KeyResolver blues

Sat, 23 Apr 2005 13:01:07 -0700 

Hep,

I'm still working on that XKMS thing, and I have run into some trouble
with retrieving a X509Certificate from a KeyInfo element. Maybe I
misunderstood how to use the xmlsec java API, so I'll post my code
here - if someone could take a look and tell me if I'm doing something
impossible.

Context: I'm trying to do a XKMS Register operation and inserting the
information into a simple MySQL database. The problem arises when I
try to get the Certificate out of the KeyInfo element - as shown below
in the comment.
My question is: Can't I use the KeyInfo.getX509Certificate() just like that?


Here is the method for inserting the Base64 encoded certificate:

private void insertX509Certificate( Connection conn,
PrototypeKeybinding proto, int keyinfoId)  throws SQLException,
XKMSException {
        String sqlString = "INSERT INTO x509certificate values( 0, ?,
?, ?, ?, ?)";
        PreparedStatement stmt = conn.prepareStatement( sqlString );
        stmt.setInt( 2, keyinfoId );
        X509Certificate cert = null;
        // check the certificate data before inserting it into the DB
        boolean badcert = false;
        try {
            CertificateFactory certFactory =
CertificateFactory.getInstance("X.509");
            KeyInfo ki = proto.getKeyInfo();
            cert = ki.getX509Certificate();  // <-- This throws
KeyResolverException ???
            stmt.setInt( 1, cert.getSerialNumber().intValue() );
            stmt.setString( 3, Base64.encode( cert.getEncoded() ) );
            stmt.setString( 4, cert.getSubjectDN().getName() );
            stmt.setString( 5, cert.getIssuerDN().getName() );
            stmt.setInt( 6, 0); // FIXME  issuer_id should not be 0
every time. :(
        } 
 // snip ...


And the Request document it is processing looke like this:

<?xml version="1.0" encoding="UTF-8"?>
<RegisterRequest Id="-2048387245" Nonce="VgSqzAAX7r+UhJlvrO597A=="
    OriginalRequestId="2088880619"
    Service="http://bea.itu.dk:8080/xkms/";
xmlns="http://www.w3.org/2002/03/xkms#";>
    <PrototypeKeyBinding>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
            <KeyName
xmlns="http://www.w3.org/2000/09/xmldsig#";>Kenneth</KeyName>
            <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#";>
                <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#";>
MIIFtzCCBJ+gAwIBAgIEP77GNTANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UE
ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wNDAzMDExNDIzMjRaFw0wNjAzMDExNDUz
MjRaMHoxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB0aWxrbnl0
bmluZzFAMBkGA1UEAxMSS2VubmV0aCBBaG4gSmVuc2VuMCMGA1UEBRMcUElEOjkyMDgtMjAwMi0y
LTI1MDM1NTkzMzU1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0WfYlnLEwUjTSo
W76NOTCVS204x2KX6sYAOa7rORLH+fBikLJ+yUFikJDEOde28WhswBzmDQs8SSvKS56QK2U/3PXt
Nk12qiyEdOxJzYvNLHLYvncuKIcaMoUp1YbldmaQYy2ScKOxC78lP7Ns7p8CIsygCezeMBL5NOYT
TXNYizQI1yFiuGBZi8qYvk2u8ya7ELq1audaDB7wssqsUuADrsijUD8vkiTbDhcI537LorGDDR8+
GiGxbUEJ9qcy9AisjzcVLnYW4MKiex2K4w1JB2Fb6ckfh5ULyCIiOlT3oyhTxCec1Oa/2K/lXEl8
zde/+ldb2gBPxEDc5Zqr9ZsCAwEAAaOCAowwggKIMA4GA1UdDwEB/wQEAwID+DArBgNVHRAEJDAi
gA8yMDA0MDMwMTE0MjMyNFqBDzIwMDYwMzAxMTQ1MzI0WjCCATcGA1UdIASCAS4wggEqMIIBJgYK
KoFQgSkBAQEBATCCARYwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv
c2l0b3J5MIHiBggrBgEFBQcCAjCB1TAKFgNUREMwAwIBARqBxkZvciBhbnZlbmRlbHNlIGFmIGNl
cnRpZmlrYXRldCBn5mxkZXIgT0NFUyB2aWxr5XIsIENQUyBvZyBPQ0VTIENQLCBkZXIga2FuIGhl
bnRlcyBmcmEgd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeS4gQmVt5nJrLCBhdCBUREMgZWZ0
ZXIgdmlsa+VyZW5lIGhhciBldCBiZWdy5m5zZXQgYW5zdmFyIGlmdC4gcHJvZmVzc2lvbmVsbGUg
cGFydGVyLjAVBgNVHREEDjAMgQprYWpAaXR1LmRrMIGQBgNVHR8EgYgwgYUwSqBIoEakRDBCMQsw
CQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTEPMA0GA1UEAxMG
Q1JMMTc3MDegNaAzhjFodHRwOi8vY3JsLm9jZXMuY2VydGlmaWthdC5kay9vY2VzLzEwNjk0Njcx
ODkuY3JsMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBQ8rlgJhuoO
3AKSRHZ/Zjbi+4lKTTAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY2LjADAgOoMA0GCSqG
SIb3DQEBBQUAA4IBAQCYOZm9DILGgeHqIjIdoFOeW/2deijhJvVGzfc/JNilx2MUOtcOvhRRgkvY
bpCvffNMW4qyfZ94eNfRZKIrWRliDNT6u75WxAV0n0Fz07ksLHmD/RK1WsUv9xQ1ypWCrDTSmtBM
IOzc5HpLcMGtmA37I+plq1+YxQab7spd0wJZzlF31IxN1hyKMzteRMv4QGsmZ7AdstDi37bMfEbj
kg+vqoXr0ZOhk27u1crSsTYN7wA8bT54i1+q53u0icScRk46VY3umCRoYj9qFOw6qOneetnSZD3j
1f5qMNjCA3yVodY7RtosvNUxid2CfYF9cMyqBww4h4NDlzmucafvDsqx
</X509Certificate>
            </X509Data>
        </KeyInfo>
        <KeyUsage>http://www.w3.org/2002/03/xkms#Encryption</KeyUsage>
        <KeyUsage>http://www.w3.org/2002/03/xkms#Signature</KeyUsage>
        <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="[EMAIL 
PROTECTED]"/>
        <RevocationCodeIdentifier>foo</RevocationCodeIdentifier>
    </PrototypeKeyBinding>
    
<ResponseMechanism>http://www.w3.org/2002/03/xkms#Represent</ResponseMechanism>
</RegisterRequest>

Thanks. 
---
Cheers,
Kenneth

Reply via email to