You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by ks...@apache.org on 2013/10/08 04:50:37 UTC
svn commit: r1530138 [1/2] - in /juddi/trunk:
juddi-client/src/main/java/org/apache/juddi/v3/client/config/
juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/
juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/
juddi-client/src/ma...
Author: kstam
Date: Tue Oct 8 02:50:36 2013
New Revision: 1530138
URL: http://svn.apache.org/r1530138
Log:
JUDDI-639 fixing scripts for OSX
Added:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES128Cryptor.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES256Cryptor.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AESCryptorAbstract.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/Cryptor.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorFactory.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorUtil.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DefaultCryptor.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/TripleDESCrytor.java
Removed:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/AES128Cryptor.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/AES256Cryptor.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/AESCryptorAbstract.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/Cryptor.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/DefaultCryptor.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/TripleDESCrytor.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CrytorUtil.java
Modified:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/Property.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/subscription/SubscriptionCallbackListener.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/transport/JAXWSTransport.java
juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java
juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/config/CryptoConfigTest.java
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-3des.xml
juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes128.xml
juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes256.xml
juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-default.xml
juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3.xml
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/subscription/notify/HTTPNotifier.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/subscription/notify/SMTPNotifier.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java
juddi/trunk/juddi-core/src/test/resources/juddiv3-enc-3des.xml
juddi/trunk/juddi-core/src/test/resources/juddiv3-enc-aes128.xml
juddi/trunk/juddi-core/src/test/resources/juddiv3-enc-aes256.xml
juddi/trunk/juddi-core/src/test/resources/juddiv3-enc-default.xml
juddi/trunk/juddi-core/src/test/resources/juddiv3.xml
juddi/trunk/juddi-gui-dsig/src/main/java/org/apache/juddi/gui/dsig/XmlSignatureApplet.java
juddi/trunk/juddi-rest-cxf/ (props changed)
juddi/trunk/juddi-tomcat/juddi-cryptor.bat
juddi/trunk/juddi-tomcat/juddi-cryptor.sh
juddi/trunk/juddi-tomcat/juddi-md5.sh
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java Tue Oct 8 02:50:36 2013
@@ -21,6 +21,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+
import javax.xml.crypto.dsig.CanonicalizationMethod;
import org.apache.commons.configuration.CompositeConfiguration;
@@ -31,8 +32,8 @@ import org.apache.commons.configuration.
import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.juddi.v3.client.crypto.CryptorFactory;
-import org.apache.juddi.v3.client.crypto.DigSigUtil;
+import org.apache.juddi.v3.client.cryptor.CryptorFactory;
+import org.apache.juddi.v3.client.cryptor.DigSigUtil;
/**
* Handles the client configuration of the uddi-client. By default it first
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/Property.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/Property.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/Property.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/Property.java Tue Oct 8 02:50:36 2013
@@ -64,7 +64,7 @@ public class Property
}
- public final static String DEFAULT_CRYPTOR = "org.apache.juddi.v3.client.crypto.DefaultCryptor";
+ public final static String DEFAULT_CRYPTOR = "org.apache.juddi.v3.client.cryptor.DefaultCryptor";
}
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java Tue Oct 8 02:50:36 2013
@@ -43,7 +43,7 @@ import org.apache.juddi.api_v3.NodeDetai
import org.apache.juddi.api_v3.SaveClerk;
import org.apache.juddi.api_v3.SaveNode;
import org.apache.juddi.v3.client.UDDIConstants;
-import org.apache.juddi.v3.client.crypto.CryptorFactory;
+import org.apache.juddi.v3.client.cryptor.CryptorFactory;
import org.apache.juddi.v3.client.mapping.ReadWSDL;
import org.apache.juddi.v3.client.mapping.URLLocalizerDefaultImpl;
import org.apache.juddi.v3.client.mapping.WSDL2UDDI;
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES128Cryptor.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES128Cryptor.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES128Cryptor.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES128Cryptor.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+
+
+/** AES 128 bit encryption
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ */
+public class AES128Cryptor extends AESCryptorAbstract {
+
+ /**
+ * Constructor for DefaultCryptor.
+ */
+ public AES128Cryptor()
+ throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException {
+ super();
+ }
+
+ @Override
+ protected String getKey()
+ {
+ return "72d93747ba0162f2f2985f5cb3e24b30";
+ }
+
+ @Override
+ public String encrypt(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ return super.encrypt(str);
+ }
+
+ @Override
+ public String decrypt(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ return super.decrypt(str);
+ }
+
+
+}
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES256Cryptor.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES256Cryptor.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES256Cryptor.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AES256Cryptor.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * AES 256 bit encryption. <h1> Requires Unlimited Strength Java Cryptographic
+ * Extensions</h1>
+ *
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ */
+public class AES256Cryptor extends AESCryptorAbstract {
+
+ /**
+ * Constructor for DefaultCryptor.
+ */
+ public AES256Cryptor()
+ throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException {
+ super();
+ }
+
+ @Override
+ protected String getKey() {
+ return "ef057ce3abd9dd9a161a2888c9d7025f104a42eceda5947b083186e7190fcc46";
+ }
+
+ @Override
+ public String encrypt(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ return super.encrypt(str);
+ }
+
+ @Override
+ public String decrypt(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ return super.decrypt(str);
+ }
+}
\ No newline at end of file
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AESCryptorAbstract.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AESCryptorAbstract.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AESCryptorAbstract.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/AESCryptorAbstract.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * AES bit encryption
+ *
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ */
+public abstract class AESCryptorAbstract implements Cryptor {
+
+ private static byte[] hexToBytes(String s) {
+ //return s.getBytes();
+ return hexToBytes(s.toCharArray());
+ }
+ private static final char[] kDigits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a',
+ 'b', 'c', 'd', 'e', 'f'};
+
+ private static byte[] hexToBytes(char[] hex) {
+ int length = hex.length / 2;
+ byte[] raw = new byte[length];
+ for (int i = 0; i < length; i++) {
+ int high = Character.digit(hex[i * 2], 16);
+ int low = Character.digit(hex[i * 2 + 1], 16);
+ int value = (high << 4) | low;
+ if (value > 127) {
+ value -= 256;
+ }
+ raw[i] = (byte) value;
+ }
+ return raw;
+ }
+
+ protected abstract String getKey();
+
+ /**
+ * Constructor for DefaultCryptor.
+ */
+ public AESCryptorAbstract()
+ throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException {
+ byte[] raw =//skey.getEncoded();
+ hexToBytes(getKey()); //
+ SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance("AES");
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+ }
+
+ /**
+ * Encrypt the string
+ */
+ @Override
+ public String encrypt(String cleartext)
+ throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException {
+ byte[] raw = hexToBytes(getKey()); //
+ SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance("AES");
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+ byte[] encrypted = cipher.doFinal(cleartext.getBytes());
+ return asHex(encrypted);
+ }
+
+ /**
+ * Encrypt the string
+ */
+ @Override
+ public String decrypt(String str)
+ throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException {
+ byte[] raw = hexToBytes(getKey()); //
+ SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance("AES");
+ cipher.init(Cipher.DECRYPT_MODE, skeySpec);
+ byte[] original = cipher.doFinal(hexToBytes(str));
+
+ return new String(original);
+ }
+
+ private static String asHex(byte buf[]) {
+ //return new String(buf);
+ StringBuilder strbuf = new StringBuilder(buf.length * 2);
+ int i;
+
+ for (i = 0; i < buf.length; i++) {
+ if (((int) buf[i] & 0xff) < 0x10) {
+ strbuf.append("0");
+ }
+ strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
+ }
+
+ return strbuf.toString();
+ }
+}
\ No newline at end of file
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/Cryptor.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/Cryptor.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/Cryptor.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/Cryptor.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import org.apache.juddi.v3.client.config.UDDIClerk;
+
+/**
+ * @author Anou Manavalan
+ */
+public interface Cryptor
+{
+ /**
+ * Encrypt the string, if unable to encrypt, return null
+ */
+ String encrypt(String str)
+ throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException;
+ /**
+ * decrypts the string
+ * @param str
+ * @return, if the password can be decrypted, the decrypted value is returned, otherwise the original value is returned<br>
+ * In the event that decryption fails, the error message must be logged.
+ * @throws NoSuchPaddingException
+ * @throws NoSuchAlgorithmException
+ * @throws InvalidAlgorithmParameterException
+ * @throws InvalidKeyException
+ * @throws IllegalBlockSizeException
+ * @throws BadPaddingException
+ */
+ public String decrypt(String str) throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException;
+
+
+
+
+}
\ No newline at end of file
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorFactory.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorFactory.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorFactory.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorFactory.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.juddi.v3.client.cryptor;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.juddi.v3.client.ClassUtil;
+import org.apache.juddi.v3.client.config.Property;
+import org.apache.juddi.v3.client.config.UDDIClerk;
+
+/**
+ * Used to create the org.apache.juddi.cryptor.Cryptor implementation
+ * as specified by the 'juddi.cryptor' property. Defaults to
+ * org.apache.juddi.cryptor.DefaultCryptor if an implementation is not
+ * specified.
+ *
+ * @author Steve Viens (sviens@apache.org)
+ * @author <a href="mailto:jfaath@apache.org">Jeff Faath</a>
+ */
+public abstract class CryptorFactory {
+ private static Log log = LogFactory.getLog(CryptorFactory.class);
+
+ // the shared Cryptor instance
+ private static Cryptor cryptor = null;
+
+
+ private static Map<String, Cryptor> cache = new HashMap<String, Cryptor>();
+
+
+ public static Cryptor getCryptor(String className) throws Exception {
+ if (cache.containsKey(className))
+ return cache.get(className);
+ Class<?> cryptorClass = null;
+ try {
+ // Use Loader to locate & load the Cryptor implementation
+ cryptorClass = ClassUtil.forName(className, CryptorFactory.class);
+ }
+ catch(ClassNotFoundException e) {
+ log.error("The specified Cryptor class '" + className + "' was not found in classpath.");
+ log.error(e);
+ throw e;
+ }
+
+ try {
+ // try to instantiate the Cryptor implementation
+ cryptor = (Cryptor)cryptorClass.newInstance();
+ cache.put(className, cryptor);
+ }
+ catch(Exception e) {
+ log.error("Exception while attempting to instantiate the implementation of Cryptor: " + cryptorClass.getName() + "\n" + e.getMessage());
+ log.error(e);
+ throw e;
+ }
+
+ return cryptor;
+ }
+
+}
\ No newline at end of file
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorUtil.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorUtil.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorUtil.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/CryptorUtil.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2013 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+
+/**
+ *
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ * @see org.apache.juddi.cryptor.DefaultCryptor
+ */
+public class CryptorUtil {
+
+ public static void main(String[] args) throws Exception{
+ if (args.length == 0) {
+ PrintUsage();
+ return;
+ }
+ Cryptor cryptor = CryptorFactory.getCryptor(args[0]);
+ System.out.print("Password: ");
+ char[] readPassword = System.console().readPassword();
+ System.out.println("Cipher: " + cryptor.encrypt(new String(readPassword)));
+ }
+
+ private static void PrintUsage() {
+ System.out.println("Encrypts a password using the specified crypto provider");
+ System.out.println("Usage: java -cp (classpath) org.apache.juddi.v3.auth.CrytorUtil (CryptoProvider)");
+
+ System.out.println("Provided crypto providers:");
+ System.out.println("\torg.apache.juddi.v3.client.cryptor.DefaultCryptor - uses PBEWithMD5AndDES");
+ System.out.println("\torg.apache.juddi.v3.client.cryptor.TripleDESCrytor - uses TripleDES");
+ System.out.println("\torg.apache.juddi.v3.client.cryptor.AES128Cryptor - uses AES128");
+ System.out.println("\torg.apache.juddi.v3.client.cryptor.AES256Cryptor - uses AES256*");
+ System.out.println();
+ System.out.println("* Requires Unlimited Strength JCE *");
+ }
+}
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DefaultCryptor.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DefaultCryptor.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DefaultCryptor.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DefaultCryptor.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.apache.commons.codec.binary.Base64;
+
+/**
+ * @author Anou Manavalan
+ */
+public class DefaultCryptor implements Cryptor
+{
+ private PBEKeySpec pbeKeySpec = null;
+ private PBEParameterSpec pbeParamSpec = null;
+ private SecretKeyFactory keyFac = null;
+ private SecretKey pbeKey = null;
+
+ // Salt
+ private byte[] salt = {
+ (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
+ (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
+ };
+
+ // Iteration count
+ private int count = 20;
+
+ /**
+ * Constructor for DefaultCryptor.
+ */
+ public DefaultCryptor()
+ throws NoSuchAlgorithmException,InvalidKeySpecException
+ {
+ // Create PBE parameter set
+ pbeParamSpec = new PBEParameterSpec(salt,count);
+ pbeKeySpec = new PBEKeySpec("saagar".toCharArray());
+ keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
+ pbeKey = keyFac.generateSecret(pbeKeySpec);
+ }
+
+ /**
+ * Encrypt the string
+ */
+ private byte[] crypt(int cipherMode,byte[] text)
+ throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException
+
+ {
+ // Create PBE Cipher
+ Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
+
+ // Initialize PBE Cipher with key and parameters
+ pbeCipher.init(cipherMode,pbeKey,pbeParamSpec);
+
+ //byte[] text = str.getBytes();
+
+ // Encrypt/Decrypt the string
+ byte[] cryptext = pbeCipher.doFinal(text);
+
+ return cryptext;
+ }
+
+ /**
+ * Encrypt the string
+ */
+ public String encrypt(String str)
+ throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException
+ {
+ byte[] encs = crypt(Cipher.ENCRYPT_MODE,str.getBytes());
+ encs = Base64.encodeBase64(encs);
+ return new String(encs);
+ }
+
+
+ public String decrypt(String str) throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidAlgorithmParameterException,
+ InvalidKeyException,
+ IllegalBlockSizeException,
+ BadPaddingException{
+ byte[] encs = crypt(Cipher.DECRYPT_MODE,Base64.decodeBase64(str.getBytes()));
+ return new String(encs);
+ }
+
+
+
+
+}
\ No newline at end of file
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,879 @@
+/*
+ * Copyright 2013 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.CRLException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorResult;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.PKIXCertPathValidatorResult;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.atomic.AtomicReference;
+import javax.security.auth.x500.X500Principal;
+import javax.xml.bind.JAXB;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import sun.security.provider.certpath.OCSP;
+import sun.security.provider.certpath.OCSP.RevocationStatus;
+
+/**
+ * A utility class for signing and verifying JAXB Objects, such as UDDI
+ * entities.
+ *
+ * Notes: This class only supports elements that are signed once. Multiple
+ * signature are not currently supported.
+ *
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree </a>
+ */
+public class DigSigUtil {
+
+ /**
+ * Expects a properties object containing the desired configuration
+ * @param config
+ * @throws CertificateException
+ */
+ public DigSigUtil(Properties config) throws CertificateException {
+ cf = CertificateFactory.getInstance("X.509");
+ this.map = config;
+ }
+
+ public DigSigUtil() throws CertificateException {
+ cf = CertificateFactory.getInstance("X.509");
+ }
+ private Log logger = LogFactory.getLog(this.getClass());
+
+ public void put(String key, String value) {
+ map.put(key, value);
+ }
+
+ /**
+ * clears the configuration for reuse
+ */
+ public void clear() {
+ map.clear();
+ }
+ private Properties map = new Properties();
+ /**
+ * This is the location of the keystore
+ *
+ * If referencing a Windows certificate store, use WINDOWS-MY as a value
+ * with a null password
+ */
+ public final static String SIGNATURE_KEYSTORE_FILE = "keyStorePath";
+ /**
+ * The type of file, such as JKS for most Java applications, or WINDOWS-MY
+ * to use the Windows certificate store of the current user or KeychainStore
+ * for MacOS
+ */
+ public final static String SIGNATURE_KEYSTORE_FILETYPE = "keyStoreType";
+ public final static String SIGNATURE_KEYSTORE_FILE_PASSWORD = "filePassword";
+ public final static String SIGNATURE_KEYSTORE_KEY_PASSWORD = "keyPassword";
+ public final static String SIGNATURE_KEYSTORE_KEY_ALIAS = "keyAlias";
+ public final static String TRUSTSTORE_FILE = "trustStorePath";
+ public final static String TRUSTSTORE_FILETYPE = "trustStoreType";
+ public final static String TRUSTSTORE_FILE_PASSWORD = "trustStorePassword";
+ /**
+ * default is CanonicalizationMethod.EXCLUSIVE
+ *
+ * @see CanonicalizationMethod
+ */
+ public final static String CANONICALIZATIONMETHOD = "CanonicalizationMethod";
+ /**
+ * default is RSA_SHA1
+ *
+ * @see SignatureMethod
+ */
+ public final static String SIGNATURE_METHOD = "SignatureMethod";
+ /**
+ * Defines whether or not a certificate is included with the signature<Br>
+ * Values - Include whole X509 Public Key in the signature (recommended)
+ * (default) * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, true);</pre>
+ * any value can be used.
+ */
+ public final static String SIGNATURE_OPTION_CERT_INCLUSION_BASE64 = "BASE64";
+ /*
+ * Include the signer's thumbprint of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_THUMBPRINT, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+ //public final static String SIGNATURE_OPTION_CERT_INCLUSION_THUMBPRINT = "THUMBPRINT";
+ /*
+ * Include the signer's serial of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+ public final static String SIGNATURE_OPTION_CERT_INCLUSION_SERIAL = "SERIAL";
+ /*
+ * Include the signer's Subject DN of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+ public final static String SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN = "SUBJECTDN";
+ /*
+ * Include the signer's X500 Prinicple of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+
+ //public final static String SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL = "X500";
+ public final static String XML_DIGSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ /**
+ * Default value DigestMethod.SHA1 =
+ * "http://www.w3.org/2000/09/xmldsig#sha1"
+ *
+ * @see javax.xml.crypto.dsig.DigestMethod
+ */
+ public final static String SIGNATURE_OPTION_DIGEST_METHOD = "digestMethod";
+ /**
+ * When validating a signature, include this field will validate that the
+ * signature is still valid with regards to timestamps NotBefore and
+ * OnOrAfter
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.CHECK_TIMESTAMPS, true);</pre> any value can be used.
+ */
+ public final static String CHECK_TIMESTAMPS = "checkTimestamps";
+ private CertificateFactory cf = null;
+ public final static String CHECK_REVOCATION_STATUS_OCSP = "checkRevocationOCSP";
+ public final static String CHECK_REVOCATION_STATUS_CRL = "checkRevocationCRL";
+ public final static String CHECK_TRUST_CHAIN = "checkTrust";
+
+ /**
+ * Digital signs a UDDI entity, such as a business, service, tmodel or
+ * binding template using the map to provide certificate key stores and
+ * credentials<br><br> The UDDI entity MUST support XML Digital Signatures
+ * (tModel, Business, Service, Binding Template)
+ *
+ * @param <T> Any UDDI entity that supports digital signatures
+ * @param jaxbObj
+ * @return an enveloped signed UDDI element, do not modify this object after
+ * signing
+ */
+ public <T> T signUddiEntity(T jaxbObj) {
+ DOMResult domResult = new DOMResult();
+ JAXB.marshal(jaxbObj, domResult);
+ Document doc = ((Document) domResult.getNode());
+ Element docElement = doc.getDocumentElement();
+
+ try {
+ KeyStore ks = KeyStore.getInstance(map.getProperty(SIGNATURE_KEYSTORE_FILETYPE));
+ URL url = Thread.currentThread().getContextClassLoader().getResource(map.getProperty(SIGNATURE_KEYSTORE_FILE));
+ if (url == null) {
+ try {
+ url = new File(map.getProperty(SIGNATURE_KEYSTORE_FILE)).toURI().toURL();
+ } catch (Exception x) {
+ }
+ }
+ if (url == null) {
+ try {
+ url = this.getClass().getClassLoader().getResource(map.getProperty(SIGNATURE_KEYSTORE_FILE));
+ } catch (Exception x) {
+ }
+ }
+ KeyStore.PrivateKeyEntry keyEntry = null;
+ if (!map.getProperty(SIGNATURE_KEYSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-MY")) {
+ ks.load(url.openStream(), (map.getProperty(SIGNATURE_KEYSTORE_FILE_PASSWORD)).toCharArray());
+ if (map.getProperty(SIGNATURE_KEYSTORE_KEY_PASSWORD) == null) {
+ keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(map.getProperty(SIGNATURE_KEYSTORE_KEY_ALIAS),
+ new KeyStore.PasswordProtection(map.getProperty(SIGNATURE_KEYSTORE_FILE_PASSWORD).toCharArray()));
+ } else {
+ keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(map.getProperty(SIGNATURE_KEYSTORE_KEY_ALIAS),
+ new KeyStore.PasswordProtection(map.getProperty(SIGNATURE_KEYSTORE_KEY_PASSWORD).toCharArray()));
+ }
+ } else {
+ //Windows only
+ ks.load(null, null);
+ keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(map.getProperty(SIGNATURE_KEYSTORE_KEY_ALIAS),
+ null);
+ }
+
+
+ PrivateKey privateKey = keyEntry.getPrivateKey();
+ Certificate origCert = keyEntry.getCertificate();
+ //PublicKey validatingKey = origCert.getPublicKey();
+ this.signDOM(docElement, privateKey, origCert);
+
+ DOMSource domSource = new DOMSource(doc);
+ T result = (T) JAXB.unmarshal(domSource, jaxbObj.getClass());
+ return result;
+ } catch (Exception e) {
+ throw new RuntimeException("Signature failure due to: " + e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Digital signs a UDDI entity, such as a business, service, tmodel or
+ * binding template, provided you've already done the legwork to provide the
+ * signing keys <br><br> The UDDI entity MUST support XML Digital Signatures
+ * (tModel, Business, Service, Binding Template)
+ *
+ * @param <T>
+ * @param jaxbObj
+ * @param publicKey
+ * @param privateKey
+ * @return
+ */
+ public <T> T signUddiEntity(T jaxbObj, Certificate publicKey, PrivateKey privateKey) {
+ DOMResult domResult = new DOMResult();
+ JAXB.marshal(jaxbObj, domResult);
+ Document doc = ((Document) domResult.getNode());
+ Element docElement = doc.getDocumentElement();
+ try {
+
+ //PublicKey validatingKey = origCert.getPublicKey();
+ this.signDOM(docElement, privateKey, publicKey);
+ DOMSource domSource = new DOMSource(doc);
+ T result = (T) JAXB.unmarshal(domSource, jaxbObj.getClass());
+ return result;
+ } catch (Exception e) {
+ throw new RuntimeException("Signature failure due to: " + e.getMessage(), e);
+ }
+ }
+
+ /**
+ * Serializes a JAXB object and prints to stdout
+ *
+ * @param obj
+ */
+ public static void JAXB_ToStdOut(Object obj) {
+ StringWriter sw = new StringWriter();
+ JAXB.marshal(obj, sw);
+ System.out.println(sw.toString());
+ }
+
+ /**
+ * Serializes a JAXB object and prints to stdout
+ *
+ * @param obj
+ * @return
+ */
+ public static String JAXB_ToString(Object obj) {
+ StringWriter sw = new StringWriter();
+ JAXB.marshal(obj, sw);
+ return (sw.toString());
+ }
+
+ /**
+ *
+ * returns the public key of the signing certificate used for a signed JAXB
+ * object.
+ *
+ * @param obj
+ * @return null if the item is not signed or if it references a certificate
+ * that is not present in the current keystore
+ * * @throws IllegalArgumentException for null input
+ */
+ public X509Certificate getSigningCertificatePublicKey(Object obj) throws IllegalArgumentException, CertificateException {
+ DOMResult domResult = new DOMResult();
+ JAXB.marshal(obj, domResult);
+
+ Document doc = ((Document) domResult.getNode());
+ Element docElement = doc.getDocumentElement(); //this is our signed node
+ return getSigningCertificatePublicKey(obj, docElement);
+ }
+
+ /**
+ *
+ * returns the public key of the signing certificate used for a signed JAXB
+ * object.
+ *
+ * @param obj
+ * @return null if the item is not signed or if it references a certificate
+ * that is not present in the current keystore
+ * * @throws IllegalArgumentException for null input
+ */
+ private X509Certificate getSigningCertificatePublicKey(Object obj, Element docElement) throws IllegalArgumentException, CertificateException {
+ if (obj == null) {
+ throw new IllegalArgumentException();
+ }
+
+ NodeList childNodes = docElement.getChildNodes(); //children, one of these SHOULD be our signature element
+ // X509Certificate signingcert = null;
+ for (int i = 0; i < childNodes.getLength(); i++) {
+ //System.out.println(childNodes.item(i).getNamespaceURI() + " " + childNodes.item(i).getNodeName());
+ if (childNodes.item(i).getNamespaceURI().equalsIgnoreCase(XML_DIGSIG_NS) && childNodes.item(i).getLocalName().equalsIgnoreCase("Signature")) {
+ Node sig = childNodes.item(i);
+ for (int k = 0; k < sig.getChildNodes().getLength(); k++) {
+ // System.out.println(sig.getChildNodes().item(k).getNamespaceURI() + " " + sig.getChildNodes().item(k).getNodeName());
+ if (sig.getChildNodes().item(k).getLocalName().equalsIgnoreCase("KeyInfo")) {
+ //TODO figure out how to reference Subject DN, serial, thumbprint, etc
+ for (int j = 0; j < sig.getChildNodes().item(k).getChildNodes().getLength(); j++) {
+ if (sig.getChildNodes().item(k).getChildNodes().item(j).getLocalName().equalsIgnoreCase("X509Data")) {
+ Node X509Data = sig.getChildNodes().item(k).getChildNodes().item(j);
+ for (int x = 0; x < X509Data.getChildNodes().getLength(); x++) {
+ if (X509Data.getChildNodes().item(x).getLocalName().equalsIgnoreCase("X509Certificate")) {
+ //yay found it!
+
+
+ String c =
+ "-----BEGIN CERTIFICATE-----\n"
+ + X509Data.getChildNodes().item(x).getTextContent()
+ + "\n-----END CERTIFICATE-----";
+ //System.out.println("X509 Public key: " + c);
+ InputStream is = new ByteArrayInputStream(c.getBytes());
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
+
+ logger.info("embedded certificate found, X509 public key " + cert.getSubjectDN().toString());
+ return cert;
+
+ }
+
+ //if we have a
+ //TODO other parsing items, lots of other potentials here
+ }
+ X509Certificate cert = FindCert(X509Data.getChildNodes());
+ if (cert != null) {
+ logger.info("certificate loaded from local trust store, X509 public key " + cert.getSubjectDN().toString());
+ return cert;
+ }
+ }
+
+ }
+ break;
+ }
+
+ }
+
+ break;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Verifies the signature on an enveloped digital signature on a UDDI
+ * entity, such as a business, service, tmodel or binding template. <br><Br>
+ * It is expected that either the public key of the signing certificate is
+ * included within the signature keyinfo section OR that sufficient
+ * information is provided in the signature to reference a public key
+ * located within the Trust Store provided<br><Br> Optionally, this function
+ * also validate the signing certificate using the options provided to the
+ * configuration map.
+ *
+ * @param obj an enveloped signed JAXB object
+ * @param OutErrorMessage a human readable error message explaining the
+ * reason for failure
+ * @return true if the validation passes the signature validation test, and
+ * optionally any certificate validation or trust chain validation
+ * @throws IllegalArgumentException for null input
+ */
+ public boolean verifySignedUddiEntity(Object obj, AtomicReference<String> OutErrorMessage) throws IllegalArgumentException {
+ if (OutErrorMessage == null) {
+ OutErrorMessage = new AtomicReference<String>();
+ }
+ if (obj == null) {
+ throw new IllegalArgumentException("obj");
+ }
+ try {
+ DOMResult domResult = new DOMResult();
+ JAXB.marshal(obj, domResult);
+
+ Document doc = ((Document) domResult.getNode());
+ Element docElement = doc.getDocumentElement(); //this is our signed node
+
+ X509Certificate signingcert = getSigningCertificatePublicKey(obj, docElement);
+
+ if (signingcert != null && signingcert instanceof X509Certificate) {
+ logger.info("verifying signature based on X509 public key " + signingcert.getSubjectDN().toString());
+ if (map.containsKey(CHECK_TIMESTAMPS)&& Boolean.parseBoolean(map.getProperty(CHECK_TIMESTAMPS))) {
+ signingcert.checkValidity();
+ }
+ if (map.containsKey(CHECK_REVOCATION_STATUS_OCSP)
+ && Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_OCSP))) {
+ logger.info("verifying revocation status via OSCP for X509 public key " + signingcert.getSubjectDN().toString());
+ X500Principal issuerX500Principal = signingcert.getIssuerX500Principal();
+ logger.info("certificate " + signingcert.getSubjectDN().toString() + " was issued by " + issuerX500Principal.getName() + ", attempting to retrieve certificate");
+ Security.setProperty("ocsp.enable", "false");
+ X509Certificate issuer = FindCertByDN(issuerX500Principal);
+ if (issuer == null) {
+ throw new CertificateException("unable to locate the issuers certificate in the trust store");
+ }
+ RevocationStatus check = OCSP.check(signingcert, issuer);
+ logger.info("certificate " + signingcert.getSubjectDN().toString() + " revocation status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
+ if (check.getCertStatus() != RevocationStatus.CertStatus.GOOD) {
+ throw new CertificateException("Certificate status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
+ }
+ }
+ if (map.containsKey(CHECK_REVOCATION_STATUS_CRL)&& Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_CRL))) {
+ logger.info("verifying revokation status via CRL for X509 public key " + signingcert.getSubjectDN().toString());
+
+ Security.setProperty("ocsp.enable", "false");
+ System.setProperty("com.sun.security.enableCRLDP", "true");
+
+ X509CertSelector targetConstraints = new X509CertSelector();
+ targetConstraints.setCertificate(signingcert);
+ PKIXParameters params = new PKIXParameters(GetTrustStore());
+ params.setRevocationEnabled(true);
+ CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));
+
+ CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
+ CertPathValidatorResult result = certPathValidator.validate(certPath, params);
+
+ PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
+ logger.info("revokation status via CRL PASSED for X509 public key " + signingcert.getSubjectDN().toString());
+
+ }
+ if (map.containsKey(CHECK_TRUST_CHAIN)&& Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
+ logger.info("verifying trust chain X509 public key " + signingcert.getSubjectDN().toString());
+ PKIXParameters params = new PKIXParameters(GetTrustStore());
+ params.setRevocationEnabled(false);
+ CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));
+
+ CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
+ CertPathValidatorResult result = certPathValidator.validate(certPath, params);
+
+ PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
+
+ TrustAnchor ta = pkixResult.getTrustAnchor();
+ X509Certificate cert = ta.getTrustedCert();
+ logger.info("trust chain validated X509 public key " + signingcert.getSubjectDN().toString());
+ }
+ return verifySignature(docElement, signingcert.getPublicKey(), OutErrorMessage);
+ }
+
+ //last chance validation
+ logger.info("signature did not have an embedded X509 public key. reverting to user specified certificate");
+ //cert wasn't included in the signature, revert to some other means
+ KeyStore ks = KeyStore.getInstance(map.getProperty(SIGNATURE_KEYSTORE_FILETYPE));
+ URL url = Thread.currentThread().getContextClassLoader().getResource(map.getProperty(SIGNATURE_KEYSTORE_FILE));
+ if (url == null) {
+ try {
+ url = new File(map.getProperty(SIGNATURE_KEYSTORE_FILE)).toURI().toURL();
+ } catch (Exception x) {
+ }
+ }
+ if (url == null) {
+ try {
+ url = this.getClass().getClassLoader().getResource(map.getProperty(SIGNATURE_KEYSTORE_FILE));
+ } catch (Exception x) {
+ }
+ }
+
+ ks.load(url.openStream(), map.getProperty(SIGNATURE_KEYSTORE_FILE_PASSWORD).toCharArray());
+ KeyStore.PrivateKeyEntry keyEntry = null;
+ if (map.getProperty(SIGNATURE_KEYSTORE_KEY_PASSWORD) == null) {
+ keyEntry =
+ (KeyStore.PrivateKeyEntry) ks.getEntry(map.getProperty(SIGNATURE_KEYSTORE_KEY_ALIAS),
+ new KeyStore.PasswordProtection(map.getProperty(SIGNATURE_KEYSTORE_FILE_PASSWORD).toCharArray()));
+ } else {
+ keyEntry =
+ (KeyStore.PrivateKeyEntry) ks.getEntry(map.getProperty(SIGNATURE_KEYSTORE_KEY_ALIAS),
+ new KeyStore.PasswordProtection(map.getProperty(SIGNATURE_KEYSTORE_KEY_PASSWORD).toCharArray()));
+ }
+
+
+ Certificate origCert = keyEntry.getCertificate();
+ if (map.containsKey(CHECK_TIMESTAMPS)) {
+ if (origCert.getPublicKey() instanceof X509Certificate) {
+ X509Certificate x = (X509Certificate) origCert.getPublicKey();
+ x.checkValidity();
+ }
+ }
+ PublicKey validatingKey = origCert.getPublicKey();
+ return verifySignature(docElement, validatingKey, OutErrorMessage);
+ } catch (Exception e) {
+ //throw new RuntimeException(e);
+ logger.error("Error caught validating signature", e);
+ OutErrorMessage.set(e.getMessage());
+ return false;
+ }
+ }
+
+ private KeyStore GetTrustStore() throws Exception {
+ String type=map.getProperty(TRUSTSTORE_FILETYPE);
+ if (type==null)
+ type="JKS";
+ KeyStore ks = KeyStore.getInstance(type);
+ String filename=map.getProperty(TRUSTSTORE_FILE);
+ if (filename==null)
+ return null;
+ URL url = Thread.currentThread().getContextClassLoader().getResource(map.getProperty(TRUSTSTORE_FILE));
+ if (url == null) {
+ try {
+ url = new File(map.getProperty(TRUSTSTORE_FILE)).toURI().toURL();
+ } catch (Exception x) {
+ }
+ }
+ if (url == null) {
+ try {
+ url = this.getClass().getClassLoader().getResource(map.getProperty(TRUSTSTORE_FILE));
+ } catch (Exception x) {
+ }
+ }
+ if (!map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
+ ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
+ } else {
+ //Windows only
+ ks.load(null, null);
+ }
+
+ return ks;
+ }
+
+ private XMLSignatureFactory initXMLSigFactory() {
+ XMLSignatureFactory fac = XMLSignatureFactory.getInstance();
+ return fac;
+ }
+
+ private Reference initReference(XMLSignatureFactory fac) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+ List transformers = new ArrayList();
+ transformers.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
+
+ String dm = map.getProperty(SIGNATURE_OPTION_DIGEST_METHOD);
+ if (dm == null) {
+ dm = DigestMethod.SHA1;
+ }
+ Reference ref = fac.newReference("", fac.newDigestMethod(dm, null), transformers, null, null);
+ return ref;
+ }
+
+ private SignedInfo initSignedInfo(XMLSignatureFactory fac) throws Exception {
+ Reference ref = initReference(fac);
+ String cm = null;
+ cm = map.getProperty(CANONICALIZATIONMETHOD);
+ String sigmethod = null;
+ sigmethod = map.getProperty(SIGNATURE_METHOD);
+ if (sigmethod == null) {
+ sigmethod = SignatureMethod.RSA_SHA1;
+ }
+ if (cm == null) {
+ cm = CanonicalizationMethod.EXCLUSIVE;
+ }
+ SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(
+ cm,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(sigmethod,
+ null), Collections.singletonList(ref));
+ return si;
+ }
+
+ private boolean verifySignature(Element element, PublicKey validatingKey, AtomicReference<String> OutReadableErrorMessage) {
+ if (OutReadableErrorMessage == null) {
+ OutReadableErrorMessage = new AtomicReference<String>();
+ }
+ XMLSignatureFactory fac = initXMLSigFactory();
+ NodeList nl = element.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+ if (nl.getLength() == 0) {
+ throw new RuntimeException("Cannot find Signature element");
+ }
+ DOMValidateContext valContext = new DOMValidateContext(validatingKey, nl.item(0));
+ try {
+ valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+ boolean coreValidity = signature.validate(valContext);
+ // Check core validation status.
+ if (coreValidity == false) {
+ logger.warn("Signature failed core validation");
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ logger.debug("signature validation status: " + sv);
+ OutReadableErrorMessage.set("signature validation failed: " + sv);
+ // Check the validation status of each Reference.
+ @SuppressWarnings("unchecked")
+ Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
+ //System.out.println("---------------------------------------------");
+ for (int j = 0; i.hasNext(); j++) {
+ Reference ref = (Reference) i.next();
+ boolean refValid = ref.validate(valContext);
+ logger.debug(j);
+ logger.debug("ref[" + j + "] validity status: " + refValid);
+ if (!refValid) {
+ OutReadableErrorMessage.set("signature reference " + j + " invalid");
+ }
+ logger.debug("Ref type: " + ref.getType() + ", URI: " + ref.getURI());
+ for (Object xform : ref.getTransforms()) {
+ logger.debug("Transform: " + xform);
+ }
+ String calcDigValStr = digestToString(ref.getCalculatedDigestValue());
+ String expectedDigValStr = digestToString(ref.getDigestValue());
+ logger.warn(" Calc Digest: " + calcDigValStr);
+ logger.warn("Expected Digest: " + expectedDigValStr);
+ if (!calcDigValStr.equalsIgnoreCase(expectedDigValStr)) {
+ OutReadableErrorMessage.set("digest mismatch for signature ref " + j);
+ }
+ /*InputStream is = ref.getDigestInputStream();
+ InputStreamReader isr = new InputStreamReader(is);
+ BufferedReader br = new BufferedReader(isr);
+ String line;
+ while ((line = br.readLine()) != null) {
+ System.out.println(line);
+ }
+ is.close();
+ System.out.println("---------------------------------------------");*/
+ }
+ } else {
+ logger.info("Signature passed core validation");
+ }
+ return coreValidity;
+ } catch (Exception e) {
+ OutReadableErrorMessage.set("signature validation failed: " + e.getMessage());
+ logger.fatal(e);
+ return false;
+ }
+ }
+
+ private String digestToString(byte[] digest) {
+ StringBuilder sb = new StringBuilder();
+ for (byte b : digest) {
+ String hex = Integer.toHexString(0xFF & b);
+ if (hex.length() == 1) {
+ sb.append('0');
+ }
+ sb.append(hex);
+ }
+ return sb.toString();
+ }
+
+ private void signDOM(Node node, PrivateKey privateKey, Certificate origCert) {
+ XMLSignatureFactory fac = initXMLSigFactory();
+ X509Certificate cert = (X509Certificate) origCert;
+ // Create the KeyInfo containing the X509Data.
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+
+
+ List<Object> x509Content = null;//new ArrayList<Object>();
+ List<X509Data> data = new ArrayList<X509Data>();
+ if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN)) {
+ x509Content = new ArrayList<Object>();
+
+ x509Content.add(cert.getSubjectDN().getName());
+ // x509Content.add(cert);
+ //x509Content.add(cert.getSubjectDN().getName());
+ X509Data xd = kif.newX509Data(x509Content);
+ data.add(xd);
+ }
+
+ // if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL)) {
+ // }
+ if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_BASE64)) {
+ x509Content = new ArrayList<Object>();
+ x509Content.add(cert);
+ //x509Content.add(cert.getSubjectX500Principal().getName());
+ X509Data xd = kif.newX509Data(x509Content);
+ data.add(xd);
+ }
+ if (map.containsKey(SIGNATURE_OPTION_CERT_INCLUSION_SERIAL)) {
+ x509Content = new ArrayList<Object>();
+
+ X509IssuerSerial issuer = kif.newX509IssuerSerial(cert.getIssuerX500Principal().getName(), cert.getSerialNumber());
+
+ x509Content.add(issuer);
+ X509Data xd = kif.newX509Data(x509Content);
+ data.add(xd);
+ }
+
+ //
+ //x509Content.add(cert);
+
+
+ KeyInfo ki = kif.newKeyInfo(data);
+
+ // Create a DOMSignContext and specify the RSA PrivateKey and
+ // location of the resulting XMLSignature's parent element.
+ DOMSignContext dsc = new DOMSignContext(privateKey, node);
+ dsc.putNamespacePrefix(XML_DIGSIG_NS, "ns2");
+
+ // Create the XMLSignature, but don't sign it yet.
+ try {
+ SignedInfo si = initSignedInfo(fac);
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ // Marshal, generate, and sign the enveloped signature.
+ signature.sign(dsc);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * searches local keystores for a referenced signing certificate
+ *
+ * @param childNodes
+ * @return null or the public key of a signing certificate
+ */
+ private X509Certificate FindCert(NodeList childNodes) {
+ try {
+ for (int x = 0; x < childNodes.getLength(); x++) {
+ if (childNodes.item(x).getLocalName().equalsIgnoreCase("X509SubjectName")) {
+
+ String dn = childNodes.item(x).getTextContent().trim();
+ return FindCertByDN(new X500Principal(dn));
+
+ }
+ if (childNodes.item(x).getLocalName().equalsIgnoreCase("X509IssuerSerial")) {
+ String X509IssuerName = null;
+ String X509SerialNumber = null;
+ for (int k = 0; k < childNodes.item(x).getChildNodes().getLength(); k++) {
+ if (childNodes.item(x).getChildNodes().item(x).getLocalName().equalsIgnoreCase("X509IssuerName")) {
+ X509IssuerName = childNodes.item(x).getTextContent().trim();
+ }
+ if (childNodes.item(x).getChildNodes().item(x).getLocalName().equalsIgnoreCase("X509SerialNumber")) {
+ X509SerialNumber = childNodes.item(x).getTextContent().trim();
+ }
+
+ }
+ if (X509IssuerName != null && X509SerialNumber != null) {
+ return FindCertByIssuer(X509IssuerName, X509SerialNumber);
+ }
+
+
+ }
+ }
+ } catch (Exception ex) {
+ logger.warn("error caught searching for a certificate", ex);
+ }
+ return null;
+ }
+
+ private X509Certificate FindCertByDN(X500Principal name) throws Exception {
+ KeyStore ks = GetTrustStore();
+ if (ks==null) return null;
+ Enumeration<String> aliases = ks.aliases();
+ while (aliases.hasMoreElements()) {
+ String nextElement = aliases.nextElement();
+ Certificate certificate = ks.getCertificate(nextElement);
+ X509Certificate x = (X509Certificate) certificate;
+ if (x.getSubjectX500Principal().equals(name)) {
+ return x;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Downloads a CRL from given HTTP/HTTPS/FTP URL, e.g.
+ * http://crl.infonotary.com/crl/identity-ca.crl
+ */
+ private X509CRL downloadCRLFromWeb(String crlURL)
+ throws MalformedURLException, IOException, CertificateException,
+ CRLException {
+ URL url = new URL(crlURL);
+ InputStream crlStream = url.openStream();
+ try {
+ // CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509CRL crl = (X509CRL) cf.generateCRL(crlStream);
+ return crl;
+ } finally {
+ crlStream.close();
+ }
+ }
+
+ private X509Certificate FindCertByIssuer(String X509IssuerName, String X509SerialNumber) throws Exception {
+ KeyStore ks = GetTrustStore();
+ if (ks==null) return null;
+ Enumeration<String> aliases = ks.aliases();
+ while (aliases.hasMoreElements()) {
+ String nextElement = aliases.nextElement();
+ Certificate certificate = ks.getCertificate(nextElement);
+ X509Certificate x = (X509Certificate) certificate;
+ if (x.getIssuerDN().getName().equals(X509IssuerName)
+ && x.getSerialNumber().toString().equalsIgnoreCase(X509SerialNumber)) {
+ return x;
+ }
+ }
+ return null;
+ }
+}
Added: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/TripleDESCrytor.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/TripleDESCrytor.java?rev=1530138&view=auto
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/TripleDESCrytor.java (added)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/TripleDESCrytor.java Tue Oct 8 02:50:36 2013
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2013 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.juddi.v3.client.cryptor;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.KeySpec;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
+import org.apache.commons.codec.binary.Base64;
+
+/**
+ * Triple DES, 168 bit key
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ */
+public class TripleDESCrytor implements Cryptor {
+
+ private static final String UNICODE_FORMAT = "UTF8";
+ private static final String DESEDE_ENCRYPTION_SCHEME = "DESede";
+ private KeySpec ks;
+ private SecretKeyFactory skf;
+ private Cipher cipher;
+ byte[] arrayBytes;
+ private String myEncryptionKey;
+ private String myEncryptionScheme;
+ SecretKey key;
+
+ /**
+ *default constructor
+ * @throws Exception
+ */
+ public TripleDESCrytor() throws Exception {
+ myEncryptionKey = "rioTEBCe/RAHRs6tTyYxDqettnVbZA6z";
+ myEncryptionScheme = DESEDE_ENCRYPTION_SCHEME;
+ arrayBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);
+ ks = new DESedeKeySpec(arrayBytes);
+ skf = SecretKeyFactory.getInstance(myEncryptionScheme);
+ cipher = Cipher.getInstance(myEncryptionScheme);
+ key = skf.generateSecret(ks);
+ }
+
+ @Override
+ public String encrypt(String clear) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ String encryptedString = null;
+ try {
+ cipher.init(Cipher.ENCRYPT_MODE, key);
+ byte[] plainText = clear.getBytes(UNICODE_FORMAT);
+ byte[] encryptedText = cipher.doFinal(plainText);
+ encryptedString = new String(Base64.encodeBase64(encryptedText));
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return encryptedString;
+ }
+
+ /**
+ * generates a new key
+ * @return
+ */
+ public static String GEN() {
+ KeyGenerator kgen;
+ try {
+ kgen = KeyGenerator.getInstance(DESEDE_ENCRYPTION_SCHEME);
+ kgen.init(168);
+ SecretKey skey = kgen.generateKey();
+ byte[] raw = skey.getEncoded();
+ return new String(Base64.encodeBase64(raw));
+ } catch (Exception ex) {
+ ex.printStackTrace();;
+ }
+ return null;
+ }
+
+ @Override
+ public String decrypt(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ String encryptedString = str;
+ try {
+ cipher.init(Cipher.DECRYPT_MODE, key);
+ byte[] encryptedText = Base64.decodeBase64(str.getBytes());
+ byte[] plainTest = cipher.doFinal(encryptedText);
+ encryptedString = new String(plainTest);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return encryptedString;
+ }
+}
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/subscription/SubscriptionCallbackListener.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/subscription/SubscriptionCallbackListener.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/subscription/SubscriptionCallbackListener.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/subscription/SubscriptionCallbackListener.java Tue Oct 8 02:50:36 2013
@@ -20,15 +20,17 @@ import java.rmi.RemoteException;
import java.rmi.UnexpectedException;
import java.util.ArrayList;
import java.util.List;
+
import javax.jws.WebService;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.ws.Endpoint;
+
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.v3.client.config.UDDIClerk;
import org.apache.juddi.v3.client.config.UDDIClient;
-import org.apache.juddi.v3.client.crypto.DigSigUtil;
+import org.apache.juddi.v3.client.cryptor.DigSigUtil;
import org.apache.juddi.v3.client.transport.Transport;
import org.apache.juddi.v3.client.transport.TransportException;
import org.uddi.api_v3.AccessPoint;
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/transport/JAXWSTransport.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/transport/JAXWSTransport.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/transport/JAXWSTransport.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/transport/JAXWSTransport.java Tue Oct 8 02:50:36 2013
@@ -31,7 +31,7 @@ import org.apache.juddi.v3.client.UDDISe
import org.apache.juddi.v3.client.config.Property;
import org.apache.juddi.v3.client.config.UDDIClient;
import org.apache.juddi.v3.client.config.UDDIClientContainer;
-import org.apache.juddi.v3.client.crypto.CryptorFactory;
+import org.apache.juddi.v3.client.cryptor.CryptorFactory;
import org.apache.juddi.v3.client.mapping.WADL2UDDI;
import org.apache.juddi.v3_service.JUDDIApiPortType;
import org.uddi.v3_service.UDDICustodyTransferPortType;
Modified: juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java (original)
+++ juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java Tue Oct 8 02:50:36 2013
@@ -18,8 +18,10 @@ package org.apache.juddi.v3.client;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
+
import javax.xml.crypto.dsig.CanonicalizationMethod;
-import org.apache.juddi.v3.client.crypto.DigSigUtil;
+
+import org.apache.juddi.v3.client.cryptor.DigSigUtil;
import org.junit.Assert;
import org.junit.Test;
import org.uddi.api_v3.BindingTemplate;
@@ -39,7 +41,7 @@ import org.w3._2000._09.xmldsig_.Signatu
*/
public class DigSigUtilTest {
- org.apache.juddi.v3.client.crypto.DigSigUtil ds = null;
+ org.apache.juddi.v3.client.cryptor.DigSigUtil ds = null;
public DigSigUtilTest() throws Exception {
Default();
Modified: juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/config/CryptoConfigTest.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/config/CryptoConfigTest.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/config/CryptoConfigTest.java (original)
+++ juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/config/CryptoConfigTest.java Tue Oct 8 02:50:36 2013
@@ -15,7 +15,7 @@
*/
package org.apache.juddi.v3.client.config;
-import org.apache.juddi.v3.client.crypto.CryptorFactory;
+import org.apache.juddi.v3.client.cryptor.CryptorFactory;
import org.apache.juddi.v3.client.transport.Transport;
import org.junit.Assert;
import org.junit.Test;
Modified: juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml (original)
+++ juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml Tue Oct 8 02:50:36 2013
@@ -42,11 +42,11 @@
<clerks registerOnStartup="false">
<!-- root -->
<clerk name="default" node="default" publisher="root" password="7d3e79ca453f4ebfd36e22afe029c3a2"
- isPasswordEncrypted="true" cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor"
+ isPasswordEncrypted="true" cryptoProvider="org.apache.juddi.v3.client.cryptor.AES128Cryptor"
/>
<!-- password -->
<clerk name="medroot" node="med" publisher="root" password="18604180541d172f9827e08c998db568"
- isPasswordEncrypted="true" cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor"
+ isPasswordEncrypted="true" cryptoProvider="org.apache.juddi.v3.client.cryptor.AES128Cryptor"
/>
<xregister>
<service bindingKey="uddi:juddi.apache.org:servicebindings-subscriptionlistener-ws" fromClerk="default" toClerk="medroot"/>
Modified: juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-3des.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-3des.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-3des.xml (original)
+++ juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-3des.xml Tue Oct 8 02:50:36 2013
@@ -88,7 +88,7 @@
<uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
<!-- jUDDI Cryptor implementation to use-->
- <cryptor>org.apache.juddi.cryptor.DefaultCryptor</cryptor>
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
<!-- jUDDI Key Generator to use-->
<keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
Modified: juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes128.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes128.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes128.xml (original)
+++ juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes128.xml Tue Oct 8 02:50:36 2013
@@ -87,7 +87,7 @@
<uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
<!-- jUDDI Cryptor implementation to use-->
- <cryptor>org.apache.juddi.cryptor.DefaultCryptor</cryptor>
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
<!-- jUDDI Key Generator to use-->
<keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
Modified: juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes256.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes256.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes256.xml (original)
+++ juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-aes256.xml Tue Oct 8 02:50:36 2013
@@ -88,7 +88,7 @@
<uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
<!-- jUDDI Cryptor implementation to use-->
- <cryptor>org.apache.juddi.cryptor.DefaultCryptor</cryptor>
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
<!-- jUDDI Key Generator to use-->
<keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
Modified: juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-default.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-default.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-default.xml (original)
+++ juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3-enc-default.xml Tue Oct 8 02:50:36 2013
@@ -87,7 +87,7 @@
<uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
<!-- jUDDI Cryptor implementation to use-->
- <cryptor>org.apache.juddi.cryptor.DefaultCryptor</cryptor>
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
<!-- jUDDI Key Generator to use-->
<keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
Modified: juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3.xml?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3.xml (original)
+++ juddi/trunk/juddi-core-openjpa/src/test/resources/juddiv3.xml Tue Oct 8 02:50:36 2013
@@ -88,7 +88,7 @@
<uuidgen>org.apache.juddi.uuidgen.DefaultUUIDGen</uuidgen>
<!-- jUDDI Cryptor implementation to use-->
- <cryptor>org.apache.juddi.cryptor.DefaultCryptor</cryptor>
+ <cryptor>org.apache.juddi.v3.client.cryptor.DefaultCryptor</cryptor>
<!-- jUDDI Key Generator to use-->
<keygenerator>org.apache.juddi.keygen.DefaultKeyGenerator</keygenerator>
Modified: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java Tue Oct 8 02:50:36 2013
@@ -137,7 +137,7 @@ public interface Property {
public final static String JUDDI_EMAIL_PREFIX = "juddi.mail.smtp.prefix";
public final static String JUDDI_EMAIL_FROM = "juddi.mail.smtp.from";
public final static String DEFAULT_JUDDI_EMAIL_PREFIX = "juddi.";
- public final static String DEFAULT_CRYPTOR = "org.apache.juddi.cryptor.DefaultCryptor";
+ public final static String DEFAULT_CRYPTOR = "org.apache.juddi.v3.client.cryptor.DefaultCryptor";
public final static String DEFAULT_USERSFILE = "juddi-users.properties";
public final static String DEFAULT_XML_USERSFILE = "juddi-users.xml";
/**
Modified: juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java?rev=1530138&r1=1530137&r2=1530138&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java (original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java Tue Oct 8 02:50:36 2013
@@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFac
import org.apache.juddi.ClassUtil;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Property;
+import org.apache.juddi.v3.client.cryptor.Cryptor;
/**
* Used to create the org.apache.juddi.cryptor.Cryptor implementation
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org