From 84293bd12f63b59852026cab02035fc9ebee626a Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Mon, 14 Mar 2016 16:29:03 +0100 Subject: A lot of moa sig stuff --- .../moa/spss/tsl/connector/MOATslKeySelector.java | 123 +++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java new file mode 100644 index 0000000..efdd877 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.spss.tsl.connector; + +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.ListIterator; + +import javax.xml.crypto.AlgorithmMethod; +import javax.xml.crypto.KeySelectorException; +import javax.xml.crypto.KeySelectorResult; +import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.X509Data; + +import iaik.server.modules.xmlverify.MOAKeySelector; +import iaik.xml.crypto.tsl.TSLContext; +import iaik.xml.crypto.tsl.ex.TSLSecurityException; +import iaik.xml.crypto.tsl.ex.TSLVerificationException; +import iaik.xml.crypto.tsl.verify.TslKeyInfoHints; +import iaik.xml.crypto.utils.X509KeySelectorResult; + +public class MOATslKeySelector extends MOAKeySelector { + + private final ListIterator tslSignerCerts_; + private TSLContext tslContextI_; + + public MOATslKeySelector(ListIterator euTslCertsHash, TSLContext tslContext) { + if(euTslCertsHash == null){ + tslContext.throwException( + new TSLVerificationException( + TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER) + ); + } + tslSignerCerts_ = euTslCertsHash; + tslContextI_ = tslContext; + tslContext.toString(); + } + + @Override + protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo, + XMLCryptoContext context) + throws KeySelectorException { + + return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_); + + } + + @Override + protected KeySelectorResult select(KeyInfoHints hints, + KeySelectorResult[] results) { + + if (results.length > 1){ + + return (KeySelectorResult) tslContextI_.throwException( + new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[] {hints, results} + ); + + } else { + KeySelectorResult result = results[0]; + if (result instanceof X509KeySelectorResult) { + result = new MOAX509KeySelectorResult((X509KeySelectorResult)result); + } else { + result = new MOAKeySelectorResult(result.getKey()); + } + return result; + } + } + + @Override + public KeySelectorResult select(X509Data x509Data, + Purpose purpose, + AlgorithmMethod method, + XMLCryptoContext context) throws KeySelectorException { + + X509KeySelectorResult ksr; + try { + ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context); + } catch (ClassCastException e) { + ksr = (X509KeySelectorResult) tslContextI_.throwException( + e, + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + if (ksr == null){ + //there has been a Problem with the X509Data + ksr = (X509KeySelectorResult) tslContextI_.throwException( + new KeySelectorException(failReason_.replace(". ", ".\n")), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + List l = ksr.getCertificates(); + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + (X509Certificate[]) l.toArray(new X509Certificate[l.size()]), + tslSignerCerts_ + ); + + return ksr; + } + + @Override + protected KeySelectorResult select(X509Certificate cert, Purpose purpose, + AlgorithmMethod method, XMLCryptoContext context) + throws KeySelectorException { + + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + cert, + tslSignerCerts_ + ); + + return super.select(cert, purpose, method, context); + } +} \ No newline at end of file -- cgit v1.2.3