You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/04/24 16:21:54 UTC
svn commit: r768319 - in /webservices/wss4j/trunk: keys/ keys/ca.db.certs/
src/org/apache/ws/security/ src/org/apache/ws/security/processor/ test/
test/wssec/
Author: coheigea
Date: Fri Apr 24 14:21:52 2009
New Revision: 768319
URL: http://svn.apache.org/viewvc?rev=768319&view=rev
Log:
[WSS-40] - Some updates to the test keys + supporting multiple certificates in the processors
- The SignatureProcessor now saves all X509Certs it finds in the WSSecurityEngineResult.
- It also verifies all of them, not just the first one.
- This caused some tests to fail, as the wss4j.keystore had out of date CA certs
- I removed wss4j.keystore, and regenerated the wss40.jks keys/certs to meet the requirements.
- Also added some tests for WSHandler.verifyTrust.
Added:
webservices/wss4j/trunk/keys/ca.db.certs/13.pem
webservices/wss4j/trunk/keys/ca.db.certs/14.pem
webservices/wss4j/trunk/keys/ca.db.certs/15.pem
webservices/wss4j/trunk/keys/ca.db.certs/16.pem
webservices/wss4j/trunk/keys/ca.db.certs/17.pem
webservices/wss4j/trunk/keys/wss40badca.jks (with props)
webservices/wss4j/trunk/keys/wss40badcatrust.jks (with props)
webservices/wss4j/trunk/keys/wss40dsa.pem
webservices/wss4j/trunk/test/wss40badca.properties (with props)
webservices/wss4j/trunk/test/wss40badcatrust.properties (with props)
Removed:
webservices/wss4j/trunk/keys/cert.crt
webservices/wss4j/trunk/keys/cert.pem
webservices/wss4j/trunk/keys/cert.req
webservices/wss4j/trunk/keys/certDSA.crt
webservices/wss4j/trunk/keys/certDSA.pem
webservices/wss4j/trunk/keys/certDSA.req
webservices/wss4j/trunk/keys/wss40.cer
webservices/wss4j/trunk/keys/wss4j.keystore
webservices/wss4j/trunk/test/cryptoSKI.properties
Modified:
webservices/wss4j/trunk/keys/ca.crt
webservices/wss4j/trunk/keys/ca.db.index
webservices/wss4j/trunk/keys/ca.db.serial
webservices/wss4j/trunk/keys/wss40.jks
webservices/wss4j/trunk/keys/wss40.pem
webservices/wss4j/trunk/keys/wss40CA.jks
webservices/wss4j/trunk/keys/wss40CA.pem
webservices/wss4j/trunk/keys/wss40CAKey.pem
webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/test/wssec/SignatureKeyValueTest.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew11.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNew2.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java
Modified: webservices/wss4j/trunk/keys/ca.crt
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.crt?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
Binary files - no diff available.
Added: webservices/wss4j/trunk/keys/ca.db.certs/13.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.certs/13.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/ca.db.certs/13.pem (added)
+++ webservices/wss4j/trunk/keys/ca.db.certs/13.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 19 (0x13)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 10:34:38 2009 GMT
+ Not After : Apr 22 10:34:38 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:91:05:87:f8:1d:f6:63:46:fd:52:34:47:25:ff:
+ 67:57:bf:d8:1f:42:96:ea:10:f5:f9:d3:22:d1:be:
+ 6f:72:88:37:96:d9:bf:0d:d1:c1:0d:6b:f4:ba:1a:
+ 5d:a4:9c:cb:04:bc:e5:b0:0e:94:89:1d:5e:d9:50:
+ 86:72:6e:71:cb:e3:6d:72:d6:63:d0:cf:8e:61:1e:
+ 24:58:89:61:95:ac:22:89:0d:80:33:03:58:72:94:
+ e4:c4:70:ea:ee:a0:67:48:57:a6:47:8e:86:27:25:
+ d8:20:f1:c9:a2:31:4a:c1:fe:d4:57:39:12:c4:1f:
+ e5:92:5d:78:f5:dd:38:f3:b5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 11:7F:5F:33:D6:CE:38:B0:9D:87:C9:77:EF:6F:6C:85:08:11:B1:20
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ b5:48:11:79:ac:bc:aa:09:43:96:01:71:65:48:99:8c:1d:14:
+ 6c:92:6f:0f:84:6e:b1:87:66:90:c8:58:c3:45:e2:0b:1e:cd:
+ 75:ac:d8:36:58:9c:e4:59:1b:aa:e7:74:d4:93:73:be:cb:fe:
+ fd:78:dd:91:a5:ef:d0:5b:1f:97:73:c5:d9:66:00:5d:3e:c7:
+ 3e:2d:b1:ac:ba:85:77:99:38:58:9a:20:00:d5:0f:e2:26:a3:
+ a6:9a:d8:d8:99:2e:c1:6b:ce:a4:f8:53:01:62:2e:e9:27:9d:
+ 22:7c:ab:1d:90:dc:26:50:be:88:32:8e:3e:18:04:7a:cb:09:
+ 35:04
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBEzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDEwMzQzOFoXDTE5MDQyMjEwMzQzOFowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAJEFh/gd9mNG/VI0RyX/Z1e/2B9CluoQ9fnTItG+b3KIN5bZvw3RwQ1r
+9LoaXaScywS85bAOlIkdXtlQhnJuccvjbXLWY9DPjmEeJFiJYZWsIokNgDMDWHKU
+5MRw6u6gZ0hXpkeOhicl2CDxyaIxSsH+1Fc5EsQf5ZJdePXdOPO1AgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBF/XzPWzjiwnYfJd+9vbIUIEbEgMIGYBgNV
+HSMEgZAwgY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEs
+CmkRd9IwDQYJKoZIhvcNAQEEBQADgYEAtUgReay8qglDlgFxZUiZjB0UbJJvD4Ru
+sYdmkMhYw0XiCx7NdazYNlic5Fkbqud01JNzvsv+/XjdkaXv0Fsfl3PF2WYAXT7H
+Pi2xrLqFd5k4WJogANUP4iajpprY2JkuwWvOpPhTAWIu6SedInyrHZDcJlC+iDKO
+PhgEessJNQQ=
+-----END CERTIFICATE-----
Added: webservices/wss4j/trunk/keys/ca.db.certs/14.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.certs/14.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/ca.db.certs/14.pem (added)
+++ webservices/wss4j/trunk/keys/ca.db.certs/14.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 20 (0x14)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 10:37:43 2009 GMT
+ Not After : Apr 22 10:37:43 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:a4:bc:c3:c7:63:b6:82:31:d5:10:c1:5b:d9:59:
+ 6b:78:38:65:13:f2:18:c0:5b:25:3d:36:2c:7d:88:
+ 92:bd:82:70:3f:36:41:74:12:c7:37:96:ff:44:b2:
+ 89:51:56:5b:54:49:c5:07:b8:98:bc:4a:57:46:fe:
+ 34:0a:9f:6b:82:1d:ee:e1:fc:5f:37:19:b9:25:89:
+ 94:8f:b4:4f:20:20:67:ef:dc:d2:7c:5a:08:48:b7:
+ 6b:52:dc:45:39:c2:b4:6a:03:6d:be:cb:0a:20:f4:
+ 62:ee:ca:ca:a6:54:79:28:bd:be:08:69:04:37:b6:
+ cf:96:86:ae:f4:1c:45:b9:2f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ A0:4B:28:F8:74:C0:4D:25:9E:14:57:9D:A8:D9:8A:9E:22:F9:0E:91
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ 3d:95:d2:79:0d:b0:f3:1b:e2:b9:b0:f0:45:3c:c9:9b:b2:e0:
+ 48:23:6a:a9:72:17:07:c0:9c:84:b6:49:57:cc:4d:00:01:83:
+ f6:03:2e:a5:41:9d:c5:7a:39:0d:6f:ec:58:3d:84:e3:d1:84:
+ 34:f8:81:40:74:23:fc:6e:6d:16:c1:86:c6:f4:7f:d1:22:58:
+ 50:3d:62:e4:01:cf:9f:86:d0:dd:fa:ed:eb:98:fe:0a:07:0d:
+ 1d:63:56:ad:66:0b:6c:4b:7c:1f:07:5c:66:d9:5c:f2:e3:6a:
+ 3d:56:26:d9:32:8a:10:1a:24:8b:d1:1a:73:c5:1e:89:ed:40:
+ ff:46
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBFDANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDEwMzc0M1oXDTE5MDQyMjEwMzc0M1owYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAKS8w8djtoIx1RDBW9lZa3g4ZRPyGMBbJT02LH2Ikr2CcD82QXQSxzeW
+/0SyiVFWW1RJxQe4mLxKV0b+NAqfa4Id7uH8XzcZuSWJlI+0TyAgZ+/c0nxaCEi3
+a1LcRTnCtGoDbb7LCiD0Yu7KyqZUeSi9vghpBDe2z5aGrvQcRbkvAgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFKBLKPh0wE0lnhRXnajZip4i+Q6RMIGYBgNV
+HSMEgZAwgY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEs
+CmkRd9IwDQYJKoZIhvcNAQEEBQADgYEAPZXSeQ2w8xviubDwRTzJm7LgSCNqqXIX
+B8CchLZJV8xNAAGD9gMupUGdxXo5DW/sWD2E49GENPiBQHQj/G5tFsGGxvR/0SJY
+UD1i5AHPn4bQ3frt65j+CgcNHWNWrWYLbEt8HwdcZtlc8uNqPVYm2TKKEBoki9Ea
+c8Ueie1A/0Y=
+-----END CERTIFICATE-----
Added: webservices/wss4j/trunk/keys/ca.db.certs/15.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.certs/15.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/ca.db.certs/15.pem (added)
+++ webservices/wss4j/trunk/keys/ca.db.certs/15.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 21 (0x15)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 10:42:50 2009 GMT
+ Not After : Apr 22 10:42:50 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:91:5c:2a:5d:45:52:d4:c2:23:0d:27:4c:c6:95:
+ c9:3a:96:fc:e9:57:9e:cc:9c:39:f0:1d:f1:b7:7c:
+ 13:4d:b6:70:e8:f6:f7:38:69:b4:96:24:90:62:cb:
+ 9f:df:db:d1:47:41:32:4b:4a:d5:1c:92:77:ff:f4:
+ 17:c8:43:d3:4f:d9:4f:2c:f1:0d:1d:ab:44:62:74:
+ 1f:13:1d:9b:2b:ba:be:82:ae:94:e5:e9:6e:50:f5:
+ 4c:17:3d:93:6b:3b:ea:09:c2:e9:80:05:b8:e1:93:
+ e3:f3:af:f0:54:0d:41:90:6b:67:3e:81:71:2f:00:
+ fc:29:46:ea:b2:66:f9:d9:bd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 99:DB:9A:CC:DB:43:C7:34:80:6B:A1:B6:E3:54:3A:2E:4F:F7:A2:0A
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ 0f:5d:ba:26:a2:39:ac:7a:c5:a3:cc:66:d3:6c:a9:4b:53:43:
+ 3a:24:c8:2e:21:76:11:65:2c:87:91:e5:03:19:aa:c2:a6:07:
+ c6:0f:1f:13:af:03:4c:f0:17:83:79:cc:82:3e:13:1f:c1:3a:
+ df:7a:d6:e4:c7:3c:54:bc:6a:70:6f:c7:86:58:94:fe:e0:6f:
+ 3b:9d:d0:13:07:ba:a5:0c:eb:05:1a:06:b1:e5:34:56:cc:62:
+ 8b:69:30:50:ef:b6:b5:dd:c0:ba:2e:11:2b:d5:58:b1:7a:6f:
+ f2:77:e4:06:57:9f:0d:fd:ae:3f:a3:eb:4d:41:e9:1c:78:05:
+ 69:69
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBFTANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDEwNDI1MFoXDTE5MDQyMjEwNDI1MFowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAJFcKl1FUtTCIw0nTMaVyTqW/OlXnsycOfAd8bd8E022cOj29zhptJYk
+kGLLn9/b0UdBMktK1RySd//0F8hD00/ZTyzxDR2rRGJ0HxMdmyu6voKulOXpblD1
+TBc9k2s76gnC6YAFuOGT4/Ov8FQNQZBrZz6BcS8A/ClG6rJm+dm9AgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJnbmszbQ8c0gGuhtuNUOi5P96IKMIGYBgNV
+HSMEgZAwgY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEs
+CmkRd9IwDQYJKoZIhvcNAQEEBQADgYEAD126JqI5rHrFo8xm02ypS1NDOiTILiF2
+EWUsh5HlAxmqwqYHxg8fE68DTPAXg3nMgj4TH8E633rW5Mc8VLxqcG/HhliU/uBv
+O53QEwe6pQzrBRoGseU0Vsxii2kwUO+2td3Aui4RK9VYsXpv8nfkBlefDf2uP6Pr
+TUHpHHgFaWk=
+-----END CERTIFICATE-----
Added: webservices/wss4j/trunk/keys/ca.db.certs/16.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.certs/16.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/ca.db.certs/16.pem (added)
+++ webservices/wss4j/trunk/keys/ca.db.certs/16.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 22 (0x16)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 11:29:21 2009 GMT
+ Not After : Apr 22 11:29:21 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b5:f2:76:f4:dd:06:d6:db:a9:35:67:05:3a:40:
+ 3b:45:1d:81:93:68:0c:d9:6d:96:4e:4f:1a:99:fe:
+ ab:55:f4:57:87:a2:62:ff:00:9b:84:d3:b8:78:10:
+ a2:4b:64:d9:39:c3:33:f2:92:8e:8e:44:f9:17:74:
+ e6:43:83:37:0e:52:2c:b4:7d:3d:15:a4:9d:5b:e4:
+ 6d:ec:ef:f5:1c:0a:ed:63:e9:9f:08:04:1a:ae:c5:
+ 7f:40:13:42:b2:83:c7:3a:ea:eb:9e:9b:a6:67:f5:
+ 76:e2:af:30:ea:af:61:53:66:01:25:55:ac:64:89:
+ 51:94:67:0d:7a:b4:d3:c2:87
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ A7:B7:1E:C6:7F:EC:AE:8B:61:2A:CE:40:38:1E:1F:AA:E3:A4:BA:AE
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ 49:5f:41:a9:bc:d8:6b:c7:86:e1:72:aa:f3:61:b4:3c:c0:44:
+ 75:27:9c:3d:8b:4a:e1:86:60:13:c7:25:7e:df:df:0f:a5:44:
+ fc:c6:09:43:6b:1c:ee:f8:4d:98:7d:aa:84:00:fd:ca:da:40:
+ 11:56:01:87:f3:83:8e:50:f6:e6:5b:b8:b0:13:57:ad:6d:39:
+ 23:a2:4b:61:0b:0b:56:0b:2b:e6:0a:38:02:59:4e:e1:dd:f0:
+ 82:9b:71:15:cc:f3:33:68:13:d5:60:ec:25:01:fe:37:c9:4e:
+ 97:ef:bd:9a:b6:9b:85:ca:0a:13:e0:5d:ab:da:d5:35:c5:b8:
+ 65:e7
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAp2gAwIBAgIBFjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDExMjkyMVoXDTE5MDQyMjExMjkyMVowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALXydvTdBtbbqTVnBTpAO0UdgZNoDNltlk5PGpn+q1X0V4eiYv8Am4TT
+uHgQoktk2TnDM/KSjo5E+Rd05kODNw5SLLR9PRWknVvkbezv9RwK7WPpnwgEGq7F
+f0ATQrKDxzrq656bpmf1duKvMOqvYVNmASVVrGSJUZRnDXq008KHAgMBAAGjgfYw
+gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFKe3HsZ/7K6LYSrOQDgeH6rjpLquMIGYBgNV
+HSMEgZAwgY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEs
+CmkRd9IwDQYJKoZIhvcNAQEEBQADgYEASV9BqbzYa8eG4XKq82G0PMBEdSecPYtK
+4YZgE8clft/fD6VE/MYJQ2sc7vhNmH2qhAD9ytpAEVYBh/ODjlD25lu4sBNXrW05
+I6JLYQsLVgsr5go4AllO4d3wgptxFczzM2gT1WDsJQH+N8lOl++9mrabhcoKE+Bd
+q9rVNcW4Zec=
+-----END CERTIFICATE-----
Added: webservices/wss4j/trunk/keys/ca.db.certs/17.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.certs/17.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/ca.db.certs/17.pem (added)
+++ webservices/wss4j/trunk/keys/ca.db.certs/17.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,93 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 23 (0x17)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 13:41:19 2009 GMT
+ Not After : Apr 22 13:41:19 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 00:9f:77:97:cd:b8:3c:d1:d1:ab:78:8b:2a:22:8e:
+ c2:17:89:07:da:02:3a:62:6a:c0:d6:5e:61:b6:77:
+ 2d:2b:17:b4:26:37:50:17:a3:f3:7e:94:5c:fc:a9:
+ 6f:09:9c:d4:08:90:57:89:0c:38:d4:f8:06:4d:06:
+ e5:eb:62:90:89:57:af:7d:b1:3e:16:11:82:0c:38:
+ d7:39:02:2e:c3:78:d5:46:78:63:d6:65:07:fd:d7:
+ 08:8d:13:76:77:6e:4f:6f:81:95:34:4c:e9:2e:4d:
+ 6b:3a:10:ff:86:33:c8:d8:58:03:b0:d9:af:51:0c:
+ 21:3a:10:15:b2:a0:a7:ff:a5
+ P:
+ 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+ e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+ 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+ c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+ 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+ 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+ c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+ 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+ f2:22:03:19:9d:d1:48:01:c7
+ Q:
+ 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+ 84:0b:f0:58:1c:f5
+ G:
+ 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+ 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+ 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+ 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+ 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+ ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+ f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+ a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+ 25:64:01:4c:3b:fe:cf:49:2a
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D8:35:28:37:8A:69:C4:9C:FF:44:D8:1C:08:3B:09:E1:2A:1C:3D:D9
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ 62:fc:07:c2:ee:62:95:9b:e6:bb:7f:46:9b:c7:c4:c4:9b:36:
+ ec:cf:4b:1c:95:cf:ea:7f:31:5a:e7:f3:91:f8:82:54:a1:10:
+ 6d:4b:cc:a0:69:b2:19:20:2a:ef:c2:08:24:d7:3c:40:32:73:
+ 3e:d2:95:0d:f6:70:e1:ab:c2:cf:98:f0:42:f6:d4:a1:e7:75:
+ cc:a2:fe:20:51:9b:e7:c5:1b:53:a9:11:8f:71:9a:fc:b9:43:
+ 43:d9:41:f6:13:ae:ea:e3:26:a6:db:b2:c6:38:95:3c:0f:81:
+ af:a1:48:16:3e:2e:a5:8e:45:a3:36:dc:24:ca:f3:23:56:a3:
+ 46:6d
+-----BEGIN CERTIFICATE-----
+MIIETjCCA7egAwIBAgIBFzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDEzNDExOVoXDTE5MDQyMjEzNDExOVowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wggG4MIIBLAYHKoZIzjgEATCCAR8C
+gYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F
+9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYV
+DwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKS
+uYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ
+V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFu
+o38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOB
+hQACgYEAn3eXzbg80dGreIsqIo7CF4kH2gI6YmrA1l5htnctKxe0JjdQF6PzfpRc
+/KlvCZzUCJBXiQw41PgGTQbl62KQiVevfbE+FhGCDDjXOQIuw3jVRnhj1mUH/dcI
+jRN2d25Pb4GVNEzpLk1rOhD/hjPI2FgDsNmvUQwhOhAVsqCn/6WjgfYwgfMwCQYD
+VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFNg1KDeKacSc/0TYHAg7CeEqHD3ZMIGYBgNVHSMEgZAw
+gY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTAT
+BgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEsCmkRd9Iw
+DQYJKoZIhvcNAQEEBQADgYEAYvwHwu5ilZvmu39Gm8fExJs27M9LHJXP6n8xWufz
+kfiCVKEQbUvMoGmyGSAq78IIJNc8QDJzPtKVDfZw4avCz5jwQvbUoed1zKL+IFGb
+58UbU6kRj3Ga/LlDQ9lB9hOu6uMmptuyxjiVPA+Br6FIFj4upY5FozbcJMrzI1aj
+Rm0=
+-----END CERTIFICATE-----
Modified: webservices/wss4j/trunk/keys/ca.db.index
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.index?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
Binary files - no diff available.
Modified: webservices/wss4j/trunk/keys/ca.db.serial
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/ca.db.serial?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
Binary files - no diff available.
Modified: webservices/wss4j/trunk/keys/wss40.jks
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40.jks?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
Binary files - no diff available.
Modified: webservices/wss4j/trunk/keys/wss40.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40.pem?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/keys/wss40.pem (original)
+++ webservices/wss4j/trunk/keys/wss40.pem Fri Apr 24 14:21:52 2009
@@ -1,26 +1,26 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 18 (0x12)
+ Serial Number: 22 (0x16)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
Validity
- Not Before: Apr 10 09:41:09 2009 GMT
- Not After : Apr 8 09:41:09 2019 GMT
+ Not Before: Apr 24 11:29:21 2009 GMT
+ Not After : Apr 22 11:29:21 2019 GMT
Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
- 00:91:05:87:f8:1d:f6:63:46:fd:52:34:47:25:ff:
- 67:57:bf:d8:1f:42:96:ea:10:f5:f9:d3:22:d1:be:
- 6f:72:88:37:96:d9:bf:0d:d1:c1:0d:6b:f4:ba:1a:
- 5d:a4:9c:cb:04:bc:e5:b0:0e:94:89:1d:5e:d9:50:
- 86:72:6e:71:cb:e3:6d:72:d6:63:d0:cf:8e:61:1e:
- 24:58:89:61:95:ac:22:89:0d:80:33:03:58:72:94:
- e4:c4:70:ea:ee:a0:67:48:57:a6:47:8e:86:27:25:
- d8:20:f1:c9:a2:31:4a:c1:fe:d4:57:39:12:c4:1f:
- e5:92:5d:78:f5:dd:38:f3:b5
+ 00:b5:f2:76:f4:dd:06:d6:db:a9:35:67:05:3a:40:
+ 3b:45:1d:81:93:68:0c:d9:6d:96:4e:4f:1a:99:fe:
+ ab:55:f4:57:87:a2:62:ff:00:9b:84:d3:b8:78:10:
+ a2:4b:64:d9:39:c3:33:f2:92:8e:8e:44:f9:17:74:
+ e6:43:83:37:0e:52:2c:b4:7d:3d:15:a4:9d:5b:e4:
+ 6d:ec:ef:f5:1c:0a:ed:63:e9:9f:08:04:1a:ae:c5:
+ 7f:40:13:42:b2:83:c7:3a:ea:eb:9e:9b:a6:67:f5:
+ 76:e2:af:30:ea:af:61:53:66:01:25:55:ac:64:89:
+ 51:94:67:0d:7a:b4:d3:c2:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
@@ -28,38 +28,38 @@
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
- 11:7F:5F:33:D6:CE:38:B0:9D:87:C9:77:EF:6F:6C:85:08:11:B1:20
+ A7:B7:1E:C6:7F:EC:AE:8B:61:2A:CE:40:38:1E:1F:AA:E3:A4:BA:AE
X509v3 Authority Key Identifier:
- keyid:2B:83:7C:A1:7D:26:0F:D0:2C:F6:1B:CF:D0:D5:5E:A1:9B:AF:91:5A
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
- serial:DF:03:2C:56:D6:F5:09:DB
+ serial:8D:E1:2C:0A:69:11:77:D2
Signature Algorithm: md5WithRSAEncryption
- 91:d1:57:49:84:7d:c0:4d:96:ac:d2:aa:d5:71:73:11:05:41:
- d0:59:d3:65:f0:ad:bc:76:50:4b:6f:ca:56:b2:05:05:d4:7b:
- aa:30:9b:3f:80:45:52:f8:54:fb:96:58:f5:ad:c8:70:a4:c5:
- d4:fe:f4:2b:a7:9c:a4:56:af:e1:ae:fa:b2:98:73:45:a2:e9:
- 72:51:77:f0:81:81:fa:cf:01:99:40:8f:09:4d:5f:de:68:c2:
- d7:44:d4:21:da:04:5a:b7:55:1c:ed:ca:7e:33:bd:6d:da:e1:
- 14:ec:8d:a8:4a:13:26:38:cc:fc:45:b5:55:68:cb:04:a6:00:
- 9a:3a
+ 49:5f:41:a9:bc:d8:6b:c7:86:e1:72:aa:f3:61:b4:3c:c0:44:
+ 75:27:9c:3d:8b:4a:e1:86:60:13:c7:25:7e:df:df:0f:a5:44:
+ fc:c6:09:43:6b:1c:ee:f8:4d:98:7d:aa:84:00:fd:ca:da:40:
+ 11:56:01:87:f3:83:8e:50:f6:e6:5b:b8:b0:13:57:ad:6d:39:
+ 23:a2:4b:61:0b:0b:56:0b:2b:e6:0a:38:02:59:4e:e1:dd:f0:
+ 82:9b:71:15:cc:f3:33:68:13:d5:60:ec:25:01:fe:37:c9:4e:
+ 97:ef:bd:9a:b6:9b:85:ca:0a:13:e0:5d:ab:da:d5:35:c5:b8:
+ 65:e7
-----BEGIN CERTIFICATE-----
-MIIDNDCCAp2gAwIBAgIBEjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MIIDNDCCAp2gAwIBAgIBFjANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
-FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQx
-MDA5NDEwOVoXDTE5MDQwODA5NDEwOVowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDExMjkyMVoXDTE5MDQyMjExMjkyMVowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
-MIGJAoGBAJEFh/gd9mNG/VI0RyX/Z1e/2B9CluoQ9fnTItG+b3KIN5bZvw3RwQ1r
-9LoaXaScywS85bAOlIkdXtlQhnJuccvjbXLWY9DPjmEeJFiJYZWsIokNgDMDWHKU
-5MRw6u6gZ0hXpkeOhicl2CDxyaIxSsH+1Fc5EsQf5ZJdePXdOPO1AgMBAAGjgfYw
+MIGJAoGBALXydvTdBtbbqTVnBTpAO0UdgZNoDNltlk5PGpn+q1X0V4eiYv8Am4TT
+uHgQoktk2TnDM/KSjo5E+Rd05kODNw5SLLR9PRWknVvkbezv9RwK7WPpnwgEGq7F
+f0ATQrKDxzrq656bpmf1duKvMOqvYVNmASVVrGSJUZRnDXq008KHAgMBAAGjgfYw
gfMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBF/XzPWzjiwnYfJd+9vbIUIEbEgMIGYBgNV
-HSMEgZAwgY2AFCuDfKF9Jg/QLPYbz9DVXqGbr5FaoWqkaDBmMQswCQYDVQQGEwJE
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFKe3HsZ/7K6LYSrOQDgeH6rjpLquMIGYBgNV
+HSMEgZAwgY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJE
RTEPMA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhv
-bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkA3wMs
-Vtb1CdswDQYJKoZIhvcNAQEEBQADgYEAkdFXSYR9wE2WrNKq1XFzEQVB0FnTZfCt
-vHZQS2/KVrIFBdR7qjCbP4BFUvhU+5ZY9a3IcKTF1P70K6ecpFav4a76sphzRaLp
-clF38IGB+s8BmUCPCU1f3mjC10TUIdoEWrdVHO3KfjO9bdrhFOyNqEoTJjjM/EW1
-VWjLBKYAmjo=
+bWUxFTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEs
+CmkRd9IwDQYJKoZIhvcNAQEEBQADgYEASV9BqbzYa8eG4XKq82G0PMBEdSecPYtK
+4YZgE8clft/fD6VE/MYJQ2sc7vhNmH2qhAD9ytpAEVYBh/ODjlD25lu4sBNXrW05
+I6JLYQsLVgsr5go4AllO4d3wgptxFczzM2gT1WDsJQH+N8lOl++9mrabhcoKE+Bd
+q9rVNcW4Zec=
-----END CERTIFICATE-----
Modified: webservices/wss4j/trunk/keys/wss40CA.jks
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40CA.jks?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
Binary files - no diff available.
Modified: webservices/wss4j/trunk/keys/wss40CA.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40CA.pem?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/keys/wss40CA.pem (original)
+++ webservices/wss4j/trunk/keys/wss40CA.pem Fri Apr 24 14:21:52 2009
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDFjCCAn+gAwIBAgIJAN8DLFbW9QnbMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
+MIIDFjCCAn+gAwIBAgIJAI3hLAppEXfSMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIEwZCYXllcm4xDzANBgNVBAcTBk11bmljaDENMAsGA1UE
ChMESG9tZTEVMBMGA1UECxMMQXBhY2hlIFdTUzRKMQ8wDQYDVQQDEwZXZXJuZXIw
-HhcNMDkwNDEwMDkzODUyWhcNMDkwNTEwMDkzODUyWjBmMQswCQYDVQQGEwJERTEP
+HhcNMDkwNDI0MTAzMjQ2WhcNMTkwNDIyMTAzMjQ2WjBmMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQCmgtgDI2hycWmG0OCXo/fGYS2myNb8Ye+TvjkF
-XyrMogWNSTVBQQi8OHOuZQeHYCP83edVO3dbZ/VCJ+4KqfXptLoFAvoiT+1Rv8Ul
-MMASnfGn2ZLlrShCQaaPzhI+Uy2C6RoQY7yjJUv7bdC8WSNca6N9H1JWliruaysI
-F7+lQQIDAQABo4HLMIHIMB0GA1UdDgQWBBQrg3yhfSYP0Cz2G8/Q1V6hm6+RWjCB
-mAYDVR0jBIGQMIGNgBQrg3yhfSYP0Cz2G8/Q1V6hm6+RWqFqpGgwZjELMAkGA1UE
+SIb3DQEBAQUAA4GNADCBiQKBgQDWyYLtAg1XlEGC5dCc4SP1Rg4SbEVLWvXBIZrA
+IG1MqDpjDFM7WlOdMudqmVFn6+z+PMPfuQdTET7+udhDty4ukhycuAkiv80lie+6
+tbfWddR9i3gZt0YMTq2PvXOpKiBAjD7umjbzbGnSbXAWKAYLQO5Nzcjc9eYVWxNu
+rUqJvwIDAQABo4HLMIHIMB0GA1UdDgQWBBRWF+/2a4tZ/iMZaN54wOFNZ33QZjCB
+mAYDVR0jBIGQMIGNgBRWF+/2a4tZ/iMZaN54wOFNZ33QZqFqpGgwZjELMAkGA1UE
BhMCREUxDzANBgNVBAgTBkJheWVybjEPMA0GA1UEBxMGTXVuaWNoMQ0wCwYDVQQK
EwRIb21lMRUwEwYDVQQLEwxBcGFjaGUgV1NTNEoxDzANBgNVBAMTBldlcm5lcoIJ
-AN8DLFbW9QnbMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAk2DCM7yQ
-AFEiAtcM8B8slyE99FLtaQlagT9KMpL3uVg3O/DF57HDjBXIO+rP75aGbGGaOq1G
-qxenhazkEFnsA20oqUYX5j9gk66glvBJn0LThmIifWHfe9e781uSx2qdhl6NHj3D
-er26SAtz2BLjeiptxz/LmGLKoMC40S1+4Wo=
+AI3hLAppEXfSMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAYTuCjZSS
+cbxzaWtItIL0Szh410aAisfB12MDWTGvxOL6YdqXtlwpA/miTK67KaEBnsb7PwnU
+GClKvGIoFYAtvgAyKclzsl4dl4pA8P2a4ofSKsdVKLyIIS7Vqgj0fmlc6lYJlhXI
+xUHz4tR1T97/ZU1uAr5KwXiEA7SYQzZkHZg=
-----END CERTIFICATE-----
Modified: webservices/wss4j/trunk/keys/wss40CAKey.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40CAKey.pem?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/keys/wss40CAKey.pem (original)
+++ webservices/wss4j/trunk/keys/wss40CAKey.pem Fri Apr 24 14:21:52 2009
@@ -1,18 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,D5836A91B65E76D5
+DEK-Info: DES-EDE3-CBC,C6C14348CDE07279
-2DeecNm4txyxfdUe//EE24gvZ6gjsXyt2nCK6QqRKQWl2U36J9gczWdD9R2u7GcM
-1fcz1k/PovM0xVSFPNn1Vlwmeqmn2ECNI5UXzaiSAizMySADhxpWzg76OqFvx52K
-65La0DoIUuT7mqvGoVL9KuHxQZ6FbKqKVMFa/UDDOqq4upCec7Jf4B4UUKgJPEu7
-4uscLCehcUKAmyJ8qDd7jWDGCXYLdR+ZZg8qWgysdFThks0vX++WESa0lS0n8eg6
-xKAgd6BzemmZmkCcnxCmjLbW8eAj9um/dbe3C2gnfKE/NlHWDzEa7ru1Jz5o92wg
-OqNfdKvlgCNVsds1B+aHVLdypvVKy3N93pNRX19e3chWj3lEwFG2tA7ctvxPz4Rc
-vzbc3y4k5oHo4AqPZnq++GGsBc1OVOdgFk5RUtsHjFIaJBwjvkvrGhWm4BuFbue7
-Nap9KjqD9Wu+9cqR/wew+F1pTrPcxDv0u6QGJhq4waCJmyQEGfJInQaVsZSCzm/0
-tNeqOvp0oyemy2jHcsfgSpCJ1P+kf3trD7hssSupsHF0kuqzgDsPy4USuH1oxA8O
-TeesRJpP1h5yhWM8ohnqkET2wZ54zGyPXsgdboX2DBKMEzcoz0mE6SQXbRJB+SPM
-LNWs9qL8vwSykIRcbDpa/dq8oIfzyggcfn5NA0TtCHG20siMaulxIQMrWnEAkHXB
-lfImh3HmqHQ3OaMA70bcOpUpqkS+jw4M0oHVuxdTuEv6H+YP0KGg8bs6foPrZmjU
-EAw5sWw5aU2lYfchZEVXpktae4nua5iRM4z6AGtk6Et3UegZ0kApsw==
+eBKIFCXiTtpJmC9b2ezRtuLjFSf7DA75vCVwphunhAXqnptHhrb8ZsAnc0L2OUZn
+vRFyXt8SpcK08SC6vrmQlL2Tgx9HvLma9EaYWotFqm2/Bg06tYCZJ5TKEeMgzQad
+UPF6U7quhPZrSLguam5d4BFuTlIdiGZyE/Fbu/FKZr5eUPK6ou7cjYkHuj4C9z5y
+UkPjXPu0cN3YfM19IBW8hDaqBIjuLP6D9mduQtrbKiIgNkh2E/CRAyq5mvIdGHuJ
+PU9GyHAC4ibZq4dR7cLgiBkHGpuP2W9c/xY1/lG/bOFfDp3AgFQmG6zcTRwn+dXm
+aUdAqxy/u0avBRWBsFJoSZ7y8q8U9yx6LkXvgLhTj+TxpDZSRLpIv5pReKj6ti+U
+7BtvZOpn3zrG3IszhMLb7Yxee0Whpm5UY6b/m5tr8qmZEo72W10EZvDY9JyHZ49M
+yHv8+Q5T0H9WRXeEV/F0ueiWR9QWjXUc8ZYP3EUDVna8VN5VPl8yF5nUJP0bXsvu
+gaH1/5T5a4NBUP3JRSrACk7+36RV8Oa1B6Qp38xWVXT81x6gebBi4mJArfaSoupv
+tkpeSSyyChK2+EFuXSPx2HQ2Y15gfPJLYNf4iEKpHnggN46zQ2jnh/9tKhj8nG3Y
+uq1DlfldY9x8oO7whcQR/zVgeI51/RqQ2wyKW5EafrFEj7EfTnAunpickO5Gjz12
+nXmfT+kxkYH5ZwB/IcOAbz5RNbewbstqV3RCEJr26Dz2dk6OvS8QYdcoHR4L0xiK
+TzzPqy4PbV3KIyvyd2cdyOvRuVWvrkPsjf4P2JyH9JatKnMFUsGS0A==
-----END RSA PRIVATE KEY-----
Added: webservices/wss4j/trunk/keys/wss40badca.jks
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40badca.jks?rev=768319&view=auto
==============================================================================
Binary file - no diff available.
Propchange: webservices/wss4j/trunk/keys/wss40badca.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/wss4j/trunk/keys/wss40badcatrust.jks
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40badcatrust.jks?rev=768319&view=auto
==============================================================================
Binary file - no diff available.
Propchange: webservices/wss4j/trunk/keys/wss40badcatrust.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/wss4j/trunk/keys/wss40dsa.pem
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/keys/wss40dsa.pem?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/keys/wss40dsa.pem (added)
+++ webservices/wss4j/trunk/keys/wss40dsa.pem Fri Apr 24 14:21:52 2009
@@ -0,0 +1,93 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 23 (0x17)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=DE, ST=Bayern, L=Munich, O=Home, OU=Apache WSS4J, CN=Werner
+ Validity
+ Not Before: Apr 24 13:41:19 2009 GMT
+ Not After : Apr 22 13:41:19 2019 GMT
+ Subject: C=IE, ST=Leinster, L=Dublin, O=Apache, OU=WSS4J, CN=Colm
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 00:9f:77:97:cd:b8:3c:d1:d1:ab:78:8b:2a:22:8e:
+ c2:17:89:07:da:02:3a:62:6a:c0:d6:5e:61:b6:77:
+ 2d:2b:17:b4:26:37:50:17:a3:f3:7e:94:5c:fc:a9:
+ 6f:09:9c:d4:08:90:57:89:0c:38:d4:f8:06:4d:06:
+ e5:eb:62:90:89:57:af:7d:b1:3e:16:11:82:0c:38:
+ d7:39:02:2e:c3:78:d5:46:78:63:d6:65:07:fd:d7:
+ 08:8d:13:76:77:6e:4f:6f:81:95:34:4c:e9:2e:4d:
+ 6b:3a:10:ff:86:33:c8:d8:58:03:b0:d9:af:51:0c:
+ 21:3a:10:15:b2:a0:a7:ff:a5
+ P:
+ 00:fd:7f:53:81:1d:75:12:29:52:df:4a:9c:2e:ec:
+ e4:e7:f6:11:b7:52:3c:ef:44:00:c3:1e:3f:80:b6:
+ 51:26:69:45:5d:40:22:51:fb:59:3d:8d:58:fa:bf:
+ c5:f5:ba:30:f6:cb:9b:55:6c:d7:81:3b:80:1d:34:
+ 6f:f2:66:60:b7:6b:99:50:a5:a4:9f:9f:e8:04:7b:
+ 10:22:c2:4f:bb:a9:d7:fe:b7:c6:1b:f8:3b:57:e7:
+ c6:a8:a6:15:0f:04:fb:83:f6:d3:c5:1e:c3:02:35:
+ 54:13:5a:16:91:32:f6:75:f3:ae:2b:61:d7:2a:ef:
+ f2:22:03:19:9d:d1:48:01:c7
+ Q:
+ 00:97:60:50:8f:15:23:0b:cc:b2:92:b9:82:a2:eb:
+ 84:0b:f0:58:1c:f5
+ G:
+ 00:f7:e1:a0:85:d6:9b:3d:de:cb:bc:ab:5c:36:b8:
+ 57:b9:79:94:af:bb:fa:3a:ea:82:f9:57:4c:0b:3d:
+ 07:82:67:51:59:57:8e:ba:d4:59:4f:e6:71:07:10:
+ 81:80:b4:49:16:71:23:e8:4c:28:16:13:b7:cf:09:
+ 32:8c:c8:a6:e1:3c:16:7a:8b:54:7c:8d:28:e0:a3:
+ ae:1e:2b:b3:a6:75:91:6e:a3:7f:0b:fa:21:35:62:
+ f1:fb:62:7a:01:24:3b:cc:a4:f1:be:a8:51:90:89:
+ a8:83:df:e1:5a:e5:9f:06:92:8b:66:5e:80:7b:55:
+ 25:64:01:4c:3b:fe:cf:49:2a
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D8:35:28:37:8A:69:C4:9C:FF:44:D8:1C:08:3B:09:E1:2A:1C:3D:D9
+ X509v3 Authority Key Identifier:
+ keyid:56:17:EF:F6:6B:8B:59:FE:23:19:68:DE:78:C0:E1:4D:67:7D:D0:66
+ DirName:/C=DE/ST=Bayern/L=Munich/O=Home/OU=Apache WSS4J/CN=Werner
+ serial:8D:E1:2C:0A:69:11:77:D2
+
+ Signature Algorithm: md5WithRSAEncryption
+ 62:fc:07:c2:ee:62:95:9b:e6:bb:7f:46:9b:c7:c4:c4:9b:36:
+ ec:cf:4b:1c:95:cf:ea:7f:31:5a:e7:f3:91:f8:82:54:a1:10:
+ 6d:4b:cc:a0:69:b2:19:20:2a:ef:c2:08:24:d7:3c:40:32:73:
+ 3e:d2:95:0d:f6:70:e1:ab:c2:cf:98:f0:42:f6:d4:a1:e7:75:
+ cc:a2:fe:20:51:9b:e7:c5:1b:53:a9:11:8f:71:9a:fc:b9:43:
+ 43:d9:41:f6:13:ae:ea:e3:26:a6:db:b2:c6:38:95:3c:0f:81:
+ af:a1:48:16:3e:2e:a5:8e:45:a3:36:dc:24:ca:f3:23:56:a3:
+ 46:6d
+-----BEGIN CERTIFICATE-----
+MIIETjCCA7egAwIBAgIBFzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUx
+FTATBgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyMB4XDTA5MDQy
+NDEzNDExOVoXDTE5MDQyMjEzNDExOVowYTELMAkGA1UEBhMCSUUxETAPBgNVBAgT
+CExlaW5zdGVyMQ8wDQYDVQQHEwZEdWJsaW4xDzANBgNVBAoTBkFwYWNoZTEOMAwG
+A1UECxMFV1NTNEoxDTALBgNVBAMTBENvbG0wggG4MIIBLAYHKoZIzjgEATCCAR8C
+gYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F
+9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYV
+DwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKS
+uYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZ
+V4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFu
+o38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOB
+hQACgYEAn3eXzbg80dGreIsqIo7CF4kH2gI6YmrA1l5htnctKxe0JjdQF6PzfpRc
+/KlvCZzUCJBXiQw41PgGTQbl62KQiVevfbE+FhGCDDjXOQIuw3jVRnhj1mUH/dcI
+jRN2d25Pb4GVNEzpLk1rOhD/hjPI2FgDsNmvUQwhOhAVsqCn/6WjgfYwgfMwCQYD
+VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFNg1KDeKacSc/0TYHAg7CeEqHD3ZMIGYBgNVHSMEgZAw
+gY2AFFYX7/Zri1n+Ixlo3njA4U1nfdBmoWqkaDBmMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTAT
+BgNVBAsTDEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyggkAjeEsCmkRd9Iw
+DQYJKoZIhvcNAQEEBQADgYEAYvwHwu5ilZvmu39Gm8fExJs27M9LHJXP6n8xWufz
+kfiCVKEQbUvMoGmyGSAq78IIJNc8QDJzPtKVDfZw4avCz5jwQvbUoed1zKL+IFGb
+58UbU6kRj3Ga/LlDQ9lB9hOu6uMmptuyxjiVPA+Br6FIFj4upY5FozbcJMrzI1aj
+Rm0=
+-----END CERTIFICATE-----
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngineResult.java Fri Apr 24 14:21:52 2009
@@ -159,24 +159,27 @@
public WSSecurityEngineResult(
int act,
Principal princ,
- X509Certificate certificate,
+ X509Certificate[] certs,
byte[] sv
) {
put(TAG_ACTION, new Integer(act));
put(TAG_PRINCIPAL, princ);
- put(TAG_X509_CERTIFICATE, certificate);
+ put(TAG_X509_CERTIFICATES, certs);
put(TAG_SIGNATURE_VALUE, sv);
+ if (certs != null) {
+ put(TAG_X509_CERTIFICATE, certs[0]);
+ }
}
public
WSSecurityEngineResult(
int act,
Principal princ,
- X509Certificate certificate,
+ X509Certificate[] certs,
List dataRefs,
byte[] sv
) {
- this(act, princ, certificate, sv);
+ this(act, princ, certs, sv);
put(TAG_DATA_REF_URIS, dataRefs);
}
@@ -200,14 +203,17 @@
byte[] encryptedKeyBytes,
String encyptedKeyId,
List dataRefUris,
- X509Certificate cert
+ X509Certificate[] certs
) {
put(TAG_ACTION, new Integer(act));
put(TAG_DECRYPTED_KEY, decryptedKey);
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
put(TAG_DATA_REF_URIS, dataRefUris);
- put(TAG_X509_CERTIFICATE, cert);
+ put(TAG_X509_CERTIFICATES, certs);
+ if (certs != null) {
+ put(TAG_X509_CERTIFICATE, certs[0]);
+ }
}
public WSSecurityEngineResult(int act, List dataRefUris) {
@@ -230,11 +236,13 @@
put(TAG_SIGNATURE_CONFIRMATION, sc);
}
- public WSSecurityEngineResult(int act, BinarySecurity token,
- X509Certificate[] certificates) {
+ public WSSecurityEngineResult(int act, BinarySecurity token, X509Certificate[] certs) {
put(TAG_ACTION, new Integer(act));
put(TAG_BINARY_SECURITY_TOKEN, token);
- put(TAG_X509_CERTIFICATES, certificates);
+ put(TAG_X509_CERTIFICATES, certs);
+ if (certs != null) {
+ put(TAG_X509_CERTIFICATE, certs[0]);
+ }
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java Fri Apr 24 14:21:52 2009
@@ -68,7 +68,7 @@
private byte[] decryptedBytes = null;
private String encryptedKeyId = null;
- private X509Certificate cert = null;
+ private X509Certificate[] certs;
public void handleToken(
Element elem,
@@ -82,6 +82,7 @@
if (log.isDebugEnabled()) {
log.debug("Found encrypted key element");
}
+ certs = null;
if (decCrypto == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noDecCryptoFile");
}
@@ -98,7 +99,7 @@
this.encryptedEphemeralKey,
this.encryptedKeyId,
dataRefUris,
- cert
+ certs
)
);
}
@@ -375,7 +376,7 @@
// This method is _not_ recommended by OASIS WS-S specification, X509 profile
//
else if (secRef.containsKeyIdentifier()) {
- X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
+ certs = secRef.getKeyIdentifier(crypto);
if (certs == null || certs.length < 1 || certs[0] == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
@@ -388,7 +389,6 @@
// the private key associated with this certificate
//
alias = crypto.getAliasForX509Cert(certs[0]);
- cert = certs[0];
if (log.isDebugEnabled()) {
log.debug("cert: " + certs[0]);
log.debug("KeyIdentifier Alias: " + alias);
@@ -409,8 +409,9 @@
new Object[] {"for decryption (BST)"}
);
}
- cert = token.getX509Certificate(crypto);
- if (cert == null) {
+ certs = new X509Certificate[1];
+ certs[0] = token.getX509Certificate(crypto);
+ if (certs[0] == null) {
throw new WSSecurityException(
WSSecurityException.FAILURE,
"noCertsFound",
@@ -421,7 +422,7 @@
// Here we have the certificate. Now find the alias for it. Needed to identify
// the private key associated with this certificate
//
- alias = crypto.getAliasForX509Cert(cert);
+ alias = crypto.getAliasForX509Cert(certs[0]);
if (log.isDebugEnabled()) {
log.debug("BST Alias: " + alias);
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Fri Apr 24 14:21:52 2009
@@ -71,6 +71,10 @@
private static Log tlog = LogFactory.getLog("org.apache.ws.security.TIME");
private String signatureId;
+
+ private X509Certificate[] certs;
+
+ private byte[] signatureValue;
public void handleToken(
Element elem,
@@ -85,17 +89,15 @@
log.debug("Found signature element");
}
boolean remove = WSDocInfoStore.store(wsDocInfo);
- X509Certificate[] returnCert = new X509Certificate[1];
List protectedRefs = new java.util.ArrayList();
- byte[][] signatureValue = new byte[1][];
Principal lastPrincipalFound = null;
+ certs = null;
+ signatureValue = null;
try {
lastPrincipalFound =
verifyXMLSignature(
- elem, crypto, returnCert,
- protectedRefs, signatureValue, cb,
- wsDocInfo
+ elem, crypto, protectedRefs, cb, wsDocInfo
);
} catch (WSSecurityException ex) {
throw ex;
@@ -112,7 +114,7 @@
lastPrincipalFound,
null,
protectedRefs,
- signatureValue[0]
+ signatureValue
)
);
} else {
@@ -121,9 +123,9 @@
new WSSecurityEngineResult(
WSConstants.SIGN,
lastPrincipalFound,
- returnCert[0],
+ certs,
protectedRefs,
- signatureValue[0]
+ signatureValue
)
);
}
@@ -158,9 +160,6 @@
* @param elem the XMLSignature DOM Element.
* @param crypto the object that implements the access to the keystore and the
* handling of certificates.
- * @param returnCert verifyXMLSignature stores the certificate in the first
- * entry of this array. The caller may then further validate
- * the certificate
* @param protectedRefs A list of (references) to the signed elements
* @param cb CallbackHandler instance to extract key passwords
* @return the subject principal of the validated X509 certificate (the
@@ -171,9 +170,7 @@
protected Principal verifyXMLSignature(
Element elem,
Crypto crypto,
- X509Certificate[] returnCert,
List protectedRefs,
- byte[][] signatureValue,
CallbackHandler cb,
WSDocInfo wsDocInfo
) throws WSSecurityException {
@@ -196,7 +193,6 @@
sig.addResourceResolver(EnvelopeIdResolver.getInstance());
- X509Certificate[] certs = null;
KeyInfo info = sig.getKeyInfo();
byte[] secretKey = null;
UsernameToken ut = null;
@@ -385,7 +381,9 @@
}
if (certs != null) {
try {
- certs[0].checkValidity();
+ for (int i = 0; i < certs.length; i++) {
+ certs[i].checkValidity();
+ }
} catch (CertificateExpiredException e) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, "invalidCert", null, e
@@ -433,7 +431,7 @@
+ ", verify= " + (t2 - t1)
);
}
- signatureValue[0] = sig.getSignatureValue();
+ signatureValue = sig.getSignatureValue();
//
// Now dig into the Signature element to get the elements that
// this Signature covers. Build the QName of these Elements and
@@ -467,7 +465,6 @@
}
if (certs != null) {
- returnCert[0] = certs[0];
return certs[0].getSubjectDN();
} else if (publicKey != null) {
return new PublicKeyPrincipal(publicKey);
@@ -528,8 +525,8 @@
* @crypto The crypto instance that is needed to get the certificates from the BST
* @throws WSSecurityException
*/
- public X509Certificate[] getCertificates(Element elem, WSDocInfo wsDocInfo, Crypto crypto)
- throws WSSecurityException {
+ public static X509Certificate[]
+ getCertificates(Element elem, WSDocInfo wsDocInfo, Crypto crypto) throws WSSecurityException {
String id = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
BinarySecurityTokenProcessor bstProcessor =
@@ -558,7 +555,7 @@
* @return an array of X509 certificates
* @throws WSSecurityException
*/
- public X509Certificate[] getCertificatesTokenReference(Element elem, Crypto crypto)
+ public static X509Certificate[] getCertificatesTokenReference(Element elem, Crypto crypto)
throws WSSecurityException {
if (crypto == null) {
throw new WSSecurityException(WSSecurityException.FAILURE, "noSigCryptoFile");
@@ -583,7 +580,7 @@
* <code>PKIPathSecurity</code> object.
* @throws WSSecurityException
*/
- private BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
+ private static BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
String type = element.getAttribute("ValueType");
if (X509Security.X509_V3_TYPE.equals(type)) {
Added: webservices/wss4j/trunk/test/wss40badca.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wss40badca.properties?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/test/wss40badca.properties (added)
+++ webservices/wss4j/trunk/test/wss40badca.properties Fri Apr 24 14:21:52 2009
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=security
+org.apache.ws.security.crypto.merlin.file=keys/wss40badca.jks
Propchange: webservices/wss4j/trunk/test/wss40badca.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/test/wss40badca.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: webservices/wss4j/trunk/test/wss40badca.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: webservices/wss4j/trunk/test/wss40badcatrust.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wss40badcatrust.properties?rev=768319&view=auto
==============================================================================
--- webservices/wss4j/trunk/test/wss40badcatrust.properties (added)
+++ webservices/wss4j/trunk/test/wss40badcatrust.properties Fri Apr 24 14:21:52 2009
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=security
+org.apache.ws.security.crypto.merlin.file=keys/wss40badcatrust.jks
Propchange: webservices/wss4j/trunk/test/wss40badcatrust.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/trunk/test/wss40badcatrust.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: webservices/wss4j/trunk/test/wss40badcatrust.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: webservices/wss4j/trunk/test/wssec/SignatureKeyValueTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/SignatureKeyValueTest.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/SignatureKeyValueTest.java (original)
+++ webservices/wss4j/trunk/test/wssec/SignatureKeyValueTest.java Fri Apr 24 14:21:52 2009
@@ -70,7 +70,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private java.security.KeyStore keyStore = null;
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
@@ -127,7 +127,7 @@
*/
public void testRSAKeyValue() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
+ builder.setUserInfo("wss40", "security");
builder.setKeyIdentifierType(WSConstants.KEY_VALUE);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
@@ -192,7 +192,7 @@
*/
public void testDSAKeyValue() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcertdsa", "security");
+ builder.setUserInfo("wss40DSA", "security");
builder.setKeyIdentifierType(WSConstants.KEY_VALUE);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef.java Fri Apr 24 14:21:52 2009
@@ -81,7 +81,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
@@ -141,7 +141,7 @@
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
- builder.setUserInfo("wss4jcert");
+ builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = unsignedEnvelope.getAsDocument();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityDataRef1.java Fri Apr 24 14:21:52 2009
@@ -81,7 +81,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
@@ -141,7 +141,7 @@
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
- builder.setUserInfo("wss4jcert");
+ builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = unsignedEnvelope.getAsDocument();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew11.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew11.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew11.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew11.java Fri Apr 24 14:21:52 2009
@@ -67,7 +67,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
@@ -128,13 +128,12 @@
*/
public void testX509SignatureDirectSTR() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
- // builder.setUserInfo("john", "keypass");
+ builder.setUserInfo("wss40", "security");
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(unsignedEnvelope.getAsDOM());
Vector parts = new Vector();
/*
- * Set up to sign body and use STRTransorm to sign
+ * Set up to sign body and use STRTransform to sign
* the signature token (e.g. X.509 certificate)
*/
WSEncryptionPart encP =
@@ -178,7 +177,7 @@
*/
public void testWSS96() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
+ builder.setUserInfo("wss40", "security");
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(unsignedEnvelope.getAsDOM());
Vector parts = new Vector();
@@ -187,7 +186,7 @@
secHeader.insertSecurityHeader(doc);
/*
- * Set up to sign body and use STRTransorm to sign
+ * Set up to sign body and use STRTransform to sign
* the signature token (e.g. X.509 certificate)
*/
WSEncryptionPart encP =
@@ -236,13 +235,12 @@
*/
public void testX509SignatureISSTR() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
- // builder.setUserInfo("john", "keypass");
+ builder.setUserInfo("wss40", "security");
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(unsignedEnvelope.getAsDOM());
Vector parts = new Vector();
/*
- * Set up to sign body and use STRTransorm to sign
+ * Set up to sign body and use STRTransform to sign
* the signature token (e.g. X.509 certificate)
*/
WSEncryptionPart encP =
@@ -290,13 +288,12 @@
*/
public void testX509SignatureSKISTR() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
- // builder.setUserInfo("john", "keypass");
+ builder.setUserInfo("wss40", "security");
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(unsignedEnvelope.getAsDOM());
Vector parts = new Vector();
/*
- * Set up to sign body and use STRTransorm to sign
+ * Set up to sign body and use STRTransform to sign
* the signature token (e.g. X.509 certificate)
*/
WSEncryptionPart encP =
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew12.java Fri Apr 24 14:21:52 2009
@@ -66,7 +66,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private SOAPEnvelope unsignedEnvelope;
@@ -119,18 +119,17 @@
/**
* Test that signs and verifies a WS-Security envelope using SubjectKeyIdentifier.
* This test uses the SubjectKeyIdentifier to identify the certificate. It
- * uses the Direct version, that is it embedds the certificate in the message.
+ * uses the Direct version, that is it embeds the certificate in the message.
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testX509SignatureDSA_SKI() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcertDSA", "security");
+ builder.setUserInfo("wss40DSA", "security");
builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
builder.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_DSA);
- // builder.setUserInfo("john", "keypass");
LOG.info("Before SigningDSA_SKIDirect....");
Document doc = unsignedEnvelope.getAsDocument();
@@ -161,10 +160,9 @@
*/
public void testX509SignatureDSA_Autodetect() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcertDSA", "security");
+ builder.setUserInfo("wss40DSA", "security");
builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- // builder.setUserInfo("john", "keypass");
LOG.info("Before SigningDSA_Autodetect....");
Document doc = unsignedEnvelope.getAsDocument();
@@ -195,10 +193,9 @@
*/
public void testX509SignatureRSA_Autodetect() throws Exception {
WSSecSignature builder = new WSSecSignature();
- builder.setUserInfo("wss4jcert", "security");
+ builder.setUserInfo("wss40", "security");
builder.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- // builder.setUserInfo("john", "keypass");
LOG.info("Before SigningRSA_Autodetect....");
Document doc = unsignedEnvelope.getAsDocument();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew15.java Fri Apr 24 14:21:52 2009
@@ -83,7 +83,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
@@ -144,7 +144,7 @@
public void testEncryptionDecryptionRSA15() throws Exception {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
- builder.setUserInfo("wss4jcert");
+ builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = unsignedEnvelope.getAsDocument();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNew2.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNew2.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNew2.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNew2.java Fri Apr 24 14:21:52 2009
@@ -75,7 +75,7 @@
);
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
@@ -136,7 +136,7 @@
public void testEncryptionDecryptionRSA15() throws Exception {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
- builder.setUserInfo("wss4jcert");
+ builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setSymmetricEncAlgorithm(WSConstants.TRIPLE_DES);
Document doc = unsignedEnvelope.getAsDocument();
@@ -203,7 +203,7 @@
public void testEncryptionDecryptionOAEP() throws Exception {
SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
WSSecEncrypt builder = new WSSecEncrypt();
- builder.setUserInfo("wss4jcert");
+ builder.setUserInfo("wss40");
builder.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
builder.setKeyEnc(WSConstants.KEYTRANSPORT_RSAOEP);
Document doc = unsignedEnvelope.getAsDocument();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewDK.java Fri Apr 24 14:21:52 2009
@@ -65,7 +65,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
@@ -128,7 +128,7 @@
//EncryptedKey
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
encrKeyBuilder.prepare(doc, crypto);
@@ -166,7 +166,7 @@
//EncryptedKey
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
encrKeyBuilder.prepare(doc, crypto);
@@ -200,7 +200,7 @@
//EncryptedKey
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
encrKeyBuilder.prepare(doc, crypto);
@@ -234,7 +234,7 @@
//EncryptedKey
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
encrKeyBuilder.prepare(doc, crypto);
@@ -275,7 +275,7 @@
//EncryptedKey
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
- encrKeyBuilder.setUserInfo("wss4jcert");
+ encrKeyBuilder.setUserInfo("wss40");
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
encrKeyBuilder.prepare(doc, crypto);
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityNewSCT.java Fri Apr 24 14:21:52 2009
@@ -73,12 +73,12 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("cryptoSKI.properties");
+ private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
private MessageContext msgContext;
private Message message;
/**
- * Table of secrets idexd by the sct identifiers
+ * Table of secrets indexed by the sct identifiers
*/
private Hashtable secrets = new Hashtable();
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java?rev=768319&r1=768318&r2=768319&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS40.java Fri Apr 24 14:21:52 2009
@@ -32,11 +32,15 @@
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandler;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import javax.security.auth.callback.Callback;
@@ -45,6 +49,8 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
/**
* This is a test for WSS-40. Essentially it just tests that a message is signed using a
@@ -56,11 +62,11 @@
* Generate the CA keys/certs + export the CA cert to a keystore
*
* openssl req -x509 -newkey rsa:1024 -keyout wss40CAKey.pem -out wss40CA.pem
- * -config ca.config
+ * -config ca.config -days 3650
* openssl x509 -outform DER -in wss40CA.pem -out wss40CA.crt
* keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40CA.jks
*
- * Generate the client keypair, make a csr, sign it with the CA key and re-import it
+ * Generate the client keypair, make a csr, sign it with the CA key
*
* keytool -genkey -validity 3650 -alias wss40 -keyalg RSA -keystore wss40.jks
* -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE"
@@ -68,7 +74,11 @@
* openssl ca -config ca.config -policy policy_anything -days 3650 -out wss40.pem
* -infiles wss40.cer
* openssl x509 -outform DER -in wss40.pem -out wss40.crt
- * keytool -import -file wss40.crt -alias wss40CA -keystore wss40.jks
+ *
+ * Import the CA cert into wss40.jks and import the new signed certificate
+ *
+ * keytool -import -file wss40CA.crt -alias wss40CA -keystore wss40.jks
+ * keytool -import -file wss40.crt -alias wss40 -keystore wss40.jks
*
*/
public class TestWSSecurityWSS40 extends TestCase implements CallbackHandler {
@@ -87,6 +97,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
private Crypto crypto = CryptoFactory.getInstance("wss40.properties");
+ private Crypto cryptoCA = CryptoFactory.getInstance("wss40CA.properties");
private MessageContext msgContext;
private Message message;
@@ -153,7 +164,27 @@
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
- verify(signedDoc);
+ //
+ // Verify the signature
+ //
+ Vector results = verify(signedDoc, cryptoCA);
+
+ //
+ // Verify trust on the X509Certificate
+ //
+ MyHandler handler = new MyHandler();
+ final RequestData reqData = new RequestData();
+ reqData.setSigCrypto(cryptoCA);
+ WSSecurityEngineResult result =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
+ X509Certificate cert =
+ (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ assertTrue (cert != null);
+ boolean trusted = handler.verifyCertificate(cert, reqData);
+ if (!trusted) {
+ fail("The X509 Certificate is not trusted!");
+ }
}
@@ -181,7 +212,7 @@
}
try {
- verify(signedDoc);
+ verify(signedDoc, cryptoCA);
throw new Exception("Failure expected on issuer serial");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_CHECK);
@@ -189,6 +220,55 @@
}
}
+
+ /**
+ * Test signing a SOAP message using a BST. The signature verification passes, but the trust
+ * verification will fail as the CA cert is out of date.
+ */
+ public void testSignatureBadCACert() throws Exception {
+ SOAPEnvelope unsignedEnvelope = message.getSOAPEnvelope();
+ WSSecSignature sign = new WSSecSignature();
+ sign.setUserInfo("wss4jcertdsa", "security");
+ sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+
+ Document doc = unsignedEnvelope.getAsDocument();
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ Document signedDoc =
+ sign.build(doc, CryptoFactory.getInstance("wss40badca.properties"), secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
+ LOG.debug(outputString);
+ }
+ //
+ // Verify the signature
+ //
+ Vector results = verify(signedDoc, CryptoFactory.getInstance("wss40badcatrust.properties"));
+
+ //
+ // Verify trust on the X509Certificate
+ //
+ MyHandler handler = new MyHandler();
+ final RequestData reqData = new RequestData();
+ reqData.setSigCrypto(CryptoFactory.getInstance("wss40badcatrust.properties"));
+ WSSecurityEngineResult result =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+
+ X509Certificate cert =
+ (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ assertTrue (cert != null);
+ try {
+ handler.verifyCertificate(cert, reqData);
+ fail("Failure expected on bad CA cert!");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
+
/**
* Verifies the soap envelope
* <p/>
@@ -196,9 +276,9 @@
* @param doc
* @throws Exception Thrown when there is a problem in verification
*/
- private void verify(Document doc) throws WSSecurityException {
- secEngine.processSecurityHeader(
- doc, null, this, CryptoFactory.getInstance("wss40CA.properties")
+ private Vector verify(Document doc, Crypto crypto) throws WSSecurityException {
+ Vector results = secEngine.processSecurityHeader(
+ doc, null, this, crypto
);
if (LOG.isDebugEnabled()) {
LOG.debug("Verfied and decrypted message:");
@@ -206,6 +286,7 @@
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
LOG.debug(outputString);
}
+ return results;
}
public void handle(Callback[] callbacks)
@@ -225,4 +306,47 @@
}
}
}
+
+ /**
+ * a trivial extension of the WSHandler type
+ */
+ public static class MyHandler extends WSHandler {
+
+ public Object
+ getOption(String key) {
+ return null;
+ }
+
+ public void
+ setProperty(
+ Object msgContext,
+ String key,
+ Object value
+ ) {
+ }
+
+ public Object
+ getProperty(Object ctx, String key) {
+ return null;
+ }
+
+ public void
+ setPassword(Object msgContext, String password) {
+ }
+
+ public String
+ getPassword(Object msgContext) {
+ return null;
+ }
+
+ boolean verifyCertificate(
+ X509Certificate cert,
+ RequestData reqData
+ ) throws org.apache.ws.security.WSSecurityException {
+ return verifyTrust(
+ cert,
+ reqData
+ );
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org