/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null) { throw new SecurityException("Signature was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null) { throw new SecurityException("Signature was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Extract certificates from a KeyInfo element. * * @param keyInfo the KeyInfo instance from which to extract certificates * @return a collection of X509 certificates, possibly empty * @throws SecurityException thrown if the certificate information is represented in an unsupported format */ protected List<X509Certificate> getX509Certificates(KeyInfo keyInfo) throws SecurityException { try { return KeyInfoHelper.getCertificates(keyInfo); } catch (CertificateException e) { throw new SecurityException("Error extracting certificates from KeyAuthority KeyInfo", e); } }
/** * Extract CRL's from a KeyInfo element. * * @param keyInfo the KeyInfo instance from which to extract CRL's * @return a collection of X509 CRL's, possibly empty * @throws SecurityException thrown if the CRL information is represented in an unsupported format */ protected List<X509CRL> getX509CRLs(KeyInfo keyInfo) throws SecurityException { try { return KeyInfoHelper.getCRLs(keyInfo); } catch (CRLException e) { throw new SecurityException("Error extracting CRL's from KeyAuthority KeyInfo", e); } }
/** * Extract CRL's from the X509Data. * * @param x509Data the X509Data element * @return a list of X509CRLs * @throws SecurityException thrown if there is an error extracting CRL's */ private List<X509CRL> extractCRLs(X509Data x509Data) throws SecurityException { List<X509CRL> crls = null; try { crls = KeyInfoHelper.getCRLs(x509Data); } catch (CRLException e) { log.error("Error extracting CRL's from X509Data", e); throw new SecurityException("Error extracting CRL's from X509Data", e); } log.debug("Found {} X509CRLs", crls.size()); return crls; }
/** * Extract certificates from the X509Data. * * @param x509Data the X509Data element * @return a list of X509Certificates * @throws SecurityException thrown if there is an error extracting certificates */ private List<X509Certificate> extractCertificates(X509Data x509Data) throws SecurityException { List<X509Certificate> certs = null; try { certs = KeyInfoHelper.getCertificates(x509Data); } catch (CertificateException e) { log.error("Error extracting certificates from X509Data", e); throw new SecurityException("Error extracting certificates from X509Data", e); } log.debug("Found {} X509Certificates", certs.size()); return certs; }
/** * Extract certificates from the X509Data. * * @param x509Data the X509Data element * @return a list of X509Certificates * @throws SecurityException thrown if there is an error extracting certificates */ private List<X509Certificate> extractCertificates(X509Data x509Data) throws SecurityException { List<X509Certificate> certs = null; try { certs = KeyInfoHelper.getCertificates(x509Data); } catch (CertificateException e) { log.error("Error extracting certificates from X509Data", e); throw new SecurityException("Error extracting certificates from X509Data", e); } log.debug("Found {} X509Certificates", certs.size()); return certs; }
/** * Extract CRL's from the X509Data. * * @param x509Data the X509Data element * @return a list of X509CRLs * @throws SecurityException thrown if there is an error extracting CRL's */ private List<X509CRL> extractCRLs(X509Data x509Data) throws SecurityException { List<X509CRL> crls = null; try { crls = KeyInfoHelper.getCRLs(x509Data); } catch (CRLException e) { log.error("Error extracting CRL's from X509Data", e); throw new SecurityException("Error extracting CRL's from X509Data", e); } log.debug("Found {} X509CRLs", crls.size()); return crls; }
/** * Get a KeyInfo marshaller. * * @return a KeyInfo marshaller * @throws SecurityException thrown if there is an error obtaining the marshaller from the configuration */ private Marshaller getMarshaller() throws SecurityException { if (keyInfoMarshaller != null) { return keyInfoMarshaller; } keyInfoMarshaller = Configuration.getMarshallerFactory().getMarshaller(KeyInfo.DEFAULT_ELEMENT_NAME); if (keyInfoMarshaller == null) { throw new SecurityException("Could not obtain KeyInfo marshaller from the configuration"); } return keyInfoMarshaller; }
/** * Get a KeyInfo marshaller. * * @return a KeyInfo marshaller * @throws SecurityException thrown if there is an error obtaining the marshaller from the configuration */ private Marshaller getMarshaller() throws SecurityException { if (keyInfoMarshaller != null) { return keyInfoMarshaller; } keyInfoMarshaller = Configuration.getMarshallerFactory().getMarshaller(KeyInfo.DEFAULT_ELEMENT_NAME); if (keyInfoMarshaller == null) { throw new SecurityException("Could not obtain KeyInfo marshaller from the configuration"); } return keyInfoMarshaller; }
/** * Get a KeyInfo unmarshaller. * * @return a KeyInfo unmarshaller * @throws SecurityException thrown if there is an error obtaining the unmarshaller from the configuration */ private Unmarshaller getUnmarshaller() throws SecurityException { if (keyInfoUnmarshaller != null) { return keyInfoUnmarshaller; } keyInfoUnmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(KeyInfo.DEFAULT_ELEMENT_NAME); if (keyInfoUnmarshaller == null) { throw new SecurityException("Could not obtain KeyInfo unmarshaller from the configuration"); } return keyInfoUnmarshaller; }
/** * Get a KeyInfo unmarshaller. * * @return a KeyInfo unmarshaller * @throws SecurityException thrown if there is an error obtaining the unmarshaller from the configuration */ private Unmarshaller getUnmarshaller() throws SecurityException { if (keyInfoUnmarshaller != null) { return keyInfoUnmarshaller; } keyInfoUnmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(KeyInfo.DEFAULT_ELEMENT_NAME); if (keyInfoUnmarshaller == null) { throw new SecurityException("Could not obtain KeyInfo unmarshaller from the configuration"); } return keyInfoUnmarshaller; }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }
/** Process the value of {@link X509Credential#getCRLs()}. * * @param keyInfo the KeyInfo that is being built * @param x509Data the X509Data that is being built * @param credential the Credential that is being processed * @throws SecurityException thrown if the CRL data can not be encoded from the Java certificate object */ protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) throws SecurityException { if (options.emitCRLs && credential.getCRLs() != null) { for (java.security.cert.X509CRL javaCRL : credential.getCRLs()) { try { X509CRL xmlCRL = KeyInfoHelper.buildX509CRL(javaCRL); x509Data.getX509CRLs().add(xmlCRL); } catch (CRLException e) { throw new SecurityException("Error generating X509CRL element " + "from a CRL in credential's CRL list", e); } } } }
/** Process the value of {@link X509Credential#getCRLs()}. * * @param keyInfo the KeyInfo that is being built * @param x509Data the X509Data that is being built * @param credential the Credential that is being processed * @throws SecurityException thrown if the CRL data can not be encoded from the Java certificate object */ protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) throws SecurityException { if (options.emitCRLs && credential.getCRLs() != null) { for (java.security.cert.X509CRL javaCRL : credential.getCRLs()) { try { X509CRL xmlCRL = KeyInfoHelper.buildX509CRL(javaCRL); x509Data.getX509CRLs().add(xmlCRL); } catch (CRLException e) { throw new SecurityException("Error generating X509CRL element " + "from a CRL in credential's CRL list", e); } } } }
/** * Compute the signature or MAC value over the supplied input. * * It is up to the caller to ensure that the specified algorithm URI is consistent with the type of signing key * supplied in the signing credential. * * @param signingCredential the credential containing the signing key * @param algorithmURI the algorithm URI to use * @param input the input over which to compute the signature * @return the computed signature or MAC value * @throws SecurityException throw if the computation process results in an error */ public static byte[] signWithURI(Credential signingCredential, String algorithmURI, byte[] input) throws SecurityException { String jcaAlgorithmID = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (jcaAlgorithmID == null) { throw new SecurityException("Could not derive JCA algorithm identifier from algorithm URI"); } boolean isHMAC = SecurityHelper.isHMAC(algorithmURI); return sign(signingCredential, jcaAlgorithmID, isHMAC, input); }