Mercurial > dive4elements > river
diff flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java @ 2956:d7f76f197d89
Refactor GGInA authentication
Move authentication related classes to de.intevation.fly.client.server.auth
package. Abstract the authentication classes to allow other authentications
beside WAS/GGInA.
flys-client/trunk@4936 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Wed, 11 Jul 2012 13:31:56 +0000 |
parents | |
children | 725470fc57d2 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java Wed Jul 11 13:31:56 2012 +0000 @@ -0,0 +1,121 @@ +package de.intevation.flys.client.server.auth.was; + +import java.io.ByteArrayInputStream; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; + +import org.apache.commons.codec.binary.Base64; +import org.apache.log4j.Logger; + +import org.jdom.Element; + +public class Signature { + + private static Logger logger = Logger.getLogger(Signature.class); + + private static final String XML_SIG_DIGEST_SHA1 = + "http://www.w3.org/2000/09/xmldsig#sha1"; + private static final String XML_SIG_SIGNATURE_RSA_SHA1 = + "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; + + private Element signature; + private Certificate cert; + private byte[] value; + private byte[] digestvalue; + private String reference; + + public Signature(Element signature) { + this.signature = signature; + this.parseSignatureInfo(); + this.parseSignatureValue(); + this.parseCertificate(); + } + + private void parseSignatureInfo() { + Element signatureinfo = this.signature.getChild("SignedInfo", + Namespaces.XML_SIG_NS); + if (signatureinfo != null) { + Element signaturemethod = signatureinfo.getChild("SignatureMethod", + Namespaces.XML_SIG_NS); + String algorithm = signaturemethod.getAttributeValue("Algorithm"); + if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) { + logger.warn("Unkown signature alorithm " + algorithm); + } + + // There could be several references in XML-Sig spec but for me it + // doesn't make sense to have more then one in a SAML Assertion + Element reference = signatureinfo.getChild("Reference", + Namespaces.XML_SIG_NS); + // reference must be present but its better to check + if (reference != null) { + String digestvalue = reference.getChildText("DigestValue", + Namespaces.XML_SIG_NS); + String digestmethod = reference.getChildText("DigestMethod", + Namespaces.XML_SIG_NS); + if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) { + logger.warn("Unknown digest method " + digestmethod); + } + this.digestvalue = Base64.decodeBase64(digestvalue); + + String referenceuri = reference.getAttributeValue("URI"); + if (referenceuri.startsWith("#")) { + this.reference = referenceuri.substring(1); + } + else { + logger.warn("Unkown reference type " + referenceuri); + this.reference = referenceuri; + } + } + } + } + + private void parseSignatureValue() { + String signaturevalue = this.signature.getChildText("SignatureValue", + Namespaces.XML_SIG_NS); + this.value = Base64.decodeBase64(signaturevalue); + } + + private void parseCertificate() { + Element keyinfo = this.signature.getChild("KeyInfo", + Namespaces.XML_SIG_NS); + if (keyinfo != null) { + Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS); + if (data != null) { + String base64cert = data.getChildText("X509Certificate", + Namespaces.XML_SIG_NS); + if (base64cert != null) { + byte[] bytes = Base64.decodeBase64(base64cert); + try { + CertificateFactory cf = CertificateFactory.getInstance( + "X.509"); + this.cert = cf.generateCertificate( + new ByteArrayInputStream(bytes)); + } + catch(CertificateException e) { + // should never occur + logger.error(e); + } + } + } + } + } + + public Certificate getCertificate() { + return this.cert; + } + + public byte[] getValue() { + return this.value; + } + + public String getReference() { + // In theory there could be several references with digestvalues, ... + return this.reference; + } + + public byte[] getDigestValue() { + return this.digestvalue; + } +} +// vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: