org.apache.xml.security.keys.content.X509Data Java Examples
The following examples show how to use
org.apache.xml.security.keys.content.X509Data.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void addKeyInfo(Credential signatureCredential, XMLSignature sig) throws TechnicalConnectorException, XMLSecurityException {
if (signatureCredential.getCertificateChain() != null) {
Certificate[] arr$ = signatureCredential.getCertificateChain();
int len$ = arr$.length;
for(int i$ = 0; i$ < len$; ++i$) {
Certificate cert = arr$[i$];
if (sig.getKeyInfo().itemX509Data(0) == null) {
X509Data x509data = new X509Data(sig.getDocument());
sig.getKeyInfo().add(x509data);
}
sig.getKeyInfo().itemX509Data(0).addCertificate((X509Certificate)cert);
}
}
}
Example #2
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void addKeyInfo(Credential signatureCredential, XMLSignature sig) throws TechnicalConnectorException, XMLSecurityException {
if (signatureCredential.getCertificateChain() != null) {
Certificate[] arr$ = signatureCredential.getCertificateChain();
int len$ = arr$.length;
for(int i$ = 0; i$ < len$; ++i$) {
Certificate cert = arr$[i$];
if (sig.getKeyInfo().itemX509Data(0) == null) {
X509Data x509data = new X509Data(sig.getDocument());
sig.getKeyInfo().add(x509data);
}
sig.getKeyInfo().itemX509Data(0).addCertificate((X509Certificate)cert);
}
}
}
Example #3
| Source File: XmlSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 6 votes |
|
private static void addKeyInfo(Credential signatureCredential, XMLSignature sig) throws TechnicalConnectorException, XMLSecurityException {
if (signatureCredential.getCertificateChain() != null) {
Certificate[] arr$ = signatureCredential.getCertificateChain();
int len$ = arr$.length;
for(int i$ = 0; i$ < len$; ++i$) {
Certificate cert = arr$[i$];
if (sig.getKeyInfo().itemX509Data(0) == null) {
X509Data x509data = new X509Data(sig.getDocument());
sig.getKeyInfo().add(x509data);
}
sig.getKeyInfo().itemX509Data(0).addCertificate((X509Certificate)cert);
}
}
}
Example #4
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #5
| Source File: AbstractSTSClient.java From cxf with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #6
| Source File: SimpleBatchSTSClient.java From cxf with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("dsig", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("dsig", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #7
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #8
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #9
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #10
| Source File: X509DataExctractor.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public List<X509Certificate> extract(KeyInfo keyInfo) throws XMLSecurityException {
List<X509Certificate> result = new ArrayList();
for(int i = 0; i < keyInfo.lengthX509Data(); ++i) {
X509Data data = keyInfo.itemX509Data(i);
for(int j = 0; j < data.lengthCertificate(); ++j) {
result.add(data.itemCertificate(j).getX509Certificate());
}
}
return result;
}
Example #11
| Source File: X509DataExctractor.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public List<X509Certificate> extract(KeyInfo keyInfo) throws XMLSecurityException {
List<X509Certificate> result = new ArrayList();
for(int i = 0; i < keyInfo.lengthX509Data(); ++i) {
X509Data data = keyInfo.itemX509Data(i);
for(int j = 0; j < data.lengthCertificate(); ++j) {
result.add(data.itemCertificate(j).getX509Certificate());
}
}
return result;
}
Example #12
| Source File: X509DataExctractor.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public List<X509Certificate> extract(KeyInfo keyInfo) throws XMLSecurityException {
List<X509Certificate> result = new ArrayList();
for(int i = 0; i < keyInfo.lengthX509Data(); ++i) {
X509Data data = keyInfo.itemX509Data(i);
for(int j = 0; j < data.lengthCertificate(); ++j) {
result.add(data.itemCertificate(j).getX509Certificate());
}
}
return result;
}
Example #13
| Source File: X509DataExctractor.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public List<X509Certificate> extract(KeyInfo keyInfo) throws XMLSecurityException {
List<X509Certificate> result = new ArrayList();
for(int i = 0; i < keyInfo.lengthX509Data(); ++i) {
X509Data data = keyInfo.itemX509Data(i);
for(int j = 0; j < data.lengthCertificate(); ++j) {
result.add(data.itemCertificate(j).getX509Certificate());
}
}
return result;
}
Example #14
| Source File: X509DataExctractor.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public List<X509Certificate> extract(KeyInfo keyInfo) throws XMLSecurityException {
List<X509Certificate> result = new ArrayList();
for(int i = 0; i < keyInfo.lengthX509Data(); ++i) {
X509Data data = keyInfo.itemX509Data(i);
for(int j = 0; j < data.lengthCertificate(); ++j) {
result.add(data.itemCertificate(j).getX509Certificate());
}
}
return result;
}
Example #15
| Source File: KeyInfoProcessor.java From xades4j with GNU Lesser General Public License v3.0 | 4 votes |
|
static KeyInfoRes process(
KeyInfo keyInfo, CertRef signingCertRef, X500NameStyleProvider x500NameStyleProvider) throws CertificateValidationException
{
if (null == keyInfo || !keyInfo.containsX509Data())
{
return tryUseSigningCertificateReference(signingCertRef, x500NameStyleProvider);
}
List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
XMLX509IssuerSerial issuerSerial = null;
X509CertSelector certSelector = new X509CertSelector();
// XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
// that appear MUST refer to the certificate or certificates containing the
// validation key."
// "All certificates appearing in an X509Data element MUST relate to the
// validation key by either containing it or being part of a certification
// chain that terminates in a certificate containing the validation key".
// Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
// first to be found is used to select the leaf certificate. If none of those
// elements is present, the first ds:X509Certificate is assumed as the signing
// certificate.
boolean hasSelectionCriteria = false;
try
{
for (int i = 0; i < keyInfo.lengthX509Data(); ++i)
{
X509Data x509Data = keyInfo.itemX509Data(i);
if (!hasSelectionCriteria)
{
if (x509Data.containsIssuerSerial())
{
issuerSerial = x509Data.itemIssuerSerial(0);
certSelector.setIssuer(x500NameStyleProvider.fromString(issuerSerial.getIssuerName()));
certSelector.setSerialNumber(issuerSerial.getSerialNumber());
hasSelectionCriteria = true;
}
else if (x509Data.containsSubjectName())
{
certSelector.setSubject(x500NameStyleProvider.fromString(x509Data.itemSubjectName(0).getSubjectName()));
hasSelectionCriteria = true;
}
}
// Collect all certificates as they may be needed to build the cert path.
if (x509Data.containsCertificate())
{
for (int j = 0; j < x509Data.lengthCertificate(); ++j)
{
keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
}
}
}
if (!hasSelectionCriteria)
{
if (keyInfoCerts.isEmpty())
{
return tryUseSigningCertificateReference(signingCertRef, x500NameStyleProvider);
}
certSelector.setCertificate(keyInfoCerts.get(0));
}
}
catch (XMLSecurityException ex)
{
throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
}
return new KeyInfoRes(certSelector, keyInfoCerts, issuerSerial);
}
Example #16
| Source File: STSPreAuthAuthenticationProvider.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
private Authentication handlePreAuthenticated(
PreAuthenticatedAuthenticationToken preauthenticatedToken,
IdpSTSClient sts
) {
X509Certificate cert = (X509Certificate)preauthenticatedToken.getCredentials();
if (cert == null) {
return null;
}
// Convert the received certificate to a DOM Element to write it out "OnBehalfOf"
Document doc = DOMUtils.createDocument();
X509Data certElem = new X509Data(doc);
try {
certElem.addCertificate(cert);
sts.setOnBehalfOf(certElem.getElement());
} catch (XMLSecurityException e) {
LOG.debug("Error parsing a client certificate", e);
return null;
}
try {
// Line below may be uncommented for debugging
// setTimeout(sts.getClient(), 3600000L);
SecurityToken token = sts.requestSecurityToken(this.appliesTo);
List<GrantedAuthority> authorities = createAuthorities(token);
STSUserDetails details = new STSUserDetails(preauthenticatedToken.getName(),
"",
authorities,
token);
preauthenticatedToken.setDetails(details);
LOG.debug("[IDP_TOKEN={}] provided for user '{}'", token.getId(), preauthenticatedToken.getName());
return preauthenticatedToken;
} catch (Exception ex) {
LOG.info("Failed to authenticate user '" + preauthenticatedToken.getName() + "'", ex);
return null;
}
}
Example #17
| Source File: SAMLEncryptedResponseTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
private void encryptElement(
Document document,
Element elementToEncrypt,
String algorithm,
Key encryptingKey,
String keyTransportAlgorithm,
X509Certificate wrappingCert,
boolean content
) throws Exception {
XMLCipher cipher = XMLCipher.getInstance(algorithm);
cipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey);
if (wrappingCert != null) {
XMLCipher newCipher = XMLCipher.getInstance(keyTransportAlgorithm);
newCipher.init(XMLCipher.WRAP_MODE, wrappingCert.getPublicKey());
EncryptedKey encryptedKey = newCipher.encryptKey(document, encryptingKey);
// Create a KeyInfo for the EncryptedKey
org.apache.xml.security.keys.KeyInfo encryptedKeyKeyInfo = encryptedKey.getKeyInfo();
if (encryptedKeyKeyInfo == null) {
encryptedKeyKeyInfo = new org.apache.xml.security.keys.KeyInfo(document);
encryptedKeyKeyInfo.getElement().setAttributeNS(
"http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#"
);
encryptedKey.setKeyInfo(encryptedKeyKeyInfo);
}
X509Data x509Data = new X509Data(document);
// x509Data.addCertificate(wrappingCert);
x509Data.addIssuerSerial(wrappingCert.getIssuerX500Principal().getName(),
wrappingCert.getSerialNumber());
encryptedKeyKeyInfo.add(x509Data);
// Create a KeyInfo for the EncryptedData
EncryptedData builder = cipher.getEncryptedData();
org.apache.xml.security.keys.KeyInfo builderKeyInfo = builder.getKeyInfo();
if (builderKeyInfo == null) {
builderKeyInfo = new org.apache.xml.security.keys.KeyInfo(document);
builderKeyInfo.getElement().setAttributeNS(
"http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#"
);
builder.setKeyInfo(builderKeyInfo);
}
builderKeyInfo.add(encryptedKey);
}
cipher.doFinal(document, elementToEncrypt, content);
}
