Package javax.security.auth.message.callback

Examples of javax.security.auth.message.callback.TrustStoreCallback


           }
        }

        PrivateKeyCallback.Request request = new PrivateKeyCallback.DigestRequest(keyIdMatch, "SHA-1");
        PrivateKeyCallback pkCallback = new PrivateKeyCallback(request);
        TrustStoreCallback tsCallback = new TrustStoreCallback();
        CertStoreCallback  csCallback = new CertStoreCallback();

        Callback[] callbacks = null;
        if (this.useXWSSCallbacks) {
            RuntimeProperties props = new RuntimeProperties(context);
            callbacks = new Callback[]{props, pkCallback, tsCallback, csCallback};
        } else {
            callbacks = new Callback[]{pkCallback, tsCallback, csCallback};
        }
        try {
          _handler.handle(callbacks);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"),
                    new Object[] { "PrivateKeyCallback.SubjectKeyIDRequest"});
           throw new XWSSecurityException(e);
        }

        Certificate[] chain = pkCallback.getChain();
        if (chain != null) {
           if (chain.length == 1) {
               return (X509Certificate)chain[0];
           }
           for (int i=0; i<chain.length; i++) {
               X509Certificate x509Cert = (X509Certificate)chain[i];
               //why do i need to check again here, it is waste of time
               if (matchesThumbPrint(keyIdMatch, x509Cert)) {
                   return x509Cert;
               }
           } 
        }
         // if not found, look in CertStore followed by TrustStore
        CertStore certStore = csCallback.getCertStore();
        if (certStore != null) {
            CertSelector selector = null;
            /*if (this.certSelectorClass != null) {
                HashMap props = new HashMap();
                props.putAll(context);
                props.put(XWSSConstants.THUMBPRINT,keyIdMatch);
                selector = XWSSUtil.getCertSelector(certSelectorClass, props);
            }*/
            if (selector == null) {
                selector = new DigestCertSelector(keyIdMatch, MessageConstants.SHA_1);
            }
            try {
                Collection certs = certStore.getCertificates(selector);
                if (!certs.isEmpty()) {
                    Iterator it = certs.iterator();
                    return (X509Certificate)it.next();
                }
            } catch (CertStoreException ex) {
                //ex.printStackTrace();
                log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(),ex);
                throw new XWSSecurityException(ex);
            }  
        }
      
        // if not found, look in Truststore
        KeyStore trustStore = tsCallback.getTrustStore();
        if (trustStore != null) {
           X509Certificate otherPartyCert = getMatchingCertificate(keyIdMatch, trustStore, valueType);
           if (otherPartyCert != null) return otherPartyCert;
        }

View Full Code Here


                }
            }
        } else {
            //for encryption
            if (actualAlias != null && !"".equals(actualAlias)) {
                TrustStoreCallback tsCallback = new TrustStoreCallback();
                Callback[] _callbacks = null;
                if (this.useXWSSCallbacks) {
                    RuntimeProperties props = new RuntimeProperties(context);
                    _callbacks = new Callback[]{props, tsCallback};
                } else {
                    _callbacks = new Callback[]{tsCallback};
                }
                try {
                    _handler.handle(_callbacks);
                } catch (IOException ex) {
                    log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                    throw new XWSSecurityException(ex);
                } catch (UnsupportedCallbackException ex) {
                    log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                    throw new XWSSecurityException(ex);
                }
                if (tsCallback.getTrustStore() != null) {
                    try {
                        cert = (X509Certificate)tsCallback.getTrustStore().getCertificate(actualAlias);
                    } catch (KeyStoreException ex) {
                        log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                        throw new XWSSecurityException(ex);
                    }
                }
            } else {
               
                //actualAlias == null || "".equals(actualAlias)
                // first if certStore configured then give it a chance
                if (this.certSelectorClass != null) {
                    CertStoreCallback csCallback = new CertStoreCallback();

                    Callback[] _callbacks = null;
                    if (this.useXWSSCallbacks) {
                        RuntimeProperties props = new RuntimeProperties(context);
                        _callbacks = new Callback[]{props, csCallback};
                    } else {
                        _callbacks = new Callback[]{csCallback};
                    }
                    try {
                        _handler.handle(_callbacks);
                    } catch (IOException ex) {
                        log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                        throw new XWSSecurityException(ex);
                    } catch (UnsupportedCallbackException ex) {
                        log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                        throw new XWSSecurityException(ex);
                    }
                   
                    if (csCallback.getCertStore() != null) {
                        CertSelector selector = XWSSUtil.getCertSelector(certSelectorClass, context);
                        if (selector != null) {
                            Collection certs = null;
                            try {
                                certs = csCallback.getCertStore().getCertificates(selector);
                            } catch (CertStoreException ex) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_0813_FAILEDTO_GETCERTIFICATE(), ex);
                                throw new RuntimeException(ex);
                            }
                            if (certs.size() > 0) {
                                cert = (X509Certificate)certs.iterator().next();
                            }
                        }
                    }
                }
               
                if (cert == null && this.truststoreCertSelectorClass != null) {
                   
                    TrustStoreCallback tsCallback = new TrustStoreCallback();
                    Callback[] _callbacks = null;
                    if (this.useXWSSCallbacks) {
                        RuntimeProperties props = new RuntimeProperties(context);
                        _callbacks = new Callback[]{props, tsCallback};
                    } else {
                        _callbacks = new Callback[]{tsCallback};
                    }
                    try {
                        _handler.handle(_callbacks);
                    } catch (IOException ex) {
                        log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                        throw new XWSSecurityException(ex);
                    } catch (UnsupportedCallbackException ex) {
                        log.log(Level.SEVERE,LogStringsMessages.WSS_0221_CANNOT_LOCATE_CERT(alias), new Object[] {alias});
                        throw new XWSSecurityException(ex);
                    }
                   
                    KeyStore trustStore = tsCallback.getTrustStore();
                   
                    if (trustStore != null) {
                        if (this.truststoreCertSelectorClass != null) {
                            CertSelector selector = XWSSUtil.getCertSelector(truststoreCertSelectorClass, context);
                            if (selector != null) {
View Full Code Here

           }
      }
                                                                                                                                                            
        if (!forSign) {
            CertStoreCallback csCallback = new CertStoreCallback();
            TrustStoreCallback tsCallback = new TrustStoreCallback();

            Callback[] callbacks = null;
            if (this.useXWSSCallbacks) {
                RuntimeProperties props = new RuntimeProperties(context);
                callbacks = new Callback[]{props, csCallback, tsCallback};
            } else {
                callbacks = new Callback[]{csCallback, tsCallback};
            }
                                                                                                                                                            
            try {
              _handler.handle(callbacks);
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("CertStoreCallback"),
                    new Object[] { "CertStoreCallback"});
                 throw new XWSSecurityException(e);
          }
            // look in CertStore followed by Truststore to get certificate of a publicKey passed as argument
            CertStore certStore = csCallback.getCertStore();
            if (certStore != null) {
                CertSelector selector = null;
                /*if (this.certSelectorClass != null) {
                    HashMap props = new HashMap();
                    props.putAll(context);
                    props.put(XWSSConstants.PUBLICKEY, publicKey);
                    selector = XWSSUtil.getCertSelector(certSelectorClass, props);
                }*/
                if (selector == null) {
                    selector = new PublicKeyCertSelector(publicKey);
                }
                try {
                    Collection certs = certStore.getCertificates(selector);
                    if (!certs.isEmpty()) {
                        Iterator it = certs.iterator();
                        return (X509Certificate) it.next();
                    }
                } catch (CertStoreException ex) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(), ex);
                    throw new XWSSecurityException(ex);
                }
            }

            KeyStore trustStore = tsCallback.getTrustStore();
            if (trustStore != null) {
                X509Certificate otherPartyCert = getMatchingCertificate(publicKey, trustStore);
                if (otherPartyCert != null)
                    return otherPartyCert;
            }
View Full Code Here

      } else if (callback instanceof PasswordValidationCallback) {
            processPasswordValidation((PasswordValidationCallback)callback);
        } else if (callback instanceof PrivateKeyCallback) {
            processPrivateKey((PrivateKeyCallback)callback);
        } else if (callback instanceof TrustStoreCallback) {
            TrustStoreCallback tstoreCallback = (TrustStoreCallback)callback;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                    "JMAC: In TrustStoreCallback Processor");
            }
            tstoreCallback.setTrustStore (sslUtils.getMergedTrustStore());

        } else if (callback instanceof CertStoreCallback) {
            processCertStore((CertStoreCallback)callback);
        } else if (callback instanceof SecretKeyCallback) {
            processSecretKey((SecretKeyCallback)callback);
View Full Code Here

      } else if (callback instanceof PasswordValidationCallback) {
            processPasswordValidation((PasswordValidationCallback)callback);
        } else if (callback instanceof PrivateKeyCallback) {
            processPrivateKey((PrivateKeyCallback)callback);
        } else if (callback instanceof TrustStoreCallback) {
            TrustStoreCallback tstoreCallback = (TrustStoreCallback)callback;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                    "JMAC: In TrustStoreCallback Processor");
            }
            tstoreCallback.setTrustStore (sslUtils.getMergedTrustStore());

        } else if (callback instanceof CertStoreCallback) {
            processCertStore((CertStoreCallback)callback);
        } else if (callback instanceof SecretKeyCallback) {
            processSecretKey((SecretKeyCallback)callback);
View Full Code Here

      } else if (callback instanceof PasswordValidationCallback) {
            processPasswordValidation((PasswordValidationCallback)callback);
        } else if (callback instanceof PrivateKeyCallback) {
            processPrivateKey((PrivateKeyCallback)callback);
        } else if (callback instanceof TrustStoreCallback) {
            TrustStoreCallback tstoreCallback = (TrustStoreCallback)callback;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                    "JMAC: In TrustStoreCallback Processor");
            }
            tstoreCallback.setTrustStore (sslUtils.getMergedTrustStore());

        } else if (callback instanceof CertStoreCallback) {
            processCertStore((CertStoreCallback)callback);
        } else if (callback instanceof SecretKeyCallback) {
            processSecretKey((SecretKeyCallback)callback);
View Full Code Here

      } else if (callback instanceof PasswordValidationCallback) {
            processPasswordValidation((PasswordValidationCallback)callback);
        } else if (callback instanceof PrivateKeyCallback) {
            processPrivateKey((PrivateKeyCallback)callback);
        } else if (callback instanceof TrustStoreCallback) {
            TrustStoreCallback tstoreCallback = (TrustStoreCallback)callback;
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE,
                    "JMAC: In TrustStoreCallback Processor");
            }
            tstoreCallback.setTrustStore (sslUtils.getMergedTrustStore());

        } else if (callback instanceof CertStoreCallback) {
            processCertStore((CertStoreCallback)callback);
        } else if (callback instanceof SecretKeyCallback) {
            processSecretKey((SecretKeyCallback)callback);
View Full Code Here

        boolean isIssuerCertMatched = false;
       
        try {
            Callback[] callbacks = null;
            CertStoreCallback csCallback = null;
            TrustStoreCallback tsCallback = null;

            if (tsCallback == null && csCallback == null) {
               csCallback = new CertStoreCallback();
               tsCallback = new TrustStoreCallback();
               callbacks = new Callback[] { csCallback, tsCallback };
            } else if (csCallback == null) {
               csCallback = new CertStoreCallback();
               callbacks = new Callback[] { csCallback };
            } else if (tsCallback == null) {
               tsCallback = new TrustStoreCallback();
               callbacks = new Callback[] { tsCallback };
            }

           
           try {
             _handler.handle(callbacks);
           } catch (Exception e) {
               log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("Validate an X509Certificate"),
                    new Object[] { "Validate an X509Certificate"});
             throw new XWSSecurityException(e);
           }
          
            Certificate[] certChain = null;
            String certAlias = tsCallback.getTrustStore().getCertificateAlias(cert);
            if(certAlias!= null){
                certChain = tsCallback.getTrustStore().getCertificateChain(certAlias);
            }
            if(certChain == null){
                certChainList.add(cert);
                certChainIssuer = cert.getIssuerX500Principal();
                noOfEntriesInTrustStore = tsCallback.getTrustStore().size();               
      }else{
    certChainList = Arrays.asList(certChain);
      }           
            while(!caFound && noOfEntriesInTrustStore-- != 0 && certChain == null){               
                Enumeration aliases = tsCallback.getTrustStore().aliases();               
                while (aliases.hasMoreElements()){
                    String alias = (String) aliases.nextElement();                                     
                    Certificate certificate = tsCallback.getTrustStore().getCertificate(alias);                   
                    if (certificate == null || !"X.509".equals(certificate.getType()) || certChainList.contains(certificate)) {
                        continue;
                    }
                    X509Certificate x509Cert = (X509Certificate) certificate;                   
                    if(certChainIssuer.equals(x509Cert.getSubjectX500Principal())){
                        certChainList.add(certificate);
                        if(x509Cert.getSubjectX500Principal().equals(x509Cert.getIssuerX500Principal())){
                            caFound = true;                           
                            break;
                        }else{                           
                            certChainIssuer = x509Cert.getIssuerDN();                           
                            if(!isIssuerCertMatched){
                          isIssuerCertMatched = true;
                            }
                        }
                    }else{
                        continue;
                    }
                }
                if(!caFound){
                    if(!isIssuerCertMatched){                       
                        break;                       
                    }else{
                        isIssuerCertMatched = false;
                    }
                }
            }
            try{                                               
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                certPath = cf.generateCertPath(certChainList);
                certPathValidator = CertPathValidator.getInstance("PKIX");
            }catch(Exception e){
                log.log(Level.SEVERE, com.sun.xml.wss.logging.impl.misc.LogStringsMessages.WSS_1518_FAILEDTO_VALIDATE_CERTIFICATE(), e);
                throw new CertificateValidationCallback.CertificateValidationException(e.getMessage(), e);
            }
          
            parameters = new PKIXBuilderParameters(tsCallback.getTrustStore(), certSelector);
            parameters.setRevocationEnabled(revocationEnabled);
            parameters.addCertStore(csCallback.getCertStore());
           
        } catch (Exception e) {
            // Log Message
View Full Code Here

    private boolean isTrustedSelfSigned(X509Certificate cert) throws XWSSecurityException {
        try {
            Callback[] callbacks = null;
            CertStoreCallback csCallback = null;
            TrustStoreCallback tsCallback = null;

            if (tsCallback == null && csCallback == null) {
                csCallback = new CertStoreCallback();
                tsCallback = new TrustStoreCallback();
                callbacks = new Callback[]{csCallback, tsCallback};
            } else if (csCallback == null) {
                csCallback = new CertStoreCallback();
                callbacks = new Callback[]{csCallback};
            } else if (tsCallback == null) {
                tsCallback = new TrustStoreCallback();
                callbacks = new Callback[]{tsCallback};
            }

            try {
                _handler.handle(callbacks);
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("Validate an X509Certificate"),
                        new Object[]{"Validate an X509Certificate"});
                throw new XWSSecurityException(e);
            }

            if (tsCallback.getTrustStore() == null) {
                return false;
            }

            Enumeration aliases = tsCallback.getTrustStore().aliases();
            while (aliases.hasMoreElements()) {
                String alias = (String) aliases.nextElement();
                Certificate certificate = tsCallback.getTrustStore().getCertificate(alias);
                if (certificate == null || !"X.509".equals(certificate.getType())) {
                    continue;
                }
                X509Certificate x509Cert = (X509Certificate) certificate;
                if (x509Cert != null && x509Cert.equals(cert)) {
View Full Code Here

        PrivateKeyCallback.Request request = new PrivateKeyCallback.SubjectKeyIDRequest(
                                                                    keyIdMatch);
        PrivateKeyCallback pkCallback = new PrivateKeyCallback(request);
        CertStoreCallback csCallback = new CertStoreCallback();
        TrustStoreCallback tsCallback = new TrustStoreCallback();

        Callback[] callbacks = null;
        if (this.useXWSSCallbacks) {
            RuntimeProperties props = new RuntimeProperties(context);
            callbacks = new Callback[]{props, pkCallback, tsCallback, csCallback};
        } else {
            callbacks = new Callback[]{pkCallback, tsCallback, csCallback};
        }
        try {
          _handler.handle(callbacks);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0216_CALLBACKHANDLER_HANDLE_EXCEPTION("PrivateKeyCallback.SubjectKeyIDRequest"),
                    new Object[] { "PrivateKeyCallback.SubjectKeyIDRequest"});
           throw new XWSSecurityException(e);
        }

        Certificate[] chain = pkCallback.getChain();
        if (chain != null) {
           if (chain.length == 1) {
               return (X509Certificate)chain[0];
           }
           for (int i=0; i<chain.length; i++) {
               X509Certificate x509Cert = (X509Certificate)chain[i];
               if (matchesKeyIdentifier(keyIdMatch, x509Cert))
                  return x509Cert;
          
        }
        // if not found, look in CertStore followed by TrustStore
        CertStore certStore = csCallback.getCertStore();
        if (certStore != null) {
            CertSelector selector = null;
            /*if (this.certSelectorClass != null) {
                HashMap props = new HashMap();
                props.putAll(context);
                props.put(XWSSConstants.SUBJECTKEYIDENTIFIER, keyIdMatch);
                selector = XWSSUtil.getCertSelector(certSelectorClass, props);
            }*/
            if (selector == null) {
                selector = new KeyIdentifierCertSelector(keyIdMatch);
            }
            try {
                Collection certs = certStore.getCertificates(selector);
                if (!certs.isEmpty()) {
                    Iterator it = certs.iterator();
                    return (X509Certificate)it.next();
                }
            } catch (CertStoreException ex) {
                //ex.printStackTrace();
                log.log(Level.SEVERE, LogStringsMessages.WSS_0713_ERROR_IN_CERTSTORE_LOOKUP(),ex);
                throw new XWSSecurityException(ex);
            }  
        }
       
        KeyStore trustStore = tsCallback.getTrustStore();
        if (trustStore != null) {
           X509Certificate otherPartyCert = getMatchingCertificate(keyIdMatch, trustStore);
           if (otherPartyCert != null)
               return otherPartyCert;
        }
View Full Code Here

TOP

Related Classes of javax.security.auth.message.callback.TrustStoreCallback

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.