001: /*
002: * $Id: KeyIdentifierStrategy.java,v 1.6 2007/01/08 16:06:04 shyam_rao Exp $
003: */
004:
005: /*
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.wss.impl.keyinfo;
028:
029: import com.sun.xml.wss.core.reference.X509ThumbPrintIdentifier;
030: import java.security.cert.X509Certificate;
031:
032: import java.util.logging.Level;
033: import java.util.logging.Logger;
034:
035: import org.w3c.dom.Document;
036:
037: import com.sun.xml.wss.impl.misc.Base64;
038:
039: import com.sun.xml.wss.logging.LogDomainConstants;
040: import com.sun.xml.wss.impl.SecurableSoapMessage;
041: import com.sun.xml.wss.XWSSecurityException;
042:
043: import com.sun.xml.wss.core.KeyInfoHeaderBlock;
044: import com.sun.xml.wss.core.SecurityTokenReference;
045: import com.sun.xml.wss.core.reference.KeyIdentifier;
046: import com.sun.xml.wss.core.reference.SamlKeyIdentifier;
047: import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
048: import com.sun.xml.wss.core.reference.EncryptedKeySHA1Identifier;
049:
050: public class KeyIdentifierStrategy extends KeyInfoStrategy {
051:
052: public static final int THUMBPRINT = 0;
053: public static final int ENCRYPTEDKEYSHA1 = 1;
054:
055: protected static final Logger log = Logger.getLogger(
056: LogDomainConstants.WSS_API_DOMAIN,
057: LogDomainConstants.WSS_API_DOMAIN_BUNDLE);
058:
059: X509Certificate cert = null;
060: String alias = null;
061: boolean forSigning;
062: boolean thumbprint;
063: boolean encryptedKey = false;
064:
065: String samlAssertionId = null;
066:
067: public KeyIdentifierStrategy() {
068:
069: }
070:
071: public KeyIdentifierStrategy(int value) {
072: if (value == THUMBPRINT)
073: this .thumbprint = true;
074: else if (value == ENCRYPTEDKEYSHA1)
075: this .encryptedKey = true;
076: }
077:
078: public KeyIdentifierStrategy(String samlAssertionId) {
079: this .samlAssertionId = samlAssertionId;
080: forSigning = false;
081: }
082:
083: public KeyIdentifierStrategy(String alias, boolean forSigning) {
084: this .alias = alias;
085: this .forSigning = forSigning;
086: }
087:
088: public KeyIdentifierStrategy(String alias, boolean forSigning,
089: boolean thumbprint) {
090: this .alias = alias;
091: this .forSigning = forSigning;
092: this .thumbprint = thumbprint;
093: }
094:
095: public void insertKey(SecurityTokenReference tokenRef,
096: SecurableSoapMessage secureMsg) throws XWSSecurityException {
097: KeyIdentifier keyIdentifier = getKeyIdentifier(secureMsg);
098: if (keyIdentifier == null) {
099: log.log(Level.SEVERE, "WSS0701.cannot.locate.certificate",
100: alias);
101: throw new XWSSecurityException(
102: "Unable to locate certificate for the alias '"
103: + alias + "'");
104: }
105: tokenRef.setReference(keyIdentifier);
106: }
107:
108: public void insertKey(KeyInfoHeaderBlock keyInfo,
109: SecurableSoapMessage secureMsg, String x509TokenId) // x509TokenId can be ignored
110: throws XWSSecurityException {
111:
112: KeyIdentifier keyIdentifier = getKeyIdentifier(secureMsg);
113:
114: if (keyIdentifier == null) {
115: log.log(Level.SEVERE, "WSS0701.cannot.locate.certificate",
116: alias);
117: throw new XWSSecurityException(
118: "Unable to locate certificate for the alias '"
119: + alias + "'");
120: }
121: Document ownerDoc = keyInfo.getOwnerDocument();
122: SecurityTokenReference tokenRef = new SecurityTokenReference(
123: ownerDoc);
124: tokenRef.setReference(keyIdentifier);
125: keyInfo.addSecurityTokenReference(tokenRef);
126: }
127:
128: private KeyIdentifier getKeyIdentifier(
129: SecurableSoapMessage secureMsg) throws XWSSecurityException {
130:
131: KeyIdentifier keyIdentifier = null;
132: if (samlAssertionId != null) {
133: keyIdentifier = new SamlKeyIdentifier(secureMsg
134: .getSOAPPart());
135: keyIdentifier.setReferenceValue(samlAssertionId);
136: return keyIdentifier;
137: }
138:
139: if (cert != null) {
140: if (!thumbprint) {
141: byte[] subjectKeyIdentifier = X509SubjectKeyIdentifier
142: .getSubjectKeyIdentifier(cert);
143: if (subjectKeyIdentifier == null) {
144: log.log(Level.SEVERE,
145: "WSS0702.no.subject.keyidentifier", alias);
146: throw new XWSSecurityException(
147: "The found certificate does not contain subject key identifier X509 extension");
148: }
149: String keyId = Base64.encode(subjectKeyIdentifier);
150: keyIdentifier = new X509SubjectKeyIdentifier(secureMsg
151: .getSOAPPart());
152: keyIdentifier.setReferenceValue(keyId);
153: } else {
154: byte[] thumbPrintIdentifier = X509ThumbPrintIdentifier
155: .getThumbPrintIdentifier(cert);
156: if (thumbPrintIdentifier == null) {
157: log.log(Level.SEVERE,
158: "WSS0702.no.subject.keyidentifier", alias);
159: throw new XWSSecurityException(
160: "Error while calculating thumb print identifier");
161: }
162: String keyId = Base64.encode(thumbPrintIdentifier);
163: keyIdentifier = new X509ThumbPrintIdentifier(secureMsg
164: .getSOAPPart());
165: keyIdentifier.setReferenceValue(keyId);
166: }
167: } else if (encryptedKey) {
168: keyIdentifier = new EncryptedKeySHA1Identifier(secureMsg
169: .getSOAPPart());
170: }
171: return keyIdentifier;
172: }
173:
174: public void setCertificate(X509Certificate cert) {
175: this .cert = cert;
176: }
177:
178: public String getAlias() {
179: return alias;
180: }
181:
182: }
|