RetrievalMethodResolverpublic class RetrievalMethodResolver extends KeyResolverSpi | The RetrievalMethodResolver can retrieve public keys and certificates from
other locations. The location is specified using the ds:RetrievalMethod
element which points to the location. This includes the handling of raw
(binary) X.509 certificate which are not encapsulated in an XML structure.
If the retrieval process encounters an element which the
RetrievalMethodResolver cannot handle itself, resolving of the extracted
element is delegated back to the KeyResolver mechanism. |
| Fields Summary |
|---|
| static Logger | log{@link java.util.logging} logging facility |
| Methods Summary |
|---|
| public boolean | engineCanResolve(org.w3c.dom.Element element, java.lang.String BaseURI, com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver storage)Method engineCanResolve
if
(!XMLUtils.elementIsInSignatureSpace(element,
Constants._TAG_RETRIEVALMETHOD)) {
return false;
}
return true;
| | public java.security.PublicKey | engineResolvePublicKey(org.w3c.dom.Element element, java.lang.String BaseURI, com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver storage)Method engineResolvePublicKey
try {
RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
Attr uri = rm.getURIAttr();
// type can be null because it's optional
String type = rm.getType();
Transforms transforms = rm.getTransforms();
ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
if (resRes != null) {
XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
+ resource.getBytes().length + "bytes");
if (transforms != null) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
resource = transforms.performTransforms(resource);
}
if (true) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
+ resource.getBytes().length + "bytes");
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
}
byte inputBytes[] = resource.getBytes();
if ((type != null) && type.equals(RetrievalMethod.TYPE_RAWX509)) {
// if the resource stores a raw certificate, we have to handle it
CertificateFactory certFact =
CertificateFactory
.getInstance(XMLX509Certificate.JCA_CERT_ID);
X509Certificate cert =
(X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(inputBytes));
if (cert != null) {
return cert.getPublicKey();
}
} else {
// otherwise, we parse the resource, create an Element and delegate
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
Element e = this.getDocFromBytes(inputBytes);
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
if (e != null) {
KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
BaseURI, storage);
if (newKeyResolver != null) {
return newKeyResolver.resolvePublicKey(getFirstElementChild(e), BaseURI,
storage);
}
}
}
}
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
} catch (CertificateException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
} catch (IOException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
}
return null;
| | public javax.crypto.SecretKey | engineResolveSecretKey(org.w3c.dom.Element element, java.lang.String BaseURI, com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver storage)Method engineResolveSecretKey
return null;
| | public java.security.cert.X509Certificate | engineResolveX509Certificate(org.w3c.dom.Element element, java.lang.String BaseURI, com.sun.org.apache.xml.internal.security.keys.storage.StorageResolver storage)Method engineResolveX509Certificate
try {
RetrievalMethod rm = new RetrievalMethod(element, BaseURI);
Attr uri = rm.getURIAttr();
Transforms transforms = rm.getTransforms();
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Asked to resolve URI " + uri);
ResourceResolver resRes = ResourceResolver.getInstance(uri, BaseURI);
if (resRes != null) {
XMLSignatureInput resource = resRes.resolve(uri, BaseURI);
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Before applying Transforms, resource has "
+ resource.getBytes().length + "bytes");
if (transforms != null) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "We have Transforms");
resource = transforms.performTransforms(resource);
}
if (true) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "After applying Transforms, resource has "
+ resource.getBytes().length + "bytes");
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Resolved to resource " + resource.getSourceURI());
}
byte inputBytes[] = resource.getBytes();
if ((rm.getType() != null)
&& rm.getType().equals(RetrievalMethod.TYPE_RAWX509)) {
// if the resource stores a raw certificate, we have to handle it
CertificateFactory certFact =
CertificateFactory
.getInstance(XMLX509Certificate.JCA_CERT_ID);
X509Certificate cert =
(X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(inputBytes));
if (cert != null) {
return cert;
}
} else {
// otherwise, we parse the resource, create an Element and delegate
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "we have to parse " + inputBytes.length + " bytes");
Element e = this.getDocFromBytes(inputBytes);
if (true)
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "Now we have a {" + e.getNamespaceURI() + "}"
+ e.getLocalName() + " Element");
if (e != null) {
KeyResolver newKeyResolver = KeyResolver.getInstance(getFirstElementChild(e),
BaseURI, storage);
if (newKeyResolver != null) {
return newKeyResolver.resolveX509Certificate(getFirstElementChild(e), BaseURI,
storage);
}
}
}
}
} catch (XMLSecurityException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "XMLSecurityException", ex);
} catch (CertificateException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "CertificateException", ex);
} catch (IOException ex) {
if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "IOException", ex);
}
return null;
| | org.w3c.dom.Element | getDocFromBytes(byte[] bytes)Parses a byte array and returns the parsed Element.
try {
javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc =
db.parse(new java.io.ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (org.xml.sax.SAXException ex) {
throw new KeyResolverException("empty", ex);
} catch (java.io.IOException ex) {
throw new KeyResolverException("empty", ex);
} catch (javax.xml.parsers.ParserConfigurationException ex) {
throw new KeyResolverException("empty", ex);
}
| | static org.w3c.dom.Element | getFirstElementChild(org.w3c.dom.Element e)
Node n=e.getFirstChild();
while (n!=null && n.getNodeType()!=Node.ELEMENT_NODE) {
n=n.getNextSibling();
}
return (Element)n;
|
|
