x509credentialutil.java

开源的OpenId的一个java实现

/*
 * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wso2.solutions.identity.relyingparty.saml;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateFactory;
import java.util.Iterator;
import java.util.List;

import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.xml.security.utils.Base64;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Exponent;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyValue;
import org.opensaml.xml.signature.Modulus;
import org.opensaml.xml.signature.RSAKeyValue;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.relyingparty.RelyingPartyException;

/**
 * This class creates the X509CredentialImpl that is needed to verify the
 * signature.
 */
public class X509CredentialUtil {

    public static KeyStore systemKeyStore = null;

    public static BigInteger DEFAULT_EXPONENET = new BigInteger("65537");

    /**
     * Creates the X509Credential from the TrustStore certificate.
     */
    public static X509Credential loadCredentialFromTrustStore(String alias,
            KeyStore trustStore) throws RelyingPartyException {
        X509Credential credential = null;
        java.security.cert.X509Certificate cert = null;
        try {
            if (trustStore.containsAlias(alias)) {
                cert = (java.security.cert.X509Certificate) trustStore
                        .getCertificate(alias);
                credential = new X509CredentialImpl(cert);
            }
        } catch (KeyStoreException e) {
            throw new RelyingPartyException(
                    "errorExtractingCertFromTrustStore",
                    new String[] { alias }, e);
        }
        return credential;
    }

    /**
     * Creates the certificate from the KeyInfo element.
     */
    public static X509Credential loadCredentialFromSignature(Signature signature)
            throws RelyingPartyException {
        X509Credential credential = null;
        KeyInfo kinfo = signature.getKeyInfo();

        if (kinfo == null) {
            return null;
        }

        List<X509Data> dataList = kinfo.getX509Datas();
        List<KeyValue> keyValueList = kinfo.getKeyValues();

        try {
            if (dataList.size() > 0) {
                if (dataList.size() > 1) {
                    throw new RelyingPartyException("invalidKeyValueCount");
                }
                X509Data data = dataList.get(0);
                List<X509Certificate> certList = data.getX509Certificates();
                Iterator ite = certList.iterator();
                while (ite.hasNext()) {
                    X509Certificate certElem = (X509Certificate) ite.next();
                    String certValue = certElem.getValue();
                    byte[] certInBytes = Base64.decode(certValue);
                    ByteArrayInputStream bis = new ByteArrayInputStream(
                            certInBytes);
                    CertificateFactory factory = CertificateFactory
                            .getInstance("X509");
                    java.security.cert.X509Certificate x509Cert = (java.security.cert.X509Certificate) factory
                            .generateCertificate(bis);
                    credential = new X509CredentialImpl(x509Cert);
                }
            } else if (keyValueList.size() > 0) {
                if (keyValueList.size() > 1) {
                    throw new RelyingPartyException("invalidKeyValueCount");
                }

                KeyValue val = (KeyValue) keyValueList.get(0);
                RSAKeyValue rsaKey = val.getRSAKeyValue();

                Element elem = rsaKey.getDOM();
                OMElement omElem = (OMElement) new OMDOMFactory().getDocument()
                        .importNode(elem, true);

                Element modElem = null;
                Element expElem = null;

                modElem = (Element) omElem
                        .getFirstChildWithName(Modulus.DEFAULT_ELEMENT_NAME);
                expElem = (Element) omElem
                        .getFirstChildWithName(Exponent.DEFAULT_ELEMENT_NAME);

                BigInteger mod = Base64.decodeBigIntegerFromElement(modElem);
                BigInteger exp = null;

                if (expElem != null) {
                    exp = Base64.decodeBigIntegerFromElement(expElem);
                } else {
                    exp = DEFAULT_EXPONENET;
                }

                credential = new X509CredentialImpl(mod, exp);
            } else {
                assert false : "unknown key info";
            }
        } catch (Exception e) {
            throw new RelyingPartyException("errorReadingFromKeyInfo",
                    new Object[] { e.getClass(), e.getMessage() });
        }

        return credential;
    }

}