You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2008/12/04 22:51:44 UTC
svn commit: r723458 - in
/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers:
AbstractBindingBuilder.java AsymmetricBindingHandler.java
SymmetricBindingHandler.java
Author: dkulp
Date: Thu Dec 4 13:51:44 2008
New Revision: 723458
URL: http://svn.apache.org/viewvc?rev=723458&view=rev
Log:
Update cert loading to better work with MS pfx stores with no public aliases defined.
If username not specified, see if one is in the merlin file.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Thu Dec 4 13:51:44 2008
@@ -21,9 +21,11 @@
import java.io.IOException;
import java.net.URL;
+import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -720,13 +722,13 @@
protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
Token token) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
-
+ Crypto crypto = getEncryptionCrypto(wrapper);
setKeyIdentifierType(encrKey, wrapper, token);
- setEncryptionUser(encrKey, wrapper, false);
+ setEncryptionUser(encrKey, wrapper, false, crypto);
encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());
- encrKey.prepare(saaj.getSOAPPart(), getEncryptionCrypto(wrapper));
+ encrKey.prepare(saaj.getSOAPPart(), crypto);
return encrKey;
}
@@ -823,10 +825,30 @@
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
- public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token, boolean sign) {
+ public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
+ boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
? SecurityConstants.USERNAME
: SecurityConstants.ENCRYPT_USERNAME);
+ if (encrUser == null) {
+ encrUser = crypto.getDefaultX509Alias();
+ }
+ if (encrUser == null) {
+ try {
+ Enumeration<String> en = crypto.getKeyStore().aliases();
+ if (en.hasMoreElements()) {
+ encrUser = en.nextElement();
+ }
+ if (en.hasMoreElements()) {
+ //more than one alias in the keystore, user WILL need
+ //to specify
+ encrUser = null;
+ }
+ } catch (KeyStoreException e) {
+ //ignore
+ }
+ }
+
if (encrUser == null || "".equals(encrUser)) {
policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " username found.");
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Thu Dec 4 13:51:44 2008
@@ -41,6 +41,7 @@
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecBase;
@@ -275,12 +276,13 @@
setKeyIdentifierType(encr, recToken, encrToken);
encr.setDocument(saaj.getSOAPPart());
- setEncryptionUser(encr, recToken, false);
+ Crypto crypto = getEncryptionCrypto(recToken);
+ setEncryptionUser(encr, recToken, false, crypto);
encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
encr.prepare(saaj.getSOAPPart(),
- getEncryptionCrypto(recToken));
+ crypto);
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader(secHeader);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Thu Dec 4 13:51:44 2008
@@ -52,6 +52,7 @@
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
@@ -461,7 +462,8 @@
}
encr.setEncKeyId(encrTokId);
encr.setEphemeralKey(encrTok.getSecret());
- setEncryptionUser(encr, recToken, false);
+ Crypto crypto = getEncryptionCrypto(recToken);
+ setEncryptionUser(encr, recToken, false, crypto);
encr.setDocument(saaj.getSOAPPart());
encr.setEncryptSymmKey(false);
@@ -475,7 +477,7 @@
encr.prepare(saaj.getSOAPPart(),
- getEncryptionCrypto(recToken));
+ crypto);
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader(secHeader);