You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2013/11/12 03:56:10 UTC
svn commit: r1540929 [1/2] - in /juddi/trunk:
juddi-client.net/juddi-client.net-sample/ juddi-client.net/juddi-client.net/
juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/
juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ jud...
Author: alexoree
Date: Tue Nov 12 02:56:09 2013
New Revision: 1540929
URL: http://svn.apache.org/r1540929
Log:
JUDDI-567 adding confirmed working digital signature support from .NET to Java jUDDI
JUDDI-652 reverted a web.xml settings for juddi-gui to reduce logging output at shutdown
JUDDI-614 adding 4 more digital signature settings for the client config.
Added:
juddi/trunk/juddi-client.net/juddi-client.net-sample/DigitalSignaturesExample.cs
Modified:
juddi/trunk/juddi-client.net/juddi-client.net-sample/Program.cs
juddi/trunk/juddi-client.net/juddi-client.net-sample/SimpleInquiry.cs
juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample-mono.csproj
juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample.csproj
juddi/trunk/juddi-client.net/juddi-client.net-sample/uddi.xml
juddi/trunk/juddi-client.net/juddi-client.net/juddi-client.net-mono.csproj
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/PrintUDDI.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ClientConfig.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/Properties.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.crypto/DigSigUtil.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/RegistrationAbortedException.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/ServiceAlreadyStartedException.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/SubscriptionCallbackListener.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnableToSignException.cs
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnexpectedResponseException.cs
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd
juddi/trunk/juddi-client/src/test/java/org/apache/juddi/v3/client/DigSigUtilTest.java
juddi/trunk/juddi-client/src/test/resources/META-INF/subscription.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi-subcallback1.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi-subcallback2.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi-subcallback3.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
juddi/trunk/juddi-examples/hello-world/src/main/resources/META-INF/hello-world-uddi.xml
juddi/trunk/juddi-examples/simple-browse/src/main/resources/META-INF/simple-browse-uddi.xml
juddi/trunk/juddi-examples/uddi-annotations/src/main/resources/META-INF/sales-uddi.xml
juddi/trunk/juddi-examples/uddi-annotations/src/main/resources/META-INF/uddi-annotations.xml
juddi/trunk/juddi-gui/src/main/resources/META-INF/uddi.xml
juddi/trunk/juddi-gui/src/main/webapp/WEB-INF/web.xml
juddi/trunk/uddi-tck/src/main/resources/META-INF/uddi.xml
Added: juddi/trunk/juddi-client.net/juddi-client.net-sample/DigitalSignaturesExample.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/DigitalSignaturesExample.cs?rev=1540929&view=auto
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/DigitalSignaturesExample.cs (added)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/DigitalSignaturesExample.cs Tue Nov 12 02:56:09 2013
@@ -0,0 +1,116 @@
+using org.apache.juddi.jaxb;
+/*
+ * Copyright 2001-2008 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+using org.apache.juddi.v3.client;
+using org.apache.juddi.v3.client.config;
+using org.apache.juddi.v3.client.crypto;
+using org.apache.juddi.v3.client.transport;
+using org.uddi.apiv3;
+using System;
+
+namespace org.apache.juddi.client.sample
+{
+ class DigitalSignaturesExample
+ {
+ public static void Run(string[] args)
+ {
+
+ UDDIClient clerkManager = null;
+ Transport transport = null;
+ UDDIClerk clerk = null;
+ try
+ {
+ clerkManager = new UDDIClient("uddi.xml");
+ UDDIClientContainer.addClient(clerkManager);
+
+ transport = clerkManager.getTransport("default");
+
+ UDDI_Security_SoapBinding security = transport.getUDDISecurityService();
+ UDDI_Inquiry_SoapBinding inquiry = transport.getUDDIInquiryService();
+ UDDI_Publication_SoapBinding publish = transport.getUDDIPublishService();
+
+ clerk = clerkManager.getClerk("default");
+
+
+ find_business fb = new find_business();
+ fb.authInfo = clerk.getAuthToken(security.Url);
+ fb.findQualifiers = new string[] { UDDIConstants.APPROXIMATE_MATCH };
+ fb.name = new name[1];
+ fb.name[0] = new name(UDDIConstants.WILDCARD, "en");
+ businessList bl = inquiry.find_business(fb);
+ if (bl.businessInfos.Length > 0)
+ {
+ Console.Out.WriteLine(bl.businessInfos[0].name[0].Value);
+ Console.Out.WriteLine("attempting to sign");
+ serviceDetail sd = clerk.getServiceDetail(bl.businessInfos[0].serviceInfos[0].serviceKey);
+
+ DigSigUtil ds = new DigSigUtil(clerkManager.getClientConfig().getDigitalSignatureConfiguration());
+ businessService signedsvc = (businessService)ds.signUddiEntity(sd.businessService[0]);
+ PrintUDDI<businessService> p = new PrintUDDI<businessService>();
+ Console.Out.WriteLine("signed successfully!");
+
+ Console.Out.WriteLine(p.print(signedsvc));
+ Console.Out.WriteLine("attempting verify and validate");
+ String err = "";
+ bool valid = ds.verifySignedUddiEntity(signedsvc, out err);
+ Console.Out.WriteLine("Signature is " + (valid ? "Valid, Yippy!" : "Invalid!") + " msg: " + err);
+
+ Console.Out.WriteLine("saving");
+ clerk.register(signedsvc);
+ Console.Out.WriteLine("reloading content from the server...");
+
+ get_serviceDetail gsd = new get_serviceDetail();
+ gsd.authInfo = clerk.getAuthToken(clerk.getUDDINode().getSecurityUrl());
+ gsd.serviceKey = new string[] { signedsvc.serviceKey };
+ sd = inquiry.get_serviceDetail(gsd);
+
+ Console.Out.WriteLine(p.print(sd.businessService[0]));
+ Console.Out.WriteLine("attempting verify and validate");
+ err = "";
+ valid = ds.verifySignedUddiEntity(sd.businessService[0], out err);
+ Console.Out.WriteLine("Signature is " + (valid ? "Valid, Yippy!" : "Invalid!") + " msg: " + err);
+
+
+ }
+ else
+ Console.Out.WriteLine("no businesses were returned!");
+
+ }
+ catch (Exception ex)
+ {
+ while (ex != null)
+ {
+ System.Console.WriteLine("Error! " + ex.Message);
+ ex = ex.InnerException;
+ }
+ }
+ finally
+ {
+ if (transport != null && transport is IDisposable)
+ {
+ ((IDisposable)transport).Dispose();
+ }
+ if (clerk != null)
+ clerk.Dispose();
+ }
+
+
+
+
+ }
+ }
+}
Modified: juddi/trunk/juddi-client.net/juddi-client.net-sample/Program.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/Program.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/Program.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/Program.cs Tue Nov 12 02:56:09 2013
@@ -34,6 +34,7 @@ namespace org.apache.juddi.client.sample
Console.Out.WriteLine("7) jUDDI specific - Save Node");
Console.Out.WriteLine("8) jUDDI specific - Save Clerk");
Console.Out.WriteLine("9) Subscription callbacks");
+ Console.Out.WriteLine("10) Digital Signatures");
Console.Out.Write("Enter selection> ");
String selection = Console.In.ReadLine();
selection = selection.Trim();
@@ -55,6 +56,8 @@ namespace org.apache.juddi.client.sample
saveClerkExample.main(args);
else if (selection.Equals("9"))
SubscriptionCallbackExample.Run(args);
+ else if (selection.Equals("10"))
+ DigitalSignaturesExample.Run(args);
Console.WriteLine("Press any key to exit");
Console.Read();
Modified: juddi/trunk/juddi-client.net/juddi-client.net-sample/SimpleInquiry.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/SimpleInquiry.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/SimpleInquiry.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/SimpleInquiry.cs Tue Nov 12 02:56:09 2013
@@ -14,19 +14,11 @@
* limitations under the License.
*
*/
-using net.java.dev.wadl;
-using org.apache.juddi.jaxb;
using org.apache.juddi.v3.client;
using org.apache.juddi.v3.client.config;
-using org.apache.juddi.v3.client.crypto;
-using org.apache.juddi.v3.client.mapping;
using org.apache.juddi.v3.client.transport;
using org.uddi.apiv3;
-using org.xmlsoap.schemas.easyWsdl;
using System;
-using System.Collections.Generic;
-using System.Security.Cryptography;
-using System.Text;
namespace org.apache.juddi.client.sample
Modified: juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample-mono.csproj
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample-mono.csproj?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample-mono.csproj (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample-mono.csproj Tue Nov 12 02:56:09 2013
@@ -36,21 +36,22 @@
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Data" />
- <Reference Include="System.Runtime.Serialization" />
+ <Reference Include="System.Runtime.Serialization" />
<Reference Include="System.ServiceModel" />
<Reference Include="System.Web.Services" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
- <Compile Include="Encryption.cs" />
- <Compile Include="findendpoints.cs" />
- <Compile Include="juddi\saveClerkExample.cs" />
+ <Compile Include="DigitalSignaturesExample.cs" />
+ <Compile Include="Encryption.cs" />
+ <Compile Include="findendpoints.cs" />
+ <Compile Include="juddi\saveClerkExample.cs" />
<Compile Include="juddi\saveNodeExample.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
- <Compile Include="ServiceVersioning.cs" />
+ <Compile Include="ServiceVersioning.cs" />
<Compile Include="SimpleInquiry.cs" />
- <Compile Include="SubscriptionCallbackExample.cs" />
+ <Compile Include="SubscriptionCallbackExample.cs" />
<Compile Include="WadlImport.cs" />
<Compile Include="WsdlImport.cs" />
</ItemGroup>
Modified: juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample.csproj
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample.csproj?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample.csproj (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/juddi-client.net-sample.csproj Tue Nov 12 02:56:09 2013
@@ -42,6 +42,7 @@
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
+ <Compile Include="DigitalSignaturesExample.cs" />
<Compile Include="Encryption.cs" />
<Compile Include="findendpoints.cs" />
<Compile Include="juddi\saveClerkExample.cs" />
Modified: juddi/trunk/juddi-client.net/juddi-client.net-sample/uddi.xml
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net-sample/uddi.xml?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net-sample/uddi.xml (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net-sample/uddi.xml Tue Nov 12 02:56:09 2013
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
+<?xml version="1.0" encoding="utf-8" ?>
<uddi xmlns="urn:juddi-apache-org:v3_client" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:juddi-apache-org:v3_client ..\..\juddi-client\src\main\resources\xsd\uddi-client.xsd">
<reloadDelay>5000</reloadDelay>
<client name="test-client">
@@ -80,21 +80,40 @@
</clerks>
<signature>
- <signingKeyStorePath>CURRENT-USER</signingKeyStorePath>
- <signingKeyStoreType>WINDOWS</signingKeyStoreType>
+ <!-- the store name,
+ AddressBook
+ AuthRoot
+ CertificateAuthority
+ Disallowed
+ My (usually this is the one you want
+ Root
+ TrustedPeople
+ TrustedPublisher-->
+ <signingKeyStorePath>My</signingKeyStorePath>
+ <!-- storelocation
+ CurrentUser
+ LocalMachine
+ -->
+ <signingKeyStoreType>CurrentUser</signingKeyStoreType>
<signingKeyStoreFilePassword>ignored</signingKeyStoreFilePassword>
<signingKeyPassword>ignored</signingKeyPassword>
- <signingKeyAlias>SERIAL</signingKeyAlias>
+
+ <!-- serial number-->
+ <signingKeyAlias>â514a6615</signingKeyAlias>
<canonicalizationMethod>http://www.w3.org/2001/10/xml-exc-c14n#</canonicalizationMethod>
- <signatureMethod>RSA_SHA1</signatureMethod>
+ <signatureMethod>http://www.w3.org/2000/09/xmldsig#rsa-sha1</signatureMethod>
<XML_DIGSIG_NS>http://www.w3.org/2000/09/xmldsig#</XML_DIGSIG_NS>
- <trustStorePath>CURRENT-USER</trustStorePath>
- <trustStoreType>WINDOWS</trustStoreType>
+ <trustStorePath>ignored</trustStorePath>
+ <trustStoreType>ignored</trustStoreType>
<trustStorePassword>ignored</trustStorePassword>
<checkTimestamps>true</checkTimestamps>
<checkTrust>true</checkTrust>
<checkRevocationCRL>true</checkRevocationCRL>
- <checkRevocationOCSP>false</checkRevocationOCSP>
+ <checkRevocationOCSP>true</checkRevocationOCSP>
+ <keyInfoInclusionSubjectDN>true</keyInfoInclusionSubjectDN>
+ <keyInfoInclusionSerial>false</keyInfoInclusionSerial>
+ <keyInfoInclusionBase64PublicKey>true</keyInfoInclusionBase64PublicKey>
+ <digestMethod>http://www.w3.org/2000/09/xmldsig#sha1</digestMethod>
</signature>
<subscriptionCallbacks>
<keyDomain>uddi:org.apache.demos</keyDomain>
Modified: juddi/trunk/juddi-client.net/juddi-client.net/juddi-client.net-mono.csproj
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/juddi-client.net-mono.csproj?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/juddi-client.net-mono.csproj (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/juddi-client.net-mono.csproj Tue Nov 12 02:56:09 2013
@@ -47,7 +47,7 @@
<Compile Include="bindings\events.cs" />
<Compile Include="bindings\ext.cs" />
<Compile Include="bindings\JUDDIApiService.cs" />
-<Compile Include="org.apache.juddi.jaxb\PrintJUDDI.cs" />
+ <Compile Include="org.apache.juddi.jaxb\PrintJUDDI.cs" />
<Compile Include="org.apache.juddi.jaxb\PrintUDDI.cs" />
<Compile Include="org.apache.juddi.v3.client.annotations\AnnotationProcessor.cs" />
<Compile Include="org.apache.juddi.v3.client.annotations\UDDIService.cs" />
@@ -79,7 +79,7 @@
<Compile Include="org.apache.juddi.v3.client.mapping\wsdl.cs" />
<Compile Include="org.apache.juddi.v3.client.mapping\WSDL2UDDI.cs" />
<Compile Include="org.apache.juddi.v3.client.mapping\XMLSchema.cs" />
- <Compile Include="org.apache.juddi.v3.client.subscription\ISubscriptionCallback.cs" />
+ <Compile Include="org.apache.juddi.v3.client.subscription\ISubscriptionCallback.cs" />
<Compile Include="org.apache.juddi.v3.client.subscription\RegistrationAbortedException.cs" />
<Compile Include="org.apache.juddi.v3.client.subscription\ServiceAlreadyStartedException.cs" />
<Compile Include="org.apache.juddi.v3.client.subscription\SubscriptionCallbackListener.cs" />
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/PrintUDDI.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/PrintUDDI.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/PrintUDDI.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.jaxb/PrintUDDI.cs Tue Nov 12 02:56:09 2013
@@ -49,5 +49,20 @@ namespace org.apache.juddi.jaxb
return err;
}
}
+
+ public T createObject(String data)
+ {
+ try
+ {
+ XmlSerializer xs = new XmlSerializer(typeof(T));
+ StringReader sw = new StringReader(data);
+ object j = xs.Deserialize(sw);
+ return (T)j;
+ }
+ catch (Exception ex)
+ {
+ throw ex;
+ }
+ }
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ClientConfig.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ClientConfig.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ClientConfig.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/ClientConfig.cs Tue Nov 12 02:56:09 2013
@@ -1,4 +1,5 @@
-/*
+using org.apache.juddi.v3.client.crypto;
+/*
* Copyright 2001-2008 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -20,6 +21,7 @@ using System.Collections;
using System.Collections.Generic;
using System.Configuration;
using System.IO;
+using System.Security.Cryptography.Xml;
using System.Text;
using System.Xml;
using System.Xml.Serialization;
@@ -268,7 +270,7 @@ namespace org.apache.juddi.v3.client.con
log.warn("XRegistration cannot continue, no clerks are defined!");
return xRegistrations;
}
- if (config.client.clerks.xregister==null || config.client.clerks.xregister.business == null)
+ if (config.client.clerks.xregister == null || config.client.clerks.xregister.business == null)
return xRegistrations;
if (config.client.clerks.xregister.business.Length > 0)
log.info("XRegistration " + config.client.clerks.xregister.business.Length + " business Keys");
@@ -302,7 +304,7 @@ namespace org.apache.juddi.v3.client.con
log.warn("XRegistration cannot continue, no clerks are defined!");
return xRegistrations;
}
- if (config.client.clerks.xregister==null || config.client.clerks.xregister.servicebinding == null)
+ if (config.client.clerks.xregister == null || config.client.clerks.xregister.servicebinding == null)
return xRegistrations;
if (config.client.clerks.xregister.servicebinding.Length > 0)
log.info("XRegistration " + config.client.clerks.xregister.servicebinding.Length + " serviceBinding Keys");
@@ -405,9 +407,82 @@ namespace org.apache.juddi.v3.client.con
return configurationFile;
}
- public Properties getDigitalSignatureConfiguration()
+ /// <summary>
+ /// Fetches all digital signature related properties for the digital signature utility.
+ /// warning, this will decrypt all passwords
+ ///
+
+ /// </summary>
+ /// <returns></returns>
+ public Properties getDigitalSignatureConfiguration()
{
- throw new NotImplementedException();
+ Properties p = new Properties();
+ if ( this.config==null ||
+ this.config.client==null ||
+ this.config.client.signature==null)
+ {
+ log.warn("No configuration data is available, signatures probably won't be possible");
+ this.config.client.signature = new uddiClientSignature();
+ }
+ p.setProperty(DigSigUtil.CANONICALIZATIONMETHOD, this.config.client.signature.canonicalizationMethod, SignedXml.XmlDsigExcC14NWithCommentsTransformUrl);
+ p.setProperty(DigSigUtil.CHECK_TIMESTAMPS, this.config.client.signature.checkTimestamps.ToString(), "true");
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_CRL, this.config.client.signature.checkRevocationCRL.ToString(), "true");
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_OCSP, this.config.client.signature.checkRevocationOCSP.ToString(), "true");
+ p.setProperty(DigSigUtil.CHECK_TRUST_CHAIN, this.config.client.signature.checkTrust.ToString(), "true");
+
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE, this.config.client.signature.signingKeyStorePath);
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, this.config.client.signature.signingKeyStoreType);
+
+ if (this.config.client.signature.signingKeyPassword!=null &&
+ this.config.client.signature.signingKeyPassword.isPasswordEncrypted)
+ {
+ String enc = this.config.client.signature.signingKeyPassword.Value;
+ String prov = this.config.client.signature.signingKeyPassword.cryptoProvider;
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ {
+ log.warn("Hey, you should consider encrypting your passwords!");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, this.config.client.signature.signingKeyPassword.Value);
+ }
+ if (this.config.client.signature.signingKeyStoreFilePassword!=null &&
+ this.config.client.signature.signingKeyStoreFilePassword.isPasswordEncrypted)
+ {
+ String enc = this.config.client.signature.signingKeyStoreFilePassword.Value;
+ String prov = this.config.client.signature.signingKeyStoreFilePassword.cryptoProvider;
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ {
+ log.warn("Hey, you should consider encrypting your passwords!");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, this.config.client.signature.signingKeyStoreFilePassword.Value);
+ }
+
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, this.config.client.signature.signingKeyAlias);
+ p.setProperty(DigSigUtil.SIGNATURE_METHOD, this.config.client.signature.signatureMethod, "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, this.config.client.signature.keyInfoInclusionSubjectDN.ToString());
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, this.config.client.signature.keyInfoInclusionBase64PublicKey.ToString());
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, this.config.client.signature.keyInfoInclusionSerial.ToString());
+
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_DIGEST_METHOD, this.config.client.signature.digestMethod, "http://www.w3.org/2000/09/xmldsig#sha1");
+
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE, this.config.client.signature.trustStorePath);
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILETYPE, this.config.client.signature.trustStoreType);
+
+
+ if (this.config.client.signature.trustStorePassword!=null &&
+ this.config.client.signature.trustStorePassword.isPasswordEncrypted)
+ {
+ String enc = this.config.client.signature.trustStorePassword.Value;
+ String prov = this.config.client.signature.trustStorePassword.cryptoProvider;
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ {
+ log.warn("Hey, you should consider encrypting your passwords!");
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, this.config.client.signature.trustStorePassword);
+ }
+ return p;
}
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/Properties.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/Properties.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/Properties.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/Properties.cs Tue Nov 12 02:56:09 2013
@@ -139,5 +139,13 @@ namespace org.apache.juddi.v3.client.con
return defaultvalue;
return s;
}
+
+ public void setProperty(string key, string value, string def)
+ {
+ if (String.IsNullOrEmpty(value))
+ setProperty(key, def);
+ else
+ setProperty(key, value);
+ }
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs Tue Nov 12 02:56:09 2013
@@ -861,6 +861,14 @@ namespace org.apache.juddi.v3.client.con
private bool checkRevocationOCSPField;
+ private bool keyInfoInclusionSubjectDNField;
+
+ private bool keyInfoInclusionSerialField;
+
+ private bool keyInfoInclusionBase64PublicKeyField;
+
+ private string digestMethodField;
+
public uddiClientSignature() {
this.canonicalizationMethodField = "http://www.w3.org/2001/10/xml-exc-c14n#";
this.signatureMethodField = "RSA_SHA1";
@@ -869,6 +877,10 @@ namespace org.apache.juddi.v3.client.con
this.checkTrustField = true;
this.checkRevocationCRLField = false;
this.checkRevocationOCSPField = false;
+ this.keyInfoInclusionSubjectDNField = false;
+ this.keyInfoInclusionSerialField = false;
+ this.keyInfoInclusionBase64PublicKeyField = false;
+ this.digestMethodField = "http://www.w3.org/2000/09/xmldsig#sha1";
}
/// <remarks/>
@@ -1020,6 +1032,46 @@ namespace org.apache.juddi.v3.client.con
this.checkRevocationOCSPField = value;
}
}
+
+ /// <remarks/>
+ public bool keyInfoInclusionSubjectDN {
+ get {
+ return this.keyInfoInclusionSubjectDNField;
+ }
+ set {
+ this.keyInfoInclusionSubjectDNField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool keyInfoInclusionSerial {
+ get {
+ return this.keyInfoInclusionSerialField;
+ }
+ set {
+ this.keyInfoInclusionSerialField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool keyInfoInclusionBase64PublicKey {
+ get {
+ return this.keyInfoInclusionBase64PublicKeyField;
+ }
+ set {
+ this.keyInfoInclusionBase64PublicKeyField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string digestMethod {
+ get {
+ return this.digestMethodField;
+ }
+ set {
+ this.digestMethodField = value;
+ }
+ }
}
/// <remarks/>
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.crypto/DigSigUtil.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.crypto/DigSigUtil.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.crypto/DigSigUtil.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.crypto/DigSigUtil.cs Tue Nov 12 02:56:09 2013
@@ -1,7 +1,15 @@
-using System;
+using org.apache.juddi.jaxb;
+using org.apache.juddi.v3.client.config;
+using org.apache.juddi.v3.client.log;
+using org.uddi.apiv3;
+using System;
+using System.Collections;
using System.Collections.Generic;
-
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Cryptography.Xml;
using System.Text;
+using System.Xml;
namespace org.apache.juddi.v3.client.crypto
{
@@ -13,17 +21,147 @@ namespace org.apache.juddi.v3.client.cry
/// <author><a href="mailto:alexoree@apache.org">Alex O'Ree</a></author>
public class DigSigUtil
{
- private config.Properties properties;
- public DigSigUtil(config.Properties properties)
+ public DigSigUtil(Properties c)
+ {
+ map = c;
+
+
+ }
+
+ private Log logger = LogFactory.getLog(typeof(DigSigUtil));
+
+ public void put(String key, String value)
+ {
+ map.put(key, value);
+ }
+
+ /**
+ * clears the configuration for reuse
+ */
+ public void clear()
{
- // TODO: Complete member initialization
- this.properties = properties;
+
}
+ private Properties map = new Properties();
+
+ /**
+ * This is the location of the keystore
+ *
+ * If referencing a Windows certificate store, use WINDOWS-MY as a value
+ * with a null password
+ */
+ public readonly static String SIGNATURE_KEYSTORE_FILE = "keyStorePath";
+ /**
+ * The type of file, such as JKS for most Java applications, or WINDOWS-MY
+ * to use the Windows certificate store of the current user or KeychainStore
+ * for MacOS
+ */
+ public readonly static String SIGNATURE_KEYSTORE_FILETYPE = "keyStoreType";
+ public readonly static String SIGNATURE_KEYSTORE_FILE_PASSWORD = "filePassword";
+ public readonly static String SIGNATURE_KEYSTORE_KEY_PASSWORD = "keyPassword";
+ public readonly static String SIGNATURE_KEYSTORE_KEY_ALIAS = "keyAlias";
+ public readonly static String TRUSTSTORE_FILE = "trustStorePath";
+ public readonly static String TRUSTSTORE_FILETYPE = "trustStoreType";
+ public readonly static String TRUSTSTORE_FILE_PASSWORD = "trustStorePassword";
+ /**
+ * default is CanonicalizationMethod.EXCLUSIVE
+ *
+ * @see CanonicalizationMethod
+ */
+ public readonly static String CANONICALIZATIONMETHOD = "CanonicalizationMethod";
+ /**
+ * default is http://www.w3.org/2000/09/xmldsig#rsa-sha1
+ *
+ * @see SignatureMethod
+ */
+ public readonly static String SIGNATURE_METHOD = "SignatureMethod";
+ /**
+ * Defines whether or not a certificate is included with the signature<Br>
+ * Values - Include whole X509 Public Key in the signature (recommended)
+ * (default) * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, true);</pre>
+ * any value can be used.
+ */
+ public readonly static String SIGNATURE_OPTION_CERT_INCLUSION_BASE64 = "BASE64";
+
+
+ /// <summary>
+ /// Include the signer's serial of the public key and the issuer's subject name
+ ///
+ /// Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ /// in a trust store or the full certificate is included
+ /// out of band
+ ///
+ /// Example
+ /// <pre>
+ /// Map map = new HashMap();
+ /// map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, true);</pre>
+ /// any value can be used.
+ /// @see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ /// </summary>
+ public readonly static String SIGNATURE_OPTION_CERT_INCLUSION_SERIAL = "SERIAL";
+ /*
+ * Include the signer's Subject DN of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+ public readonly static String SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN = "SUBJECTDN";
+ /*
+ * Include the signer's X500 Prinicple of the public key.
+ *
+ * Clients will not be able to validate the signature unless they have a copy of the signer's public key
+ * in a trust store or the full certificate is included
+ * out of band
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL, true);</pre>
+ * any value can be used.
+ *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ */
+ //public readonly static String SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL = "X500";
+ public readonly static String XML_DIGSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ /**
+ * Default value DigestMethod.SHA1 =
+ * "http://www.w3.org/2000/09/xmldsig#sha1"
+ *
+ * @see javax.xml.crypto.dsig.DigestMethod
+ */
+ public readonly static String SIGNATURE_OPTION_DIGEST_METHOD = "digestMethod";
+ /**
+ * When validating a signature, include this field will validate that the
+ * signature is still valid with regards to timestamps NotBefore and
+ * OnOrAfter
+ *
+ * Example
+ * <pre>
+ * Map map = new HashMap();
+ * map.put(DigSigUtil.CHECK_TIMESTAMPS, true);</pre> any value can be used.
+ */
+ public readonly static String CHECK_TIMESTAMPS = "checkTimestamps";
+ public readonly static String CHECK_REVOCATION_STATUS_OCSP = "checkRevocationOCSP";
+ public readonly static String CHECK_REVOCATION_STATUS_CRL = "checkRevocationCRL";
+ public readonly static String CHECK_TRUST_CHAIN = "checkTrust";
+
+
+
/// <summary>
///
/// Verifies the signature on an enveloped digital signature on a UDDI
- /// entity, such as a business, service, tmodel or binding template. <br><Br>
+ /// entity, such as a business, service, tmodel or binding template.
/// It is expected that either the public key of the signing certificate is
/// included within the signature keyinfo section OR that sufficient
/// information is provided in the signature to reference a public key
@@ -37,13 +175,406 @@ namespace org.apache.juddi.v3.client.cry
/// <returns></returns>
public bool verifySignedUddiEntity(Object obj, out String OutErrorMessage)
{
- OutErrorMessage = "";
- return false;
+ if (obj == null)
+ {
+ throw new ArgumentNullException("obj");
+ }
+ string msg = "";
+ //serialize to string
+ XmlDocument doc = null;
+ if (obj.GetType().Equals(typeof(bindingTemplate)))
+ {
+ PrintUDDI<bindingTemplate> p = new PrintUDDI<bindingTemplate>();
+ String s = p.print(obj);
+ doc = StringToXmlDocument(s);
+ }
+ if (obj.GetType().Equals(typeof(businessService)))
+ {
+ PrintUDDI<businessService> p = new PrintUDDI<businessService>();
+ String s = p.print(obj);
+ doc = StringToXmlDocument(s);
+ }
+ if (obj.GetType().Equals(typeof(businessEntity)))
+ {
+ PrintUDDI<businessEntity> p = new PrintUDDI<businessEntity>();
+ String s = p.print(obj);
+ doc = StringToXmlDocument(s);
+ }
+ if (obj.GetType().Equals(typeof(tModel)))
+ {
+ PrintUDDI<tModel> p = new PrintUDDI<tModel>();
+ String s = p.print(obj);
+ doc = StringToXmlDocument(s);
+ }
+
+ //get signing certificate
+ X509Certificate2 signingCert = getSigningCertificatePublicKey(doc);
+
+ //check timestamps
+ if (map.getProperty(DigSigUtil.CHECK_TIMESTAMPS).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ {
+ if (DateTime.Now < signingCert.NotBefore)
+ {
+ msg += "Signing certificate is not yet valid";
+ }
+ if (DateTime.Now > signingCert.NotAfter)
+ {
+ msg += "Signing certificate is not yet valid";
+ }
+ }
+ if (map.getProperty(DigSigUtil.CHECK_TRUST_CHAIN).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ {
+ //check trust
+ X509Chain chain = new X509Chain();
+ chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
+ chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
+ bool r = chain.Build(signingCert);
+ if (!r)
+ {
+ foreach (X509ChainElement element in chain.ChainElements)
+ {
+ msg += ("Element issuer name: " + element.Certificate.Issuer + " is " + element.Certificate.Verify());
+ }
+ }
+ }
+ //check ocsp
+ //check crl
+ if (map.getProperty(DigSigUtil.CHECK_REVOCATION_STATUS_OCSP).Equals("true", StringComparison.CurrentCultureIgnoreCase) ||
+ map.getProperty(DigSigUtil.CHECK_REVOCATION_STATUS_CRL).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ {
+ //check trust
+ X509Chain chain = new X509Chain();
+ chain.ChainPolicy.RevocationMode = X509RevocationMode.Online;
+ chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain;
+ chain.ChainPolicy.VerificationFlags = X509VerificationFlags.NoFlag;
+ bool r = chain.Build(signingCert);
+ if (!r)
+ {
+ foreach (X509ChainElement element in chain.ChainElements)
+ {
+ msg += ("Element issuer name: " + element.Certificate.Issuer + " is " + element.Certificate.Verify());
+ }
+ }
+ }
+
+
+ //verify crypto (math)
+ String verifytext = "";
+ bool valid = verifySignature(doc, signingCert, out verifytext);
+ OutErrorMessage = verifytext + msg;
+ return valid;
+ }
+
+ private bool verifySignature(XmlDocument Doc, X509Certificate2 cert, out string OutErrorMessage)
+ {
+ string msg = "";
+
+
+ // Create a new SignedXml object and pass it
+ // the XML document class.
+ SignedXml signedXml = new SignedXml(Doc);
+
+ // Find the "Signature" node and create a new
+ // XmlNodeList object.
+ XmlNodeList nodeList = Doc.GetElementsByTagName("Signature");
+
+ // Throw an exception if no signature was found.
+ if (nodeList.Count <= 0)
+ {
+ msg += ("Verification failed: No Signature was found in the document.");
+ }
+
+ // This example only supports one signature for
+ // the entire XML document. Throw an exception
+ // if more than one signature was found.
+ if (nodeList.Count >= 2)
+ {
+ msg += ("Verification failed: More that one signature was found for the document.");
+ }
+
+ // Load the first <signature> node.
+ signedXml.LoadXml((XmlElement)nodeList[0]);
+
+ // Check the signature and return the result.
+ OutErrorMessage = msg;
+ return signedXml.CheckSignature(cert, true);
+
+ }
+
+ private X509Certificate2 getSigningCertificatePublicKey(XmlDocument doc)
+ {
+ if (doc == null)
+ throw new ArgumentNullException("doc");
+ XmlNode node = doc.ChildNodes[1]; //this should be the uddi entry
+ X509Certificate2 cert = null;
+ IEnumerator it = node.ChildNodes.GetEnumerator();
+ while (it.MoveNext())
+ {
+ XmlNode x = (XmlNode)it.Current;
+ if (x.NamespaceURI.Equals(DigSigUtil.XML_DIGSIG_NS, StringComparison.CurrentCultureIgnoreCase) &&
+ x.LocalName.Equals("Signature", StringComparison.CurrentCultureIgnoreCase))
+ {
+ IEnumerator it2 = x.ChildNodes.GetEnumerator();
+ while (it2.MoveNext())
+ {
+ XmlNode x2 = (XmlNode)it2.Current;
+ if (x2.LocalName.Equals("KeyInfo", StringComparison.CurrentCultureIgnoreCase))
+ {
+ IEnumerator it3 = x2.ChildNodes.GetEnumerator();
+ while (it3.MoveNext())
+ {
+ XmlNode x3 = (XmlNode)it3.Current;
+ if (x3.LocalName.Equals("X509Data", StringComparison.CurrentCultureIgnoreCase))
+ {
+ //X509Certificate
+ IEnumerator it4 = x3.ChildNodes.GetEnumerator();
+ while (it4.MoveNext())
+ {
+ XmlNode x4 = (XmlNode)it4.Current;
+ if (x4.LocalName.Equals("X509Certificate", StringComparison.CurrentCultureIgnoreCase))
+ {
+ //X509Certificate
+ String c =
+ //"-----BEGIN CERTIFICATE-----\n"
+ x4.InnerText;
+ //+ "\n-----END CERTIFICATE-----";
+
+ cert = new X509Certificate2(Convert.FromBase64String(c));
+ logger.info("embedded certificate found, X509 public key " + cert.Subject);
+ return cert;
+ }
+
+ }
+ }
+
+ }
+ }
+
+ }
+ }
+ }
+ return null;
+ }
+
+ /// <summary>
+ /// Digitally signs a UDDI entity, such as a business, service, tmodel or
+ /// binding template using the map to provide certificate key stores and
+ /// credentials<br><br> The UDDI entity MUST support XML Digital Signatures
+ /// (tModel, Business, Service, Binding Template)
+
+ /// </summary>
+ /// <param name="bt"></param>
+ /// <returns></returns>
+ public object signUddiEntity(object bt)
+ {
+
+ XmlDocument doc = null;
+ if (bt.GetType().Equals(typeof(bindingTemplate)))
+ {
+ PrintUDDI<bindingTemplate> p = new PrintUDDI<bindingTemplate>();
+ String s = p.print(bt);
+ doc = StringToXmlDocument(s);
+ }
+ if (bt.GetType().Equals(typeof(businessService)))
+ {
+ PrintUDDI<businessService> p = new PrintUDDI<businessService>();
+ String s = p.print(bt);
+ doc = StringToXmlDocument(s);
+ }
+ if (bt.GetType().Equals(typeof(businessEntity)))
+ {
+ PrintUDDI<businessEntity> p = new PrintUDDI<businessEntity>();
+ String s = p.print(bt);
+ doc = StringToXmlDocument(s);
+ }
+ if (bt.GetType().Equals(typeof(tModel)))
+ {
+ PrintUDDI<tModel> p = new PrintUDDI<tModel>();
+ String s = p.print(bt);
+ doc = StringToXmlDocument(s);
+ }
+
+
+ X509Certificate2 key = GetKey();
+ XmlElement sig = SignXml(doc, key);
+ //append the signature to the document
+ doc.ChildNodes[1].AppendChild(sig);
+
+ String signedXml = doc.OuterXml;
+ if (bt.GetType().Equals(typeof(bindingTemplate)))
+ {
+ PrintUDDI<bindingTemplate> p = new PrintUDDI<bindingTemplate>();
+ return p.createObject(signedXml);
+ }
+ if (bt.GetType().Equals(typeof(businessService)))
+ {
+ PrintUDDI<businessService> p = new PrintUDDI<businessService>();
+ return p.createObject(signedXml);
+ }
+ if (bt.GetType().Equals(typeof(businessEntity)))
+ {
+ PrintUDDI<businessEntity> p = new PrintUDDI<businessEntity>();
+ return p.createObject(signedXml);
+ }
+ if (bt.GetType().Equals(typeof(tModel)))
+ {
+ PrintUDDI<tModel> p = new PrintUDDI<tModel>();
+ return p.createObject(signedXml);
+ }
+ return bt;
+ }
+
+ private X509Certificate2 GetKey()
+ {
+ String storelocation = map.getProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE);
+ String storename = map.getProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE);
+ String keyserial = map.getProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS);
+ X509Store store = new X509Store(
+ (StoreName)Enum.Parse(typeof(StoreName), storename),
+ (StoreLocation)Enum.Parse(typeof(StoreLocation), storelocation));
+ store.Open(OpenFlags.ReadOnly);
+ X509Certificate2Enumerator it = store.Certificates.GetEnumerator();
+ while (it.MoveNext())
+ {
+ X509Certificate2 cert = it.Current;
+ if (cert.HasPrivateKey)
+ {
+ //do some comparisions
+ if (cert.SerialNumber.Equals(keyserial, StringComparison.CurrentCultureIgnoreCase))
+ {
+ store.Close();
+ return cert;
+ }
+ }
+ }
+ store.Close();
+ return null;
+
}
- internal uddi.apiv3.bindingTemplate signUddiEntity(object bt)
+
+ XmlDocument StringToXmlDocument(String s)
{
- throw new NotImplementedException();
+ XmlDocument xmlDoc = new XmlDocument();
+ xmlDoc.PreserveWhitespace = false;
+ xmlDoc.LoadXml(s);
+ return xmlDoc;
}
+
+
+ //source http://objectmix.com/dotnet/794749-digitally-sign-xml-doc-x509certificate-solution.html
+
+ //Certificate get Signature method
+ private XmlElement SignXml(XmlDocument xmlDoc, X509Certificate2 cert)
+ {
+ //preserve ws - difference here I noticed - mine was set to true
+ xmlDoc.PreserveWhitespace = false;
+
+ // Create a SignedXml object.
+ SignedXml signedXml = new SignedXml(xmlDoc);
+
+ // Load the certificate into a KeyInfoX509Data object
+ // and add it to the KeyInfo object.
+ //// Add an RSAKeyValue KeyInfo (optional; helps recipient find key to validate).
+ KeyInfo keyInfo = new KeyInfo();
+ if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ keyInfo.AddClause(new KeyInfoX509Data(cert));
+ if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ {
+ KeyInfoX509Data data = new KeyInfoX509Data();
+ data.AddSubjectName(cert.SubjectName.Name);
+ keyInfo.AddClause(data);
+ }
+ if (map.getProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL).Equals("true", StringComparison.CurrentCultureIgnoreCase))
+ {
+ KeyInfoX509Data data = new KeyInfoX509Data();
+ data.AddIssuerSerial(cert.IssuerName.Name, cert.SerialNumber);
+ keyInfo.AddClause(data);
+ }
+
+ signedXml.KeyInfo = keyInfo;
+
+ //CANON method
+ signedXml.SignedInfo.CanonicalizationMethod = map.getProperty(DigSigUtil.CANONICALIZATIONMETHOD);
+ if (String.IsNullOrEmpty(signedXml.SignedInfo.CanonicalizationMethod))
+ signedXml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigExcC14NWithCommentsTransformUrl;
+
+ signedXml.SignedInfo.SignatureMethod = map.getProperty(DigSigUtil.SIGNATURE_METHOD);
+ if (String.IsNullOrEmpty(signedXml.SignedInfo.SignatureMethod))
+ signedXml.SignedInfo.SignatureMethod = SignedXml.XmlDsigRSASHA1Url;
+
+
+ // Set the rsaKey to the certificate's private key
+ RSACryptoServiceProvider rsaKey = (RSACryptoServiceProvider)cert.PrivateKey;
+
+ // Add the key to the SignedXml document.
+ signedXml.SigningKey = rsaKey;
+
+ // Create a reference to be signed.
+ Reference reference = new Reference();
+ reference.Uri = "";
+
+ // Add an enveloped transformation to the reference.
+ XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
+ reference.AddTransform(env);
+
+
+ // Add the reference to the SignedXml object.
+ signedXml.AddReference(reference);
+
+ // Now we can compute the signature.
+ signedXml.ComputeSignature();
+ return signedXml.GetXml();
+ // return signedXml;
+
+ }
+
+ //gets payload data and returns xmn XMLDocument
+ private XmlDocument GetPayLoadData(string xmlstring)
+ {
+ XmlDocument xmlDoc = new XmlDocument();
+ xmlDoc.LoadXml(xmlstring);
+ return xmlDoc;
+
+ }
+
+ //GET CERT BY FRIENDLYNAME
+ public X509Certificate2 GetCertificateBySubject(string subject)
+ {
+ X509Certificate2 cert = null;
+
+ try
+ {
+
+ X509Store xstore = new X509Store(StoreName.Root,
+ StoreLocation.LocalMachine);
+ xstore.Open(OpenFlags.IncludeArchived);
+
+
+ string strOutput = string.Empty;
+
+ foreach (X509Certificate2 cert2 in xstore.Certificates)
+ {
+
+ if (cert2.FriendlyName == subject.ToString())
+ {
+ cert = cert2;
+ break;
+ }
+
+ }
+ }
+ catch (Exception ex)
+ {
+ logger.error("", ex);
+
+ throw ex;
+ }
+
+ return cert;
+ }
+
+
+
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/RegistrationAbortedException.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/RegistrationAbortedException.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/RegistrationAbortedException.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/RegistrationAbortedException.cs Tue Nov 12 02:56:09 2013
@@ -1,18 +1,29 @@
using System;
using System.Collections.Generic;
using System.Linq;
+using System.Runtime.Serialization;
using System.Text;
namespace org.apache.juddi.client.org.apache.juddi.v3.client.subscription
{
- class RegistrationAbortedException : Exception
+
+ [Serializable]
+ public class RegistrationAbortedException : Exception
{
- private string p;
- public RegistrationAbortedException(string p)
+ public RegistrationAbortedException() { }
+
+ public RegistrationAbortedException(string message)
+ : base(message)
+ {
+ }
+ public RegistrationAbortedException(string message, Exception innerException)
+ : base(message, innerException)
+ {
+ }
+ protected RegistrationAbortedException(SerializationInfo info, StreamingContext context)
+ : base(info, context)
{
- // TODO: Complete member initialization
- this.p = p;
}
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/ServiceAlreadyStartedException.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/ServiceAlreadyStartedException.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/ServiceAlreadyStartedException.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/ServiceAlreadyStartedException.cs Tue Nov 12 02:56:09 2013
@@ -1,11 +1,29 @@
using System;
using System.Collections.Generic;
using System.Linq;
+using System.Runtime.Serialization;
using System.Text;
namespace org.apache.juddi.client.org.apache.juddi.v3.client.subscription
{
- class ServiceAlreadyStartedException : Exception
+
+ [Serializable]
+ public class ServiceAlreadyStartedException : Exception
{
+
+ public ServiceAlreadyStartedException() { }
+
+ public ServiceAlreadyStartedException(string message)
+ : base(message)
+ {
+ }
+ public ServiceAlreadyStartedException(string message, Exception innerException)
+ : base(message, innerException)
+ {
+ }
+ protected ServiceAlreadyStartedException(SerializationInfo info, StreamingContext context)
+ : base(info, context)
+ {
+ }
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/SubscriptionCallbackListener.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/SubscriptionCallbackListener.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/SubscriptionCallbackListener.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/SubscriptionCallbackListener.cs Tue Nov 12 02:56:09 2013
@@ -92,8 +92,10 @@ namespace org.apache.juddi.v3.client.sub
/// </pre>
///
[ServiceBehaviorAttribute( AutomaticSessionShutdown=false, ConcurrencyMode=ConcurrencyMode.Single,
- //DOES NOT WORK ON MONO Name="SubscriptionCallbackListener",
- Namespace="org.apache.juddi.v3.client.subscription", IncludeExceptionDetailInFaults=false, InstanceContextMode=InstanceContextMode.Single, ValidateMustUnderstand=false,
+ //DOES NOT WORK ON MONO
+ Name="SubscriptionCallbackListener",
+ Namespace="org.apache.juddi.v3.client.subscription",
+ IncludeExceptionDetailInFaults=false, InstanceContextMode=InstanceContextMode.Single, ValidateMustUnderstand=false,
AddressFilterMode=AddressFilterMode.Any)]
public class SubscriptionCallbackListener : UDDI_SubscriptionListener_PortType
{
@@ -327,12 +329,12 @@ namespace org.apache.juddi.v3.client.sub
try
{
DigSigUtil ds = new DigSigUtil(client.getClientConfig().getDigitalSignatureConfiguration());
- bt = ds.signUddiEntity(bt);
+ bt = (bindingTemplate)ds.signUddiEntity(bt);
}
catch (Exception ex)
{
log.error("Unable to sign", ex);
- throw new UnableToSignException(ex);
+ throw new UnableToSignException("Unable to sign",ex);
}
break;
@@ -342,12 +344,12 @@ namespace org.apache.juddi.v3.client.sub
try
{
DigSigUtil ds = new DigSigUtil(client.getClientConfig().getDigitalSignatureConfiguration());
- bt = ds.signUddiEntity(bt);
+ bt = (bindingTemplate)ds.signUddiEntity(bt);
}
catch (Exception ex)
{
log.error("Unable to sign", ex);
- throw new UnableToSignException(ex);
+ throw new UnableToSignException("Unable to sign",ex);
}
}
break;
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnableToSignException.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnableToSignException.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnableToSignException.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnableToSignException.cs Tue Nov 12 02:56:09 2013
@@ -1,18 +1,28 @@
using System;
using System.Collections.Generic;
using System.Linq;
+using System.Runtime.Serialization;
using System.Text;
namespace org.apache.juddi.client.org.apache.juddi.v3.client.subscription
{
- class UnableToSignException : Exception
+ [Serializable]
+ public class UnableToSignException : Exception
{
- private Exception ex;
- public UnableToSignException(Exception ex)
+ public UnableToSignException() { }
+
+ public UnableToSignException(string message)
+ : base(message)
+ {
+ }
+ public UnableToSignException(string message, Exception innerException)
+ : base(message, innerException)
+ {
+ }
+ protected UnableToSignException(SerializationInfo info, StreamingContext context)
+ : base(info, context)
{
-
}
-
}
}
Modified: juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnexpectedResponseException.cs
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnexpectedResponseException.cs?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnexpectedResponseException.cs (original)
+++ juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.subscription/UnexpectedResponseException.cs Tue Nov 12 02:56:09 2013
@@ -1,26 +1,29 @@
using System;
using System.Collections.Generic;
using System.Linq;
+using System.Runtime.Serialization;
using System.Text;
namespace org.apache.juddi.client.org.apache.juddi.v3.client.subscription
{
- class UnexpectedResponseException : Exception
+
+ [Serializable]
+ public class UnexpectedResponseException : Exception
{
- private string p;
- private Exception ex;
- public UnexpectedResponseException(string p)
+ public UnexpectedResponseException() { }
+
+ public UnexpectedResponseException(string message)
+ : base(message)
{
- // TODO: Complete member initialization
- this.p = p;
}
-
- public UnexpectedResponseException(string p, Exception ex)
+ public UnexpectedResponseException(string message, Exception innerException)
+ : base(message, innerException)
+ {
+ }
+ protected UnexpectedResponseException(SerializationInfo info, StreamingContext context)
+ : base(info, context)
{
- // TODO: Complete member initialization
- this.p = p;
- this.ex = ex;
}
}
}
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java Tue Nov 12 02:56:09 2013
@@ -356,50 +356,55 @@ public class ClientConfig
* @return
* @throws Exception
*/
- public Properties getDigitalSignatureConfiguration() throws Exception{
- Properties p = new Properties();
- p.setProperty(DigSigUtil.CHECK_TIMESTAMPS, ((Boolean)(this.config.getBoolean("client.signature.checkTimestamps", true))).toString());
- p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_CRL, ((Boolean)(this.config.getBoolean("client.signature.checkRevocationCRL", true))).toString());
- p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_OCSP, ((Boolean)(this.config.getBoolean("client.signature.checkRevocationOCSP", true))).toString());
- p.setProperty(DigSigUtil.CHECK_TRUST_CHAIN, ((Boolean)(this.config.getBoolean("client.signature.checkTrust", true))).toString());
-
- p.setProperty(DigSigUtil.CANONICALIZATIONMETHOD, this.config.getString("client.signature.canonicalizationMethod", CanonicalizationMethod.EXCLUSIVE));
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, this.config.getString("client.signature.signingKeyAlias"));
- p.setProperty(DigSigUtil.TRUSTSTORE_FILE, this.config.getString("client.signature.trustStorePath"));
- p.setProperty(DigSigUtil.TRUSTSTORE_FILETYPE, this.config.getString("client.signature.trustStoreType"));
- p.setProperty(DigSigUtil.SIGNATURE_METHOD, this.config.getString("client.signature.signatureMethod","RSA_SHA1"));
-
- if (this.config.getBoolean("client.signature.trustStorePassword[@isPasswordEncrypted]", false))
- {
- String enc = this.config.getString("client.signature.trustStorePassword");
- String prov = this.config.getString("client.signature.trustStorePassword[@cryptoProvider]");
- p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
- }
- else
- p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, this.config.getString("client.signature.trustStorePassword"));
-
- if (this.config.getBoolean("client.signature.signingKeyPassword[@isPasswordEncrypted]", false))
- {
- String enc = this.config.getString("client.signature.signingKeyPassword");
- String prov = this.config.getString("client.signature.signingKeyPassword[@cryptoProvider]");
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
- }
- else
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, this.config.getString("client.signature.signingKeyPassword"));
-
- if (this.config.getBoolean("client.signature.signingKeyStoreFilePassword[@isPasswordEncrypted]", false))
- {
- String enc = this.config.getString("client.signature.signingKeyStoreFilePassword");
- String prov = this.config.getString("client.signature.signingKeyStoreFilePassword[@cryptoProvider]");
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
- }
- else
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, this.config.getString("client.signature.signingKeyStoreFilePassword"));
-
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, this.config.getString("client.signature.signingKeyStoreType"));
- p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE, this.config.getString("client.signature.signingKeyStorePath"));
-
+ public Properties getDigitalSignatureConfiguration() throws Exception {
+ Properties p = new Properties();
+ p.setProperty(DigSigUtil.CANONICALIZATIONMETHOD, this.config.getString("client.signature.canonicalizationMethod", CanonicalizationMethod.EXCLUSIVE));
+ p.setProperty(DigSigUtil.CHECK_TIMESTAMPS, ((Boolean) (this.config.getBoolean("client.signature.checkTimestamps", true))).toString());
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_CRL, ((Boolean) (this.config.getBoolean("client.signature.checkRevocationCRL", true))).toString());
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_OCSP, ((Boolean) (this.config.getBoolean("client.signature.checkRevocationOCSP", true))).toString());
+ p.setProperty(DigSigUtil.CHECK_TRUST_CHAIN, ((Boolean) (this.config.getBoolean("client.signature.checkTrust", true))).toString());
+
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE, this.config.getString("client.signature.signingKeyStorePath"));
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, this.config.getString("client.signature.signingKeyStoreType"));
+
+ if (this.config.getBoolean("client.signature.signingKeyPassword[@isPasswordEncrypted]", false)) {
+ String enc = this.config.getString("client.signature.signingKeyPassword");
+ String prov = this.config.getString("client.signature.signingKeyPassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ } else {
+ log.warn("Hey, you should consider encrypting your key password!");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD, this.config.getString("client.signature.signingKeyPassword"));
+ }
+ if (this.config.getBoolean("client.signature.signingKeyStoreFilePassword[@isPasswordEncrypted]", false)) {
+ String enc = this.config.getString("client.signature.signingKeyStoreFilePassword");
+ String prov = this.config.getString("client.signature.signingKeyStoreFilePassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ } else {
+ log.warn("Hey, you should consider encrypting your keystore password!");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, this.config.getString("client.signature.signingKeyStoreFilePassword"));
+ }
- return p;
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, this.config.getString("client.signature.signingKeyAlias"));
+ p.setProperty(DigSigUtil.SIGNATURE_METHOD, this.config.getString("client.signature.signatureMethod", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"));
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, this.config.getString("client.signature.keyInfoInclusionSubjectDN"));
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, this.config.getString("client.signature.keyInfoInclusionBase64PublicKey"));
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, this.config.getString("client.signature.keyInfoInclusionSerial"));
+
+ p.setProperty(DigSigUtil.SIGNATURE_OPTION_DIGEST_METHOD, this.config.getString("client.signature.digestMethod", "http://www.w3.org/2000/09/xmldsig#sha1"));
+
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE, this.config.getString("client.signature.trustStorePath"));
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILETYPE, this.config.getString("client.signature.trustStoreType"));
+
+
+ if (this.config.getBoolean("client.signature.trustStorePassword[@isPasswordEncrypted]", false)) {
+ String enc = this.config.getString("client.signature.trustStorePassword");
+ String prov = this.config.getString("client.signature.trustStorePassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+ } else {
+ log.warn("Hey, you should consider encrypting your trust store password!");
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, this.config.getString("client.signature.trustStorePassword"));
}
+
+ return p;
+ }
}
\ No newline at end of file
Modified: juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
URL: http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java?rev=1540929&r1=1540928&r2=1540929&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java (original)
+++ juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java Tue Nov 12 02:56:09 2013
@@ -172,49 +172,53 @@ public class DigSigUtil {
*@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
*/
//public final static String SIGNATURE_OPTION_CERT_INCLUSION_THUMBPRINT = "THUMBPRINT";
- /*
- * Include the signer's serial of the public key.
- *
- * Clients will not be able to validate the signature unless they have a copy of the signer's public key
- * in a trust store or the full certificate is included
- * out of band
- *
+ /**
+ * Include the signer's serial of the public key and the issuer's subject
+ * name
+ *
+ * Clients will not be able to validate the signature unless they have a
+ * copy of the signer's public key in a trust store or the full certificate
+ * is included out of band
+ *
* Example
* <pre>
* Map map = new HashMap();
* map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, true);</pre>
* any value can be used.
- *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ *
+ * @see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
*/
public final static String SIGNATURE_OPTION_CERT_INCLUSION_SERIAL = "SERIAL";
- /*
+ /**
* Include the signer's Subject DN of the public key.
- *
- * Clients will not be able to validate the signature unless they have a copy of the signer's public key
- * in a trust store or the full certificate is included
- * out of band
- *
+ *
+ * Clients will not be able to validate the signature unless they have a
+ * copy of the signer's public key in a trust store or the full certificate
+ * is included out of band
+ *
* Example
* <pre>
* Map map = new HashMap();
* map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, true);</pre>
* any value can be used.
- *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ *
+ * @see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
*/
public final static String SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN = "SUBJECTDN";
- /*
+ /**
* Include the signer's X500 Prinicple of the public key.
- *
- * Clients will not be able to validate the signature unless they have a copy of the signer's public key
- * in a trust store or the full certificate is included
- * out of band
- *
+ *
+ * Clients will not be able to validate the signature unless they have a
+ * copy of the signer's public key in a trust store or the full certificate
+ * is included out of band
+ *
* Example
* <pre>
* Map map = new HashMap();
* map.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL, true);</pre>
* any value can be used.
- *@see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
+ *
+ * @see SIGNATURE_OPTION_CERT_INCLUSION_BASE64
*/
//public final static String SIGNATURE_OPTION_CERT_INCLUSION_X500_PRINICPAL = "X500";
public final static String XML_DIGSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
@@ -305,7 +309,7 @@ public class DigSigUtil {
}
/**
- * Digital signs a UDDI entity, such as a business, service, tmodel or
+ * Digitally signs a UDDI entity, such as a business, service, tmodel or
* binding template, provided you've already done the legwork to provide the
* signing keys <br><br> The UDDI entity MUST support XML Digital Signatures
* (tModel, Business, Service, Binding Template)
@@ -372,7 +376,7 @@ public class DigSigUtil {
Document doc = ((Document) domResult.getNode());
Element docElement = doc.getDocumentElement(); //this is our signed node
- return getSigningCertificatePublicKey(obj, docElement);
+ return getSigningCertificatePublicKey(docElement);
}
/**
@@ -385,8 +389,8 @@ public class DigSigUtil {
* that is not present in the current keystore
* * @throws IllegalArgumentException for null input
*/
- private X509Certificate getSigningCertificatePublicKey(Object obj, Element docElement) throws IllegalArgumentException, CertificateException {
- if (obj == null) {
+ private X509Certificate getSigningCertificatePublicKey(Element docElement) throws IllegalArgumentException, CertificateException {
+ if (docElement == null) {
throw new IllegalArgumentException();
}
@@ -463,6 +467,7 @@ public class DigSigUtil {
public boolean verifySignedUddiEntity(Object obj, AtomicReference<String> OutErrorMessage) throws IllegalArgumentException {
if (OutErrorMessage == null) {
OutErrorMessage = new AtomicReference<String>();
+ OutErrorMessage.set("");
}
if (obj == null) {
throw new IllegalArgumentException("obj");
@@ -474,9 +479,9 @@ public class DigSigUtil {
Document doc = ((Document) domResult.getNode());
Element docElement = doc.getDocumentElement(); //this is our signed node
- X509Certificate signingcert = getSigningCertificatePublicKey(obj, docElement);
+ X509Certificate signingcert = getSigningCertificatePublicKey(docElement);
- if (signingcert != null ) {
+ if (signingcert != null) {
logger.info("verifying signature based on X509 public key " + signingcert.getSubjectDN().toString());
if (map.containsKey(CHECK_TIMESTAMPS) && Boolean.parseBoolean(map.getProperty(CHECK_TIMESTAMPS))) {
signingcert.checkValidity();
@@ -494,7 +499,9 @@ public class DigSigUtil {
RevocationStatus check = OCSP.check(signingcert, issuer);
logger.info("certificate " + signingcert.getSubjectDN().toString() + " revocation status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
if (check.getCertStatus() != RevocationStatus.CertStatus.GOOD) {
- throw new CertificateException("Certificate status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
+ OutErrorMessage.set("Certificate status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString() + "." + OutErrorMessage.get());
+
+ //throw new CertificateException("Certificate status is " + check.getCertStatus().toString() + " reason " + check.getRevocationReason().toString());
}
}
if (map.containsKey(CHECK_REVOCATION_STATUS_CRL) && Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_CRL))) {
@@ -511,13 +518,16 @@ public class DigSigUtil {
CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
CertPathValidatorResult result = certPathValidator.validate(certPath, params);
-
- PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
- logger.info("revokation status via CRL PASSED for X509 public key " + signingcert.getSubjectDN().toString());
-
+ try {
+ PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
+ logger.info("revokation status via CRL PASSED for X509 public key " + signingcert.getSubjectDN().toString());
+ } catch (Exception ex) {
+ OutErrorMessage.set("Certificate status is via CRL Failed: " + ex.getMessage() + "." + OutErrorMessage.get());
+ }
}
if (map.containsKey(CHECK_TRUST_CHAIN) && Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
logger.info("verifying trust chain X509 public key " + signingcert.getSubjectDN().toString());
+ try{
PKIXParameters params = new PKIXParameters(GetTrustStore());
params.setRevocationEnabled(false);
CertPath certPath = cf.generateCertPath(Arrays.asList(signingcert));
@@ -529,10 +539,20 @@ public class DigSigUtil {
TrustAnchor ta = pkixResult.getTrustAnchor();
X509Certificate cert = ta.getTrustedCert();
-
+
logger.info("trust chain validated X509 public key " + signingcert.getSubjectDN().toString());
+ }
+ catch (Exception ex){
+ OutErrorMessage.set("Certificate status Trust validation failed: " + ex.getMessage() + "." + OutErrorMessage.get());
+ }
+ }
+ boolean b= verifySignature(docElement, signingcert.getPublicKey(), OutErrorMessage);
+ if ((OutErrorMessage.get()== null || OutErrorMessage.get().length()==0) && b)
+ {
+ //no error message and its cryptographically valid
+ return true;
}
- return verifySignature(docElement, signingcert.getPublicKey(), OutErrorMessage);
+ return false;
}
//last chance validation
@@ -555,7 +575,7 @@ public class DigSigUtil {
if (url == null) {
logger.error("");
OutErrorMessage.set("The signed entity is signed but does not have a certificate attached and"
- + "you didn't specify a keystore for me to look it up in");
+ + "you didn't specify a keystore for me to look it up in. " + OutErrorMessage.get());
return false;
}
KeyStore.PrivateKeyEntry keyEntry = null;
@@ -624,12 +644,12 @@ public class DigSigUtil {
logger.error("Unable to load user specified trust store! attempting to load the default", ex);
URL cacerts = null;
try {
- cacerts = new File(System.getenv("JAVA_HOME") + File.pathSeparator + "lib" + File.pathSeparator + "security" + File.pathSeparator + "cacerts").toURI().toURL();
+ cacerts = new File(System.getenv("JAVA_HOME") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts").toURI().toURL();
} catch (Exception c) {
logger.debug("unable to load default jre truststore", c);
}
try {
- cacerts = new File(System.getenv("JAVA_HOME") + File.pathSeparator + "jre" + File.pathSeparator + "lib" + File.pathSeparator + "security" + File.pathSeparator + "cacerts").toURI().toURL();
+ cacerts = new File(System.getenv("JAVA_HOME") + File.separator + "jre" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts").toURI().toURL();
} catch (Exception c) {
logger.debug("unable to load default jdk/jre truststore", c);
}
@@ -702,7 +722,7 @@ public class DigSigUtil {
logger.warn("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
logger.debug("signature validation status: " + sv);
- OutReadableErrorMessage.set("signature validation failed: " + sv);
+ OutReadableErrorMessage.set("signature validation failed: " + sv + "." + OutReadableErrorMessage.get());
// Check the validation status of each Reference.
@SuppressWarnings("unchecked")
Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
@@ -713,7 +733,7 @@ public class DigSigUtil {
logger.debug(j);
logger.debug("ref[" + j + "] validity status: " + refValid);
if (!refValid) {
- OutReadableErrorMessage.set("signature reference " + j + " invalid");
+ OutReadableErrorMessage.set("signature reference " + j + " invalid. " + OutReadableErrorMessage.get());
}
logger.debug("Ref type: " + ref.getType() + ", URI: " + ref.getURI());
for (Object xform : ref.getTransforms()) {
@@ -724,24 +744,15 @@ public class DigSigUtil {
logger.warn(" Calc Digest: " + calcDigValStr);
logger.warn("Expected Digest: " + expectedDigValStr);
if (!calcDigValStr.equalsIgnoreCase(expectedDigValStr)) {
- OutReadableErrorMessage.set("digest mismatch for signature ref " + j);
+ OutReadableErrorMessage.set("digest mismatch for signature ref " + j + "." + OutReadableErrorMessage.get());
}
- /*InputStream is = ref.getDigestInputStream();
- InputStreamReader isr = new InputStreamReader(is);
- BufferedReader br = new BufferedReader(isr);
- String line;
- while ((line = br.readLine()) != null) {
- System.out.println(line);
- }
- is.close();
- System.out.println("---------------------------------------------");*/
}
} else {
logger.info("Signature passed core validation");
}
return coreValidity;
} catch (Exception e) {
- OutReadableErrorMessage.set("signature validation failed: " + e.getMessage());
+ OutReadableErrorMessage.set("signature validation failed: " + e.getMessage() + OutReadableErrorMessage.get());
logger.fatal(e);
return false;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org