You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/03/05 12:04:34 UTC
svn commit: r1664304 - in
/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common:
crypto/Crypto.java crypto/CryptoBase.java crypto/Merlin.java
saml/SamlAssertionWrapper.java
Author: coheigea
Date: Thu Mar 5 11:04:33 2015
New Revision: 1664304
URL: http://svn.apache.org/r1664304
Log:
More refactoring
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java Thu Mar 5 11:04:33 2015
@@ -72,10 +72,9 @@ public interface Crypto {
/**
* Sets the CertificateFactory instance on this Crypto instance
*
- * @param provider the CertificateFactory provider name
* @param certFactory the CertificateFactory the CertificateFactory instance to set
*/
- void setCertificateFactory(String provider, CertificateFactory certFactory);
+ void setCertificateFactory(CertificateFactory certFactory);
/**
* Get the CertificateFactory instance on this Crypto instance
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java Thu Mar 5 11:04:33 2015
@@ -32,10 +32,8 @@ import java.security.cert.CertificateFac
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -62,9 +60,9 @@ public abstract class CryptoBase impleme
private static final Constructor<?> BC_509CLASS_CONS;
- protected Map<String, CertificateFactory> certFactMap = new HashMap<>();
- private String defaultAlias = null;
- private String cryptoProvider = null;
+ protected CertificateFactory certificateFactory;
+ private String defaultAlias;
+ private String cryptoProvider;
static {
Constructor<?> cons = null;
@@ -127,15 +125,10 @@ public abstract class CryptoBase impleme
/**
* Sets the CertificateFactory instance on this Crypto instance
*
- * @param provider the CertificateFactory provider name
* @param certFactory the CertificateFactory the CertificateFactory instance to set
*/
- public void setCertificateFactory(String provider, CertificateFactory certFactory) {
- if (provider == null || provider.length() == 0) {
- certFactMap.put(certFactory.getProvider().getName(), certFactory);
- } else {
- certFactMap.put(provider, certFactory);
- }
+ public void setCertificateFactory(CertificateFactory certFactory) {
+ this.certificateFactory = certFactory;
}
/**
@@ -146,37 +139,28 @@ public abstract class CryptoBase impleme
* @throws WSSecurityException
*/
public CertificateFactory getCertificateFactory() throws WSSecurityException {
- String provider = getCryptoProvider();
-
- //Try to find a CertificateFactory that generates certs that are fully
- //compatible with the certs in the KeyStore (Sun -> Sun, BC -> BC, etc...)
- CertificateFactory factory = null;
- if (provider != null && provider.length() != 0) {
- factory = certFactMap.get(provider);
- } else {
- factory = certFactMap.get("DEFAULT");
+ if (certificateFactory != null) {
+ return certificateFactory;
}
- if (factory == null) {
- try {
- if (provider == null || provider.length() == 0) {
- factory = CertificateFactory.getInstance("X.509");
- certFactMap.put("DEFAULT", factory);
- } else {
- factory = CertificateFactory.getInstance("X.509", provider);
- certFactMap.put(provider, factory);
- }
- certFactMap.put(factory.getProvider().getName(), factory);
- } catch (CertificateException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e
- );
- } catch (NoSuchProviderException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider", e
- );
+
+ try {
+ String provider = getCryptoProvider();
+ if (provider == null || provider.length() == 0) {
+ certificateFactory = CertificateFactory.getInstance("X.509");
+ } else {
+ certificateFactory = CertificateFactory.getInstance("X.509", provider);
}
+ } catch (CertificateException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e
+ );
+ } catch (NoSuchProviderException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider", e
+ );
}
- return factory;
+
+ return certificateFactory;
}
/**
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Thu Mar 5 11:04:33 2015
@@ -356,7 +356,7 @@ public class Merlin extends CryptoBase {
* @param input <code>InputStream</code> to read from
* @throws WSSecurityException
*/
- public KeyStore load(InputStream input, String storepass, String provider, String type)
+ protected KeyStore load(InputStream input, String storepass, String provider, String type)
throws WSSecurityException {
KeyStore ks = null;
@@ -448,65 +448,47 @@ public class Merlin extends CryptoBase {
*/
@Override
public CertificateFactory getCertificateFactory() throws WSSecurityException {
+ if (certificateFactory != null) {
+ return certificateFactory;
+ }
+
String provider = getCryptoProvider();
String keyStoreProvider = null;
if (keystore != null) {
keyStoreProvider = keystore.getProvider().getName();
}
-
- //Try to find a CertificateFactory that generates certs that are fully
- //compatible with the certs in the KeyStore (Sun -> Sun, BC -> BC, etc...)
- CertificateFactory factory = null;
- if (provider != null) {
- factory = certFactMap.get(provider);
- } else if (keyStoreProvider != null) {
- factory =
- certFactMap.get(mapKeystoreProviderToCertProvider(keyStoreProvider));
- if (factory == null) {
- factory = certFactMap.get(keyStoreProvider);
- }
- } else {
- factory = certFactMap.get("DEFAULT");
- }
- if (factory == null) {
- try {
- if (provider == null || provider.length() == 0) {
- if (keyStoreProvider != null && keyStoreProvider.length() != 0) {
- try {
- factory =
- CertificateFactory.getInstance(
- "X.509", mapKeystoreProviderToCertProvider(keyStoreProvider)
- );
- certFactMap.put(keyStoreProvider, factory);
- certFactMap.put(
- mapKeystoreProviderToCertProvider(keyStoreProvider), factory
+
+ try {
+ if (provider == null || provider.length() == 0) {
+ if (keyStoreProvider != null && keyStoreProvider.length() != 0) {
+ try {
+ certificateFactory =
+ CertificateFactory.getInstance(
+ "X.509", mapKeystoreProviderToCertProvider(keyStoreProvider)
);
- } catch (Exception ex) {
- LOG.debug(ex.getMessage(), ex);
- //Ignore, we'll just use the default since they didn't specify one.
- //Hopefully that will work for them.
- }
- }
- if (factory == null) {
- factory = CertificateFactory.getInstance("X.509");
- certFactMap.put("DEFAULT", factory);
+ } catch (Exception ex) {
+ LOG.debug(ex.getMessage(), ex);
+ //Ignore, we'll just use the default since they didn't specify one.
+ //Hopefully that will work for them.
}
- } else {
- factory = CertificateFactory.getInstance("X.509", provider);
- certFactMap.put(provider, factory);
}
- certFactMap.put(factory.getProvider().getName(), factory);
- } catch (CertificateException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e
- );
- } catch (NoSuchProviderException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider", e
- );
+ if (certificateFactory == null) {
+ certificateFactory = CertificateFactory.getInstance("X.509");
+ }
+ } else {
+ certificateFactory = CertificateFactory.getInstance("X.509", provider);
}
+ } catch (CertificateException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType", e
+ );
+ } catch (NoSuchProviderException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider", e
+ );
}
- return factory;
+
+ return certificateFactory;
}
private String mapKeystoreProviderToCertProvider(String s) {
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java Thu Mar 5 11:04:33 2015
@@ -34,9 +34,10 @@ import org.apache.wss4j.common.saml.buil
import org.apache.wss4j.common.saml.builder.SAML2ComponentBuilder;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.InetAddressUtils;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.XMLUtils;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.SAMLObjectContentReference;
@@ -750,18 +751,31 @@ public class SamlAssertionWrapper {
sig = saml1.getSignature();
}
if (sig != null) {
- Element signatureElement = sig.getDOM();
-
- try {
- // Use XML-Security class to obtain SignatureValue
- XMLSignature xmlSignature = new XMLSignature(signatureElement, "");
- return xmlSignature.getSignatureValue();
- } catch (XMLSecurityException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", e
- );
+ return getSignatureValue(sig);
+ }
+ return null;
+ }
+
+ private byte[] getSignatureValue(Signature signature) throws WSSecurityException {
+ Element signatureElement = signature.getDOM();
+
+ if (signatureElement != null) {
+ Element signedInfoElem = XMLUtils.getNextElement(signatureElement.getFirstChild());
+ if (signedInfoElem != null) {
+ Element signatureValueElement =
+ XMLUtils.getNextElement(signedInfoElem.getNextSibling());
+ if (signatureValueElement != null) {
+ try {
+ return Base64.decode(signatureValueElement);
+ } catch (Base64DecodingException ex) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", ex
+ );
+ }
+ }
}
}
+
return null;
}