You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2013/10/17 04:21:47 UTC
svn commit: r1532953 - in /juddi/trunk:
juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
juddi-gui-dsig/src/main/keystore/signing-jar.keystore
juddi-gui/src/main/webapp/ajax/saveFromXML.jsp readme.txt
Author: alexoree
Date: Thu Oct 17 02:21:47 2013
New Revision: 1532953
URL: http://svn.apache.org/r1532953
Log:
JUDDI-661 updating applet signing key, fixing a residual refactoring problem. adding automatic default trust store for signature validation. readme updated for .net builds
Modified:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
juddi/trunk/juddi-gui-dsig/src/main/keystore/signing-jar.keystore
juddi/trunk/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
juddi/trunk/readme.txt
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java?rev=1532953&r1=1532952&r2=1532953&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java Thu Oct 17 02:21:47 2013
@@ -91,14 +91,15 @@ public class DigSigUtil {
/**
* Expects a properties object containing the desired configuration
+ *
* @param config
- * @throws CertificateException
+ * @throws CertificateException
*/
public DigSigUtil(Properties config) throws CertificateException {
cf = CertificateFactory.getInstance("X.509");
this.map = config;
}
-
+
public DigSigUtil() throws CertificateException {
cf = CertificateFactory.getInstance("X.509");
}
@@ -215,7 +216,6 @@ public class DigSigUtil {
* any value can be used.
*@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
*/
-
//public final static String SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL = "X500";
public final static String XML_DIGSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
/**
@@ -478,7 +478,7 @@ public class DigSigUtil {
if (signingcert != null && signingcert instanceof X509Certificate) {
logger.info("verifying signature based on X509 public key " + signingcert.getSubjectDN().toString());
- if (map.containsKey(CHECK_TIMESTAMPS)&& Boolean.parseBoolean(map.getProperty(CHECK_TIMESTAMPS))) {
+ if (map.containsKey(CHECK_TIMESTAMPS) && Boolean.parseBoolean(map.getProperty(CHECK_TIMESTAMPS))) {
signingcert.checkValidity();
}
if (map.containsKey(CHECK_REVOCATION_STATUS_OCSP)
@@ -497,7 +497,7 @@ public class DigSigUtil {
throw new CertificateException("Certificate status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
}
}
- if (map.containsKey(CHECK_REVOCATION_STATUS_CRL)&& Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_CRL))) {
+ if (map.containsKey(CHECK_REVOCATION_STATUS_CRL) && Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_CRL))) {
logger.info("verifying revokation status via CRL for X509 public key " + signingcert.getSubjectDN().toString());
Security.setProperty("ocsp.enable", "false");
@@ -516,7 +516,7 @@ public class DigSigUtil {
logger.info("revokation status via CRL PASSED for X509 public key " + signingcert.getSubjectDN().toString());
}
- if (map.containsKey(CHECK_TRUST_CHAIN)&& Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
+ if (map.containsKey(CHECK_TRUST_CHAIN) && Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
logger.info("verifying trust chain X509 public key " + signingcert.getSubjectDN().toString());
PKIXParameters params = new PKIXParameters(GetTrustStore());
params.setRevocationEnabled(false);
@@ -583,13 +583,15 @@ public class DigSigUtil {
}
private KeyStore GetTrustStore() throws Exception {
- String type=map.getProperty(TRUSTSTORE_FILETYPE);
- if (type==null)
- type="JKS";
+ String type = map.getProperty(TRUSTSTORE_FILETYPE);
+ if (type == null) {
+ type = "JKS";
+ }
KeyStore ks = KeyStore.getInstance(type);
- String filename=map.getProperty(TRUSTSTORE_FILE);
- if (filename==null)
+ String filename = map.getProperty(TRUSTSTORE_FILE);
+ if (filename == null) {
return null;
+ }
URL url = Thread.currentThread().getContextClassLoader().getResource(map.getProperty(TRUSTSTORE_FILE));
if (url == null) {
try {
@@ -603,13 +605,36 @@ public class DigSigUtil {
} catch (Exception x) {
}
}
- if (!map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
- ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
- } else {
- //Windows only
- ks.load(null, null);
- }
+ try {
+ if (!map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
+ ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
+ } else {
+ //Windows only
+ ks.load(null, null);
+ }
+ } catch (Exception ex) {
+ logger.error("Unable to load user specified trust store! attempting to load the default", ex);
+ URL cacerts = null;
+ try {
+ cacerts = new File(System.getenv("JAVA_HOME") + File.pathSeparator + "lib" + File.pathSeparator + "security" + File.pathSeparator + "cacerts").toURI().toURL();
+ } catch (Exception c) {
+ logger.debug("unable to load default jre truststore", c);
+ }
+ try {
+ cacerts = new File(System.getenv("JAVA_HOME") + File.pathSeparator + "jre" + File.pathSeparator + "lib" + File.pathSeparator + "security" + File.pathSeparator + "cacerts").toURI().toURL();
+ } catch (Exception c) {
+ logger.debug("unable to load default jdk/jre truststore", c);
+ }
+ if (cacerts != null) {
+ try {
+ logger.info("Attempting to load trust store from " + cacerts.toString());
+ ks.load(cacerts.openStream(), "changeit".toCharArray());
+ } catch (Exception c) {
+ logger.warn("error loading default truststore", c);
+ }
+ }
+ }
return ks;
}
@@ -746,8 +771,8 @@ public class DigSigUtil {
data.add(xd);
}
- // if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL)) {
- // }
+ // if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL)) {
+ // }
if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_BASE64)) {
x509Content = new ArrayList<Object>();
x509Content.add(cert);
@@ -830,7 +855,9 @@ public class DigSigUtil {
private X509Certificate FindCertByDN(X500Principal name) throws Exception {
KeyStore ks = GetTrustStore();
- if (ks==null) return null;
+ if (ks == null) {
+ return null;
+ }
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String nextElement = aliases.nextElement();
@@ -863,7 +890,9 @@ public class DigSigUtil {
private X509Certificate FindCertByIssuer(String X509IssuerName, String X509SerialNumber) throws Exception {
KeyStore ks = GetTrustStore();
- if (ks==null) return null;
+ if (ks == null) {
+ return null;
+ }
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String nextElement = aliases.nextElement();
Modified: juddi/trunk/juddi-gui-dsig/src/main/keystore/signing-jar.keystore
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-gui-dsig/src/main/keystore/signing-jar.keystore?rev=1532953&r1=1532952&r2=1532953&view=diff
==============================================================================
Binary files - no diff available.
Modified: juddi/trunk/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp?rev=1532953&r1=1532952&r2=1532953&view=diff
==============================================================================
--- juddi/trunk/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp (original)
+++ juddi/trunk/juddi-gui/src/main/webapp/ajax/saveFromXML.jsp Thu Oct 17 02:21:47 2013
@@ -8,7 +8,6 @@
<%@page import="java.util.Set"%>
<%@page import="java.util.Set"%>
<%@page import="java.util.Properties"%>
-<%@page import="org.apache.juddi.v3.client.crypto.DigSigUtil"%>
<%@page import="java.io.StringReader"%>
<%@page import="javax.xml.bind.JAXB"%>
<%@page import="org.apache.juddi.webconsole.resources.ResourceLoader"%>
Modified: juddi/trunk/readme.txt
URL: http://svn.apache.org/viewvc/juddi/trunk/readme.txt?rev=1532953&r1=1532952&r2=1532953&view=diff
==============================================================================
--- juddi/trunk/readme.txt (original)
+++ juddi/trunk/readme.txt Thu Oct 17 02:21:47 2013
@@ -33,4 +33,13 @@ juddi-tomcat\target\tomcat\apache-tomcat
juddi-tomcat\target\tomcat\apache-tomcat-6.0.26\bin\startup.sh
To build the .NET components of jUDDI
-TBD
\ No newline at end of file
+cd juddi-client.net
+mono users use: xbuild juddi-client.net-mono.sln
+.net users user: msbuild juddi-client.net.sln
+
+To test the .NET components of jUDDI using nunit
+nunit-console.exe juddi-client.net.test\bin\Debug\juddi-client.net.test.dll
+
+To run the integration tests on the .NET components of jUDDI using nunit
+catalina run (start the jUDDI tomcat server)
+nunit-console.exe juddi-client.net-integration.test\bin\Debug\juddi-client.net-integration.test.dll
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org