You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/09/03 23:18:41 UTC
svn commit: r1519852 - in /cxf/fediz/trunk:
examples/spring2Webapp/src/main/resources/
examples/springWebapp/src/main/resources/
plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/
plugins/core/src/test/resources/ services/idp/src/main/java/...
Author: owulff
Date: Tue Sep 3 21:18:40 2013
New Revision: 1519852
URL: http://svn.apache.org/r1519852
Log:
Use RSA keys instead of DSA for realm A and B
Modified:
cxf/fediz/trunk/examples/spring2Webapp/src/main/resources/stsstore.jks
cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks
cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks
cxf/fediz/trunk/plugins/core/src/test/resources/stsstore.jks
cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks
cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks
cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks
cxf/fediz/trunk/services/sts/README.txt
cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks
cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks
cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks
cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks
Modified: cxf/fediz/trunk/examples/spring2Webapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/spring2Webapp/src/main/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/examples/spring2Webapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/examples/spring2Webapp/src/main/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/examples/springWebapp/src/main/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java (original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java Tue Sep 3 21:18:40 2013
@@ -253,7 +253,35 @@ public class MetadataWriter {
private ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream metaInfo, String referenceID) throws Exception {
KeyManager keyManager = config.getSigningKey();
String keyAlias = keyManager.getKeyAlias();
- String keypass = keyManager.getKeyPassword();
+ String keypass = keyManager.getKeyPassword();
+
+ // in case we did not specify the key alias, we assume there is only one key in the keystore ,
+ // we use this key's alias as default.
+ if (keyAlias == null || "".equals(keyAlias)) {
+ //keyAlias = getDefaultX509Identifier(ks);
+ keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
+ }
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(keyAlias);
+ X509Certificate[] issuerCerts = keyManager.getCrypto().getX509Certificates(cryptoType);
+ if (issuerCerts == null || issuerCerts.length == 0) {
+ throw new ProcessingException(
+ "No issuer certs were found to sign the metadata using issuer name: "
+ + keyAlias);
+ }
+ X509Certificate cert = issuerCerts[0];
+
+ String signatureMethod = null;
+ if ("SHA1withDSA".equals(cert.getSigAlgName())) {
+ signatureMethod = SignatureMethod.DSA_SHA1;
+ } else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
+ signatureMethod = SignatureMethod.RSA_SHA1;
+ } else if ("SHA256withRSA".equals(cert.getSigAlgName())) {
+ signatureMethod = SignatureMethod.RSA_SHA1;
+ } else {
+ LOG.error("Unsupported signature method: " + cert.getSigAlgName());
+ throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
+ }
// Create a Reference to the enveloped document (in this case,
// you are signing the whole document, so a URI of "" signifies
@@ -265,28 +293,15 @@ public class MetadataWriter {
// Create the SignedInfo.
SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec)null), XML_SIGNATURE_FACTORY
- .newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
+ .newSignatureMethod(signatureMethod, null), Collections.singletonList(ref));
// step 2
// Load the KeyStore and get the signing key and certificate.
- // in case we did not specify the key alias, we assume there is only one key in the keystore ,
- // we use this key's alias as default.
- if (keyAlias == null || "".equals(keyAlias)) {
- //keyAlias = getDefaultX509Identifier(ks);
- keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
- }
+
PrivateKey keyEntry = keyManager.getCrypto().getPrivateKey(keyAlias, keypass);
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(keyAlias);
- X509Certificate[] issuerCerts = keyManager.getCrypto().getX509Certificates(cryptoType);
- if (issuerCerts == null || issuerCerts.length == 0) {
- throw new ProcessingException(
- "No issuer certs were found to sign the metadata using issuer name: "
- + keyAlias);
- }
- X509Certificate cert = issuerCerts[0];
+
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
Modified: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Binary files - no diff available.
Modified: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Binary files - no diff available.
Modified: cxf/fediz/trunk/plugins/core/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Binary files - no diff available.
Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java (original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java Tue Sep 3 21:18:40 2013
@@ -228,6 +228,8 @@ public class MetadataWriter {
signatureMethod = SignatureMethod.DSA_SHA1;
} else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
signatureMethod = SignatureMethod.RSA_SHA1;
+ } else if ("SHA256withRSA".equals(cert.getSigAlgName())) {
+ signatureMethod = SignatureMethod.RSA_SHA1;
} else {
LOG.error("Unsupported signature method: " + cert.getSigAlgName());
throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
Modified: cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks (original) and cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_a.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks (original) and cxf/fediz/trunk/services/idp/src/main/resources/stsrealm_b.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks (original) and cxf/fediz/trunk/services/idp/src/test/resources/stsrealm_a.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/sts/README.txt
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/README.txt?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
--- cxf/fediz/trunk/services/sts/README.txt (original)
+++ cxf/fediz/trunk/services/sts/README.txt Tue Sep 3 21:18:40 2013
@@ -17,11 +17,11 @@ mvn clean install -Prealms
Proceed with the following steps to update the signing certificates:
keytool -genkeypair -keyalg RSA -validity 3600 -alias realma -keystore stsrealm_a.jks -dname "cn=REALMA" -keypass realma -storepass storepass
-keytool -keystore stsrealm_a.jks -storepass storepass -export -alias realma -file realma.cert
+keytool -export -keystore stsrealm_a.jks -storepass storepass -export -alias realma -file realma.cert
keytool -genkeypair -keyalg RSA -validity 3600 -alias realmb -keystore stsrealm_b.jks -dname "cn=REALMB" -keypass realmb -storepass storepass
-keytool -keystore stsrealm_b.jks -storepass storepass -export -alias realmb -file realmb.cert
+keytool -export -keystore stsrealm_b.jks -storepass storepass -export -alias realmb -file realmb.cert
keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realma -file realma.cert -noprompt
keytool -import -trustcacerts -keystore ststrust.jks -storepass storepass -alias realmb -file realmb.cert -noprompt
Modified: cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert (original) and cxf/fediz/trunk/services/sts/src/realms/resources/realma.cert Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert (original) and cxf/fediz/trunk/services/sts/src/realms/resources/realmb.cert Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks (original) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_a.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks (original) and cxf/fediz/trunk/services/sts/src/realms/resources/stsrealm_b.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks (original) and cxf/fediz/trunk/services/sts/src/realms/resources/ststrust.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/jetty8/src/test/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/spring2Webapp/src/main/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/springWebapp/src/main/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ
Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks?rev=1519852&r1=1519851&r2=1519852&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks (original) and cxf/fediz/trunk/systests/tomcat7/src/test/resources/stsstore.jks Tue Sep 3 21:18:40 2013 differ