Пример #1
0
  /**
   * Try to get certificate locally. First try using the supplied CryptoType. If this does not work,
   * and if the supplied CryptoType is a ALIAS, then try again with SUBJECT_DN in case the supplied
   * Alias is actually a Certificate's Subject DN
   *
   * @param cryptoType
   * @return if found certificate otherwise null returned
   */
  private X509Certificate[] getCertificateLocaly(CryptoType cryptoType) {
    // This only applies if we've configured a local Crypto instance...
    if (fallbackCrypto == null) {
      return null;
    }

    // First try using the supplied CryptoType instance
    X509Certificate[] localCerts = null;
    try {
      localCerts = fallbackCrypto.getX509Certificates(cryptoType);
    } catch (Exception e) {
      LOG.info(
          "Certificate is not found in local keystore using desired CryptoType: "
              + cryptoType.getType().name());
    }

    if (localCerts == null && cryptoType.getType() == CryptoType.TYPE.ALIAS) {
      // If none found then try using either the Subject DN. This is because an
      // Encryption username in CXF is configured as an Alias in WSS4J, but may in fact
      // be a Subject DN
      CryptoType newCryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
      newCryptoType.setSubjectDN(cryptoType.getAlias());

      try {
        localCerts = fallbackCrypto.getX509Certificates(newCryptoType);
      } catch (Exception e) {
        LOG.info(
            "Certificate is not found in local keystore and will be requested from "
                + "XKMS (first trying the cache): "
                + cryptoType.getAlias());
      }
    }
    return localCerts;
  }
Пример #2
0
  private X509Certificate[] getX509(CryptoType cryptoType) {
    // Try to get X509 certificate from local keystore if it is configured
    if (allowX509FromJKS && fallbackCrypto != null) {
      X509Certificate[] localCerts = getCertificateLocaly(cryptoType);
      if (localCerts != null && localCerts.length > 0) {
        return localCerts;
      }
    }
    CryptoType.TYPE type = cryptoType.getType();
    if (type == TYPE.SUBJECT_DN) {
      return getX509FromXKMSByID(Applications.PKIX, cryptoType.getSubjectDN());
    } else if (type == TYPE.ENDPOINT) {
      return getX509FromXKMSByEndpoint(cryptoType.getEndpoint());
    } else if (type == TYPE.ALIAS) {
      Applications appId = null;
      boolean isServiceName = isServiceName(cryptoType);
      if (!isServiceName) {
        appId = Applications.PKIX;
      } else {
        appId = Applications.SERVICE_NAME;
      }
      return getX509FromXKMSByID(appId, cryptoType.getAlias());

    } else if (type == TYPE.ISSUER_SERIAL) {
      return getX509FromXKMSByIssuerSerial(cryptoType.getIssuer(), cryptoType.getSerial());
    }
    throw new IllegalArgumentException("Unsupported type " + type);
  }
Пример #3
0
 @Override
 public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
   if (LOG.isLoggable(Level.INFO)) {
     LOG.info(
         String.format(
             "XKMS Runtime: getting public certificate for alias: %s; issuer: %s; subjectDN: %s",
             cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
   }
   X509Certificate[] certs = getX509(cryptoType);
   if (certs == null) {
     LOG.warning(
         String.format(
             "Cannot find certificate for alias: %s, issuer: %s; subjectDN: %s",
             cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
   }
   return certs;
 }
Пример #4
0
 /**
  * Service Aliases contain namespace
  *
  * @param cryptoType
  * @return
  */
 private boolean isServiceName(CryptoType cryptoType) {
   return cryptoType.getAlias().contains("{");
 }