aboutsummaryrefslogtreecommitdiff
path: root/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java')
-rw-r--r--id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java96
1 files changed, 52 insertions, 44 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e1ae2b8e2..1ca857e9e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -12,17 +12,34 @@
* Licence for the specific language governing permissions and limitations under
* the Licence.
*/
-
package eu.stork.peps.auth.engine.core.impl;
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.NotImplementedException;
import org.bouncycastle.jce.X509Principal;
-//import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
@@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.*;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.*;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
/**
* The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software.
@@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {
final String serialNum = certificate.getSerialNumber().toString(16);
- try {
- X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
- X509Principal issuerDNConf = new X509Principal(issuer);
+ X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+ X509Principal issuerDNConf = new X509Principal(issuer);
- if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
- alias = aliasCert;
- find = true;
- }
- } catch (Exception ex) {
- LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error
+ if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
+ alias = aliasCert;
+ find = true;
}
}
if (!find) {
@@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {
* @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
*/
public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
- LOG.info("Start signature validation.");
+ LOG.info("Start signature validation SW.");
try {
// Validate structure signature
@@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {
LOG.info("Load Cryptographic Service Provider");
FileInputStream fis = null;
try {
- // // Dynamically register Bouncy Castle provider.
- // boolean found = false;
- // // Check if BouncyCastle is already registered as a provider
- // final Provider[] providers = Security.getProviders();
- // for (int i = 0; i < providers.length; i++) {
- // if (providers[i].getName().equals(
- // BouncyCastleProvider.PROVIDER_NAME)) {
- // found = true;
- // }
- // }
- //
- // // Register only if the provider has not been previously registered
- // if (!found) {
- // LOG.info("SAMLCore: Register Bouncy Castle provider.");
- // Security.insertProviderAt(new BouncyCastleProvider(), Security
- // .getProviders().length);
- // }
+ // Dynamically register Bouncy Castle provider.
+ boolean found = false;
+ // Check if BouncyCastle is already registered as a provider
+ final Provider[] providers = Security.getProviders();
+ for (int i = 0; i < providers.length; i++) {
+ if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+ found = true;
+ }
+ }
+
+ // Register only if the provider has not been previously registered
+ if (!found) {
+ LOG.info("SAMLCore: Register Bouncy Castle provider.");
+ Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+ }
storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 02:21:28 +0000