private X509Certificate[] getX509(CryptoType cryptoType) {
// Try to get X509 certificate from local keystore if it is configured
if (allowX509FromJKS && fallbackCrypto != null) {
X509Certificate[] localCerts = getCertificateLocaly(cryptoType);
if (localCerts != null && localCerts.length > 0) {
return localCerts;
}
}
CryptoType.TYPE type = cryptoType.getType();
if (type == TYPE.SUBJECT_DN) {
return getX509FromXKMSByID(Applications.PKIX, cryptoType.getSubjectDN());
} else if (type == TYPE.ENDPOINT) {
return getX509FromXKMSByEndpoint(cryptoType.getEndpoint());
} else if (type == TYPE.ALIAS) {
Applications appId = null;
boolean isServiceName = isServiceName(cryptoType);
if (!isServiceName) {
appId = Applications.PKIX;
} else {
appId = Applications.SERVICE_NAME;
}
return getX509FromXKMSByID(appId, cryptoType.getAlias());
} else if (type == TYPE.ISSUER_SERIAL) {
return getX509FromXKMSByIssuerSerial(cryptoType.getIssuer(), cryptoType.getSerial());
}
throw new IllegalArgumentException("Unsupported type " + type);
}
@Override
public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
if (LOG.isLoggable(Level.INFO)) {
LOG.info(
String.format(
"XKMS Runtime: getting public certificate for alias: %s; issuer: %s; subjectDN: %s",
cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
}
X509Certificate[] certs = getX509(cryptoType);
if (certs == null) {
LOG.warning(
String.format(
"Cannot find certificate for alias: %s, issuer: %s; subjectDN: %s",
cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
}
return certs;
}