You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/02/23 18:21:03 UTC
svn commit: r1073837 - in /cxf/trunk/rt/ws/security/src:
main/java/org/apache/cxf/ws/security/trust/
main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
test/java/org/apache/cxf/ws/security/wss4j/
Author: coheigea
Date: Wed Feb 23 17:21:02 2011
New Revision: 1073837
URL: http://svn.apache.org/viewvc?rev=1073837&view=rev
Log:
Update following (very) recent changes to WSS4J crypto interface
- Note that you will need the latest WSS4J snapshot in your repo for this to compile.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Wed Feb 23 17:21:02 2011
@@ -26,7 +26,6 @@ import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -105,6 +104,7 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
@@ -776,18 +776,14 @@ public class STSClient implements Config
private X509Certificate getCert(Crypto crypto) throws Exception {
String alias = (String)getProperty(SecurityConstants.STS_TOKEN_USERNAME);
if (alias == null) {
- alias = crypto.getDefaultX509Alias();
+ alias = crypto.getDefaultX509Identifier();
}
if (alias == null) {
- Enumeration<String> as = crypto.getKeyStore().aliases();
- if (as.hasMoreElements()) {
- alias = as.nextElement();
- }
- if (as.hasMoreElements()) {
- throw new Fault("No alias specified for retrieving PublicKey", LOG);
- }
+ throw new Fault("No alias specified for retrieving PublicKey", LOG);
}
- return crypto.getCertificates(alias)[0];
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ return crypto.getX509Certificates(cryptoType)[0];
}
private void addLifetime(XMLStreamWriter writer) throws XMLStreamException {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Feb 23 17:21:02 2011
@@ -22,11 +22,9 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -502,8 +500,8 @@ public abstract class AbstractBindingBui
Crypto crypto = secToken.getCrypto();
String uname = null;
try {
- uname = crypto.getKeyStore().getCertificateAlias(secToken.getX509Certificate());
- } catch (KeyStoreException e1) {
+ uname = crypto.getX509Identifier(secToken.getX509Certificate());
+ } catch (WSSecurityException e1) {
throw new Fault(e1);
}
@@ -1166,7 +1164,11 @@ public abstract class AbstractBindingBui
? SecurityConstants.SIGNATURE_USERNAME
: SecurityConstants.ENCRYPT_USERNAME);
if (crypto != null && encrUser == null) {
- encrUser = getDefaultCryptoAlias(crypto);
+ try {
+ encrUser = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
} else if (encrUser == null || "".equals(encrUser)) {
policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " crypto object found.");
}
@@ -1192,26 +1194,6 @@ public abstract class AbstractBindingBui
}
}
- protected String getDefaultCryptoAlias(Crypto crypto) {
- String user = crypto.getDefaultX509Alias();
- if (user == null) {
- try {
- Enumeration<String> en = crypto.getKeyStore().aliases();
- if (en.hasMoreElements()) {
- user = en.nextElement();
- }
- if (en.hasMoreElements()) {
- //more than one alias in the keystore, user WILL need
- //to specify
- user = null;
- }
- } catch (KeyStoreException e) {
- //ignore
- }
- }
- return user;
- }
-
private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
@@ -1317,7 +1299,11 @@ public abstract class AbstractBindingBui
}
String user = (String)message.getContextualProperty(userNameKey);
if (crypto != null && StringUtils.isEmpty(user)) {
- user = getDefaultCryptoAlias(crypto);
+ try {
+ user = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
}
if (StringUtils.isEmpty(user)) {
policyNotAsserted(token, "No " + type + " username found.");
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Wed Feb 23 17:21:02 2011
@@ -417,7 +417,7 @@ public class TransportBindingHandler ext
sig.setX509Certificate(secTok.getX509Certificate());
crypto = secTok.getCrypto();
- String uname = crypto.getKeyStore().getCertificateAlias(secTok.getX509Certificate());
+ String uname = crypto.getX509Identifier(secTok.getX509Certificate());
String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
if (password == null) {
password = "";
Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Wed Feb 23 17:21:02 2011
@@ -73,6 +73,7 @@ import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -856,7 +857,9 @@ public class PolicyBasedWss4JInOutTest e
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
- issuedToken.setX509Certificate(crypto.getCertificates(alias)[0], crypto);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());