.verification.UnexpectedJCAException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
Example 2 with UnexpectedJCAException
use of xades4j.verification.UnexpectedJCAException in project xades4j by luisgoncalves.
the class KeyStoreKeyingDataProvider method getSigningKey.
@Override
public PrivateKey getSigningKey(X509Certificate signingCert) throws SigningKeyException, UnexpectedJCAException {
ensureInitialized();
try {
// The certificate supplied by the library is always the first certificate
// in the chain supplied by getSigningCertificateChain, which means
// that an entry will always be present. Also, this entry is always
// a PrivateKeyEntry.
String entryAlias = this.keyStore.getCertificateAlias(signingCert);
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(entryAlias, getKeyProtection(entryAlias, signingCert, this.entryPasswordProvider));
return entry.getPrivateKey();
} catch (UnrecoverableKeyException ex) {
throw new SigningKeyException("Invalid key entry password", ex);
} catch (GeneralSecurityException ex) {
// KeyStoreException
throw new UnexpectedJCAException(ex.getMessage(), ex);
}
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
GeneralSecurityException(java.security.GeneralSecurityException)
UnexpectedJCAException(xades4j.verification.UnexpectedJCAException)
KeyStore(java.security.KeyStore)
Example 3 with UnexpectedJCAException
use of xades4j.verification.UnexpectedJCAException in project xades4j by luisgoncalves.
the class PKIXCertificateValidationProvider method validate.
@Override
public ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts) throws CertificateValidationException, UnexpectedJCAException {
PKIXBuilderParameters builderParams;
try {
builderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
} catch (KeyStoreException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore is not initialized", ex);
} catch (InvalidAlgorithmParameterException ex) {
throw new CannotBuildCertificationPathException(certSelector, "Trust anchors KeyStore has no trusted certificate entries", ex);
}
PKIXCertPathBuilderResult builderRes;
try {
// - The other certificates from the signature (e.g. from KeyInfo).
if (otherCerts != null) {
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(otherCerts);
CertStore othersCertStore = CertStore.getInstance("Collection", ccsp);
builderParams.addCertStore(othersCertStore);
}
// - The external certificates/CRLs.
for (int i = 0; i < intermCertsAndCrls.length; i++) {
builderParams.addCertStore(intermCertsAndCrls[i]);
}
builderParams.setRevocationEnabled(revocationEnabled);
builderParams.setMaxPathLength(maxPathLength);
builderParams.setDate(validationDate);
builderParams.setSigProvider(this.signatureProvider);
builderRes = (PKIXCertPathBuilderResult) certPathBuilder.build(builderParams);
} catch (CertPathBuilderException ex) {
throw new CannotBuildCertificationPathException(certSelector, ex.getMessage(), ex);
} catch (InvalidAlgorithmParameterException ex) {
// cannot be applied.
throw new CannotSelectCertificateException(certSelector, ex);
} catch (NoSuchAlgorithmException ex) {
// SHOULD NOT be thrown.
throw new UnexpectedJCAException("No provider for Collection CertStore", ex);
}
// The cert path returned by the builder ends in a certificate issued by
// the trust anchor. However, the complete path may be needed for property
// verification.
List<X509Certificate> certPath = (List<X509Certificate>) builderRes.getCertPath().getCertificates();
// - Create a new list since the previous is immutable.
certPath = new ArrayList<X509Certificate>(certPath);
// - Add the trust anchor certificate.
certPath.add(builderRes.getTrustAnchor().getTrustedCert());
if (revocationEnabled) {
return new ValidationData(certPath, getCRLsForCertPath(certPath, validationDate));
}
return new ValidationData(certPath);
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
X509Certificate(java.security.cert.X509Certificate)
ValidationData(xades4j.providers.ValidationData)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult)
UnexpectedJCAException(xades4j.verification.UnexpectedJCAException)
CannotSelectCertificateException(xades4j.providers.CannotSelectCertificateException)
ArrayList(java.util.ArrayList)
List(java.util.List)
CertStore(java.security.cert.CertStore)
CannotBuildCertificationPathException(xades4j.providers.CannotBuildCertificationPathException)
Example 4 with UnexpectedJCAException
use of xades4j.verification.UnexpectedJCAException in project xades4j by luisgoncalves.
the class KeyStoreKeyingDataProvider method getSigningCertificateChain.
@Override
public List<X509Certificate> getSigningCertificateChain() throws SigningCertChainException, UnexpectedJCAException {
ensureInitialized();
try {
List<X509Certificate> availableSignCerts = new ArrayList<X509Certificate>(keyStore.size());
for (Enumeration<String> aliases = keyStore.aliases(); aliases.hasMoreElements(); ) {
String alias = aliases.nextElement();
if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
Certificate cer = keyStore.getCertificate(alias);
if (cer instanceof X509Certificate)
availableSignCerts.add((X509Certificate) cer);
}
}
if (availableSignCerts.isEmpty())
throw new SigningCertChainException("No certificates available in the key store");
// Select the signing certificate from the available certificates.
X509Certificate signingCert = this.certificateSelector.selectCertificate(availableSignCerts);
String signingCertAlias = this.keyStore.getCertificateAlias(signingCert);
if (null == signingCertAlias)
throw new SigningCertChainException("Selected certificate not present in the key store");
Certificate[] signingCertChain = this.keyStore.getCertificateChain(signingCertAlias);
if (null == signingCertChain)
throw new SigningCertChainException("Selected certificate doesn't match a key and corresponding certificate chain");
if (this.returnFullChain) {
List lChain = Arrays.asList(signingCertChain);
return Collections.checkedList(lChain, X509Certificate.class);
} else
return Collections.singletonList((X509Certificate) signingCertChain[0]);
} catch (KeyStoreException ex) {
// keystore is not loaded.
throw new UnexpectedJCAException(ex.getMessage(), ex);
}
}
Also used :
UnexpectedJCAException(xades4j.verification.UnexpectedJCAException)
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
UnexpectedJCAException (xades4j.verification.UnexpectedJCAException)4
KeyStore (java.security.KeyStore)3
KeyStoreException (java.security.KeyStoreException)3
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
CertPathBuilderException (java.security.cert.CertPathBuilderException)1
CertStore (java.security.cert.CertStore)1
Certificate (java.security.cert.Certificate)1
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)1
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)1
PKIXCertPathBuilderResult (java.security.cert.PKIXCertPathBuilderResult)1
Callback (javax.security.auth.callback.Callback)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
