001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: /*
024: * XWSSUtil.java
025: *
026: * Created on December 14, 2005, 11:18 AM
027: *
028: * To change this template, choose Tools | Options and locate the template under
029: * the Source Creation and Management node. Right-click the template and choose
030: * Open. You can then make changes to the template in the Source Editor.
031: */
032:
033: package com.sun.xml.wss.util;
034:
035: import com.sun.org.apache.xml.internal.security.utils.RFC2253Parser;
036: import com.sun.xml.wss.XWSSecurityException;
037: import com.sun.xml.wss.impl.misc.SecurityUtil;
038: import java.util.Arrays;
039: import java.util.Enumeration;
040: import java.security.KeyStore;
041: import java.security.PrivateKey;
042: import java.security.cert.Certificate;
043: import java.security.cert.X509Certificate;
044:
045: import java.io.IOException;
046:
047: import java.math.BigInteger;
048: import javax.crypto.SecretKey;
049:
050: /**
051: *
052: * @author Abhijit Das
053: */
054: public abstract class XWSSUtil {
055:
056: /**
057: *
058: * @param ski byte[] representing SubjectKeyIdentifier
059: * @param trustStore java.security.KeyStore
060: * @return X509Certificate from trustStore if present otherwise null.
061: * @throws java.io.IOException
062: */
063: public static X509Certificate getCertificateFromTrustStore(
064: byte[] ski, KeyStore trustStore) throws IOException {
065:
066: try {
067: Enumeration aliases = trustStore.aliases();
068: while (aliases.hasMoreElements()) {
069: String alias = (String) aliases.nextElement();
070: Certificate cert = trustStore.getCertificate(alias);
071: if (cert == null || !"X.509".equals(cert.getType())) {
072: continue;
073: }
074: X509Certificate x509Cert = (X509Certificate) cert;
075: byte[] keyId = getSubjectKeyIdentifier(x509Cert);
076: if (keyId == null) {
077: // Cert does not contain a key identifier
078: continue;
079: }
080: if (Arrays.equals(ski, keyId)) {
081: return x509Cert;
082: }
083: }
084: } catch (Exception e) {
085: throw new IOException(e.getMessage());
086: }
087: return null;
088: }
089:
090: /**
091: *
092: * @param cert java.security.cert.X509Certificate
093: * @return byte[] representation of X509Certificate's SubjectKeyIdentifier
094: */
095: public static byte[] getSubjectKeyIdentifier(X509Certificate cert) {
096: String SUBJECT_KEY_IDENTIFIER_OID = "2.5.29.14";
097: byte[] subjectKeyIdentifier = cert
098: .getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
099: if (subjectKeyIdentifier == null)
100: return null;
101:
102: try {
103: sun.security.x509.KeyIdentifier keyId = null;
104:
105: sun.security.util.DerValue derVal = new sun.security.util.DerValue(
106: new sun.security.util.DerInputStream(
107: subjectKeyIdentifier).getOctetString());
108:
109: keyId = new sun.security.x509.KeyIdentifier(derVal
110: .getOctetString());
111: return keyId.getIdentifier();
112: } catch (NoClassDefFoundError ncde) {
113: byte[] dest = new byte[subjectKeyIdentifier.length - 4];
114: System.arraycopy(subjectKeyIdentifier, 4, dest, 0,
115: subjectKeyIdentifier.length - 4);
116: return dest;
117: } catch (java.io.IOException ex) {
118: //ignore
119: return null;
120: }
121: }
122:
123: /**
124: *
125: * @param issuerName Certificate Issuer Name
126: * @param serialNumber Serial number of the certificate
127: * @param trustStore java.security.Keystore
128: * @throws java.io.IOException
129: * @return java.security.X509Certificate
130: */
131: public static X509Certificate getCertificateFromTrustStore(
132: String issuerName, BigInteger serialNumber,
133: KeyStore trustStore) throws IOException {
134:
135: try {
136: Enumeration aliases = trustStore.aliases();
137: while (aliases.hasMoreElements()) {
138: String alias = (String) aliases.nextElement();
139: Certificate cert = trustStore.getCertificate(alias);
140: if (cert == null || !"X.509".equals(cert.getType())) {
141: continue;
142: }
143: X509Certificate x509Cert = (X509Certificate) cert;
144: String this IssuerName = RFC2253Parser
145: .normalize(x509Cert.getIssuerDN().getName());
146: BigInteger this SerialNumber = x509Cert
147: .getSerialNumber();
148: if (this IssuerName.equals(issuerName)
149: && this SerialNumber.equals(serialNumber)) {
150: return x509Cert;
151: }
152: }
153: } catch (Exception e) {
154: throw new IOException(e.getMessage());
155: }
156: return null;
157: }
158:
159: /**
160: *
161: * @param ski
162: * @param keyStore
163: * @param keyStorePassword
164: * @throws java.io.IOException
165: * @return
166: */
167: public static PrivateKey getPrivateKey(byte[] ski,
168: KeyStore keyStore, String keyStorePassword)
169: throws IOException {
170:
171: try {
172: Enumeration aliases = keyStore.aliases();
173: while (aliases.hasMoreElements()) {
174: String alias = (String) aliases.nextElement();
175: if (!keyStore.isKeyEntry(alias))
176: continue;
177: Certificate cert = keyStore.getCertificate(alias);
178: if (cert == null || !"X.509".equals(cert.getType())) {
179: continue;
180: }
181: X509Certificate x509Cert = (X509Certificate) cert;
182: byte[] keyId = getSubjectKeyIdentifier(x509Cert);
183: if (keyId == null) {
184: // Cert does not contain a key identifier
185: continue;
186: }
187: if (Arrays.equals(ski, keyId)) {
188: // Asuumed key password same as the keystore password
189: return (PrivateKey) keyStore.getKey(alias,
190: keyStorePassword.toCharArray());
191: }
192: }
193: } catch (Exception e) {
194: throw new IOException(e.getMessage());
195: }
196: return null;
197: }
198:
199: /**
200: *
201: * @param issuerName
202: * @param serialNumber
203: * @param keyStore
204: * @param keyStorePassword
205: * @throws java.io.IOException
206: * @return
207: */
208: public static PrivateKey getPrivateKey(String issuerName,
209: BigInteger serialNumber, KeyStore keyStore,
210: String keyStorePassword) throws IOException {
211:
212: try {
213: Enumeration aliases = keyStore.aliases();
214: while (aliases.hasMoreElements()) {
215: String alias = (String) aliases.nextElement();
216: if (!keyStore.isKeyEntry(alias))
217: continue;
218: Certificate cert = keyStore.getCertificate(alias);
219: if (cert == null || !"X.509".equals(cert.getType())) {
220: continue;
221: }
222: X509Certificate x509Cert = (X509Certificate) cert;
223: String this IssuerName = RFC2253Parser
224: .normalize(x509Cert.getIssuerDN().getName());
225: BigInteger this SerialNumber = x509Cert
226: .getSerialNumber();
227: if (this IssuerName.equals(issuerName)
228: && this SerialNumber.equals(serialNumber)) {
229: return (PrivateKey) keyStore.getKey(alias,
230: keyStorePassword.toCharArray());
231: }
232: }
233: } catch (Exception e) {
234: throw new IOException(e.getMessage());
235: }
236: return null;
237: }
238:
239: /**
240: *
241: * @param certificate
242: * @param keyStore
243: * @param keyStorePassword
244: * @throws java.io.IOException
245: * @return
246: */
247: public static PrivateKey getPrivateKey(X509Certificate certificate,
248: KeyStore keyStore, String keyStorePassword)
249: throws IOException {
250:
251: try {
252: Enumeration aliases = keyStore.aliases();
253: while (aliases.hasMoreElements()) {
254: String alias = (String) aliases.nextElement();
255: if (!keyStore.isKeyEntry(alias))
256: continue;
257: Certificate cert = keyStore.getCertificate(alias);
258: if (cert != null && cert.equals(certificate))
259: return (PrivateKey) keyStore.getKey(alias,
260: keyStorePassword.toCharArray());
261: }
262: } catch (Exception e) {
263: throw new IOException(e.getMessage());
264: }
265: return null;
266: }
267:
268: /**
269: *
270: * @param algorithm
271: * @throws com.sun.xml.wss.XWSSecurityException
272: * @return
273: */
274: public static SecretKey generateSymmetricKey(String algorithm)
275: throws XWSSecurityException {
276: return SecurityUtil.generateSymmetricKey(algorithm);
277: }
278:
279: }
|