in src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java [171:269]
private static InboundSecurityToken getSecurityToken(X509DataType x509DataType,
XMLSecurityProperties securityProperties,
InboundSecurityContext inboundSecurityContext,
SecurityTokenConstants.KeyUsage keyUsage)
throws XMLSecurityException {
// X509Certificate
byte[] certBytes =
XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
XMLSecurityConstants.TAG_dsig_X509Certificate
);
if (certBytes != null) {
X509Certificate cert = getCertificateFromBytes(certBytes);
TokenType tokenType = SecurityTokenConstants.X509V3Token;
if (cert.getVersion() == 1) {
tokenType = SecurityTokenConstants.X509V1Token;
}
X509SecurityToken token =
new X509SecurityToken(tokenType, inboundSecurityContext,
IDGenerator.generateID(null), SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier, true);
token.setX509Certificates(new X509Certificate[]{cert});
setTokenKey(securityProperties, keyUsage, token);
return token;
}
// Issuer Serial
final X509IssuerSerialType issuerSerialType =
XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
XMLSecurityConstants.TAG_dsig_X509IssuerSerial
);
if (issuerSerialType != null) {
if (issuerSerialType.getX509IssuerName() == null
|| issuerSerialType.getX509SerialNumber() == null
|| SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage)
&& securityProperties.getSignatureVerificationKey() == null
|| SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage)
&& securityProperties.getDecryptionKey() == null) {
throw new XMLSecurityException("stax.noKey", new Object[] {keyUsage});
}
X509IssuerSerialSecurityToken token =
new X509IssuerSerialSecurityToken(
SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
token.setIssuerName(issuerSerialType.getX509IssuerName());
token.setSerialNumber(issuerSerialType.getX509SerialNumber());
setTokenKey(securityProperties, keyUsage, token);
return token;
}
// Subject Key Identifier
byte[] skiBytes =
XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
XMLSecurityConstants.TAG_dsig_X509SKI
);
if (skiBytes != null) {
if (SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage)
&& securityProperties.getSignatureVerificationKey() == null
|| SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage)
&& securityProperties.getDecryptionKey() == null) {
throw new XMLSecurityException("stax.noKey", new Object[] {keyUsage});
}
X509SKISecurityToken token =
new X509SKISecurityToken(
SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
token.setSkiBytes(skiBytes);
setTokenKey(securityProperties, keyUsage, token);
return token;
}
// Subject Name
String subjectName =
XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
XMLSecurityConstants.TAG_dsig_X509SubjectName
);
if (subjectName != null) {
if (SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage)
&& securityProperties.getSignatureVerificationKey() == null
|| SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage)
&& securityProperties.getDecryptionKey() == null) {
throw new XMLSecurityException("stax.noKey", new Object[] {keyUsage});
}
String normalizedSubjectName =
RFC2253Parser.normalize(subjectName);
X509SubjectNameSecurityToken token =
new X509SubjectNameSecurityToken(
SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
token.setSubjectName(normalizedSubjectName);
setTokenKey(securityProperties, keyUsage, token);
return token;
}
throw new XMLSecurityException("stax.noKey", new Object[] {keyUsage});
}