You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/02/17 15:55:30 UTC
svn commit: r1245588 - in /webservices/wss4j/trunk/src:
main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
test/java/org/apache/ws/security/message/SignatureCRLTest.java
test/resources/wss40rev.properties
Author: coheigea
Date: Fri Feb 17 14:55:29 2012
New Revision: 1245588
URL: http://svn.apache.org/viewvc?rev=1245588&view=rev
Log:
[WSS-341] - Make CRL's work on signature verification when the certificate is in the keystore
- Patch applied, thanks.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureCRLTest.java
webservices/wss4j/trunk/src/test/resources/wss40rev.properties
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java?rev=1245588&r1=1245587&r2=1245588&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/validate/SignatureTrustValidator.java Fri Feb 17 14:55:29 2012
@@ -167,7 +167,7 @@ public class SignatureTrustValidator imp
//
// FIRST step - Search the keystore for the transmitted certificate
//
- if (isCertificateInKeyStore(crypto, cert)) {
+ if (!enableRevocation && isCertificateInKeyStore(crypto, cert)) {
return true;
}
Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureCRLTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureCRLTest.java?rev=1245588&r1=1245587&r2=1245588&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureCRLTest.java (original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignatureCRLTest.java Fri Feb 17 14:55:29 2012
@@ -142,6 +142,45 @@ public class SignatureCRLTest extends or
}
}
+
+ /**
+ * Test signing a SOAP message using a BST. Revocation is enabled and so the test
+ * should fail. The trust store that is used is the keystore that contains the revoked
+ * certificate. See WSS-341:
+ * https://issues.apache.org/jira/browse/WSS-341
+ */
+ @org.junit.Test
+ public void testSignatureDirectReferenceRevocationKeyStore() throws Exception {
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("wss40rev", "security");
+ sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc = sign.build(doc, crypto, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ //
+ // Verify the signature
+ //
+ try {
+ verify(signedDoc, crypto, true);
+ fail ("Failure expected on a revoked certificate");
+ } catch (Exception ex) {
+ String errorMessage = ex.getMessage();
+ // Different errors using different JDKs...
+ assertTrue(errorMessage.contains("Certificate has been revoked")
+ || errorMessage.contains("Certificate revocation")
+ || errorMessage.contains("Error during certificate path validation"));
+ }
+ }
+
/**
* Verifies the soap envelope
* <p/>
Modified: webservices/wss4j/trunk/src/test/resources/wss40rev.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/resources/wss40rev.properties?rev=1245588&r1=1245587&r2=1245588&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/resources/wss40rev.properties (original)
+++ webservices/wss4j/trunk/src/test/resources/wss40rev.properties Fri Feb 17 14:55:29 2012
@@ -3,3 +3,4 @@ org.apache.ws.security.crypto.merlin.key
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=wss40rev
org.apache.ws.security.crypto.merlin.keystore.file=keys/wss40rev.jks
+org.apache.ws.security.crypto.merlin.x509crl.file=keys/wss40CACRL.pem