View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.impl.securityToken;
20  
21  import org.apache.wss4j.common.crypto.Crypto;
22  import org.apache.wss4j.common.ext.WSSecurityException;
23  import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
24  import org.apache.wss4j.stax.ext.WSSConfigurationException;
25  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
26  import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
27  import org.apache.xml.security.exceptions.XMLSecurityException;
28  import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
29  
30  import javax.security.auth.callback.CallbackHandler;
31  
32  import java.io.IOException;
33  import java.io.InputStream;
34  import java.security.cert.X509Certificate;
35  
36  public class X509V3SecurityTokenImpl extends X509SecurityTokenImpl {
37  
38      private String alias;
39  
40      public X509V3SecurityTokenImpl(
41              WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto, CallbackHandler callbackHandler,
42              byte[] binaryContent, String id, WSSSecurityProperties securityProperties) throws XMLSecurityException {
43  
44          super(WSSecurityTokenConstants.X509V3Token, wsInboundSecurityContext, crypto, callbackHandler, id,
45                  WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier, securityProperties, true);
46  
47          try (InputStream inputStream = new UnsyncByteArrayInputStream(binaryContent)) {
48              X509Certificate x509Certificate = getCrypto().loadCertificate(inputStream);
49              setX509Certificates(new X509Certificate[]{x509Certificate});
50          } catch (IOException e) {
51              throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e, "parseError");
52          }
53  
54          // Check to see if the certificates actually correspond to the decryption crypto
55          if (getCrypto().getX509Identifier(getX509Certificates()[0]) == null) {
56              try {
57                  Crypto decCrypto = securityProperties.getDecryptionCrypto();
58                  if (decCrypto != null
59                          && decCrypto != getCrypto()
60                          && decCrypto.getX509Identifier(getX509Certificates()[0]) != null) {
61                      setCrypto(decCrypto);
62                  }
63              } catch (WSSConfigurationException ex) { //NOPMD
64                  // Just continue
65              }
66          }
67      }
68  
69      @Override
70      protected String getAlias() throws XMLSecurityException {
71          if (this.alias == null) {
72              this.alias = getCrypto().getX509Identifier(getX509Certificates()[0]);
73          }
74          return this.alias;
75      }
76  }