You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Werner Dittmann <We...@t-online.de> on 2004/03/18 21:25:30 UTC
Re: cvs commit: ws-fx/wss4j/src/org/apache/ws/security .... change of processSecurityHeader signature (return value)
All,
the changes done in this checkin change the processSecurityHeader() method
signature. Please be aware.
The method now returns a vector of WSSecurityEngineResult (also modified)
that
contains more information about the security action performed. In particular
the certificate(s) that was used to verify a signature. This provides for
better
certificate checks, path checks etc.
If you use this method and its return values directly pls adapt your code.
Also the WSDoAllReceiverResult was modified to accomodate these changes.
The WSDoAllReceiver Axis handler was modified to deal with the new setup.
Pls have a look in the interop/..../ping/PingBindingImpl.java to see how to
use
the new return value structures. The WSSecurityEngineResult has a new method
getCertificate() to get the cert.
Regards,
Werner
----- Original Message -----
From: <we...@apache.org>
To: <ws...@apache.org>
Sent: Thursday, March 18, 2004 9:13 PM
Subject: cvs commit:
ws-fx/wss4j/src/org/apache/ws/security/components/crypto Merlin.java
> werner 2004/03/18 12:13:09
>
> Modified: wss4j/src/org/apache/ws/security WSSecurityEngine.java
> WSSecurityEngineResult.java
> wss4j/src/org/apache/ws/axis/security WSDoAllReceiver.java
> WSDoAllReceiverResult.java
> wss4j/src/org/apache/ws/security/message WSEncryptBody.java
> wss4j/src/org/apache/ws/security/components/crypto
> Merlin.java
> Log:
> Changing WSSecurityEngine to return a vector of modified result
> structures. This change enables the Axis handler and/or the receiving
> service to access the certificate used to sign the message. This enables
> more and better certificate checks.
> ATTENTION: this is a interface modification of processSecurity header.
>
> Revision Changes Path
> 1.13 +33 -18
ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java
>
> Index: WSSecurityEngine.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
> retrieving revision 1.12
> retrieving revision 1.13
> diff -u -r1.12 -r1.13
> --- WSSecurityEngine.java 17 Mar 2004 18:50:08 -0000 1.12
> +++ WSSecurityEngine.java 18 Mar 2004 20:13:08 -0000 1.13
> @@ -157,14 +157,14 @@
> * was done
> * @throws Exception
> */
> - public WSSecurityEngineResult processSecurityHeader(Document doc,
> + public Vector processSecurityHeader(Document doc,
> String actor,
> CallbackHandler cb,
> Crypto crypto) throws Exception {
> return processSecurityHeader(doc, actor, cb, crypto, crypto);
> }
>
> - public WSSecurityEngineResult processSecurityHeader(Document doc,
> + public Vector processSecurityHeader(Document doc,
> String actor,
> CallbackHandler cb,
> Crypto sigCrypto,
> @@ -189,7 +189,7 @@
> Element elem = null;
> Attr attr = null;
> String headerActor = null;
> - WSSecurityEngineResult wsResult = null;
> + Vector wsResult = null;
> SOAPConstants sc =
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
>
> for (int i = 0; i < len; i++) {
> @@ -241,7 +241,7 @@
> * was done.
> * @throws Exception
> */
> - protected WSSecurityEngineResult processSecurityHeader(Element
securityHeader,
> + protected Vector processSecurityHeader(Element securityHeader,
> CallbackHandler cb,
> Crypto sigCrypto,
> Crypto decCrypto) throws Exception {
> @@ -267,8 +267,7 @@
> if( tlog.isDebugEnabled() ) {
> t1=System.currentTimeMillis();
> }
> - Vector actions = new Vector();
> - Vector principals = new Vector();
> + Vector returnResults = new Vector();
>
> for (int i = 0; i < len; i++) {
> elem = list.item(i);
> @@ -285,8 +284,9 @@
> "noSigCryptoFile");
> }
> WSDocInfoStore.store(wsDocInfo);
> + X509Certificate[] returnCert = new X509Certificate[1];
> try {
> - lastPrincipalFound = verifyXMLSignature((Element) elem, sigCrypto);
> + lastPrincipalFound = verifyXMLSignature((Element) elem, sigCrypto,
returnCert);
> }
> catch (Exception ex) {
> throw ex;
> @@ -294,8 +294,12 @@
> finally {
> WSDocInfoStore.delete(wsDocInfo);
> }
> - actions.add(0, new Integer(WSConstants.SIGN));
> - principals.add(0, lastPrincipalFound);
> + returnResults.add(
> + 0,
> + new WSSecurityEngineResult(
> + lastPrincipalFound,
> + WSConstants.SIGN,
> + returnCert[0]));
> } else if (el.equals(ENCRYPTED_KEY)) {
> if (doDebug) {
> log.debug("Found encrypted key element");
> @@ -309,8 +313,9 @@
> "noCallback");
> }
> handleEncryptedKey((Element) elem, cb, decCrypto);
> - actions.add(0, new Integer(WSConstants.ENCR));
> - principals.add(0, null);
> + returnResults.add(
> + 0,
> + new WSSecurityEngineResult(null, WSConstants.ENCR, null));
> } else if (el.equals(REFERENCE_LIST)) {
> if (doDebug) {
> log.debug("Found reference list element");
> @@ -320,8 +325,9 @@
> "noCallback");
> }
> handleReferenceList((Element) elem, cb);
> - actions.add(0, new Integer(WSConstants.ENCR));
> - principals.add(0, null);
> + returnResults.add(
> + 0,
> + new WSSecurityEngineResult(null, WSConstants.ENCR, null));
> } else if (el.equals(USERNAME_TOKEN)) {
> if (doDebug) {
> log.debug("Found UsernameToken list element");
> @@ -331,8 +337,12 @@
> "noCallback");
> }
> lastPrincipalFound = handleUsernameToken((Element)
elem, cb);
> - actions.add(0, new Integer(WSConstants.UT));
> - principals.add(0, lastPrincipalFound);
> + returnResults.add(
> + 0,
> + new WSSecurityEngineResult(
> + lastPrincipalFound,
> + WSConstants.UT,
> + null));
> } else if (el.equals(TIMESTAMP)) {
> if (doDebug) {
> log.debug("Found Timestamp list element");
> @@ -357,7 +367,7 @@
> ", prepare= " + (t1-t0) +
> ", handle= " + (t2-t1));
> }
> - return new WSSecurityEngineResult(principals, actions);
> + return returnResults;
> }
>
> /**
> @@ -394,7 +404,11 @@
> * principal for further authentication or authorization.
> * @throws Exception
> */
> - protected Principal verifyXMLSignature(Element elem, Crypto crypto)
throws Exception {
> + protected Principal verifyXMLSignature(
> + Element elem,
> + Crypto crypto,
> + X509Certificate[] returnCert)
> + throws Exception {
> if (doDebug) {
> log.debug("Verify XML Signature");
> }
> @@ -448,7 +462,8 @@
> tlog.debug("Verify: total= " + (t2-t0) +
> ", prepare-cert= " + (t1-t0) +
> ", verify= " + (t2-t1));
> - }
> + }
> + returnCert[0] = certs[0];
> return certs[0].getSubjectDN();
> }
> }
>
>
>
> 1.2 +24 -10
ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngineResult.java
>
> Index: WSSecurityEngineResult.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/WSSecurityEngineResult.java
,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -r1.1 -r1.2
> --- WSSecurityEngineResult.java 13 Feb 2004 20:43:07 -0000 1.1
> +++ WSSecurityEngineResult.java 18 Mar 2004 20:13:08 -0000 1.2
> @@ -17,34 +17,48 @@
>
> package org.apache.ws.security;
>
> -import java.util.Vector;
> +import java.security.Principal;
> +import java.security.cert.X509Certificate;
> +
>
> /**
> * @author Werner Dittmann (Werner.Dittmann@siemens.com)
> */
> public class WSSecurityEngineResult {
>
> - private Vector actions;
> - private Vector principals;
> + private int action;
> + private Principal principal;
> + private X509Certificate cert;
>
> - WSSecurityEngineResult(Vector princ, Vector act) {
> - principals = princ;
> - actions = act;
> + WSSecurityEngineResult(
> + Principal princ,
> + int act,
> + X509Certificate certificate) {
> + principal = princ;
> + action = act;
> + cert = certificate;
> }
> /**
> * @return the actions vector. These actions were performed
> * by the the security engine.
> */
> - public Vector getActions() {
> - return actions;
> + public int getAction() {
> + return action;
> }
>
> /**
> * @return the principals found if UsernameToken or Signature
> * processing were done
> */
> - public Vector getPrincipals() {
> - return principals;
> + public Principal getPrincipal() {
> + return principal;
> + }
> + /**
> + * @return the Certificate found if Signature
> + * processing were done
> + */
> + public X509Certificate getCertificate() {
> + return cert;
> }
>
> }
>
>
>
> 1.7 +8 -9
ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java
>
> Index: WSDoAllReceiver.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiver.java,v
> retrieving revision 1.6
> retrieving revision 1.7
> diff -u -r1.6 -r1.7
> --- WSDoAllReceiver.java 15 Mar 2004 13:30:14 -0000 1.6
> +++ WSDoAllReceiver.java 18 Mar 2004 20:13:08 -0000 1.7
> @@ -143,7 +143,7 @@
> decodeDecryptionParameter();
> }
>
> - WSSecurityEngineResult wsResult = null;
> + Vector wsResult = null;
> try {
> wsResult =
> secEngine.processSecurityHeader(
> @@ -198,7 +198,7 @@
> try {
> sHeader = sm.getSOAPEnvelope().getHeader();
> } catch (Exception ex) {
> - throw new AxisFault("WSDoAllReceiver: cannot get SOAP header", ex);
> + throw new AxisFault("WSDoAllReceiver: cannot get SOAP header after
security processing", ex);
> }
>
> Iterator headers = sHeader.examineHeaderElements(actor);
> @@ -217,14 +217,14 @@
> /*
> * now check the security actions: do they match, in right order?
> */
> - Vector resultActions = wsResult.getActions();
> + int resultActions = wsResult.size();
> int size = actions.size();
> - if (size != resultActions.size()) {
> + if (size != resultActions) {
> throw new AxisFault("WSDoAllReceiver: security processing failed
(actions number mismatch)");
> }
> for (int i = 0; i < size; i++) {
> if (((Integer) actions.get(i)).intValue()
> - != ((Integer) resultActions.get(i)).intValue()) {
> + != ((WSSecurityEngineResult)wsResult.get(i)).getAction()) {
> throw new AxisFault("WSDoAllReceiver: security processing failed
(actions mismatch)");
> }
> }
> @@ -238,14 +238,13 @@
> if ((results = (Vector) mc.getProperty(WSDoAllConstants.RECV_RESULTS))
> == null) {
> results = new Vector();
> + mc.setProperty(WSDoAllConstants.RECV_RESULTS, results);
> }
> WSDoAllReceiverResult rResult =
> new WSDoAllReceiverResult(
> actor,
> - resultActions,
> - wsResult.getPrincipals());
> - results.add(rResult);
> - mc.setProperty(WSDoAllConstants.RECV_RESULTS, results);
> + wsResult);
> + results.add(0, rResult);
> if (doDebug) {
> log.debug("WSDoAllReceiver: exit invoke()");
> }
>
>
>
> 1.2 +5 -13
ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiverResult.java
>
> Index: WSDoAllReceiverResult.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/axis/security/WSDoAllReceiverResult.
java,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -r1.1 -r1.2
> --- WSDoAllReceiverResult.java 13 Feb 2004 20:43:07 -0000 1.1
> +++ WSDoAllReceiverResult.java 18 Mar 2004 20:13:08 -0000 1.2
> @@ -24,20 +24,12 @@
> */
> public class WSDoAllReceiverResult {
> private String actor;
> - private Vector actions;
> - private Vector principals;
> + private Vector wsSecurityResults;
>
>
> - WSDoAllReceiverResult(String actor, Vector actions, Vector principals)
{
> + WSDoAllReceiverResult(String actor, Vector wsResults) {
> this.actor = actor;
> - this.actions = actions;
> - this.principals = principals;
> - }
> - /**
> - * @return
> - */
> - public Vector getActions() {
> - return actions;
> + this.wsSecurityResults = wsResults;
> }
>
> /**
> @@ -50,8 +42,8 @@
> /**
> * @return
> */
> - public Vector getPrincipals() {
> - return principals;
> + public Vector getResults() {
> + return wsSecurityResults;
> }
>
> }
>
>
>
> 1.9 +84 -42
ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java
>
> Index: WSEncryptBody.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/message/WSEncryptBody.java,
v
> retrieving revision 1.8
> retrieving revision 1.9
> diff -u -r1.8 -r1.9
> --- WSEncryptBody.java 16 Mar 2004 19:28:15 -0000 1.8
> +++ WSEncryptBody.java 18 Mar 2004 20:13:08 -0000 1.9
> @@ -42,7 +42,6 @@
> import java.security.cert.X509Certificate;
> import java.util.Vector;
>
> -
> /**
> * Encrypts a SOAP body inside a SOAP envelope according to WS
Specification,
> * X509 profile, and adds the encryption data.
> @@ -59,8 +58,9 @@
> protected String keyEncAlgo = WSConstants.KEYTRANSPORT_RSA15;
> protected String encCanonAlgo = null;
> protected byte[] embeddedKey = null;
> - protected String embeddedKeyName = null;
> -
> + protected String embeddedKeyName = null;
> + protected X509Certificate useThisCert = null;
> +
> /**
> * Constructor.
> */
> @@ -125,16 +125,26 @@
> this.user = user;
> }
>
> -
> - /**
> - * Set the key name for EMBEDDED_KEYNAME
> - * @param embeddedKeyName
> - */
> - public void setEmbeddedKeyName(String embeddedKeyName) {
> - this.embeddedKeyName = embeddedKeyName;
> - }
> + /**
> + * Set the key name for EMBEDDED_KEYNAME
> + * @param embeddedKeyName
> + */
> + public void setEmbeddedKeyName(String embeddedKeyName) {
> + this.embeddedKeyName = embeddedKeyName;
> + }
>
> /**
> + * Set the X509 Certificate to use for encryption.
> + * If this is set <b>and</b> the key identifier is set
> + * to <code>DirectReference</code> then use this certificate
> + * to get the public key for encryption.
> + *
> + * @param cert is the X509 certificate to use for encryption
> + */
> + public void setUseThisCert(X509Certificate cert) {
> + useThisCert = cert;
> + }
> + /**
> * Set the name of the symmetric encryption algorithm to use
> * <p/>
> * This encyrption alogrithm is used to encrypt
> @@ -170,7 +180,6 @@
> encCanonAlgo = algo;
> }
>
> -
> /**
> * Get the name of symmetric encryption algorithm to use
> * <p/>
> @@ -248,7 +257,7 @@
> "xmlns:" + WSConstants.ENC_PREFIX,
> WSConstants.ENC_NS);
>
> - SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
> + SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope);
>
> /*
> * Second step: generate a symmetric key (session key) for
> @@ -257,7 +266,9 @@
> SecretKey symmetricKey = null;
> KeyGenerator keyGen = getKeyGenerator();
> symmetricKey = keyGen.generateKey();
> - XMLCipher xmlCipher = XMLCipher.getInstance(symEncAlgo/*, encCanonAlgo
*/);
> + XMLCipher xmlCipher =
> + XMLCipher.getInstance(symEncAlgo /*, encCanonAlgo */
> + );
> xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
>
> // if no encryption parts set - use the default
> @@ -310,7 +321,7 @@
> (Element) WSSecurityUtil.findElement(
> envelope,
> "EncryptedData",
> - "http://www.w3.org/2001/04/xmlenc#");
> + WSConstants.ENC_NS);
> xencEncryptedDataId = "EncDataId-" + body.hashCode();
> body.setAttribute("Id", xencEncryptedDataId);
>
> @@ -328,12 +339,18 @@
> * Up to now we support RSA 1-5 as public key algorithm
> */
> X509Certificate remoteCert = null;
> - X509Certificate[] certs = crypto.getCertificates(user);
> - if (certs == null || certs.length <= 0) {
> - throw new WSSecurityException(WSSecurityException.FAILURE,
> - "invalidX509Data", new Object[]{"for Encryption"});
> + if (useThisCert != null) {
> + remoteCert = useThisCert;
> + } else {
> + X509Certificate[] certs = crypto.getCertificates(user);
> + if (certs == null || certs.length <= 0) {
> + throw new WSSecurityException(
> + WSSecurityException.FAILURE,
> + "invalidX509Data",
> + new Object[] { "for Encryption" });
> + }
> + remoteCert = certs[0];
> }
> - remoteCert = certs[0];
> String certUri = "EncCertId-" + remoteCert.hashCode();
> if (tlog.isDebugEnabled()) {
> t2 = System.currentTimeMillis();
> @@ -342,8 +359,11 @@
> cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
> byte[] encKey = symmetricKey.getEncoded();
> if (doDebug) {
> - log.debug("cipher blksize: " + cipher.getBlockSize() +
> - ", symm key length: " + encKey.length);
> + log.debug(
> + "cipher blksize: "
> + + cipher.getBlockSize()
> + + ", symm key length: "
> + + encKey.length);
> }
> if (cipher.getBlockSize() < encKey.length) {
> throw new WSSecurityException(
> @@ -456,7 +476,8 @@
> return doc;
> }
>
> - private Document buildEmbedded(Document doc, Crypto crypto) throws
Exception {
> + private Document buildEmbedded(Document doc, Crypto crypto)
> + throws Exception {
> doDebug = log.isDebugEnabled();
>
> long t0 = 0, t1 = 0, t2 = 0, t3 = 0;
> @@ -466,7 +487,7 @@
> if (doDebug) {
> log.debug("Beginning Encryption embedded...");
> }
> -
> +
> if (embeddedKey == null) {
> throw new WSSecurityException(
> WSSecurityException.FAILURE,
> @@ -491,7 +512,7 @@
> SecretKey symmetricKey = null;
>
> symmetricKey = WSSecurityUtil.prepareSecretKey(symEncAlgo,
embeddedKey);
> -
> +
> XMLCipher xmlCipher = XMLCipher.getInstance(symEncAlgo);
> xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
>
> @@ -547,7 +568,7 @@
> (Element) WSSecurityUtil.findElement(
> envelope,
> "EncryptedData",
> - "http://www.w3.org/2001/04/xmlenc#");
> + WSConstants.ENC_NS);
> xencEncryptedDataId = "id-" + body.hashCode();
> body.setAttribute("Id", xencEncryptedDataId);
>
> @@ -560,17 +581,22 @@
> (Element) WSSecurityUtil.findElement(
> body,
> "CipherData",
> - "http://www.w3.org/2001/04/xmlenc#");
> + WSConstants.ENC_NS);
>
> // KeyInfo before CipherValue
> body.insertBefore(keyInfo, tmpE);
> - Element keyName = doc.createElementNS(WSConstants.SIG_NS,
"ds:KeyName");
> + Element keyName =
> + doc.createElementNS(
> + WSConstants.SIG_NS,
> + WSConstants.SIG_PREFIX + ":KeyName");
> WSSecurityUtil.setNamespace(
> - keyInfo,
> + keyName,
> WSConstants.SIG_NS,
> WSConstants.SIG_PREFIX);
> WSSecurityUtil.appendChildElement(doc, keyInfo, keyName);
> - Text keyText = doc.createTextNode(embeddedKeyName == null ? user :
embeddedKeyName);
> + Text keyText =
> + doc.createTextNode(
> + embeddedKeyName == null ? user : embeddedKeyName);
> keyName.appendChild(keyText);
> }
> /*
> @@ -589,7 +615,7 @@
> tmpE = doc.createElement("temp");
> Element refList = createDataRefList(doc, tmpE, encDataRefs);
> WSSecurityUtil.prependChildElement(doc, wsseSecurity, refList, true);
> -
> +
> if (tlog.isDebugEnabled()) {
> tlog.debug("EncryptBody embedded: symm-enc= " + (t1 - t0));
> }
> @@ -624,20 +650,28 @@
> Document doc,
> String keyTransportAlgo) {
> Element encryptedKey =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:EncryptedKey");
> - encryptedKey.setAttributeNS(
> - WSConstants.XMLNS_NS,
> - "xmlns:xenc",
> - WSConstants.ENC_NS);
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":EncryptedKey");
> +
> + WSSecurityUtil.setNamespace(
> + encryptedKey,
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX);
> Element encryptionMethod =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:EncryptionMethod");
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":EncryptionMethod");
> encryptionMethod.setAttributeNS(null, "Algorithm", keyTransportAlgo);
> WSSecurityUtil.appendChildElement(doc, encryptedKey, encryptionMethod);
> return encryptedKey;
> }
>
> public static Element createKeyInfo(Document doc, Element encryptedKey)
{
> - Element keyInfo = doc.createElementNS(WSConstants.SIG_NS,
"ds:KeyInfo");
> + Element keyInfo =
> + doc.createElementNS(
> + WSConstants.SIG_NS,
> + WSConstants.SIG_PREFIX + ":KeyInfo");
> WSSecurityUtil.setNamespace(
> keyInfo,
> WSConstants.SIG_NS,
> @@ -650,9 +684,13 @@
> Document doc,
> Element encryptedKey) {
> Element cipherData =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:CipherData");
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":CipherData");
> Element cipherValue =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:CipherValue");
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":CipherValue");
> cipherData.appendChild(cipherValue);
> WSSecurityUtil.appendChildElement(doc, encryptedKey, cipherData);
> return cipherValue;
> @@ -663,11 +701,15 @@
> Element encryptedKey,
> Vector encDataRefs) {
> Element referenceList =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:ReferenceList");
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":ReferenceList");
> for (int i = 0; i < encDataRefs.size(); i++) {
> String dataReferenceUri = (String) encDataRefs.get(i);
> Element dataReference =
> - doc.createElementNS(WSConstants.ENC_NS, "xenc:DataReference");
> + doc.createElementNS(
> + WSConstants.ENC_NS,
> + WSConstants.ENC_PREFIX + ":DataReference");
> dataReference.setAttributeNS(null, "URI", dataReferenceUri);
> referenceList.appendChild(dataReference);
> }
>
>
>
> 1.10 +0 -1
ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.java
>
> Index: Merlin.java
> ===================================================================
> RCS file:
/home/cvs/ws-fx/wss4j/src/org/apache/ws/security/components/crypto/Merlin.ja
va,v
> retrieving revision 1.9
> retrieving revision 1.10
> diff -u -r1.9 -r1.10
> --- Merlin.java 15 Mar 2004 17:15:15 -0000 1.9
> +++ Merlin.java 18 Mar 2004 20:13:09 -0000 1.10
> @@ -31,7 +31,6 @@
> import java.security.Key;
> import java.security.KeyStore;
> import java.security.PrivateKey;
> -import java.security.Security;
> import java.security.cert.CertPath;
> import java.security.cert.Certificate;
> import java.security.cert.CertificateEncodingException;
>
>
>