Examples of com.sun.org.apache.xml.internal.security.keys.KeyInfo

• com.sun.org.apache.xml.internal.security.keys.KeyInfo
  This class stand for KeyInfo Element that may contain keys, names, certificates and other public key management information, such as in-band key distribution or key agreement data.
  KeyInfo Element has two basic functions: One is KeyResolve for getting the public key in signature validation processing. the other one is toElement for getting the element in signature generation processing.
  The lengthXXX() methods provide access to the internal Key objects:

  • If the KeyInfo was constructed from an Element (Signature verification), the lengthXXX() methods searches for child elements of ds:KeyInfo for known types.
  • If the KeyInfo was constructed from scratch (during Signature generation), the lengthXXX() methods return the number of XXXs objects already passed to the KeyInfo

  
  The addXXX() methods are used for adding Objects of the appropriate type to the KeyInfo. This is used during signature generation.
  The itemXXX(int i) methods return the i'th object of the corresponding type.
  The containsXXX() methods return whether the KeyInfo contains the corresponding type. @author $Author: raul $

                cipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP);
            }
            cipher.init(XMLCipher.WRAP_MODE, pubKey);

            encKey = cipher.encryptKey(doc, new SecretKeySpec(encryptedKey, "AES"));
            final KeyInfo keyinfo = new KeyInfo(doc);
            //KeyIdentifier keyIdentifier = new KeyIdentifierImpl(MessageConstants.ThumbPrintIdentifier_NS,null);
            //keyIdentifier.setValue(Base64.encode(X509ThumbPrintIdentifier.getThumbPrintIdentifier(serCert)));
            byte[] skid = X509SubjectKeyIdentifier.getSubjectKeyIdentifier(cert);
            if (skid != null && skid.length > 0){
                final KeyIdentifier keyIdentifier = new KeyIdentifierImpl(MessageConstants.X509SubjectKeyIdentifier_NS,null);
                keyIdentifier.setValue(Base64.encode(skid));
                final SecurityTokenReference str = new SecurityTokenReferenceImpl(keyIdentifier);
                keyinfo.addUnknownElement((Element)doc.importNode(WSTrustElementFactory.newInstance().toElement(str,null), true));
            }else{
                final X509Data x509data = new X509Data(doc);
                x509data.addCertificate(cert);
                keyinfo.add(x509data);
            }
            encKey.setKeyInfo(keyinfo);
        } catch (XWSSecurityException ex){
            log.log(Level.SEVERE,
                            LogStringsMessages.WST_0040_ERROR_ENCRYPT_PROOFKEY(appliesTo), ex);

            final Document owner = assertion.getOwnerDocument();
            final EncryptedData encData = cipher.encryptData(owner, assertion);
            final String id = "uuid-" + UUID.randomUUID().toString();
            encData.setId(id);

            final KeyInfo encKeyInfo = new KeyInfo(owner);
            final EncryptedKey encKey = encryptKey(owner, skey, serCert, appliesTo, keyWrapAlgorithm);
            encKeyInfo.add(encKey);
            encData.setKeyInfo(encKeyInfo);

            encDataEle = cipher.martial(encData);
         } catch (XMLEncryptionException ex) {
            log.log(Level.SEVERE,

    private KeyInfo createKeyInfo(final String keyType, final X509Certificate serCert, final IssuedTokenContext ctx, String appliesTo)throws WSTrustException{
        Element kiEle = (Element)stsConfig.getOtherOptions().get("ConfirmationKeyInfo");
        if (kiEle != null){
            try{
                return new KeyInfo(kiEle, null);
            }catch(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException ex){
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
            }
        }
        final DocumentBuilderFactory docFactory = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING);
        Document doc = null;
        try{
            doc = docFactory.newDocumentBuilder().newDocument();
        }catch(ParserConfigurationException ex){
            log.log(Level.SEVERE,
                    LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), ex);
            throw new WSTrustException(LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), ex);
        }

        final KeyInfo keyInfo = new KeyInfo(doc);
        if (wstVer.getSymmetricKeyTypeURI().equals(keyType)){
            final byte[] key = ctx.getProofKey();
            if (stsConfig.getEncryptIssuedKey()){
                final EncryptedKey encKey = encryptKey(doc, key, serCert, appliesTo, null);
                try{
                    keyInfo.add(encKey);
                } catch (XMLEncryptionException ex) {
                    log.log(Level.SEVERE,
                            LogStringsMessages.WST_0040_ERROR_ENCRYPT_PROOFKEY(appliesTo), ex);
                    throw new WSTrustException(LogStringsMessages.WST_0040_ERROR_ENCRYPT_PROOFKEY(appliesTo), ex);
                }
            }else{
                final BinarySecret secret = eleFac.createBinarySecret(key, wstVer.getSymmetricKeyTypeURI());
                final Element bsEle= eleFac.toElement(secret,doc);
                keyInfo.addUnknownElement(bsEle);
            }
        }else if(wstVer.getPublicKeyTypeURI().equals(keyType)){
            final X509Data x509data = new X509Data(doc);
            try{
                x509data.addCertificate(ctx.getRequestorCertificate());
            }catch(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException ex){
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
            }
            keyInfo.add(x509data);
        }

        return keyInfo;
    }

                Iterator iter = elem.getChildElements(new QName(MessageConstants.DSIG_NS,"KeyInfo"));
                Element keyInfoElem = null;
                if(iter.hasNext()){
                    keyInfoElem = (Element)iter.next();
                }
                KeyInfo keyInfo = new KeyInfo(keyInfoElem, "MessageConstants.DSIG_NS");
                return new KeyInfoHeaderBlock(keyInfo);
            }
        } catch (XWSSecurityException ex) {
            throw new XWSSecurityRuntimeException("Error while extracting KeyInfo", ex);
        } catch (XMLSecurityException ex) {

            final Document owner = assertion.getOwnerDocument();
            final EncryptedData encData = cipher.encryptData(owner, assertion);
            final String id = "uuid-" + UUID.randomUUID().toString();
            encData.setId(id);

            final KeyInfo encKeyInfo = new KeyInfo(owner);
            final EncryptedKey encKey = WSTrustUtil.encryptKey(owner, skey, serCert, keyWrapAlgorithm);
            encKeyInfo.add(encKey);
            encData.setKeyInfo(encKeyInfo);

            encDataEle = cipher.martial(encData);
         } catch (XMLEncryptionException ex) {
            log.log(Level.SEVERE,

     * @param ownerDoc the OwnerDocument of the KeyInfo
     */
    public KeyInfoHeaderBlock(Document ownerDoc) throws XWSSecurityException {
        try {
            this.document = ownerDoc;
            delegateKeyInfo = new KeyInfo(ownerDoc);
            dirty = true;
            setSOAPElement(getAsSoapElement());
        } catch (Exception e) {
            log.log(
                Level.SEVERE,

        try {
            // The BaseURI in Apache KeyInfo is seems optional
            // However the purpose of it is not clear
            this.document = element.getOwnerDocument();
            delegateKeyInfo =
                new KeyInfo(element,baseURI);
        } catch (XMLSecurityException e) {
            log.log(
                Level.SEVERE,
                "WSS0318.exception.while.creating.keyinfoblock",
                e);

                    keyInfoStrategy.insertKey(keyInfoBlock, secureMsg, x509TokenId);
                }else if(keyEncSK != null){
                    //keyInfoStrategy.insertKey(keyInfoBlock, secureMsg,null);
                    keyInfoBlock.addKeyName(symmetricKeyName);
                }
                KeyInfo keyInfo = keyInfoBlock.getKeyInfo(); /*new KeyInfo(keyInfoBlock.getAsSoapElement(), null); */
                _encryptedKey.setKeyInfo(keyInfo);

            } catch (Exception xe) {
                log.log(Level.SEVERE, "WSS1223.unableto.set.KeyInfo.EncryptedKey", xe);
                //xe.printStackTrace();

        @SuppressWarnings("unchecked") Map<QName, List<String>> claimedAttrs = (Map<QName, List<String>>) ctx.getOtherProperties().get(IssuedTokenContext.CLAIMED_ATTRUBUTES);
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
       // WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance(wstVer);

        // Create the KeyInfo for SubjectConfirmation
        final KeyInfo keyInfo = createKeyInfo(ctx);

        // Create AssertionID
        final String assertionId = "uuid-" + UUID.randomUUID().toString();

        // Create SAML assertion and the reference to the SAML assertion

    private KeyInfo createKeyInfo(final IssuedTokenContext ctx)throws WSTrustException{
        Element kiEle = (Element)ctx.getOtherProperties().get("ConfirmationKeyInfo");
        if (kiEle != null && "KeyInfo".equals(kiEle.getLocalName())){
            try{
                return new KeyInfo(kiEle, null);
            }catch(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException ex){
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
            }
        }
        final DocumentBuilderFactory docFactory = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING);

        Document doc = null;
        try{
            doc = docFactory.newDocumentBuilder().newDocument();
        }catch(ParserConfigurationException ex){
            log.log(Level.SEVERE,
                    LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), ex);
            throw new WSTrustException(LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), ex);
        }

        final String appliesTo = ctx.getAppliesTo();
        final KeyInfo keyInfo = new KeyInfo(doc);
        if (kiEle != null){
            keyInfo.addUnknownElement(kiEle);
            return keyInfo;
        }
        String keyType = ctx.getKeyType();
        WSTrustVersion wstVer = (WSTrustVersion)ctx.getOtherProperties().get(IssuedTokenContext.WS_TRUST_VERSION);
        if (wstVer.getSymmetricKeyTypeURI().equals(keyType)){
            final byte[] key = ctx.getProofKey();
            try{
                final EncryptedKey encKey = WSTrustUtil.encryptKey(doc, key, (X509Certificate)ctx.getOtherProperties().get(IssuedTokenContext.TARGET_SERVICE_CERTIFICATE), null);
                 keyInfo.add(encKey);
            } catch (Exception ex) {
                 log.log(Level.SEVERE,
                            LogStringsMessages.WST_0040_ERROR_ENCRYPT_PROOFKEY(appliesTo), ex);
                 throw new WSTrustException(LogStringsMessages.WST_0040_ERROR_ENCRYPT_PROOFKEY(appliesTo), ex);
            }
        }else if(wstVer.getPublicKeyTypeURI().equals(keyType)){
            final X509Data x509data = new X509Data(doc);
            try{
                x509data.addCertificate(ctx.getRequestorCertificate());
            }catch(com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException ex){
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT(), ex);
            }
            keyInfo.add(x509data);
        }

        return keyInfo;
    }