From b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 5 May 2010 15:29:01 +0000 Subject: Merged feature branch mocca-1.2.13-id@r724 back to trunk. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/mocca/id/IdLinkKeySelector.java | 88 ++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java (limited to 'BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java') diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java new file mode 100644 index 00000000..493b92af --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/IdLinkKeySelector.java @@ -0,0 +1,88 @@ +/* +* Copyright 2009 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package at.gv.egiz.mocca.id; + +import java.security.Key; +import java.security.PublicKey; +import java.security.cert.X509Certificate; + +import javax.xml.crypto.AlgorithmMethod; +import javax.xml.crypto.KeySelector; +import javax.xml.crypto.KeySelectorException; +import javax.xml.crypto.KeySelectorResult; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.X509Data; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class IdLinkKeySelector extends KeySelector { + + private static Logger log = LoggerFactory.getLogger(IdLinkKeySelector.class); + + private IdLink idLink; + + public IdLinkKeySelector(IdLink idLink) { + super(); + if (idLink == null) { + throw new NullPointerException("Parameter 'idLink' must not be null."); + } + this.idLink = idLink; + } + + @Override + public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, + AlgorithmMethod method, XMLCryptoContext context) + throws KeySelectorException { + + if (purpose != Purpose.VERIFY) { + throw new KeySelectorException("KeySelector does not support purpose " + + purpose + "."); + } + + try { + for (Object ki : keyInfo.getContent()) { + if (ki instanceof X509Data) { + for (Object xd : ((X509Data) ki).getContent()) { + if (xd instanceof X509Certificate) { + final PublicKey publicKey = ((X509Certificate) xd).getPublicKey(); + if (idLink.getCitizenPublicKeys().contains(publicKey)) { + log.trace("Found matching key {} in identiy link and KeyInfo.", publicKey); + return new KeySelectorResult() { + @Override + public Key getKey() { + return publicKey; + } + }; + } + } + } + } + } + } catch (MarshalException e) { + log.info("Failed to get public keys from identity link.", e); + throw new KeySelectorException(e); + } + + log.info("Did not find matching public keys in the identity link and the KeyInfo."); + return null; + } + +} -- cgit v1.2.3