X509Security xref

View Javadoc

1   /*
2    * Copyright  2003-2004 The Apache Software Foundation.
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   *
16   */
17  
18  package org.apache.ws.security.message.token;
19  
20  import org.apache.ws.security.WSConstants;
21  import org.apache.ws.security.WSSConfig;
22  import org.apache.ws.security.WSSecurityException;
23  import org.apache.ws.security.components.crypto.Crypto;
24  import org.w3c.dom.Document;
25  import org.w3c.dom.Element;
26  
27  import java.io.ByteArrayInputStream;
28  import java.security.cert.CertificateEncodingException;
29  import java.security.cert.X509Certificate;
30  
31  /***
32   * X509 Security Token.
33   * <p/>
34   *
35   * @author Davanum Srinivas (dims@yahoo.com).
36   */
37  public class X509Security extends BinarySecurity {
38      private String type;
39      public static final String X509_V3 = "X509v3";
40  
41      /*
42       * Stores the associated X.509 Certificate. This saves numerous
43       * crypto loadCertificate operations
44       */
45      private X509Certificate cachedCert = null;
46  
47      /***
48       * This constructor creates a new X509 certificate object and initializes
49       * it from the data containe in the element.
50       *
51       * @param wssConfig Configuration options for processing and building the <code>wsse:Security</code> header
52       * @param elem      the element containing the X509 certificate data
53       * @throws WSSecurityException
54       */
55      public X509Security(WSSConfig wssConfig, Element elem) throws WSSecurityException {
56          super(wssConfig, elem);
57          if (wssConfig.isBSTValuesPrefixed()) {
58              type = WSConstants.WSSE_PREFIX + ":" + X509_V3;
59          } else {
60              type = WSConstants.X509TOKEN_NS + "#" + X509_V3;
61          }
62          if (!getValueType().endsWith(X509_V3)) {
63              throw new WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{type, getValueType()});
64          }
65      }
66  
67      /***
68       * This constructor creates a new X509 certificate element.
69       *
70       * @param doc
71       */
72      public X509Security(WSSConfig wssConfig, Document doc) {
73          super(wssConfig, doc);
74          if (wssConfig.isBSTValuesPrefixed()) {
75              type = WSConstants.WSSE_PREFIX + ":" + X509_V3;
76          } else {
77              type = WSConstants.X509TOKEN_NS + "#" + X509_V3;
78          }
79          setValueType(type);
80      }
81  
82      /***
83       * Gets the X509Certificate certificate.
84       * <p/>
85       *
86       * @return the X509 certificate converted from the base 64 encoded
87       *         element data
88       * @throws WSSecurityException
89       */
90      public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException {
91          if (cachedCert != null) {
92              return cachedCert;
93          }
94          byte[] data = getToken();
95          if (data == null) {
96              throw new WSSecurityException(WSSecurityException.FAILURE,
97                      "invalidCertData",
98                      new Object[]{new Integer(0)});
99          }
100         ByteArrayInputStream in = new ByteArrayInputStream(data);
101         cachedCert = crypto.loadCertificate(in);
102         return cachedCert;
103     }
104 
105     /***
106      * Sets the X509Certificate.
107      * This functions takes the X509 certificate, gets the data from it as
108      * encoded bytes, and sets the data as base 64 encoded data in the text
109      * node of the element
110      *
111      * @param cert the X509 certificate to store in the element
112      * @throws WSSecurityException
113      */
114     public void setX509Certificate(X509Certificate cert)
115             throws WSSecurityException {
116         if (cert == null) {
117             throw new WSSecurityException(WSSecurityException.FAILURE,
118                     "noCert");
119         }
120         cachedCert = cert;
121         try {
122             setToken(cert.getEncoded());
123         } catch (CertificateEncodingException e) {
124             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
125                     "encodeError");
126         }
127     }
128 
129     public static String getType(WSSConfig wssConfig) {
130         if (wssConfig.isBSTValuesPrefixed()) {
131             return WSConstants.WSSE_PREFIX + ":" + X509_V3;
132         } else {
133             return WSConstants.X509TOKEN_NS + "#" + X509_V3;
134         }
135     }
136 }