Mercurial > dive4elements > river
view flys-client/src/main/java/org/dive4elements/river/client/server/auth/was/Signature.java @ 5834:f507086aa94b
Repaired internal references.
| author | Sascha L. Teichmann <teichmann@intevation.de> |
|---|---|
| date | Thu, 25 Apr 2013 12:31:32 +0200 |
| parents | flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Signature.java@725470fc57d2 |
| children | 821a02bbfb4e |
line wrap: on
line source
package de.intevation.flys.client.server.auth.was; import java.io.ByteArrayInputStream; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; import org.jdom.Element; public class Signature { private static Logger logger = Logger.getLogger(Signature.class); private static final String XML_SIG_DIGEST_SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1"; private static final String XML_SIG_SIGNATURE_RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; private final Element signature; private Certificate cert; private byte[] value; private byte[] digestvalue; private String reference; public Signature(Element signature) { this.signature = signature; this.parseSignatureInfo(); this.parseSignatureValue(); this.parseCertificate(); } private void parseSignatureInfo() { Element signatureinfo = this.signature.getChild("SignedInfo", Namespaces.XML_SIG_NS); if (signatureinfo != null) { Element signaturemethod = signatureinfo.getChild("SignatureMethod", Namespaces.XML_SIG_NS); String algorithm = signaturemethod.getAttributeValue("Algorithm"); if (!algorithm.equals(XML_SIG_SIGNATURE_RSA_SHA1)) { logger.warn("Unkown signature alorithm " + algorithm); } // There could be several references in XML-Sig spec but for me it // doesn't make sense to have more then one in a SAML Assertion Element reference = signatureinfo.getChild("Reference", Namespaces.XML_SIG_NS); // reference must be present but its better to check if (reference != null) { String digestvalue = reference.getChildText("DigestValue", Namespaces.XML_SIG_NS); String digestmethod = reference.getChildText("DigestMethod", Namespaces.XML_SIG_NS); if (!digestmethod.equals(XML_SIG_DIGEST_SHA1)) { logger.warn("Unknown digest method " + digestmethod); } this.digestvalue = Base64.decodeBase64(digestvalue); String referenceuri = reference.getAttributeValue("URI"); if (referenceuri.startsWith("#")) { this.reference = referenceuri.substring(1); } else { logger.warn("Unkown reference type " + referenceuri); this.reference = referenceuri; } } } } private void parseSignatureValue() { String signaturevalue = this.signature.getChildText("SignatureValue", Namespaces.XML_SIG_NS); this.value = Base64.decodeBase64(signaturevalue); } private void parseCertificate() { Element keyinfo = this.signature.getChild("KeyInfo", Namespaces.XML_SIG_NS); if (keyinfo != null) { Element data = keyinfo.getChild("X509Data", Namespaces.XML_SIG_NS); if (data != null) { String base64cert = data.getChildText("X509Certificate", Namespaces.XML_SIG_NS); if (base64cert != null) { byte[] bytes = Base64.decodeBase64(base64cert); try { CertificateFactory cf = CertificateFactory.getInstance( "X.509"); this.cert = cf.generateCertificate( new ByteArrayInputStream(bytes)); } catch(CertificateException e) { // should never occur logger.error(e); } } } } } public Certificate getCertificate() { return this.cert; } public byte[] getValue() { return this.value; } public String getReference() { // In theory there could be several references with digestvalues, ... return this.reference; } public byte[] getDigestValue() { return this.digestvalue; } } // vim: set si et fileencoding=utf-8 ts=4 sw=4 tw=80: