protected void initKeyProvider() {
if (!doSupportSignature()) {
return;
}
SPType configuration = getConfiguration();
KeyProviderType keyProvider = configuration.getKeyProvider();
if (keyProvider == null && doSupportSignature()) {
throw new RuntimeException(
ErrorCodes.NULL_VALUE + "KeyProvider is null for context=" + getContextPath());
}
try {
String keyManagerClassName = keyProvider.getClassName();
if (keyManagerClassName == null) {
throw new RuntimeException(ErrorCodes.NULL_VALUE + "KeyManager class name");
}
Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);
if (clazz == null) {
throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + keyManagerClassName);
}
TrustKeyManager keyManager = (TrustKeyManager) clazz.newInstance();
List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
keyManager.setAuthProperties(authProperties);
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
String identityURL = configuration.getIdentityURL();
// Special case when you need X509Data in SignedInfo
if (authProperties != null) {
for (AuthPropertyType authPropertyType : authProperties) {
String key = authPropertyType.getKey();
if (GeneralConstants.X509CERTIFICATE.equals(key)) {
// we need X509Certificate in SignedInfo. The value is the alias name
keyManager.addAdditionalOption(
GeneralConstants.X509CERTIFICATE, authPropertyType.getValue());
break;
}
}
}
keyManager.addAdditionalOption(
ServiceProviderBaseProcessor.IDP_KEY, new URL(identityURL).getHost());
this.keyManager = keyManager;
} catch (Exception e) {
logger.trustKeyManagerCreationError(e);
throw new RuntimeException(e.getLocalizedMessage());
}
logger.trace("Key Provider=" + keyProvider.getClassName());
}
static KeyProviderType toKeyProviderType(OperationContext context, ModelNode model)
throws OperationFailedException {
KeyProviderType keyProviderType = new KeyProviderType();
keyProviderType.setClassName(KeyStoreKeyManager.class.getName());
keyProviderType.setSigningAlias(
KeyStoreProviderResourceDefinition.SIGN_KEY_ALIAS
.resolveModelAttribute(context, model)
.asString());
AuthPropertyType keyStorePass = new AuthPropertyType();
keyStorePass.setKey("KeyStorePass");
keyStorePass.setValue(
KeyStoreProviderResourceDefinition.PASSWORD
.resolveModelAttribute(context, model)
.asString());
keyProviderType.add(keyStorePass);
AuthPropertyType signingKeyPass = new AuthPropertyType();
signingKeyPass.setKey("SigningKeyPass");
signingKeyPass.setValue(
KeyStoreProviderResourceDefinition.SIGN_KEY_PASSWORD
.resolveModelAttribute(context, model)
.asString());
keyProviderType.add(signingKeyPass);
AuthPropertyType signingKeyAlias = new AuthPropertyType();
signingKeyAlias.setKey("SigningKeyAlias");
signingKeyAlias.setValue(
KeyStoreProviderResourceDefinition.SIGN_KEY_ALIAS
.resolveModelAttribute(context, model)
.asString());
keyProviderType.add(signingKeyAlias);
return keyProviderType;
}
/**
* Parses the {@code KeyProvider} section of the STS configuration file. This section is used to
* setup the keystore \ that will be used to sign and encrypt security tokens.
*
* @param xmlEventReader the reader used to parse the XML configuration file.
* @return a {@code KeyProviderType} instance that contains the parsed data.
* @throws ParsingException if an error occurs while parsing the XML file.
*/
private KeyProviderType parseKeyProvider(XMLEventReader xmlEventReader) throws ParsingException {
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(startElement, KEY_PROVIDER_ELEMENT);
KeyProviderType keyProvider = new KeyProviderType();
// get the key provider class name attribute.
QName attributeQName = new QName("", CLASS_NAME_ATTRIB);
Attribute attribute = startElement.getAttributeByName(attributeQName);
if (attribute == null) throw logger.parserRequiredAttribute("ClassName");
keyProvider.setClassName(StaxParserUtil.getAttributeValue(attribute));
// parse the inner elements.
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent == null) break;
if (xmlEvent instanceof EndElement) {
EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader);
String endElementName = StaxParserUtil.getEndElementName(endElement);
if (endElementName.equals(KEY_PROVIDER_ELEMENT)) break;
else throw logger.parserUnknownEndElement(endElementName);
}
StartElement subEvent = StaxParserUtil.peekNextStartElement(xmlEventReader);
if (subEvent == null) break;
String elementName = StaxParserUtil.getStartElementName(subEvent);
if (SIGNING_ALIAS_ELEMENT.equalsIgnoreCase(elementName)) {
subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
if (!StaxParserUtil.hasTextAhead(xmlEventReader))
throw logger.parserExpectedTextValue("SigningAlias");
keyProvider.setSigningAlias(StaxParserUtil.getElementText(xmlEventReader));
} else if (VALIDATING_ALIAS_ELEMENT.equalsIgnoreCase(elementName)) {
subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
KeyValueType keyValue = new KeyValueType();
// parse the key and value attributes.
attributeQName = new QName("", KEY_ATTRIB);
attribute = subEvent.getAttributeByName(attributeQName);
if (attribute != null) keyValue.setKey(StaxParserUtil.getAttributeValue(attribute));
attributeQName = new QName("", VALUE_ATTRIB);
attribute = subEvent.getAttributeByName(attributeQName);
if (attribute != null) keyValue.setValue(StaxParserUtil.getAttributeValue(attribute));
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, VALIDATING_ALIAS_ELEMENT);
keyProvider.add(keyValue);
} else if (AUTH_ELEMENT.equalsIgnoreCase(elementName)) {
subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
AuthPropertyType authProperty = new AuthPropertyType();
// parse the key and value attributes.
attributeQName = new QName("", KEY_ATTRIB);
attribute = subEvent.getAttributeByName(attributeQName);
if (attribute != null) authProperty.setKey(StaxParserUtil.getAttributeValue(attribute));
attributeQName = new QName("", VALUE_ATTRIB);
attribute = subEvent.getAttributeByName(attributeQName);
if (attribute != null) authProperty.setValue(StaxParserUtil.getAttributeValue(attribute));
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, AUTH_ELEMENT);
keyProvider.add(authProperty);
} else throw logger.parserUnknownTag(elementName, subEvent.getLocation());
}
return keyProvider;
}