diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java new file mode 100644 index 0000000..efdd877 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.spss.tsl.connector;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.ListIterator;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import iaik.server.modules.xmlverify.MOAKeySelector;
+import iaik.xml.crypto.tsl.TSLContext;
+import iaik.xml.crypto.tsl.ex.TSLSecurityException;
+import iaik.xml.crypto.tsl.ex.TSLVerificationException;
+import iaik.xml.crypto.tsl.verify.TslKeyInfoHints;
+import iaik.xml.crypto.utils.X509KeySelectorResult;
+
+public class MOATslKeySelector extends MOAKeySelector {
+
+ private final ListIterator<X509Certificate> tslSignerCerts_;
+ private TSLContext tslContextI_;
+
+ public MOATslKeySelector(ListIterator<X509Certificate> euTslCertsHash, TSLContext tslContext) {
+ if(euTslCertsHash == null){
+ tslContext.throwException(
+ new TSLVerificationException(
+ TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER)
+ );
+ }
+ tslSignerCerts_ = euTslCertsHash;
+ tslContextI_ = tslContext;
+ tslContext.toString();
+ }
+
+ @Override
+ protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo,
+ XMLCryptoContext context)
+ throws KeySelectorException {
+
+ return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_);
+
+ }
+
+ @Override
+ protected KeySelectorResult select(KeyInfoHints hints,
+ KeySelectorResult[] results) {
+
+ if (results.length > 1){
+
+ return (KeySelectorResult) tslContextI_.throwException(
+ new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER),
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[] {hints, results}
+ );
+
+ } else {
+ KeySelectorResult result = results[0];
+ if (result instanceof X509KeySelectorResult) {
+ result = new MOAX509KeySelectorResult((X509KeySelectorResult)result);
+ } else {
+ result = new MOAKeySelectorResult(result.getKey());
+ }
+ return result;
+ }
+ }
+
+ @Override
+ public KeySelectorResult select(X509Data x509Data,
+ Purpose purpose,
+ AlgorithmMethod method,
+ XMLCryptoContext context) throws KeySelectorException {
+
+ X509KeySelectorResult ksr;
+ try {
+ ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context);
+ } catch (ClassCastException e) {
+ ksr = (X509KeySelectorResult) tslContextI_.throwException(
+ e,
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[]{x509Data, purpose, method, context});
+ }
+
+ if (ksr == null){
+ //there has been a Problem with the X509Data
+ ksr = (X509KeySelectorResult) tslContextI_.throwException(
+ new KeySelectorException(failReason_.replace(". ", ".\n")),
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[]{x509Data, purpose, method, context});
+ }
+
+ List l = ksr.getCertificates();
+ tslContextI_.securityCheck(
+ TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
+ (X509Certificate[]) l.toArray(new X509Certificate[l.size()]),
+ tslSignerCerts_
+ );
+
+ return ksr;
+ }
+
+ @Override
+ protected KeySelectorResult select(X509Certificate cert, Purpose purpose,
+ AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+
+ tslContextI_.securityCheck(
+ TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
+ cert,
+ tslSignerCerts_
+ );
+
+ return super.select(cert, purpose, method, context);
+ }
+}
\ No newline at end of file |