From 496ba9bb6e150ad67c5c628c1c97f30d6da81dfb Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Mon, 10 Aug 2015 16:35:14 +0200
Subject: approved changes

---
 .../stork/peps/auth/engine/core/impl/SignSW.java   | 96 ++++++++++++----------
 1 file changed, 52 insertions(+), 44 deletions(-)

(limited to 'id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java')

diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
index e1ae2b8e2..1ca857e9e 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java
@@ -12,17 +12,34 @@
  * Licence for the specific language governing permissions and limitations under
  * the Licence.
  */
-
 package eu.stork.peps.auth.engine.core.impl;
 
-import eu.stork.peps.auth.engine.X509PrincipalUtil;
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
-import eu.stork.peps.exceptions.SAMLEngineException;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.InvalidPropertiesFormatException;
+import java.util.List;
+import java.util.Properties;
+
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.NotImplementedException;
 import org.bouncycastle.jce.X509Principal;
-//import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SignableSAMLObject;
@@ -41,25 +58,22 @@ import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
 import org.opensaml.xml.security.trust.ExplicitKeyTrustEvaluator;
 import org.opensaml.xml.security.trust.ExplicitX509CertificateTrustEvaluator;
 import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.*;
+import org.opensaml.xml.signature.KeyInfo;
 import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.validation.ValidationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.*;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.*;
+import eu.stork.peps.auth.engine.X509PrincipalUtil;
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+import eu.stork.peps.auth.engine.core.SAMLEngineSignI;
+import eu.stork.peps.exceptions.SAMLEngineException;
+
 
 /**
  * The Class SWSign. Class responsible for signing and validating of messages SAML with a certificate store software.
@@ -215,16 +229,12 @@ public class SignSW implements SAMLEngineSignI {
 
 				final String serialNum = certificate.getSerialNumber().toString(16);
 
-				try {
-					X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
-					X509Principal issuerDNConf = new X509Principal(issuer);
+				X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName());
+				X509Principal issuerDNConf = new X509Principal(issuer);
 
-					if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.equals(issuerDN, issuerDNConf)) {
-						alias = aliasCert;
-						find = true;
-					}
-				} catch (Exception ex) {
-					LOG.error("Exception during signing: " + ex.getMessage()); // Added as a workaround for Bouncycastle email error
+				if (serialNum.equalsIgnoreCase(serialNumber) && X509PrincipalUtil.X509equals(issuerDN, issuerDNConf)) {
+					alias = aliasCert;
+					find = true;
 				}
 			}
 			if (!find) {
@@ -344,7 +354,7 @@ public class SignSW implements SAMLEngineSignI {
 	 * @see eu.stork.peps.auth.engine.core.SAMLEngineSignI#validateSignature(org.opensaml.common.SignableSAMLObject)
 	 */
 	public final SAMLObject validateSignature(final SignableSAMLObject tokenSaml) throws SAMLEngineException {
-		LOG.info("Start signature validation.");
+		LOG.info("Start signature validation SW.");
 		try {
 
 			// Validate structure signature
@@ -440,23 +450,21 @@ public class SignSW implements SAMLEngineSignI {
 		LOG.info("Load Cryptographic Service Provider");
 		FileInputStream fis = null;
 		try {
-			// // Dynamically register Bouncy Castle provider.
-			// boolean found = false;
-			// // Check if BouncyCastle is already registered as a provider
-			// final Provider[] providers = Security.getProviders();
-			// for (int i = 0; i < providers.length; i++) {
-			// if (providers[i].getName().equals(
-			// BouncyCastleProvider.PROVIDER_NAME)) {
-			// found = true;
-			// }
-			// }
-			//
-			// // Register only if the provider has not been previously registered
-			// if (!found) {
-			// LOG.info("SAMLCore: Register Bouncy Castle provider.");
-			// Security.insertProviderAt(new BouncyCastleProvider(), Security
-			// .getProviders().length);
-			// }
+			// Dynamically register Bouncy Castle provider.
+			boolean found = false;
+			// Check if BouncyCastle is already registered as a provider
+			final Provider[] providers = Security.getProviders();
+			for (int i = 0; i < providers.length; i++) {
+				if (providers[i].getName().equals(BouncyCastleProvider.PROVIDER_NAME)) {
+					found = true;
+				}
+			}
+
+			// Register only if the provider has not been previously registered
+			if (!found) {
+				LOG.info("SAMLCore: Register Bouncy Castle provider.");
+				Security.insertProviderAt(new BouncyCastleProvider(), Security.getProviders().length);
+			}
 
 			storkOwnKeyStore = KeyStore.getInstance(properties.getProperty(KEYSTORE_TYPE));
 
-- 
cgit v1.2.3