X509CertificateCredentialProvider.java

/*
 * Atricore IDBus
 *
 * Copyright (c) 2009, Atricore Inc.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package org.atricore.idbus.capabilities.clientcertauthn;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.atricore.idbus.kernel.main.authn.CredentialProvider;
import org.atricore.idbus.kernel.main.authn.Credential;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public class X509CertificateCredentialProvider implements CredentialProvider {
    private static final Log logger = LogFactory.getLog(X509CertificateCredentialProvider.class);

    /**
     * The name of the credential representing an X.509 Certificate.
     * Used to get a new credential instance based on its name and value.
     * Value : userCertificate
     *
     * @see Credential newCredential(String name, Object value)
     */
    private final static String X509_CERTIFICATE_CREDENTIAL_NAME = "userCertificate";

    public Credential newCredential(String name, Object value) {

        if (name.equalsIgnoreCase(X509_CERTIFICATE_CREDENTIAL_NAME)) {

            if (value instanceof X509Certificate)
                return new X509CertificateCredential(value);
            else if (value instanceof String) {
                X509Certificate cert = buildX509Certificate((String) value);
                return new X509CertificateCredential(cert);
            } else {
                X509Certificate cert = buildX509Certificate((byte[]) value);
                return new X509CertificateCredential(cert);
            }
        }

        // Don't know how to handle this name ...
        if (logger.isDebugEnabled())
            logger.debug("Unknown credential name : " + name);

        return null;
    }

    public Credential newEncodedCredential(String name, Object value) {
        return newCredential(name, value);
    }

    private X509Certificate buildX509Certificate(byte[] binaryCert) {
        X509Certificate cert = null;

        try {
            ByteArrayInputStream bais = new ByteArrayInputStream(binaryCert);
            CertificateFactory cf =
                    CertificateFactory.getInstance("X.509");

            cert = (X509Certificate) cf.generateCertificate(bais);

            if (logger.isDebugEnabled())
                logger.debug("Building X.509 certificate result :\n " + cert);

        } catch (CertificateException ce) {
            logger.error("Error instantiating X.509 Certificate", ce);
        }

        return cert;
    }

    private X509Certificate buildX509Certificate(String plainCert) {
        return buildX509Certificate(plainCert.getBytes());
    }

}