Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/was/Signature.java @ 2943:7683d4e43afa
Implement class representation of a Web Authentication Service (WAS)
request and response. If the authentication is successful the WAS
responses with a base64 encoded Security Assertion Markup Language.
The current implementation of the saml response simplifies the protocol
and misses validation.
flys-client/trunk@4909 c6561f87-3c4e-4783-a992-168aeb5c3f6f
| author | Bjoern Ricks <bjoern.ricks@intevation.de> |
|---|---|
| date | Tue, 10 Jul 2012 10:49:18 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 2942:5885c5b8d71d | 2943:7683d4e43afa |
|---|---|
| 1 package de.intevation.flys.client.server.was; | |
| 2 | |
| 3 import java.io.ByteArrayInputStream; | |
| 4 import java.security.cert.Certificate; | |
| 5 import java.security.cert.CertificateException; | |
| 6 import java.security.cert.CertificateFactory; | |
| 7 | |
| 8 import org.apache.commons.codec.binary.Base64; | |
| 9 import org.apache.log4j.Logger; | |
| 10 | |
| 11 import org.jdom.Element; | |
| 12 | |
| 13 public class Signature { | |
| 14 | |
| 15 private static Logger logger = Logger.getLogger(Signature.class); | |
| 16 | |
| 17 private static final String XML_SIG_DIGEST_SHA1 = | |
| 18 "http://www.w3.org/2000/09/xmldsig#sha1"; | |
| 19 private static final String XML_SIG_SIGNATURE_RSA_SHA1 = | |
| 20 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; | |
| 21 | |
| 22 private Element signature; | |
| 23 private Certificate cert; | |
| 24 private byte[] value; | |
| 25 private byte[] digestvalue; | |
| 26 private String reference; | |
| 27 | |
| 28 public Signature(Element signature) { | |
| 29 this.signature = signature; | |
| 30 this.parseSignatureInfo(); | |
| 31 this.parseSignatureValue(); | |
| 32 this.parseCertificate(); | |
| 33 } | |
| 34 | |
| 35 private void parseSignatureInfo() { | |
| 36 Element signatureinfo = this.signature.getChild("SignedInfo", | |
| 37 Namespaces.XML_SIG_NS); | |
| 38 if (signatureinfo != null) { | |
| 39 Element signaturemethod = signatureinfo.getChild("SignatureMethod", | |
| 40 Namespaces.XML_SIG_NS); | |
| 41 String algorithm = signaturemethod.getAttributeValue("Algorithm"); | |
| 42 if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) { | |
| 43 logger.warn("Unkown signature alorithm " + algorithm); | |
| 44 } | |
| 45 | |
| 46 // There could be several references in XML-Sig spec but for me it | |
| 47 // doesn't make sense to have more then one in a SAML Assertion | |
| 48 Element reference = signatureinfo.getChild("Reference", | |
| 49 Namespaces.XML_SIG_NS); | |
| 50 // reference must be present but its better to check | |
| 51 if (reference != null) { | |
| 52 String digestvalue = reference.getChildText("DigestValue", | |
| 53 Namespaces.XML_SIG_NS); | |
| 54 String digestmethod = reference.getChildText("DigestMethod", | |
| 55 Namespaces.XML_SIG_NS); | |
| 56 if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) { | |
| 57 logger.warn("Unknown digest method " + digestmethod); | |
| 58 } | |
| 59 this.digestvalue = Base64.decodeBase64(digestvalue); | |
| 60 | |
| 61 String referenceuri = reference.getAttributeValue("URI"); | |
| 62 if (referenceuri.startsWith("#")) { | |
| 63 this.reference = referenceuri.substring(1); | |
| 64 } | |
| 65 else { | |
| 66 logger.warn("Unkown reference type " + referenceuri); | |
| 67 this.reference = referenceuri; | |
| 68 } | |
| 69 } | |
| 70 } | |
| 71 } | |
| 72 | |
| 73 private void parseSignatureValue() { | |
| 74 String signaturevalue = this.signature.getChildText("SignatureValue", | |
| 75 Namespaces.XML_SIG_NS); | |
| 76 this.value = Base64.decodeBase64(signaturevalue); | |
| 77 } | |
| 78 | |
| 79 private void parseCertificate() { | |
| 80 Element keyinfo = this.signature.getChild("KeyInfo", | |
| 81 Namespaces.XML_SIG_NS); | |
| 82 if (keyinfo != null) { | |
| 83 Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS); | |
| 84 if (data != null) { | |
| 85 String base64cert = data.getChildText("X509Certificate", | |
| 86 Namespaces.XML_SIG_NS); | |
| 87 if (base64cert != null) { | |
| 88 byte[] bytes = Base64.decodeBase64(base64cert); | |
| 89 try { | |
| 90 CertificateFactory cf = CertificateFactory.getInstance( | |
| 91 "X.509"); | |
| 92 this.cert = cf.generateCertificate( | |
| 93 new ByteArrayInputStream(bytes)); | |
| 94 } | |
| 95 catch(CertificateException e) { | |
| 96 // should never occur | |
| 97 logger.error(e); | |
| 98 } | |
| 99 } | |
| 100 } | |
| 101 } | |
| 102 } | |
| 103 | |
| 104 public Certificate getCertificate() { | |
| 105 return this.cert; | |
| 106 } | |
| 107 | |
| 108 public byte[] getValue() { | |
| 109 return this.value; | |
| 110 } | |
| 111 | |
| 112 public String getReference() { | |
| 113 // In theory there could be several references with digestvalues, ... | |
| 114 return this.reference; | |
| 115 } | |
| 116 | |
| 117 public byte[] getDigestValue() { | |
| 118 return this.digestvalue; | |
| 119 } | |
| 120 } | |
| 121 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |