直接在wss4j中使用PrivateKey

时间:2013-09-11 04:06:43

标签: wss4j

wss4j使用merlins和keystores。我有crypto提供程序,它实现了java.security.PrivateKey,但没有merlins和keystores。我怎样才能在wss4j中使用java.security.PrivateKey的对象?

1 个答案:

答案 0 :(得分:0)

您必须实现 org.apache.ws.security.components.crypto.Crypto 接口。例如:

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

import javax.security.auth.callback.CallbackHandler;

import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.components.crypto.DERDecoder;
import org.apache.ws.security.components.crypto.X509SubjectPublicKeyInfo;
import org.apache.ws.security.util.WSSecurityUtil;

import sun.security.provider.certpath.X509CertPath;


public class CryptoWithkeys implements Crypto {
    
    private X509Certificate cert;
    private PrivateKey privateKey;
    public CryptoWithkeys(X509Certificate cer, PrivateKey privateKey)
    {
        this.cert = cer;
        this.privateKey = privateKey;
    }

    public byte[] getBytesFromCertificates(X509Certificate[] certBytes) {

        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");       
            CertPath path = certFactory.generateCertPath(Arrays.<X509Certificate>asList(certBytes));            
            return path.getEncoded();
        }
        catch(CertificateException e)
        {
            System.out.println(e.getMessage());
            return null;
        }
        
    }

    public CertificateFactory getCertificateFactory()
            throws WSSecurityException {
        try{
            return CertificateFactory.getInstance("X.509");
        }
        catch(CertificateException e)
        {
            throw new WSSecurityException(7, "parseError", null, e);
        }
    }

    public X509Certificate[] getCertificatesFromBytes(byte[] data)
            throws WSSecurityException {
        InputStream in = new ByteArrayInputStream(data);
        CertPath path = null;
        try
        {
            path = CertificateFactory.getInstance("X.509").generateCertPath(in);
        }
        catch(CertificateException e)
        {
            throw new WSSecurityException(7, "parseError", null, e);
        }
        
        List l = path.getCertificates();
        X509Certificate certs[] = new X509Certificate[l.size()];
        int i = 0;
        for(Iterator iterator = l.iterator(); iterator.hasNext();)
        {
            certs[i++] = (X509Certificate)iterator.next();
        }

        return certs;        
    }

    public String getCryptoProvider() {
        return null;
    }

    public String getDefaultX509Identifier() throws WSSecurityException {
        // TODO Auto-generated method stub
        return null;
    }

    public PrivateKey getPrivateKey(X509Certificate cert, CallbackHandler arg1)
            throws WSSecurityException {
        return this.privateKey;
    }

    public PrivateKey getPrivateKey(String arg0, String arg1)
            throws WSSecurityException {
        return this.privateKey;
    }

    public byte[] getSKIBytesFromCert(X509Certificate arg0)
            throws WSSecurityException {
    
        byte[] derEncodedValue = cert.getExtensionValue("2.5.29.14");
        if(cert.getVersion() >= 3 && derEncodedValue != null)
        {
            DERDecoder extVal = new DERDecoder(derEncodedValue);
            extVal.expect((byte)4);
            extVal.getLength();
            extVal.expect((byte)4);
            int keyIDLen = extVal.getLength();
            return extVal.getBytes(keyIDLen);
        } else {        
            X509SubjectPublicKeyInfo spki = new X509SubjectPublicKeyInfo(cert.getPublicKey());
            byte[] value = spki.getSubjectPublicKey();
            
            return WSSecurityUtil.generateDigest(value);
        }
    }
    

    public X509Certificate[] getX509Certificates(CryptoType cryptoType)
            throws WSSecurityException {
        if(cryptoType == null)
        {
            return null;
        }
        
        CryptoType.TYPE type = cryptoType.getType();
        X509Certificate certs[] = null;

        switch(type)
        {
        case ISSUER_SERIAL: // '\001'
            certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
            break;

        case THUMBPRINT_SHA1 : // '\002'
            certs = getX509Certificates(cryptoType.getBytes());
            break;

        case SKI_BYTES : // '\003'
            certs = getX509CertificatesSKI(cryptoType.getBytes());
            break;

        case SUBJECT_DN : // '\004'
            certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
            break;

        case ALIAS : // '\005'
            certs = getX509Certificates(cryptoType.getAlias());
            break;
        }
        return certs;   
    }
    
    
    private X509Certificate[] getX509Certificates(byte thumbprint[])
    {
        return new X509Certificate[] {this.cert};
    }
    private X509Certificate[] getX509CertificatesSKI(byte ski[])
    {
        return new X509Certificate[] {this.cert};
    }
    private X509Certificate[] getX509CertificatesSubjectDN(String subjectDN)
    {
        return new X509Certificate[] {this.cert};
    }
    private X509Certificate[] getX509Certificates(String alias)
    {
        return new X509Certificate[] {this.cert};
    }
    private X509Certificate[] getX509Certificates(String issuer, BigInteger serial)
    {
        return new X509Certificate[] {this.cert};
    }

    public String getX509Identifier(X509Certificate arg0)
            throws WSSecurityException {
        // TODO Auto-generated method stub
        return null;
    }

    public X509Certificate loadCertificate(InputStream arg0)
            throws WSSecurityException {
        // TODO Auto-generated method stub
        return null;
    }

    public void setCertificateFactory(String arg0, CertificateFactory arg1) {
            
    }

    public void setCryptoProvider(String arg0) {
    }

    public void setDefaultX509Identifier(String arg0) {
    }

    @Deprecated
    public boolean verifyTrust(X509Certificate[] arg0)
            throws WSSecurityException {
        // TODO Auto-generated method stub
        return false;
    }

    public boolean verifyTrust(PublicKey arg0) throws WSSecurityException {
        // TODO Auto-generated method stub
        return false;
    }

    public boolean verifyTrust(X509Certificate[] arg0, boolean arg1)
            throws WSSecurityException {
        // TODO Auto-generated method stub
        return false;
    }


}