/** * Constructor. * * @param elem The PKIPath element to process * @param bspEnforcer a BSPEnforcer instance to enforce BSP rules * @throws WSSecurityException */ public PKIPathSecurity(Element elem, BSPEnforcer bspEnforcer) throws WSSecurityException { super(elem, bspEnforcer); if (!PKI_TYPE.equals(getValueType())) { bspEnforcer.handleBSPRule(BSPRule.R5214); } }
/** * Extracts the certificate(s) from the Binary Security token reference. * * @param token The BinarySecurity instance corresponding to either X509Security or * PKIPathSecurity * @return The X509Certificates associated with this reference * @throws WSSecurityException */ private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto crypto) throws WSSecurityException { if (token instanceof PKIPathSecurity) { return ((PKIPathSecurity) token).getX509Certificates(crypto); } else if (token instanceof X509Security) { X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); return new X509Certificate[]{cert}; } return null; }
/** * Constructor. */ public PKIPathSecurity(Document doc) { super(doc); setValueType(PKI_TYPE); }
if (X509Security.X509_V3_TYPE.equals(type)) { token = new X509Security(element, data.getBSPEnforcer()); } else if (PKIPathSecurity.getType().equals(type)) { token = new PKIPathSecurity(element, data.getBSPEnforcer()); } else if (KerberosSecurity.isKerberosToken(type)) { token = new KerberosSecurity(element, data.getBSPEnforcer());
BinarySecurity binarySecurity = null; if (!useSingleCert) { binarySecurity = new PKIPathSecurity(getDocument()); ((PKIPathSecurity) binarySecurity).setX509Certificates(certs, crypto); } else { binarySecurity = new X509Security(getDocument());
private Element convertToDOM( BinarySecurityTokenType binarySecurityTokenType, byte[] securityTokenData ) throws WSSecurityException { Document doc = DOMUtils.getEmptyDocument(); BinarySecurity binarySecurity = null; if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new X509Security(doc); } else if (WSSConstants.NS_X509_PKIPATH_V1.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new PKIPathSecurity(doc); } else if (WSSConstants.NS_GSS_KERBEROS5_AP_REQ.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new KerberosSecurity(doc); } else { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN); } binarySecurity.addWSSENamespace(); binarySecurity.addWSUNamespace(); binarySecurity.setEncodingType(binarySecurityTokenType.getEncodingType()); binarySecurity.setValueType(binarySecurityTokenType.getValueType()); binarySecurity.setID(binarySecurityTokenType.getId()); binarySecurity.setToken(securityTokenData); return binarySecurity.getElement(); } }
/** * set the X509Certificate array. * * @param certs * @param crypto * @throws WSSecurityException */ public void setX509Certificates( X509Certificate[] certs, Crypto crypto ) throws WSSecurityException { if (certs == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCert"); } byte[] data = crypto.getBytesFromCertificates(certs); setToken(data); }
/** * get the X509Certificate array. * * @param crypto * @return array of certificates * @throws WSSecurityException */ public X509Certificate[] getX509Certificates(Crypto crypto) throws WSSecurityException { byte[] data = getToken(); if (data == null) { return null; } if (crypto == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"); } return crypto.getCertificatesFromBytes(data); }
String type = dereferencedToken.getAttributeNS(null, "ValueType"); if (X509Security.X509_V3_TYPE.equals(type) || PKIPathSecurity.getType().equals(type)) {
private Element convertToDOM( BinarySecurityTokenType binarySecurityTokenType, byte[] securityTokenData ) throws WSSecurityException { Document doc = DOMUtils.getEmptyDocument(); BinarySecurity binarySecurity = null; if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new X509Security(doc); } else if (WSSConstants.NS_X509_PKIPATH_V1.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new PKIPathSecurity(doc); } else if (WSSConstants.NS_GSS_KERBEROS5_AP_REQ.equals(binarySecurityTokenType.getValueType())) { binarySecurity = new KerberosSecurity(doc); } else { throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN); } binarySecurity.addWSSENamespace(); binarySecurity.addWSUNamespace(); binarySecurity.setEncodingType(binarySecurityTokenType.getEncodingType()); binarySecurity.setValueType(binarySecurityTokenType.getValueType()); binarySecurity.setID(binarySecurityTokenType.getId()); binarySecurity.setToken(securityTokenData); return binarySecurity.getElement(); } }