You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by alexey-s <al...@mail.ru> on 2013/04/01 15:00:07 UTC

CXF-4028 Add crypto provider

Hi.

I saw an open bug CXF-4028.
   https://issues.apache.org/jira/browse/CXF-4028
Now I'm trying to build his own version of the provider to work with CXF.
All changes are in the project wss4j

Class WSSecSignature from wss4j.jar have method is build.
The second paramert contains the name JCE Crypto Provider.
    String getCryptoProvider ();

This information is not used.

Method build calls method computeSignature.
It is necessary to pass a parameter Crypto cr.
Sample change method computeSignature:

     public void computeSignature (
         Crypto cr,
         List <javax.xml.crypto.dsig.Reference> referenceList,
         boolean prepend,
         Element siblingElement
     ) Throws WSSecurityException {


Further, the line is filling the transformation rules.
     signContext.setProperty (STRTransform.TRANSFORM_WS_DOC_INFO,
wsDocInfo);

I should add
     Provider p = System.getProvider (cr.getCryptoProvider ());
     if (p! = null) {
         signContext.setProperty
("org.jcp.xml.dsig.internal.dom.SignatureProvider", p);
     }

In this case, the object DOMSignatureMethod (JSR-105) will use the correct
object.


Yes, yet another addition. WSSecSignature uses
     signatureFactory = XMLSignatureFactory.getInstance ("DOM",
"ApacheXMLDSig");

This is not correct. To be added parameter provider.
getDOMCryptoProvider / setDOMCryptoProvider
to  class "org.apache.ws.security.components.crypto.Crypto".

This will change the implementation of both systems.

    public void prepare(Document doc, Crypto cr, WSSecHeader secHeader)
        throws WSSecurityException {

       init(cr.getDOMCryptoProvider());
       ...
    }

    private void init(String providerId) {
        // Try to install the Santuario Provider - fall back to the JDK
provider if this does
        // not work
        try {
            signatureFactory = XMLSignatureFactory.getInstance("DOM", 
                providerId != null ? providerId : "ApacheXMLDSig");
        } catch (NoSuchProviderException ex) {
            signatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
        try {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM",
                providerId != null ? providerId : "ApacheXMLDSig");
        } catch (NoSuchProviderException ex) {
            keyInfoFactory = KeyInfoFactory.getInstance("DOM");
        }
    }



Aleksey Sushko



--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-4028-Add-crypto-provider-tp5725632.html
Sent from the cxf-user mailing list archive at Nabble.com.