/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SecurityUtils.java,v 1.5 2009/06/08 23:42:33 madan_ranganath Exp $
*
* Portions Copyrighted 2014 ForgeRock AS
*/
/**
* This class has common utility methods .
*/
public class SecurityUtils {
"com.sun.identity.liberty.ws.trustedca.certaliases";
static {
if (debug.messageEnabled()) {
tmpStr);
}
while(stz.hasMoreTokens()) {
if (index == -1) {
if (debug.messageEnabled()) {
aliasIssuer + " to trustedCACertAliases");
}
} else {
if (debug.messageEnabled()) {
alias +" to trustedCACertAliases");
}
if (debug.messageEnabled()) {
"] to issuerTrustedCACertAliases");
}
}
}
}
}
}
}
}
}
/*
* Sign part of the Message object based on the Security Token
* profile embedded in the object.
*
* @param m Message object
* @return Signature of Security Token Profile
*/
try {
int securityType = m.getSecurityProfileType();
if (debug.messageEnabled()) {
}
if (securityType==m.X509_TOKEN) {
cert = m.getMessageCertificate();
m.getWSFVersion());
} else if (securityType==m.SAML_TOKEN) {
cert = m.getMessageCertificate();
} else if (securityType==m.ANONYMOUS) {
// Should be transportation layer encryption.
}
} catch (Exception e) {
}
return null;
}
/**
* Verify all the signatures of the of Message object passed
* from Soap Binding.
*
* @param m Message object whose signature to be verified
* @return true if the signature is verified.
*/
try {
int securityProfileType = m.getSecurityProfileType();
if (signingCert == null) {
"assertion doesn't have keyInfo and " +
"issuer is not in " +
"com.sun.identity.liberty.ws.trustedca.certalias" +
" in AMConfig");
return false;
}
} else {
"assertion is signed with a certificate that " +
" is not in the keystore");
return false;
"assertion is signed with a certificate that " +
" is in the keystore but not in " +
"com.sun.identity.liberty.ws.trustedca.certalias" +
" in AMConfig");
return false;
}
}
if (!assertion.isSignatureValid()) {
"signature invalid");
return false;
}
if (debug.messageEnabled()) {
" signing cert alias = " + certAlias);
}
}
"the same as the certificate inside the " +
"soap message");
return false;
}
if (messageCert != null) {
}
return true;
} catch (Exception e) {
}
return false;
}
/**
* Get Certificate from X509 Security Token Profile document.
*
* @param binarySecurityToken the Security Token.
* @return X509 Certiticate object.
*/
try {
while (i.hasNext()) {
}
} else { //X509:v3 format
}
}
} catch (Exception e) {
// Certificate encoding error!
}
return cert;
}
/**
* Gets the Certificate from the <code>Assertion</code>.
*
* @param assertion the SAML <code>Assertion</code>.
* @return <code>X509Certificate</code> object.
*/
if (debug.messageEnabled()) {
}
try {
subject =
} else if (stype ==
}
} else if (stype ==
}
}
return getCertificate(keyinfo);
}
}
}
} else {
}
} catch (Exception e) {
}
return null;
}
/**
* Returns the <code>X509Certificate</code> object.
*
* @param keyinfo the <code>KeyInfo</code> Document Element.
* @return the <code>X509Certificate</code> object.
*/
if (debug.messageEnabled()) {
}
try {
} catch (Exception e) {
}
} else {
}
return cert;
}
/**
* Returns the <code>PublicKey</code>.
*/
throws XMLSignatureException {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
p = v;
q = v;
g = v;
y = v;
} else {
throw new XMLSignatureException(
}
}
}
try {
} catch (XMLSecurityException xse) {
" DSA key value.");
throw new XMLSignatureException(
}
}
} else {
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
e = v;
m = v;
} else {
"RSA key element.");
throw new XMLSignatureException(
}
}
}
}
new RSAKeyValue(doc,m, e);
try {
} catch (XMLSecurityException ex) {
" RSA key value.");
throw new XMLSignatureException(
}
}
}
return pubKey;
}
/**
* Returns the <code>X509Certificate</code> object.
*
* @param certString the Certificate String.
* @param format the Certificate's format.
* @return the <code>X509Certificate</code> object.
*/
try {
}
while (i.hasNext()) {
}
} else { //X509:v3 format
}
}
} catch (Exception e) {
}
return cert;
}
/**
* Returns the <code>X509Certificate</code> in the <code>Assertion</code>.
*
* @param assertion the SAML <code>Assertion</code>
* @return the <code>X509Certificate</code> object.
*/
}
return cert;
}
/**
* Returns XML Signature instance.
*/
return sm;
}
}