Mercurial > dive4elements > river
comparison flys-client/src/main/java/org/dive4elements/river/client/server/auth/was/Signature.java @ 5834:f507086aa94b
Repaired internal references.
author | Sascha L. Teichmann <teichmann@intevation.de> |
---|---|
date | Thu, 25 Apr 2013 12:31:32 +0200 |
parents | flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java@725470fc57d2 |
children | 821a02bbfb4e |
comparison
equal
deleted
inserted
replaced
5833:a2bdc0f524e8 | 5834:f507086aa94b |
---|---|
1 package de.intevation.flys.client.server.auth.was; | |
2 | |
3 import java.io.ByteArrayInputStream; | |
4 import java.security.cert.Certificate; | |
5 import java.security.cert.CertificateException; | |
6 import java.security.cert.CertificateFactory; | |
7 | |
8 import org.apache.commons.codec.binary.Base64; | |
9 import org.apache.log4j.Logger; | |
10 import org.jdom.Element; | |
11 | |
12 public class Signature { | |
13 | |
14 private static Logger logger = Logger.getLogger(Signature.class); | |
15 | |
16 private static final String XML_SIG_DIGEST_SHA1 = | |
17 "http://www.w3.org/2000/09/xmldsig#sha1"; | |
18 private static final String XML_SIG_SIGNATURE_RSA_SHA1 = | |
19 "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; | |
20 | |
21 private final Element signature; | |
22 private Certificate cert; | |
23 private byte[] value; | |
24 private byte[] digestvalue; | |
25 private String reference; | |
26 | |
27 public Signature(Element signature) { | |
28 this.signature = signature; | |
29 this.parseSignatureInfo(); | |
30 this.parseSignatureValue(); | |
31 this.parseCertificate(); | |
32 } | |
33 | |
34 private void parseSignatureInfo() { | |
35 Element signatureinfo = this.signature.getChild("SignedInfo", | |
36 Namespaces.XML_SIG_NS); | |
37 if (signatureinfo != null) { | |
38 Element signaturemethod = signatureinfo.getChild("SignatureMethod", | |
39 Namespaces.XML_SIG_NS); | |
40 String algorithm = signaturemethod.getAttributeValue("Algorithm"); | |
41 if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) { | |
42 logger.warn("Unkown signature alorithm " + algorithm); | |
43 } | |
44 | |
45 // There could be several references in XML-Sig spec but for me it | |
46 // doesn't make sense to have more then one in a SAML Assertion | |
47 Element reference = signatureinfo.getChild("Reference", | |
48 Namespaces.XML_SIG_NS); | |
49 // reference must be present but its better to check | |
50 if (reference != null) { | |
51 String digestvalue = reference.getChildText("DigestValue", | |
52 Namespaces.XML_SIG_NS); | |
53 String digestmethod = reference.getChildText("DigestMethod", | |
54 Namespaces.XML_SIG_NS); | |
55 if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) { | |
56 logger.warn("Unknown digest method " + digestmethod); | |
57 } | |
58 this.digestvalue = Base64.decodeBase64(digestvalue); | |
59 | |
60 String referenceuri = reference.getAttributeValue("URI"); | |
61 if (referenceuri.startsWith("#")) { | |
62 this.reference = referenceuri.substring(1); | |
63 } | |
64 else { | |
65 logger.warn("Unkown reference type " + referenceuri); | |
66 this.reference = referenceuri; | |
67 } | |
68 } | |
69 } | |
70 } | |
71 | |
72 private void parseSignatureValue() { | |
73 String signaturevalue = this.signature.getChildText("SignatureValue", | |
74 Namespaces.XML_SIG_NS); | |
75 this.value = Base64.decodeBase64(signaturevalue); | |
76 } | |
77 | |
78 private void parseCertificate() { | |
79 Element keyinfo = this.signature.getChild("KeyInfo", | |
80 Namespaces.XML_SIG_NS); | |
81 if (keyinfo != null) { | |
82 Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS); | |
83 if (data != null) { | |
84 String base64cert = data.getChildText("X509Certificate", | |
85 Namespaces.XML_SIG_NS); | |
86 if (base64cert != null) { | |
87 byte[] bytes = Base64.decodeBase64(base64cert); | |
88 try { | |
89 CertificateFactory cf = CertificateFactory.getInstance( | |
90 "X.509"); | |
91 this.cert = cf.generateCertificate( | |
92 new ByteArrayInputStream(bytes)); | |
93 } | |
94 catch(CertificateException e) { | |
95 // should never occur | |
96 logger.error(e); | |
97 } | |
98 } | |
99 } | |
100 } | |
101 } | |
102 | |
103 public Certificate getCertificate() { | |
104 return this.cert; | |
105 } | |
106 | |
107 public byte[] getValue() { | |
108 return this.value; | |
109 } | |
110 | |
111 public String getReference() { | |
112 // In theory there could be several references with digestvalues, ... | |
113 return this.reference; | |
114 } | |
115 | |
116 public byte[] getDigestValue() { | |
117 return this.digestvalue; | |
118 } | |
119 } | |
120 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: |