Examples of com.sun.xml.ws.security.opt.impl.util.CertificateRetriever

• com.sun.xml.ws.security.opt.impl.util.CertificateRetriever
  @author suresh

                try {
                    QName ID_QNAME = new QName("http://schemas.xmlsoap.org/ws/2006/02/addressingidentity", "Identity");
                    idExtn = epr.getEPRExtension(ID_QNAME);
                     if (idExtn != null) {
                            xmlReader = idExtn.readAsXMLStreamReader();
                            CertificateRetriever cr = new CertificateRetriever();
                            //byte[] bstValue = cr.digestBST(xmlReader);
                            byte[] bstValue = cr.getBSTFromIdentityExtension(xmlReader);
                            X509Certificate certificate = null;
                            if (bstValue != null) {
                                certificate = cr.constructCertificate(bstValue);
                            }
                            return certificate;
                        }
                } catch (XMLStreamException ex) {
                    log.log(Level.WARNING, ex.getMessage());

                    // put the server certificate, if available, in the configuration
                    // and make sure the  validition of the server certificate happens only once
                    if (serverCert != null) {
                        if (isCertValidityVerified == false) {
                            CertificateRetriever cr = new CertificateRetriever();
                            isCertValid = cr.setServerCertInTheSTSConfig(config, secEnv, serverCert);
                            cr = null;
                            isCertValidityVerified = true;
                        }else {
                             if(isCertValid == true){
                                 config.getOtherOptions().put("Identity", serverCert);

        ctx.hasIssuedToken(bindingHasIssuedTokenPolicy());
        ctx.setSecurityEnvironment(secEnv);
        //set the server certificate in the context ;
        if (serverCert != null) {
            if (isCertValidityVerified == false) {
                CertificateRetriever cr = new CertificateRetriever();
                isCertValid = cr.setServerCertInTheContext(ctx, secEnv, serverCert);
                cr = null;
                isCertValidityVerified = true;
            }else {
                if(isCertValid == true){
                    ctx.getExtraneousProperties().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, serverCert);

        //ctx.setIssuedTokenContextMap(issuedTokenContextMap);
        ctx.setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));
        //set the server certificate in the context ;
        if (serverCert != null) {
            if (isCertValidityVerified == false) {
                CertificateRetriever cr = new CertificateRetriever();
                isCertValid = cr.setServerCertInTheContext(ctx, secEnv, serverCert);
                cr = null;
                isCertValidityVerified = true;
            }else {
                 if(isCertValid == true){
                    ctx.getExtraneousProperties().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, serverCert);

        if (extension != null) {
            return extension;
        }
        QName eprQName = new QName("http://schemas.sun.com/2006/03/wss/server", "EnableEPRIdentity");
        CertificateRetriever cr = new CertificateRetriever();
        boolean found = cr.checkforEPRIdentity(wse, eprQName);
        if (found == false) {
            return null;
        } else {
            //log.log(Level.INFO, "EnableEPRIdentity assertion is enabled");
            try {
                URL url = SecurityUtil.loadFromClasspath("META-INF/ServerCertificate.cert");
                if (url != null) {
                    CertificateFactory certFact = CertificateFactory.getInstance("X.509");
                    InputStream is = url.openStream();
                    this.cs = certFact.generateCertificate(is);
                    is.close();
                } else {
                    cs = cr.getServerKeyStore(wse);
                    if (cs == null) {
                        return null;
                    }
                }
            } catch (CertificateException ex) {

                        try {
                            QName ID_QNAME = new QName("http://schemas.xmlsoap.org/ws/2006/02/addressingidentity", "Identity");
                            idExtn = epr.getEPRExtension(ID_QNAME);
                            if (idExtn != null) {
                                xmlReader = idExtn.readAsXMLStreamReader();
                                CertificateRetriever cr = new CertificateRetriever();
                                //byte[] bstValue = cr.digestBST(xmlReader);
                                byte[] bstValue = cr.getBSTFromIdentityExtension(xmlReader);
                                X509Certificate certificate = null;
                                if (bstValue != null) {
                                    certificate = cr.constructCertificate(bstValue);
                                }
                                if (certificate != null) {
                                    props.put(PipeConstants.SERVER_CERT, certificate);
                                    this.serverCert = certificate;
                                }

                    // put the server certificate, if available, in the configuration
                    X509Certificate x509ServerCertificate = (X509Certificate) props.get(PipeConstants.SERVER_CERT);
                    // and make sure the  validition of the server certificate happens only once
                    if (x509ServerCertificate != null) {
                        if (isCertValidityVerified == false) {
                            CertificateRetriever cr = new CertificateRetriever();
                            isCertValid = cr.setServerCertInTheSTSConfig(config, secEnv, x509ServerCertificate);
                            cr = null;
                            isCertValidityVerified = true;
                        } else {
                            if (isCertValid == true) {
                                config.getOtherOptions().put("Identity", x509ServerCertificate);

        //set the server certificate in the context ;
        if (serverCert != null) {
            if (isCertValidityVerified == false) {
                CertificateRetriever cr = new CertificateRetriever();
                isCertValid = cr.setServerCertInTheContext(ctx, secEnv, serverCert);
                cr = null;
                isCertValidityVerified = true;
            } else {
                if (isCertValid == true) {
                    ctx.getExtraneousProperties().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, serverCert);

        //ctx.setIssuedTokenContextMap(issuedTokenContextMap);
        ctx.setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));
        //set the server certificate in the context ;
        if (serverCert != null) {
            if (isCertValidityVerified == false) {
                CertificateRetriever cr = new CertificateRetriever();
                isCertValid = cr.setServerCertInTheContext(ctx, secEnv, serverCert);
                cr = null;
                isCertValidityVerified = true;
            } else {
                if (isCertValid == true) {
                    ctx.getExtraneousProperties().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, serverCert);