Mercurial > dive4elements > river

comparison flys-client/src/main/java/org/dive4elements/river/client/server/auth/was/Signature.java @ 5834:f507086aa94b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Repaired internal references.
author Sascha L. Teichmann <teichmann@intevation.de>
date Thu, 25 Apr 2013 12:31:32 +0200
parents flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java@725470fc57d2
children 821a02bbfb4e
comparison
equal deleted inserted replaced
5833:a2bdc0f524e8 5834:f507086aa94b
1 package de.intevation.flys.client.server.auth.was;
2
3 import java.io.ByteArrayInputStream;
4 import java.security.cert.Certificate;
5 import java.security.cert.CertificateException;
6 import java.security.cert.CertificateFactory;
7
8 import org.apache.commons.codec.binary.Base64;
9 import org.apache.log4j.Logger;
10 import org.jdom.Element;
11
12 public class Signature {
13
14 private static Logger logger = Logger.getLogger(Signature.class);
15
16 private static final String XML_SIG_DIGEST_SHA1 =
17 "http://www.w3.org/2000/09/xmldsig#sha1";
18 private static final String XML_SIG_SIGNATURE_RSA_SHA1 =
19 "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
20
21 private final Element signature;
22 private Certificate cert;
23 private byte[] value;
24 private byte[] digestvalue;
25 private String reference;
26
27 public Signature(Element signature) {
28 this.signature = signature;
29 this.parseSignatureInfo();
30 this.parseSignatureValue();
31 this.parseCertificate();
32 }
33
34 private void parseSignatureInfo() {
35 Element signatureinfo = this.signature.getChild("SignedInfo",
36 Namespaces.XML_SIG_NS);
37 if (signatureinfo != null) {
38 Element signaturemethod = signatureinfo.getChild("SignatureMethod",
39 Namespaces.XML_SIG_NS);
40 String algorithm = signaturemethod.getAttributeValue("Algorithm");
41 if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) {
42 logger.warn("Unkown signature alorithm " + algorithm);
43 }
44
45 // There could be several references in XML-Sig spec but for me it
46 // doesn't make sense to have more then one in a SAML Assertion
47 Element reference = signatureinfo.getChild("Reference",
48 Namespaces.XML_SIG_NS);
49 // reference must be present but its better to check
50 if (reference != null) {
51 String digestvalue = reference.getChildText("DigestValue",
52 Namespaces.XML_SIG_NS);
53 String digestmethod = reference.getChildText("DigestMethod",
54 Namespaces.XML_SIG_NS);
55 if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) {
56 logger.warn("Unknown digest method " + digestmethod);
57 }
58 this.digestvalue = Base64.decodeBase64(digestvalue);
59
60 String referenceuri = reference.getAttributeValue("URI");
61 if (referenceuri.startsWith("#")) {
62 this.reference = referenceuri.substring(1);
63 }
64 else {
65 logger.warn("Unkown reference type " + referenceuri);
66 this.reference = referenceuri;
67 }
68 }
69 }
70 }
71
72 private void parseSignatureValue() {
73 String signaturevalue = this.signature.getChildText("SignatureValue",
74 Namespaces.XML_SIG_NS);
75 this.value = Base64.decodeBase64(signaturevalue);
76 }
77
78 private void parseCertificate() {
79 Element keyinfo = this.signature.getChild("KeyInfo",
80 Namespaces.XML_SIG_NS);
81 if (keyinfo != null) {
82 Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS);
83 if (data != null) {
84 String base64cert = data.getChildText("X509Certificate",
85 Namespaces.XML_SIG_NS);
86 if (base64cert != null) {
87 byte[] bytes = Base64.decodeBase64(base64cert);
88 try {
89 CertificateFactory cf = CertificateFactory.getInstance(
90 "X.509");
91 this.cert = cf.generateCertificate(
92 new ByteArrayInputStream(bytes));
93 }
94 catch(CertificateException e) {
95 // should never occur
96 logger.error(e);
97 }
98 }
99 }
100 }
101 }
102
103 public Certificate getCertificate() {
104 return this.cert;
105 }
106
107 public byte[] getValue() {
108 return this.value;
109 }
110
111 public String getReference() {
112 // In theory there could be several references with digestvalues, ...
113 return this.reference;
114 }
115
116 public byte[] getDigestValue() {
117 return this.digestvalue;
118 }
119 }
120 // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80:
http://dive4elements.wald.intevation.org