/*
 * reserved comment block
 * DO NOT REMOVE OR ALTER!
 */
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */
package com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations; import java.security.PublicKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Iterator; import javax.crypto.SecretKey; import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; import com.sun.org.apache.xml.internal.security.keys.content.X509Data; import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Digest; import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverException; import com.sun.org.apache.xml.internal.security.keys.keyresolver.KeyResolverSpi; import com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver; import com.sun.org.apache.xml.internal.security.utils.Constants; import com.sun.org.apache.xml.internal.security.utils.XMLUtils; import org.w3c.dom.Element;
KeyResolverSpi implementation which resolves public keys and X.509 certificates from a dsig11:X509Digest element.
/** * KeyResolverSpi implementation which resolves public keys and X.509 certificates from a * {@code dsig11:X509Digest} element. * */
public class X509DigestResolver extends KeyResolverSpi { private static final com.sun.org.slf4j.internal.Logger LOG = com.sun.org.slf4j.internal.LoggerFactory.getLogger(X509DigestResolver.class);
{{@inheritDoc}}.
/** {{@inheritDoc}}. */
public boolean engineCanResolve(Element element, String baseURI, StorageResolver storage) { if (XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_X509DATA)) { try { X509Data x509Data = new X509Data(element, baseURI); return x509Data.containsDigest(); } catch (XMLSecurityException e) { return false; } } else { return false; } }
{{@inheritDoc}}.
/** {{@inheritDoc}}. */
public PublicKey engineLookupAndResolvePublicKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException { X509Certificate cert = this.engineLookupResolveX509Certificate(element, baseURI, storage); if (cert != null) { return cert.getPublicKey(); } return null; }
{{@inheritDoc}}.
/** {{@inheritDoc}}. */
public X509Certificate engineLookupResolveX509Certificate(Element element, String baseURI, StorageResolver storage) throws KeyResolverException { LOG.debug("Can I resolve {}", element.getTagName()); if (!engineCanResolve(element, baseURI, storage)) { return null; } try { return resolveCertificate(element, baseURI, storage); } catch (XMLSecurityException e) { LOG.debug("XMLSecurityException", e); } return null; }
{{@inheritDoc}}.
/** {{@inheritDoc}}. */
public SecretKey engineLookupAndResolveSecretKey(Element element, String baseURI, StorageResolver storage) throws KeyResolverException { return null; }
Resolves from the storage resolver the actual certificate represented by the digest.
Params:
  • element –
  • baseURI –
  • storage –
Throws:
Returns:the certificate represented by the digest.
/** * Resolves from the storage resolver the actual certificate represented by the digest. * * @param element * @param baseURI * @param storage * @return the certificate represented by the digest. * @throws XMLSecurityException */
private X509Certificate resolveCertificate(Element element, String baseURI, StorageResolver storage) throws XMLSecurityException { XMLX509Digest x509Digests[] = null; Element x509childNodes[] = XMLUtils.selectDs11Nodes(element.getFirstChild(), Constants._TAG_X509DIGEST); if (x509childNodes == null || x509childNodes.length <= 0) { return null; } try { checkStorage(storage); x509Digests = new XMLX509Digest[x509childNodes.length]; for (int i = 0; i < x509childNodes.length; i++) { x509Digests[i] = new XMLX509Digest(x509childNodes[i], baseURI); } Iterator<Certificate> storageIterator = storage.getIterator(); while (storageIterator.hasNext()) { X509Certificate cert = (X509Certificate) storageIterator.next(); for (int i = 0; i < x509Digests.length; i++) { XMLX509Digest keyInfoDigest = x509Digests[i]; byte[] certDigestBytes = XMLX509Digest.getDigestBytesFromCert(cert, keyInfoDigest.getAlgorithm()); if (Arrays.equals(keyInfoDigest.getDigestBytes(), certDigestBytes)) { LOG.debug("Found certificate with: {}", cert.getSubjectX500Principal().getName()); return cert; } } } } catch (XMLSecurityException ex) { throw new KeyResolverException(ex); } return null; }
Method checkSrorage
Params:
  • storage –
Throws:
/** * Method checkSrorage * * @param storage * @throws KeyResolverException */
private void checkStorage(StorageResolver storage) throws KeyResolverException { if (storage == null) { Object exArgs[] = { Constants._TAG_X509DIGEST }; KeyResolverException ex = new KeyResolverException("KeyResolver.needStorageResolver", exArgs); LOG.debug("", ex); throw ex; } } }