Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java @ 2956:d7f76f197d89
Refactor GGInA authentication
Move authentication related classes to de.intevation.fly.client.server.auth
package. Abstract the authentication classes to allow other authentications
beside WAS/GGInA.
flys-client/trunk@4936 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 11 Jul 2012 13:31:56 +0000 |
parents | |
children | 725470fc57d2 |
comparison
equal
deleted
inserted
replaced
2955:f1030909eeb6 | 2956:d7f76f197d89 |
---|---|
1 package de.intevation.flys.client.server.auth.was; | |
2 | |
3 import java.io.ByteArrayInputStream; | |
4 import java.security.cert.Certificate; | |
5 import java.security.cert.CertificateException; | |
6 import java.security.cert.CertificateFactory; | |
7 | |
8 import org.apache.commons.codec.binary.Base64; | |
9 import org.apache.log4j.Logger; | |
10 | |
11 import org.jdom.Element; | |
12 | |
13 public class Signature { | |
14 | |
15 private static Logger logger = Logger.getLogger(Signature.class); | |
16 | |
17 private static final String XML_SIG_DIGEST_SHA1 = | |
18 "http://www.w3.org/2000/09/xmldsig#sha1"; | |
19 private static final String XML_SIG_SIGNATURE_RSA_SHA1 = | |
20 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; | |
21 | |
22 private Element signature; | |
23 private Certificate cert; | |
24 private byte[] value; | |
25 private byte[] digestvalue; | |
26 private String reference; | |
27 | |
28 public Signature(Element signature) { | |
29 this.signature = signature; | |
30 this.parseSignatureInfo(); | |
31 this.parseSignatureValue(); | |
32 this.parseCertificate(); | |
33 } | |
34 | |
35 private void parseSignatureInfo() { | |
36 Element signatureinfo = this.signature.getChild("SignedInfo", | |
37 Namespaces.XML_SIG_NS); | |
38 if (signatureinfo != null) { | |
39 Element signaturemethod = signatureinfo.getChild("SignatureMethod", | |
40 Namespaces.XML_SIG_NS); | |
41 String algorithm = signaturemethod.getAttributeValue("Algorithm"); | |
42 if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) { | |
43 logger.warn("Unkown signature alorithm " + algorithm); | |
44 } | |
45 | |
46 // There could be several references in XML-Sig spec but for me it | |
47 // doesn't make sense to have more then one in a SAML Assertion | |
48 Element reference = signatureinfo.getChild("Reference", | |
49 Namespaces.XML_SIG_NS); | |
50 // reference must be present but its better to check | |
51 if (reference != null) { | |
52 String digestvalue = reference.getChildText("DigestValue", | |
53 Namespaces.XML_SIG_NS); | |
54 String digestmethod = reference.getChildText("DigestMethod", | |
55 Namespaces.XML_SIG_NS); | |
56 if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) { | |
57 logger.warn("Unknown digest method " + digestmethod); | |
58 } | |
59 this.digestvalue = Base64.decodeBase64(digestvalue); | |
60 | |
61 String referenceuri = reference.getAttributeValue("URI"); | |
62 if (referenceuri.startsWith("#")) { | |
63 this.reference = referenceuri.substring(1); | |
64 } | |
65 else { | |
66 logger.warn("Unkown reference type " + referenceuri); | |
67 this.reference = referenceuri; | |
68 } | |
69 } | |
70 } | |
71 } | |
72 | |
73 private void parseSignatureValue() { | |
74 String signaturevalue = this.signature.getChildText("SignatureValue", | |
75 Namespaces.XML_SIG_NS); | |
76 this.value = Base64.decodeBase64(signaturevalue); | |
77 } | |
78 | |
79 private void parseCertificate() { | |
80 Element keyinfo = this.signature.getChild("KeyInfo", | |
81 Namespaces.XML_SIG_NS); | |
82 if (keyinfo != null) { | |
83 Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS); | |
84 if (data != null) { | |
85 String base64cert = data.getChildText("X509Certificate", | |
86 Namespaces.XML_SIG_NS); | |
87 if (base64cert != null) { | |
88 byte[] bytes = Base64.decodeBase64(base64cert); | |
89 try { | |
90 CertificateFactory cf = CertificateFactory.getInstance( | |
91 "X.509"); | |
92 this.cert = cf.generateCertificate( | |
93 new ByteArrayInputStream(bytes)); | |
94 } | |
95 catch(CertificateException e) { | |
96 // should never occur | |
97 logger.error(e); | |
98 } | |
99 } | |
100 } | |
101 } | |
102 } | |
103 | |
104 public Certificate getCertificate() { | |
105 return this.cert; | |
106 } | |
107 | |
108 public byte[] getValue() { | |
109 return this.value; | |
110 } | |
111 | |
112 public String getReference() { | |
113 // In theory there could be several references with digestvalues, ... | |
114 return this.reference; | |
115 } | |
116 | |
117 public byte[] getDigestValue() { | |
118 return this.digestvalue; | |
119 } | |
120 } | |
121 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |