Package org.wso2.xkms2.service

Examples of org.wso2.xkms2.service.DefaultXKMSExecutor


                    Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS)
                    .canonicalizeSubtree(contextNode));

        } catch (InvalidCanonicalizerException ex) {
            log.error(ex);
            throw new XKMSException(ex);
        } catch (CanonicalizationException ex) {
            log.error(ex);
            throw new XKMSException(ex);
        } catch (IOException e) {
            log.error(e);
            throw new XKMSException(e);
        }
    }
View Full Code Here


        } else if (signKey instanceof PrivateKey) {
            xmlSignatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;

        } else {
            throw new XKMSException("Invalid signing key type : "
                    + signKey.getClass().getName());
        }

        String elementId = signElement.getAttribute("Id");
        if (elementId == null) {
            throw new XKMSException("Id of the signing element is not set");
        }

        String elementRefId = "#" + elementId;
        IdResolver.registerElementById(signElement, elementId);

        try {
            XMLSignature signature = new XMLSignature(signElement
                    .getOwnerDocument(), "", xmlSignatureAlgorithm,
                    Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

            Transforms transforms = new Transforms(signElement
                    .getOwnerDocument());
            transforms
                    .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
            signature.addDocument(elementRefId, transforms,
                    MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);

            signature.sign(signKey);
            return signature;

        } catch (XMLSecurityException se) {
            throw new XKMSException(se);
        }
    }
View Full Code Here

    public static void sign(Key signKey, X509Certificate signCert,
            Element signElement) throws XKMSException {

        String elementId = signElement.getAttribute("Id");
        if (elementId == null) {
            throw new XKMSException("Id of the signing element is not set");
        }

        String elementRefId = "#" + elementId;
        IdResolver.registerElementById(signElement, elementId);

        try {
            XMLSignature signature = new XMLSignature(signElement
                    .getOwnerDocument(), elementRefId,
                    XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
                    Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

            signElement.appendChild(signature.getElement());

            Transforms transforms = new Transforms(signElement
                    .getOwnerDocument());

            transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
            transforms
                    .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);

            signature.addDocument(elementRefId, transforms,
                    MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1);

            signature.addKeyInfo(signCert);
            signature.addKeyInfo(signCert.getPublicKey());

            signature.sign(signKey);

        } catch (XMLSecurityException xmse) {
            throw new XKMSException(xmse);
        }
    }
View Full Code Here

        OMElement revokeKeyBindingElement = element
                .getFirstChildWithName(XKMS2Constants.Q_ELEM_REVOKE_KEY_BINDING);

        if (revokeKeyBindingElement == null) {
            throw new XKMSException("RevokeKeyBinding element not found");
        }
        revokeRequest
                .setRevokeKeyBinding((RevokeKeyBinding) RevokeKeyBindingBuilder.INSTANCE
                        .buildElement(revokeKeyBindingElement));

        if (revokeRequest.getAuthentication() == null) {
            OMElement revocationCodeElem = element
                    .getFirstChildWithName(XKMS2Constants.Q_ELEM_REVOCATION_CODE);
            if (revocationCodeElem != null) {
                revokeRequest.setRevocationCode(Base64.decode(revocationCodeElem
                        .getText()));
            } else {
                throw new XKMSException(
                        "Neither Authentication nor RevocationCode found");
            }
        }

        return revokeRequest;
View Full Code Here

            if (identifer == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No SubjectDN is specified");
                }

                throw new XKMSException(XKMSException.FAILURE, "NoSubjectDN");
            }

            PublicKey public1 = pkb.getKeyValue();
            PrivateKey private1 = null;

            // if a public key is not provided we need to generate both the
            // public key and private key
            if (public1 == null) {
                KeyPair keypair = XKMSKeyUtil.generateRSAKeyPair();
                public1 = keypair.getPublic();
                private1 = keypair.getPrivate();
            }

            // calculating the start and expiery dates.
            ValidityInterval validityInterval = pkb.getValidityInterval();
            Date[] adjustedInterval;
            if (validityInterval != null) {
                adjustedInterval = getAdjustedValidityInterval(validityInterval
                        .getNotBefore(), validityInterval.getOnOrAfter());
            } else {
                adjustedInterval = getAdjustedValidityInterval((Date) null,
                        (Date) null);
            }

            long serialNum = nextSerialNumber();
            String aliase = createAlias(serialNum);
            BigInteger serialNumber = BigInteger.valueOf(serialNum);

            X509Certificate cert;

            List keyUsage = pkb.getKeyUsage();
            if (keyUsage == null
                    || keyUsage.isEmpty()
                    || (keyUsage.size() == 1 && keyUsage
                            .contains(KeyUsage.EXCHANGE))) {
                cert = XKMSKeyUtil.getX509Certificate(identifer, serialNumber,
                        adjustedInterval[0], adjustedInterval[1], public1,
                        cacert, cakey);

            } else {

                cert = XKMSKeyUtil.getX509Certificate(identifer, serialNumber,
                        adjustedInterval[0], adjustedInterval[1], keyUsage
                                .contains(KeyUsage.SIGNATURE), keyUsage
                                .contains(KeyUsage.ENCRYPTION), public1,
                        cacert, cakey);
            }

            try {
                keystore.setCertificateEntry(aliase, cert);
                if (LOG.isDebugEnabled()) {
                    LOG
                            .debug("Adding the newly constructed X509Certificate to the keystore - \n "
                                    + cert);
                }

                if (private1 != null) {
                    Certificate[] chain = new Certificate[] { cert };
                    keystore.setKeyEntry(aliase, private1,
                            getPrivateKeyPassword(), chain);

                    if (LOG.isDebugEnabled()) {
                        LOG
                                .debug("Added the newly construct Private Key to the keystore - \n"
                                        + private1);
                    }
                }

                if (saveKeystore) {
                    saveKeystore();
                }

            } catch (KeyStoreException e) {
                LOG.error("Adding the certificate to keystore failed", e);
                throw new XKMSException(e);
            }

            RegisterResult result = XKMSUtil.createRegisterResult();
            buildResultType(request, result, aliase, keystore);
            return result;
View Full Code Here

            ReissueKeyBinding rkb = request.getReissueKeyBinding();
            X509Certificate cert = rkb.getCertValue();

            if (cert == null) {
                throw new XKMSException(XKMSException.FAILURE, "CertNotPresent");
            }

            String alias = getAliasForX509Cert(cert.getIssuerDN().getName(),
                    cert.getSerialNumber());

            if (alias == null) {
                throw new XKMSException(XKMSException.FAILURE, "CertNotFound");
            }

            ReissueResult result = XKMSUtil.creatReissueResult();
            buildResultType(request, result, alias, keystore);
            return result;
View Full Code Here

                    aliases = new String[] { keyName };
                }
            }

            if (aliases == null || aliases.length < 1) {
                throw new XKMSException(XKMSException.NO_MATCH, "keyNotFound");
            }

            RecoverResult recoverResult = XKMSUtil.createRecoverResult();
            buildResultType(request, recoverResult, aliases[0], keystore);
            return recoverResult;
View Full Code Here

                        KeyName keyName = keyInfo.itemKeyName(0);
                        if (keyName != null) {
                            aliases = new String[] { keyName.getKeyName() };
                        }
                    } catch (XMLSecurityException xme) {
                        throw new XKMSException(xme);
                    }
                }

                if (LOG.isDebugEnabled()) {
                    LOG.debug("No SubjectDN is specified");
                }
            } else {
                aliases = getAliasesForDN(identifer);
            }

            byte[] skiValue = getSKIValue(keybinding);
            if (skiValue != null) {
                String alias = getAliasForX509Cert(skiValue);
                if (alias != null) {
                    aliases = new String[] { alias };
                }
            }

            if (aliases == null || aliases.length == 0) {
                throw new XKMSException("KeyNotFound");
            }

            List keyUsage = keybinding.getKeyUsage();
            boolean digitalSigning = keyUsage.contains(KeyUsage.SIGNATURE);
            boolean dataEncryption = keyUsage.contains(KeyUsage.ENCRYPTION);

            List list = new ArrayList();
            for (int i = 0; i < aliases.length; i++) {
                String alias = aliases[i];
                X509Certificate cert = getCertificate(alias);

                if (cert != null) {
                    boolean[] ku = cert.getKeyUsage();

                    if (digitalSigning && !ku[0]) {
                        continue;
                    }
                    if (dataEncryption && !ku[3]) {
                        continue;
                    }
                    list.add(alias);
                }
            }

            if (list.isEmpty()) {
                throw new XKMSException(XKMSException.NO_MATCH, "KeyNotFound");
            }

            LocateResult result = XKMSUtil.createLocateResult();
            buildResultType((RequestAbstractType) locate, (ResultType) result);
View Full Code Here

            if (keyInfo != null) {
                try {
                    cert = keyInfo.getX509Certificate();
                } catch (KeyResolverException e) {
                    throw new XKMSException(XKMSException.FAILURE, "keystore",
                            e);
                }
            }

            if (cert == null) {
                throw new XKMSException(XKMSException.FAILURE, "CertNotPresent");
            }

            if (verifyTrust(cert)) {
                ValidateResult validateResult = XKMSUtil.createValidateResult();
                buildResultType((RequestAbstractType) validateRequest,
View Full Code Here

                    abstractType.setKeyValue(cert.getPublicKey());
                }

            } catch (KeyResolverException e) {
                LOG.error("", e);
                throw new XKMSException(XKMSException.FAILURE, "noKey", e);

            } catch (XMLSecurityException e) {
                LOG.error("", e);
                throw new XKMSException(XKMSException.FAILURE, "noKey", e);
            }
        }
    }
View Full Code Here

TOP

Related Classes of org.wso2.xkms2.service.DefaultXKMSExecutor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.