wss4j 使用 merlins 和密钥库。我有加密提供程序,它实现了 java.security.PrivateKey,但没有梅林和密钥库。如何在 wss4j 中使用 java.security.PrivateKey 的对象?
问问题
129 次
1 回答
0
您必须实现 org.apache.ws.security.components.crypto.Crypto 接口。例如:
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.components.crypto.DERDecoder;
import org.apache.ws.security.components.crypto.X509SubjectPublicKeyInfo;
import org.apache.ws.security.util.WSSecurityUtil;
import sun.security.provider.certpath.X509CertPath;
public class CryptoWithkeys implements Crypto {
private X509Certificate cert;
private PrivateKey privateKey;
public CryptoWithkeys(X509Certificate cer, PrivateKey privateKey)
{
this.cert = cer;
this.privateKey = privateKey;
}
public byte[] getBytesFromCertificates(X509Certificate[] certBytes) {
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
CertPath path = certFactory.generateCertPath(Arrays.<X509Certificate>asList(certBytes));
return path.getEncoded();
}
catch(CertificateException e)
{
System.out.println(e.getMessage());
return null;
}
}
public CertificateFactory getCertificateFactory()
throws WSSecurityException {
try{
return CertificateFactory.getInstance("X.509");
}
catch(CertificateException e)
{
throw new WSSecurityException(7, "parseError", null, e);
}
}
public X509Certificate[] getCertificatesFromBytes(byte[] data)
throws WSSecurityException {
InputStream in = new ByteArrayInputStream(data);
CertPath path = null;
try
{
path = CertificateFactory.getInstance("X.509").generateCertPath(in);
}
catch(CertificateException e)
{
throw new WSSecurityException(7, "parseError", null, e);
}
List l = path.getCertificates();
X509Certificate certs[] = new X509Certificate[l.size()];
int i = 0;
for(Iterator iterator = l.iterator(); iterator.hasNext();)
{
certs[i++] = (X509Certificate)iterator.next();
}
return certs;
}
public String getCryptoProvider() {
return null;
}
public String getDefaultX509Identifier() throws WSSecurityException {
// TODO Auto-generated method stub
return null;
}
public PrivateKey getPrivateKey(X509Certificate cert, CallbackHandler arg1)
throws WSSecurityException {
return this.privateKey;
}
public PrivateKey getPrivateKey(String arg0, String arg1)
throws WSSecurityException {
return this.privateKey;
}
public byte[] getSKIBytesFromCert(X509Certificate arg0)
throws WSSecurityException {
byte[] derEncodedValue = cert.getExtensionValue("2.5.29.14");
if(cert.getVersion() >= 3 && derEncodedValue != null)
{
DERDecoder extVal = new DERDecoder(derEncodedValue);
extVal.expect((byte)4);
extVal.getLength();
extVal.expect((byte)4);
int keyIDLen = extVal.getLength();
return extVal.getBytes(keyIDLen);
} else {
X509SubjectPublicKeyInfo spki = new X509SubjectPublicKeyInfo(cert.getPublicKey());
byte[] value = spki.getSubjectPublicKey();
return WSSecurityUtil.generateDigest(value);
}
}
public X509Certificate[] getX509Certificates(CryptoType cryptoType)
throws WSSecurityException {
if(cryptoType == null)
{
return null;
}
CryptoType.TYPE type = cryptoType.getType();
X509Certificate certs[] = null;
switch(type)
{
case ISSUER_SERIAL: // '\001'
certs = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
break;
case THUMBPRINT_SHA1 : // '\002'
certs = getX509Certificates(cryptoType.getBytes());
break;
case SKI_BYTES : // '\003'
certs = getX509CertificatesSKI(cryptoType.getBytes());
break;
case SUBJECT_DN : // '\004'
certs = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
break;
case ALIAS : // '\005'
certs = getX509Certificates(cryptoType.getAlias());
break;
}
return certs;
}
private X509Certificate[] getX509Certificates(byte thumbprint[])
{
return new X509Certificate[] {this.cert};
}
private X509Certificate[] getX509CertificatesSKI(byte ski[])
{
return new X509Certificate[] {this.cert};
}
private X509Certificate[] getX509CertificatesSubjectDN(String subjectDN)
{
return new X509Certificate[] {this.cert};
}
private X509Certificate[] getX509Certificates(String alias)
{
return new X509Certificate[] {this.cert};
}
private X509Certificate[] getX509Certificates(String issuer, BigInteger serial)
{
return new X509Certificate[] {this.cert};
}
public String getX509Identifier(X509Certificate arg0)
throws WSSecurityException {
// TODO Auto-generated method stub
return null;
}
public X509Certificate loadCertificate(InputStream arg0)
throws WSSecurityException {
// TODO Auto-generated method stub
return null;
}
public void setCertificateFactory(String arg0, CertificateFactory arg1) {
}
public void setCryptoProvider(String arg0) {
}
public void setDefaultX509Identifier(String arg0) {
}
@Deprecated
public boolean verifyTrust(X509Certificate[] arg0)
throws WSSecurityException {
// TODO Auto-generated method stub
return false;
}
public boolean verifyTrust(PublicKey arg0) throws WSSecurityException {
// TODO Auto-generated method stub
return false;
}
public boolean verifyTrust(X509Certificate[] arg0, boolean arg1)
throws WSSecurityException {
// TODO Auto-generated method stub
return false;
}
}
于 2021-05-15T10:36:25.367 回答