1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/*
* JBoss, Home of Professional Open Source
* Copyright 2005, JBoss Inc., and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.ws.extensions.security.element;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.xml.security.utils.XMLUtils;
import org.jboss.util.Base64;
import org.jboss.ws.extensions.security.Constants;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class X509Token extends BinarySecurityToken
{
private X509Certificate cert;
public static final String TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
public X509Token(X509Certificate cert, Document doc)
{
super(doc);
this.cert = cert;
}
public X509Token(Element element) throws WSSecurityException
{
super(element.getOwnerDocument());
String id = element.getAttributeNS(Constants.WSU_NS, Constants.ID);
if (id == null || id.length() == 0)
throw new WSSecurityException("Invalid message, BinarySecurityToken is missing an id");
setId(id);
if (! Constants.BASE64_ENCODING_TYPE.equals(element.getAttribute("EncodingType")))
throw new WSSecurityException("Invalid encoding type (only base64 is supported) for token:" + id);
setCert(decodeCert(XMLUtils.getFullTextChildrenFromElement(element)));
}
@Override
public String getEncodingType()
{
return Constants.BASE64_ENCODING_TYPE;
}
@Override
public String getValueType()
{
return TYPE;
}
@Override
public String getEncodedValue(boolean noWhitespace)
{
try
{
return Base64.encodeBytes(cert.getEncoded(), (noWhitespace) ? Base64.DONT_BREAK_LINES : 0);
}
catch (CertificateEncodingException e)
{
throw new RuntimeException("Could not encode X509 token", e);
}
}
public X509Certificate getCert()
{
return cert;
}
public void setCert(X509Certificate cert)
{
this.cert = cert;
}
public X509Certificate decodeCert(String data) throws WSSecurityException
{
try
{
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return (X509Certificate)factory.generateCertificate(new ByteArrayInputStream(Base64.decode(data)));
}
catch(Exception e)
{
throw new WSSecurityException("Error decoding BinarySecurityToken: " + e.getMessage());
}
}
public Object getUniqueContent()
{
return cert;
}
}
|
