/** * This constructor creates a new X509 certificate object and initializes * it from the data contained in the element. * * @param elem the element containing the X509 certificate data * @param bspCompliant Whether the token is processed according to the BSP spec * @throws WSSecurityException */ public X509Security(Element elem, boolean bspCompliant) throws WSSecurityException { super(elem, bspCompliant); String valueType = getValueType(); if (bspCompliant && !X509_V3_TYPE.equals(valueType)) { throw new WSSecurityException( WSSecurityException.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{valueType} ); } }
/** * Extracts the certificate(s) from the Binary Security token reference. * * @param token The BinarySecurity instance corresponding to either X509Security or * PKIPathSecurity * @return The X509Certificates associated with this reference * @throws WSSecurityException */ private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto crypto) throws WSSecurityException { if (token instanceof PKIPathSecurity) { return ((PKIPathSecurity) token).getX509Certificates(crypto); } else if (token instanceof X509Security) { X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); return new X509Certificate[]{cert}; } return null; }
/** * Sets the X509Certificate. * This functions takes the X509 certificate, gets the data from it as * encoded bytes, and sets the data as base 64 encoded data in the text * node of the element * * @param cert the X509 certificate to store in the element * @throws WSSecurityException */ public void setX509Certificate(X509Certificate cert) throws WSSecurityException { if (cert == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noCert"); } cachedCert = cert; try { setToken(cert.getEncoded()); } catch (CertificateEncodingException e) { throw new WSSecurityException( WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e ); } } }
String certUri = UUIDGenerator.getUUID(); ref.setURI("#" + certUri); bstToken = new X509Security(document); ((X509Security) bstToken).setX509Certificate(remoteCert); bstToken.setID(certUri); ref.setValueType(bstToken.getValueType());
X509Security token = new X509Security(elem); if (token != null) { X509Certificate cert = token.getX509Certificate(crypto); return new X509Certificate[]{cert};
/** * This constructor creates a new X509 certificate element. * * @param doc */ public X509Security(Document doc) { super(doc); setValueType(X509_V3_TYPE); }
/** * Gets the X509Certificate certificate. * * @return the X509 certificate converted from the base 64 encoded element data * @throws WSSecurityException */ public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException { if (cachedCert != null) { return cachedCert; } if (crypto == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile"); } byte[] data = getToken(); if (data == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidCertData", new Object[]{Integer.valueOf(0)} ); } InputStream in = new ByteArrayInputStream(data); cachedCert = crypto.loadCertificate(in); return cachedCert; }
/** * Checks the <code>element</code> and creates appropriate binary security object. * * @param element The XML element that contains either a <code>BinarySecurityToken * </code> or a <code>PKIPath</code> element. * @param config A WSSConfig instance * @return a BinarySecurity token element * @throws WSSecurityException */ private BinarySecurity createSecurityToken( Element element, WSSConfig config ) throws WSSecurityException { String type = element.getAttributeNS(null, "ValueType"); BinarySecurity token = null; if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, config.isWsiBSPCompliant()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, config.isWsiBSPCompliant()); } else if (KerberosSecurity.isKerberosToken(type)) { token = new KerberosSecurity(element, config.isWsiBSPCompliant()); } else { token = new BinarySecurity(element, config.isWsiBSPCompliant()); } return token; }
String certUri = UUIDGenerator.getUUID(); ref.setURI("#" + certUri); bstToken = new X509Security(document); ((X509Security) bstToken).setX509Certificate(remoteCert); bstToken.setID(certUri); ref.setValueType(bstToken.getValueType());
X509Security token = new X509Security(elem); if (token != null) { X509Certificate cert = token.getX509Certificate(crypto); return new X509Certificate[]{cert};
/** * This constructor creates a new X509 certificate element. * * @param doc */ public X509Security(Document doc) { super(doc); setValueType(X509_V3_TYPE); }
/** * Gets the X509Certificate certificate. * * @return the X509 certificate converted from the base 64 encoded element data * @throws WSSecurityException */ public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException { if (cachedCert != null) { return cachedCert; } if (crypto == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile"); } byte[] data = getToken(); if (data == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidCertData", new Object[]{Integer.valueOf(0)} ); } InputStream in = new ByteArrayInputStream(data); cachedCert = crypto.loadCertificate(in); return cachedCert; }
/** * Checks the <code>element</code> and creates appropriate binary security object. * * @param element The XML element that contains either a <code>BinarySecurityToken * </code> or a <code>PKIPath</code> element. * @param config A WSSConfig instance * @return a BinarySecurity token element * @throws WSSecurityException */ private BinarySecurity createSecurityToken( Element element, WSSConfig config ) throws WSSecurityException { String type = element.getAttributeNS(null, "ValueType"); BinarySecurity token = null; if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, config.isWsiBSPCompliant()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, config.isWsiBSPCompliant()); } else if (KerberosSecurity.isKerberosToken(type)) { token = new KerberosSecurity(element, config.isWsiBSPCompliant()); } else { token = new BinarySecurity(element, config.isWsiBSPCompliant()); } return token; }
secRef.addTokenType(PKIPathSecurity.PKI_TYPE); } else { bstToken = new X509Security(document); ((X509Security) bstToken).setX509Certificate(certs[0]);
X509Security token = new X509Security(bstElement); if (bspCompliant) { BSPEnforcer.checkBinarySecurityBSPCompliance(secRef, token); certs = new X509Certificate[]{token.getX509Certificate(crypto)}; } else { throw new WSSecurityException(
/** * This constructor creates a new X509 certificate object and initializes * it from the data contained in the element. * * @param elem the element containing the X509 certificate data * @param bspCompliant Whether the token is processed according to the BSP spec * @throws WSSecurityException */ public X509Security(Element elem, boolean bspCompliant) throws WSSecurityException { super(elem, bspCompliant); String valueType = getValueType(); if (bspCompliant && !X509_V3_TYPE.equals(valueType)) { throw new WSSecurityException( WSSecurityException.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{valueType} ); } }
/** * Extracts the certificate(s) from the Binary Security token reference. * * @param token The BinarySecurity instance corresponding to either X509Security or * PKIPathSecurity * @return The X509Certificates associated with this reference * @throws WSSecurityException */ private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto crypto) throws WSSecurityException { if (token instanceof PKIPathSecurity) { return ((PKIPathSecurity) token).getX509Certificates(crypto); } else if (token instanceof X509Security) { X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); return new X509Certificate[]{cert}; } return null; }
/** * Sets the X509Certificate. * This functions takes the X509 certificate, gets the data from it as * encoded bytes, and sets the data as base 64 encoded data in the text * node of the element * * @param cert the X509 certificate to store in the element * @throws WSSecurityException */ public void setX509Certificate(X509Certificate cert) throws WSSecurityException { if (cert == null) { throw new WSSecurityException(WSSecurityException.FAILURE, "noCert"); } cachedCert = cert; try { setToken(cert.getEncoded()); } catch (CertificateEncodingException e) { throw new WSSecurityException( WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e ); } } }
secRef.addTokenType(PKIPathSecurity.PKI_TYPE); } else { bstToken = new X509Security(document); ((X509Security) bstToken).setX509Certificate(certs[0]);
X509Security token = new X509Security(bstElement); if (bspCompliant) { BSPEnforcer.checkBinarySecurityBSPCompliance(secRef, token); certs = new X509Certificate[]{token.getX509Certificate(crypto)}; } else { throw new WSSecurityException(