You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2014/02/23 22:59:40 UTC
svn commit: r1571104 - in /cxf/fediz/trunk:
plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
Author: owulff
Date: Sun Feb 23 21:59:40 2014
New Revision: 1571104
URL: http://svn.apache.org/r1571104
Log:
Support PEM Certificate stored in DB
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1571104&r1=1571103&r2=1571104&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java Sun Feb 23 21:59:40 2014
@@ -32,18 +32,28 @@ public class TrustManager {
super();
this.trustManagerType = trustManagerType;
}
+
+ public TrustManager(Crypto crypto) {
+ super();
+ this.crypto = crypto;
+ }
public String getName() {
if (name != null) {
return name;
}
- if (trustManagerType.getKeyStore().getFile() != null) {
- name = trustManagerType.getKeyStore().getFile();
- } else if (trustManagerType.getKeyStore().getUrl() != null) {
- name = trustManagerType.getKeyStore().getUrl();
- } else if (trustManagerType.getKeyStore().getResource() != null) {
- name = trustManagerType.getKeyStore().getResource();
+ if (trustManagerType == null) {
+ name = "N.A.";
+ } else {
+ if (trustManagerType.getKeyStore().getFile() != null) {
+ name = trustManagerType.getKeyStore().getFile();
+ } else if (trustManagerType.getKeyStore().getUrl() != null) {
+ name = trustManagerType.getKeyStore().getUrl();
+ } else if (trustManagerType.getKeyStore().getResource() != null) {
+ name = trustManagerType.getKeyStore().getResource();
+ }
}
+
return name;
}
@@ -56,15 +66,27 @@ public class TrustManager {
}
public int hashCode() {
- return trustManagerType.hashCode();
+ if (trustManagerType == null) {
+ return super.hashCode();
+ } else {
+ return trustManagerType.hashCode();
+ }
}
public boolean equals(Object obj) {
- return trustManagerType.equals(obj);
+ if (trustManagerType == null) {
+ return super.equals(obj);
+ } else {
+ return trustManagerType.equals(obj);
+ }
}
public String toString() {
- return trustManagerType.toString();
+ if (trustManagerType == null) {
+ return super.toString();
+ } else {
+ return trustManagerType.toString();
+ }
}
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java?rev=1571104&r1=1571103&r2=1571104&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java Sun Feb 23 21:59:40 2014
@@ -18,7 +18,12 @@
*/
package org.apache.cxf.fediz.service.idp.beans;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.FederationConstants;
@@ -27,6 +32,7 @@ import org.apache.cxf.fediz.core.Federat
import org.apache.cxf.fediz.core.FederationRequest;
import org.apache.cxf.fediz.core.FederationResponse;
import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.config.TrustManager;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
@@ -42,7 +48,10 @@ import org.apache.cxf.fediz.service.idp.
import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
import org.apache.cxf.fediz.service.idp.util.WebUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.wss4j.common.crypto.CertificateStore;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;
@@ -136,17 +145,21 @@ public class ValidateTokenAction {
config.setName("whatever");
// Configure certificate store
- CertificateStores certStores = new CertificateStores();
- TrustManagersType tm0 = new TrustManagersType();
- KeyStoreType ks0 = new KeyStoreType();
- ks0.setType("PEM");
- // ks0.setType("JKS");
- // ks0.setPassword("changeit");
- ks0.setFile(trustedIdpConfig.getCertificate());
- tm0.setKeyStore(ks0);
- certStores.getTrustManager().add(tm0);
- config.setCertificateStores(certStores);
-
+ String certificate = trustedIdpConfig.getCertificate();
+ boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
+ if (isCertificateLocation) {
+ CertificateStores certStores = new CertificateStores();
+ TrustManagersType tm0 = new TrustManagersType();
+ KeyStoreType ks0 = new KeyStoreType();
+ ks0.setType("PEM");
+ // ks0.setType("JKS");
+ // ks0.setPassword("changeit");
+ ks0.setFile(trustedIdpConfig.getCertificate());
+ tm0.setKeyStore(ks0);
+ certStores.getTrustManager().add(tm0);
+ config.setCertificateStores(certStores);
+ }
+
// Configure trusted IDP
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
@@ -164,8 +177,35 @@ public class ValidateTokenAction {
config.setAudienceUris(audienceUris);
FederationContext fedContext = new FederationContext(config);
+ if (!isCertificateLocation) {
+ CertificateStore cs = null;
+
+ X509Certificate cert;
+ try {
+ cert = parseCertificate(trustedIdpConfig.getCertificate());
+ } catch (Exception ex) {
+ LOG.error("Failed to parse trusted certificate", ex);
+ throw new ProcessingException("Failed to parse trusted certificate");
+ }
+ cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
+
+ TrustManager tm = new TrustManager(cs);
+ fedContext.getCertificateStores().add(tm);
+ }
+
fedContext.init();
return fedContext;
}
+
+ private X509Certificate parseCertificate(String certificate)
+ throws CertificateException, Base64DecodingException {
+
+ //before decoding we need to get rod off the prefix and suffix
+ byte [] decoded = Base64.decode(certificate.replaceAll("-----BEGIN CERTIFICATE-----", "").
+ replaceAll("-----END CERTIFICATE-----", ""));
+
+ return (X509Certificate)CertificateFactory.getInstance("X.509").
+ generateCertificate(new ByteArrayInputStream(decoded));
+ }
}