/**
* Tries to load peer SSL certificate from the inbound message transport using attribute
* "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context.
*
* @param samlContext context to populate
*/
protected void populatePeerSSLCredential(SAMLMessageContext samlContext) {
X509Certificate[] chain =
(X509Certificate[])
samlContext
.getInboundMessageTransport()
.getAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE);
if (chain != null && chain.length > 0) {
logger.debug("Found certificate chain from request {}", chain[0]);
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(chain[0]);
credential.setEntityCertificateChain(Arrays.asList(chain));
samlContext.setPeerSSLCredential(credential);
}
}
private static BasicX509Credential buildCredential(
String keyStorePwd,
URL keyStoreFile,
String keyStoreType,
String entityId,
String alias,
String password)
throws ConfigXMLParsingException {
if (logger.isDebugEnabled()) {
logger.debug(
"buildCredential(String, URL, String, String, String, String) - start"); //$NON-NLS-1$
}
InputStream keyStoreFis;
try {
keyStoreFis = keyStoreFile.openStream();
} catch (IOException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException("Key Store File not found: " + keyStoreFile, e);
}
KeyStore keyStore;
try {
keyStore = KeyStore.getInstance(keyStoreType);
} catch (KeyStoreException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException("Error getting Key Store instance: " + keyStoreType, e);
}
try {
keyStore.load(keyStoreFis, keyStorePwd.toCharArray());
} catch (NoSuchAlgorithmException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException("Error loading Key Store", e);
} catch (CertificateException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException("Error loading Key Store", e);
} catch (IOException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException("Error loading Key Store", e);
}
X509Certificate x509Certificate;
try {
x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
} catch (KeyStoreException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
throw new ConfigXMLParsingException(
"Error getting certificate from alias : '" + alias + "'", e);
}
if (x509Certificate == null)
throw new ConfigXMLParsingException("Error getting certificate from alias : '" + alias + "'");
java.security.Key key = null;
if (password != null) {
try {
key = keyStore.getKey(alias, password.toCharArray());
} catch (KeyStoreException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
key = null;
} catch (NoSuchAlgorithmException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
key = null;
} catch (UnrecoverableKeyException e) {
logger.error(
"buildCredential(String, URL, String, String, String, String)", e); // $NON-NLS-1$
key = null;
}
}
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(x509Certificate);
List<X509CRL> crls = new ArrayList<X509CRL>();
credential.setCRLs(crls);
credential.setEntityId(entityId);
if (key != null) credential.setPrivateKey((PrivateKey) key);
credential.setPublicKey(x509Certificate.getPublicKey());
credential.getKeyNames().add(alias);
if (logger.isDebugEnabled()) {
logger.debug(
"buildCredential(String, URL, String, String, String, String) - end"); //$NON-NLS-1$
}
return credential;
}
