You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by as...@apache.org on 2013/10/30 18:10:48 UTC
svn commit: r1537178 - in
/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl:
XKMSInvoker.java XkmsCryptoProvider.java
Author: ashakirin
Date: Wed Oct 30 17:10:48 2013
New Revision: 1537178
URL: http://svn.apache.org/r1537178
Log:
Fixed [CXF-5369]: XKMS Crypto provider throws exceptions due not found certificate instead returning empty array
Modified:
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java?rev=1537178&r1=1537177&r2=1537178&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java Wed Oct 30 17:10:48 2013
@@ -36,7 +36,6 @@ import org.apache.cxf.xkms.client.X509Ap
import org.apache.cxf.xkms.exception.ExceptionMapper;
import org.apache.cxf.xkms.exception.XKMSException;
import org.apache.cxf.xkms.exception.XKMSLocateException;
-import org.apache.cxf.xkms.exception.XKMSNotFoundException;
import org.apache.cxf.xkms.exception.XKMSValidateException;
import org.apache.cxf.xkms.handlers.Applications;
import org.apache.cxf.xkms.handlers.XKMSConstants;
@@ -151,14 +150,14 @@ class XKMSInvoker {
}
if (!locateResultType.getUnverifiedKeyBinding().iterator().hasNext()) {
- throw new XKMSNotFoundException(
- "X509Certificate is not found for id: " + ids);
+ LOG.warn("X509Certificate is not found in XKMS for id: " + ids);
+ return null;
}
KeyInfoType keyInfo = locateResultType.getUnverifiedKeyBinding()
.iterator().next().getKeyInfo();
if (!keyInfo.getContent().iterator().hasNext()) {
- throw new XKMSNotFoundException(
- "X509Certificate is not found for id: " + ids);
+ LOG.warn("X509Certificate is not found in XKMS for id: " + ids);
+ return null;
}
JAXBElement<X509DataType> x509Data = (JAXBElement<X509DataType>)keyInfo
.getContent().iterator().next();
Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java?rev=1537178&r1=1537177&r2=1537178&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java Wed Oct 30 17:10:48 2013
@@ -192,22 +192,15 @@ public class XkmsCryptoProvider extends
}
// Try local cache first
- if (xkmsClientCache != null) {
- XKMSCacheToken cachedToken = xkmsClientCache.get(id.toLowerCase());
- if (cachedToken != null && cachedToken.getX509Certificate() != null) {
- return new X509Certificate[] {cachedToken.getX509Certificate()};
- }
+ X509Certificate[] certs = checkX509Cache(id.toLowerCase());
+ if (certs != null) {
+ return certs;
}
// Now ask the XKMS Service
X509Certificate cert = xkmsInvoker.getCertificateForId(application, id);
- // Store in the cache
- storeCertificateInCache(cert, id.toLowerCase(), false);
-
- return new X509Certificate[] {
- cert
- };
+ return buildX509GetResult(id.toLowerCase(), cert);
}
private X509Certificate[] getX509FromXKMSByIssuerSerial(String issuer, BigInteger serial) {
@@ -216,21 +209,44 @@ public class XkmsCryptoProvider extends
String key = getKeyForIssuerSerial(issuer, serial);
// Try local cache first
- if (xkmsClientCache != null) {
- XKMSCacheToken cachedToken = xkmsClientCache.get(key);
- if (cachedToken != null && cachedToken.getX509Certificate() != null) {
- return new X509Certificate[] {cachedToken.getX509Certificate()};
- }
+ X509Certificate[] certs = checkX509Cache(key);
+ if (certs != null) {
+ return certs;
}
+
// Now ask the XKMS Service
- X509Certificate certificate = xkmsInvoker.getCertificateForIssuerSerial(issuer, serial);
+ X509Certificate cert = xkmsInvoker.getCertificateForIssuerSerial(issuer, serial);
- // Store in the cache
- storeCertificateInCache(certificate, key, false);
+ return buildX509GetResult(key, cert);
+ }
+
+ private X509Certificate[] checkX509Cache(String key) {
+ if (xkmsClientCache == null) {
+ return null;
+ }
+
+ XKMSCacheToken cachedToken = xkmsClientCache.get(key);
+ if (cachedToken != null && cachedToken.getX509Certificate() != null) {
+ return new X509Certificate[] {
+ cachedToken.getX509Certificate()
+ };
+ } else {
+ return null;
+ }
+ }
- return new X509Certificate[] {
- certificate
- };
+ private X509Certificate[] buildX509GetResult(String key, X509Certificate cert) {
+ if (cert != null) {
+ // Certificate was found: store in the cache
+ storeCertificateInCache(cert, key, false);
+
+ return new X509Certificate[] {
+ cert
+ };
+ } else {
+ // Certificate was not found: return empty list
+ return new X509Certificate[0];
+ }
}
/**