You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/06/29 13:25:15 UTC

svn commit: r1688187 - in /webservices/wss4j/branches/2_0_x-fixes: parent/pom.xml ws-security-common/pom.xml ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java ws-security-dom/pom.xml

Author: coheigea
Date: Mon Jun 29 11:25:15 2015
New Revision: 1688187

URL: http://svn.apache.org/r1688187
Log:
Adding some functionality to extract AuthorityKeyIdentifier information from
a cert using BouncyCastle

Added:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java
Modified:
    webservices/wss4j/branches/2_0_x-fixes/parent/pom.xml
    webservices/wss4j/branches/2_0_x-fixes/ws-security-common/pom.xml
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/pom.xml

Modified: webservices/wss4j/branches/2_0_x-fixes/parent/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/parent/pom.xml?rev=1688187&r1=1688186&r2=1688187&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/parent/pom.xml (original)
+++ webservices/wss4j/branches/2_0_x-fixes/parent/pom.xml Mon Jun 29 11:25:15 2015
@@ -80,6 +80,11 @@
                 <version>${bcprov.version}</version>
             </dependency>
             <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk15on</artifactId>
+                <version>${bcprov.version}</version>
+            </dependency>
+            <dependency>
                 <groupId>org.apache.neethi</groupId>
                 <artifactId>neethi</artifactId>
                 <version>${neethi.version}</version>

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/pom.xml?rev=1688187&r1=1688186&r2=1688187&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/pom.xml (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/pom.xml Mon Jun 29 11:25:15 2015
@@ -221,6 +221,12 @@
             <optional>true</optional>
         </dependency>
         <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <scope>compile</scope>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
             <groupId>org.jasypt</groupId>
             <artifactId>jasypt</artifactId>
             <scope>compile</scope>

Added: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java?rev=1688187&view=auto
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java (added)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/test/java/org/apache/wss4j/common/crypto/AuthorityKeyIdentifierTest.java Mon Jun 29 11:25:15 2015
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.crypto;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+
+import org.apache.wss4j.common.util.Loader;
+import org.bouncycastle.asn1.ASN1OctetString;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
+
+/**
+ * This is a test for extracting AuthorityKeyIdentifier/SubjectKeyIdentifier information from
+ * the certs using BouncyCastle.
+ */
+public class AuthorityKeyIdentifierTest extends org.junit.Assert {
+    
+    @org.junit.Test
+    public void testExtractKeyIdentifiers() throws Exception {
+        // Load the keystore
+        KeyStore keyStore = loadKeyStore("keys/wss40.jks", "security");
+        assertNotNull(keyStore);
+        
+        X509Certificate cert = (X509Certificate)keyStore.getCertificate("wss40");
+        assertNotNull(cert);
+        
+        // Get AuthorityKeyIdentifier from the cert
+        byte[] octets = (ASN1OctetString.getInstance(cert.getExtensionValue("2.5.29.35")).getOctets());     
+        AuthorityKeyIdentifier authorityKeyIdentifier = 
+            AuthorityKeyIdentifier.getInstance(octets);
+        byte[] keyIdentifierBytes = authorityKeyIdentifier.getKeyIdentifier();
+        assertNotNull(keyIdentifierBytes);
+        
+        // Now load the CA cert
+        KeyStore caKeyStore = loadKeyStore("keys/wss40CA.jks", "security");
+        assertNotNull(caKeyStore);
+        
+        X509Certificate caCert = (X509Certificate)caKeyStore.getCertificate("wss40CA");
+        assertNotNull(caCert);
+        
+        // Get SubjectKeyIdentifier from the CA cert
+        byte[] subjectOctets = 
+            (ASN1OctetString.getInstance(caCert.getExtensionValue("2.5.29.14")).getOctets());     
+        SubjectKeyIdentifier subjectKeyIdentifier =
+            SubjectKeyIdentifier.getInstance(subjectOctets);
+        assertNotNull(subjectKeyIdentifier);
+        byte[] subjectKeyIdentifierBytes = subjectKeyIdentifier.getKeyIdentifier();
+        assertNotNull(subjectKeyIdentifierBytes);
+
+        assertTrue(Arrays.equals(keyIdentifierBytes, subjectKeyIdentifierBytes));
+    }
+    
+    private KeyStore loadKeyStore(String path, String password) throws Exception {
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        ClassLoader loader = Loader.getClassLoader(AuthorityKeyIdentifierTest.class);
+        InputStream input = Merlin.loadInputStream(loader, path);
+        keyStore.load(input, password.toCharArray());
+        
+        return keyStore;
+    }
+}

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/pom.xml?rev=1688187&r1=1688186&r2=1688187&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/pom.xml (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/pom.xml Mon Jun 29 11:25:15 2015
@@ -118,6 +118,11 @@
             <artifactId>bcprov-jdk15on</artifactId>
             <scope>test</scope>
         </dependency>
+         <dependency>
+           <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>