You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by di...@apache.org on 2004/11/12 14:19:37 UTC
cvs commit: ws-fx/wss4j/src/org/apache/ws/security/components/crypto Merlin.java
dims 2004/11/12 05:19:37
Modified: wss4j project.xml
wss4j/src/org/apache/ws/axis/security/trust/secconv/interop
InteropSAMLIssuerImpl.java
wss4j/src/org/apache/ws/security/components/crypto
Merlin.java
Log:
Get rid of sun.security.util.DerValue
Revision Changes Path
1.5 +2 -2 ws-fx/wss4j/project.xml
Index: project.xml
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/project.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- project.xml 31 Aug 2004 06:21:53 -0000 1.4
+++ project.xml 12 Nov 2004 13:19:36 -0000 1.5
@@ -47,8 +47,8 @@
the connection element has the form:
scm:<system>:<system specific connection string> -->
<repository>
- <connection>scm:cvs:pserver:anoncvs@cvs.apache.org:/home/cvspublic:ws-fx/wss4j/</connection>
- <url>http://cvs.apache.org/viewcvs.cgi/ws-fx/wss4j/</url>
+ <connection>scm:subversion:http://svn.apache.org/repos/asf/webservices/scout/trunk</connection>
+ <url>http://svn.apache.org/viewcvs.cgi/webservices/scout/trunk/?root=Apache-SVN</url>
</repository>
<!-- any mailing lists for the project -->
1.2 +22 -26 ws-fx/wss4j/src/org/apache/ws/axis/security/trust/secconv/interop/InteropSAMLIssuerImpl.java
Index: InteropSAMLIssuerImpl.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/trust/secconv/interop/InteropSAMLIssuerImpl.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- InteropSAMLIssuerImpl.java 16 Oct 2004 08:07:10 -0000 1.1
+++ InteropSAMLIssuerImpl.java 12 Nov 2004 13:19:37 -0000 1.2
@@ -6,35 +6,13 @@
*/
package org.apache.ws.axis.security.trust.secconv.interop;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Properties;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSEncryptBody;
-import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLIssuer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.keys.KeyInfo;
@@ -51,9 +29,26 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
-
import sun.security.util.DerValue;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Date;
+import java.util.Hashtable;
+import java.util.Properties;
+
/**
* This issues signed SAML tokens using the STS's certificate and includes the secret key encrypted by the
* service's public key
@@ -73,13 +68,13 @@
private Properties properties = null;
private Crypto issuerCrypto = null;
+ private Crypto userCrypto = null;
private String issuerKeyPassword = null;
private String issuerKeyName = null;
private boolean senderVouches = true;
private String[] confirmationMethods = new String[1];
- private Crypto userCrypto = null;
private String username = null;
private String epr = null;
@@ -373,7 +368,8 @@
*/
private void initializeTrustedServicesList(String certPath) {
this.trustedCertsTable = new Hashtable();
- System.out.println("***** If you are getting trouble, change the seravices *****\n" +
"FIND ANOTHER WAY TO STORE THE TRUSTED LIST OF SERVICES WITH THE RELAVENT CERTIFICATES");
+ System.out.println("***** If you are getting trouble, change the seravices *****\n" +
+ "FIND ANOTHER WAY TO STORE THE TRUSTED LIST OF SERVICES WITH THE RELAVENT CERTIFICATES");
this.trustedCertsTable.put("http://127.0.0.1:9080/axis/services/EchoInterop",certPath+"/WSETEST.cer");
//Microsoft
this.trustedCertsTable.put("http://192.168.1.106/Service/Service.ashx",certPath+"TrustSecConvinterop/ms1/cert1.cer");//"C:/TrustSecConvinterop/ms1/cert1.cer");
@@ -455,7 +451,7 @@
Element xencEncryptedKey = WSEncryptBody.createEnrcyptedKey(doc, WSConstants.KEYTRANSPORT_RSAOEP);
X509Data x509Data = new X509Data(doc);
- x509Data.addSKI(getSKIBytesFromCert(remoteCert));
+ x509Data.addSKI(issuerCrypto.getSKIBytesFromCert(remoteCert));
KeyInfo keyInfo = new KeyInfo(doc);
keyInfo.addUnknownElement(x509Data.getElement());
1.24 +7 -48 ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java
Index: Merlin.java
===================================================================
RCS file: /home/cvs/ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- Merlin.java 9 Aug 2004 17:53:43 -0000 1.23
+++ Merlin.java 12 Nov 2004 13:19:37 -0000 1.24
@@ -24,7 +24,6 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
-import sun.security.util.DerValue;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
@@ -546,66 +545,26 @@
*/
public byte[] getSKIBytesFromCert(X509Certificate cert)
throws WSSecurityException {
-
- byte data[] = null;
- byte abyte0[] = null;
- if (cert.getVersion() < 3) {
- throw new WSSecurityException(1,
- "noSKIHandling",
- new Object[]{"Wrong certificate version (<3)"});
- }
-
/*
* Gets the DER-encoded OCTET string for the extension value (extnValue)
* identified by the passed-in oid String. The oid string is
* represented by a set of positive whole numbers separated by periods.
*/
- data = cert.getExtensionValue(SKI_OID);
-
- if (data == null) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "noSKIHandling",
- new Object[]{"No extension data"});
- }
- DerValue derValue = null;
- try {
- derValue = new DerValue(data);
- } catch (IOException e) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "noSKIHandling",
- new Object[]{"cannot read SKI value"});
- }
+ byte[] derEncodedValue = cert.getExtensionValue(SKI_OID);
- if (derValue == null) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "noSKIHandling",
- new Object[]{"No DER value"});
- }
- if (derValue.tag != DerValue.tag_OctetString) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
- "noSKIHandling",
- new Object[]{"No octet string"});
- }
- byte[] extensionValue = null;
- try {
- extensionValue = derValue.getOctetString();
- } catch (IOException e1) {
- throw new WSSecurityException(WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
+ if (cert.getVersion() < 3) {
+ throw new WSSecurityException(1,
"noSKIHandling",
- new Object[]{"cannot read SKI value as octet data"});
+ new Object[]{"Wrong certificate version (<3)"});
}
/**
- * Strip away first two bytes from the DerValue (tag and length)
+ * Strip away first four bytes from the DerValue (tag and length of
+ * ExtensionValue OCTET STRING and KeyIdentifier OCTET STRING)
*/
- abyte0 = new byte[extensionValue.length - 2];
-
- System.arraycopy(extensionValue, 2, abyte0, 0, abyte0.length);
-
- /*
byte abyte0[] = new byte[derEncodedValue.length - 4];
+
System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
- */
return abyte0;
}