@Override public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { for (Object o : keyInfo.getContent()) { if (o instanceof X509Data) { for (Object o2 : ((X509Data) o).getContent()) { if (o2 instanceof X509Certificate) { final X509Certificate cert = (X509Certificate) o2; return new KeySelectorResult() { public Key getKey() { return cert.getPublicKey(); } }; } } } } return null; }
@Test() public void select_wrong_structType() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); KeyName struct = mock(KeyName.class); list.add(struct); doReturn(list).when(keyinfo).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains("No X509Data element found.")); } }
@Test() public void select_x509Data_empty() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); X509Data x509Data = mock(X509Data.class); list.add(x509Data); doReturn(list).when(keyinfo).getContent(); doReturn(new ArrayList<Object>()).when(x509Data).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains("No X509Data element found.")); } }
@Test() public void select_x509Data_noCertificate() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); X509Data x509Data = mock(X509Data.class); list.add(x509Data); doReturn(list).when(keyinfo).getContent(); ArrayList<Object> x509DataContent = new ArrayList<Object>(); x509DataContent.add(new String()); doReturn(x509DataContent).when(x509Data).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains("No X509Data element found.")); } }
@Test() public void select_publicKey_exception() throws Exception { // given selector = spy(new X509KeySelector(keystore)); KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); X509Data x509Data = mock(X509Data.class); list.add(x509Data); doReturn(list).when(keyinfo).getContent(); ArrayList<Object> x509DataContent = new ArrayList<Object>(); x509DataContent.add(mock(X509Certificate.class)); doReturn(x509DataContent).when(x509Data).getContent(); doThrow(new KeyStoreException("key exception")).when(selector) .getPublicKeyFromKeystore(any(X509Certificate.class), any(SignatureMethod.class)); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getCause().getMessage().contains("key exception")); } }
@Test() public void select_wrong_structType() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); KeyName struct = mock(KeyName.class); list.add(struct); doReturn(list).when(keyinfo).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains( "No RSA/DSA KeyValue element found")); } }
@Test() public void select_publicKey_exception() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); ArrayList<XMLStructure> list = new ArrayList<XMLStructure>(); KeyValue struct = mock(KeyValue.class); list.add(struct); doReturn(list).when(keyinfo).getContent(); doThrow(new KeyException("test")).when(struct).getPublicKey(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getCause().getMessage().contains("test")); } }
@Override public KeySelectorResult select(final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context) throws KeySelectorException { for (final Object object : keyInfo.getContent()) { final XMLStructure info = (XMLStructure) object; if (info instanceof X509Data) { final X509Data x509Data = (X509Data) info; for (final Object certificado : x509Data.getContent()) { if (certificado instanceof X509Certificate) { final X509Certificate x509Certificate = (X509Certificate) certificado; if (this.algEquals(method.getAlgorithm(), x509Certificate.getPublicKey().getAlgorithm())) { return new KeySelectorResult() { @Override public Key getKey() { return x509Certificate.getPublicKey(); } }; } } } } } throw new KeySelectorException("N\u00e3o foi localizada a chave do certificado."); }
@Override public KeySelectorResult select(final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context) throws KeySelectorException { for (final Object object : keyInfo.getContent()) { final XMLStructure info = (XMLStructure) object; if (info instanceof X509Data) { final X509Data x509Data = (X509Data) info; for (final Object certificado : x509Data.getContent()) { if (certificado instanceof X509Certificate) { final X509Certificate x509Certificate = (X509Certificate) certificado; if (this.algEquals(method.getAlgorithm(), x509Certificate.getPublicKey().getAlgorithm())) { return new KeySelectorResult() { @Override public Key getKey() { return x509Certificate.getPublicKey(); } }; } } } } } throw new KeySelectorException("Nao foi localizada a chave do certificado."); }
@Override public KeySelectorResult select ( final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context ) throws KeySelectorException { if ( keyInfo == null ) { throw new KeySelectorException ( "Null KeyInfo object!" ); } final SignatureMethod sm = (SignatureMethod)method; final List<?> list = keyInfo.getContent (); for ( int i = 0; i < list.size (); i++ ) { final XMLStructure xmlStructure = (XMLStructure)list.get ( i ); if ( xmlStructure instanceof KeyValue ) { try { final PublicKey pk = ( (KeyValue)xmlStructure ).getPublicKey (); // make sure algorithm is compatible with method if ( algEquals ( sm.getAlgorithm (), pk.getAlgorithm () ) ) { return new SimpleKeySelectorResult ( pk ); } } catch ( final KeyException ke ) { throw new KeySelectorException ( ke ); } } } throw new KeySelectorException ( "No KeyValue element found!" ); }
@Override public KeySelectorResult select ( final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context ) throws KeySelectorException { if ( keyInfo == null ) { throw new KeySelectorException ( "Null KeyInfo object!" ); } final SignatureMethod sm = (SignatureMethod)method; final List<?> list = keyInfo.getContent (); for ( final Object l : list ) { final XMLStructure xmlStructure = (XMLStructure)l; if ( xmlStructure instanceof X509Data ) { for ( final Object o : ( (X509Data)xmlStructure ).getContent () ) { KeySelectorResult result = null; if ( o instanceof X509Certificate ) { result = findPublicKey ( (X509Certificate)o, sm ); } if ( result != null ) { return result; } } } } throw new KeySelectorException ( "No KeyValue element found!" ); }
@Test() public void select_keyInfo_null() throws Exception { // given // when try { selector.select(null, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains("Null KeyInfo object!")); } }
@Test() public void select_xmlStruct_empty() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); doReturn(new ArrayList<XMLStructure>()).when(keyinfo).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains("No X509Data element found.")); } }
@Test() public void select_xmlStruct_empty() throws Exception { // given KeyInfo keyinfo = mock(KeyInfo.class); doReturn(new ArrayList<XMLStructure>()).when(keyinfo).getContent(); // when try { selector.select(keyinfo, null, null, null); fail(); } catch (KeySelectorException e) { assertTrue(e.getMessage().contains( "No RSA/DSA KeyValue element found")); } }
@Override public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Null KeyInfo object!"); } @SuppressWarnings("unchecked") List<XMLStructure> list = keyInfo.getContent(); for (XMLStructure xmlStructure : list) { if (xmlStructure instanceof X509Data) { X509Data x509Data = (X509Data) xmlStructure; @SuppressWarnings("rawtypes") List content = x509Data.getContent(); for (int i = 0; i < content.size(); i++) { Object x509Content = content.get(i); if (x509Content instanceof X509Certificate) { X509Certificate certificate = (X509Certificate) x509Content; try { return getPublicKeyFromKeystore(certificate, (SignatureMethod) algorithmMethod); } catch (KeyStoreException e) { throw new KeySelectorException(e); } } } } } throw new KeySelectorException("No X509Data element found."); }
KeySelectorResult getPublicKeyFromKeystore(X509Certificate certificate, SignatureMethod signatureMethod) throws KeyStoreException, KeySelectorException { isSigningCertificate(certificate); return searchInKeystore(certificate, signatureMethod); }
KeySelectorResult searchInKeystore(X509Certificate certificate, SignatureMethod signatureMethod) throws KeyStoreException, KeySelectorException { String alias = keystore.getCertificateAlias(certificate); if (alias != null) { PublicKey pk = keystore.getCertificate(alias).getPublicKey(); if (algorithmCompatibleWithMethod(signatureMethod.getAlgorithm(), pk.getAlgorithm())) { return new SimpleKeySelectorResult(pk); } } throw new KeySelectorException( "X509 content is not a signing certificate"); }
private void isSigningCertificate(X509Certificate certificate) throws KeySelectorException { boolean[] keyUsage = certificate.getKeyUsage(); if (keyUsage != null && keyUsage[0] == false) { throw new KeySelectorException( "X509 content is not a signing certificate"); } }
@Override public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Null KeyInfo object!"); } @SuppressWarnings("unchecked") List<XMLStructure> list = keyInfo.getContent(); for (XMLStructure xmlStructure : list) { if (xmlStructure instanceof KeyValue) { PublicKey publicKey = null; try { publicKey = ((KeyValue) xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } if (algorithmCompatibleWithMethod( algorithmMethod.getAlgorithm(), publicKey.getAlgorithm())) { return new SimpleKeySelectorResult(publicKey); } } } throw new KeySelectorException("No RSA/DSA KeyValue element found"); }
private static List<Class<?>> getDeprivilegedClasses() { List<Class<?>> classes = new ArrayList<Class<?>>(); // Test from java.xml.crypto/javax/xml/crypto/dsig package classes.add(XMLSignatureFactory.class); // Test from java.xml.crypto/javax/xml/crypto package classes.add(KeySelectorException.class); // Test From java.security.jgss/javax/security/auth/kerberos package classes.add(KeyTab.class); // Test from jdk.security.jgss/com/sun/security/jgss package classes.add(AuthorizationDataEntry.class); // Test from jdk.security.auth/com/sun/security/auth/callback package classes.add(TextCallbackHandler.class); return classes; }
public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Null KeyInfo object!"); } SignatureMethod sm = (SignatureMethod) method; @SuppressWarnings("rawtypes") List list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { XMLStructure xmlStructure = (XMLStructure) list.get(i); if (xmlStructure instanceof KeyValue) { PublicKey pk = null; try { pk = ((KeyValue) xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } // make sure algorithm is compatible with method if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) { return new SimpleKeySelectorResult(pk); } } } throw new KeySelectorException("No KeyValue element found!"); }
@Override public KeySelectorResult select(final KeyInfo keyInfo, final KeySelector.Purpose purpose, final AlgorithmMethod method, final XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("null KeyInfo"); } List<?> list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { XMLStructure xmlStructure = (XMLStructure) list.get(i); PublicKey pk = null; if (xmlStructure instanceof KeyValue) { try { pk = ((KeyValue)xmlStructure).getPublicKey(); } catch (KeyException ke) { throw new KeySelectorException(ke); } } else if (xmlStructure instanceof X509Data) { List<sun.security.x509.X509CertImpl> certs = ((X509Data)xmlStructure).getContent(); pk = certs.get(0).getPublicKey(); } else { log.error(xmlStructure + " not supported"); continue; } return new SimpleKeySelectorResult(pk); } throw new KeySelectorException("No supported KeyValue element found"); }