You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2014/02/05 17:18:01 UTC
svn commit: r1564823 - in /webservices/wss4j/site/src/site/xdoc: config.xml
topics.xml
Author: coheigea
Date: Wed Feb 5 16:18:01 2014
New Revision: 1564823
URL: http://svn.apache.org/r1564823
Log:
Adding some Crypto properties information for the 2.0.0 release
Modified:
webservices/wss4j/site/src/site/xdoc/config.xml
webservices/wss4j/site/src/site/xdoc/topics.xml
Modified: webservices/wss4j/site/src/site/xdoc/config.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/config.xml?rev=1564823&r1=1564822&r2=1564823&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/config.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/config.xml Wed Feb 5 16:18:01 2014
@@ -9,15 +9,17 @@ properties have changed since WSS4J 1.5.
<subsection name="Crypto properties">
<p>
Apache WSS4J uses the Crypto interface to get keys and certificates for encryption/decryption and for
-signature creation/verification. WSS4J ships with two implementations, the standard "Merlin" implementation,
-which is based around two JDK keystores for key retrieval and trust verification, as well as a
-CertificateStore, which is based around a set of X509Certificates (presently supporting encryption/signature verification
-only). For more information on the Crypto implementations see the
-<a href="http://ws.apache.org/wss4j/topics.html#Crypto_Interface">Special Topics page</a>.
+signature creation/verification. WSS4J ships with three implementations:
</p>
-<p>
-It is possible to instantiate a Crypto implementation directly, but it can also be loaded via a
-properties file. The property values are as follows:
+<ul>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup">Merlin</a>: The standard implementation, based around two JDK keystores for key/cert retrieval, and trust verification.</li>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup">CertificateStore</a>: Holds an array of X509 Certificates. Can only be used for encryption and signature verification.</li>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup">MerlinDevice</a>: Based on Merlin, allows loading of keystores using a null InputStream - for example on a smart-card device.</li>
+</ul>
+<p>
+For more information on the Crypto implementations see the
+<a href="http://ws.apache.org/wss4j/topics.html#Crypto_Interface">Special Topics page</a>. It is possible to instantiate a Crypto implementation directly, but it can also be loaded via a
+properties file. For Apache WSS4J 2.0.0 the property names ${PREFIX} below is "org.apache.wss4j.crypto". For Apache WSS4J 1.6.X, the property names ${PREFIX} below is "org.apache.ws.security.crypto". WSS4J 2.0.0 will also accept the older ${PREFIX} value. The property values for the standard Merlin implementation are as follows:
</p>
<p>
General properties:
@@ -28,20 +30,20 @@ General properties:
<th>Property value</th>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.provider</td>
+<td>${PREFIX}.provider</td>
<td>WSS4J specific provider used to create Crypto instances. Defaults to
-"org.apache.ws.security.components.crypto.Merlin".</td>
+"org.apache.wss4j.common.crypto.Merlin".</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.provider</td>
+<td>${PREFIX}.merlin.keystore.provider</td>
<td>The provider used to load keystores. Defaults to installed provider.</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.cert.provider</td>
+<td>${PREFIX}.merlin.cert.provider</td>
<td>The provider used to load certificates. Defaults to keystore provider.</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.x509crl.file</td>
+<td>${PREFIX}.merlin.x509crl.file</td>
<td>The location of an (X509) CRL file to use.</td>
</tr>
</table>
@@ -54,23 +56,23 @@ Keystore properties:
<th>Property value</th>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.file</td>
+<td>${PREFIX}.merlin.keystore.file</td>
<td>The location of the keystore</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.password</td>
+<td>${PREFIX}.merlin.keystore.password</td>
<td>The password used to load the keystore. Default value is "security".</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.type</td>
+<td>${PREFIX}.merlin.keystore.type</td>
<td>Type of keystore. Defaults to: java.security.KeyStore.getDefaultType())</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.alias</td>
+<td>${PREFIX}.merlin.keystore.alias</td>
<td>The default keystore alias to use, if none is specified.</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.keystore.private.password</td>
+<td>${PREFIX}.merlin.keystore.private.password</td>
<td>The default password used to load the private key.</td>
</tr>
</table>
@@ -83,19 +85,19 @@ TrustStore properties:
<th>Property value</th>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.load.cacerts</td>
+<td>${PREFIX}.merlin.load.cacerts</td>
<td>Whether or not to load the CA certs in ${java.home}/lib/security/cacerts (default is false)</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.truststore.file</td>
+<td>${PREFIX}.merlin.truststore.file</td>
<td>The location of the truststore</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.truststore.password </td>
+<td>${PREFIX}.merlin.truststore.password </td>
<td>The truststore password. Defaults to "changeit".</td>
</tr>
<tr>
-<td>org.apache.ws.security.crypto.merlin.truststore.type</td>
+<td>${PREFIX}.merlin.truststore.type</td>
<td>The truststore type. Defaults to: java.security.KeyStore.getDefaultType().</td>
</tr>
</table>
Modified: webservices/wss4j/site/src/site/xdoc/topics.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/topics.xml?rev=1564823&r1=1564822&r2=1564823&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/topics.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/topics.xml Wed Feb 5 16:18:01 2014
@@ -7,7 +7,25 @@ This page discusses various topics regar
</p>
<subsection name="Crypto Interface">
<p>
-WSS4J uses the Crypto interface to provide a pluggable way of retrieving and converting certificates, verifying trust on certificates etc. Two implementations are provided out of the box by WSS4J -- the standard <a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java?view=markup">Merlin implementation</a> which holds one keystore and one truststore and <a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/CertificateStore.java?view=markup">Certificate Store</a> that holds an array of X509Certificates, however presently is only useful for signature verification and encryption (cannot be used for decryption or signing).
+WSS4J uses the Crypto interface to provide a pluggable way of retrieving and converting certificates, verifying trust on certificates etc. Three implementations are provided out of the box by WSS4J:
+</p>
+<ul>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?view=markup">Merlin</a>: The standard implementation, based around two JDK keystores for key/cert retrieval, and trust verification.</li>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CertificateStore.java?view=markup">CertificateStore</a>: Holds an array of X509 Certificates. Can only be used for encryption and signature verification.</li>
+<li><a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java?view=markup">MerlinDevice</a>: Based on Merlin, allows loading of keystores using a null InputStream - for example on a smart-card device.</li>
+</ul>
+<p>
+Typically, a Crypto implementation is loaded and configured via a Crypto properties file. This tells WSS4J what Crypto implementation to load, as well as implementation-specific properties such as a keystore location, password, default alias to use, etc. A typical example of the contents of a Crypto properties file for Signature creation is as <a href="http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/resources/wss40.properties?view=markup">follows</a>:
+</p>
+<ul>
+<li>org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin</li>
+<li>org.apache.wss4j.crypto.merlin.keystore.type=jks</li>
+<li>org.apache.wss4j.crypto.merlin.keystore.password=security</li>
+<li>org.apache.wss4j.crypto.merlin.keystore.alias=wss40</li>
+<li>org.apache.wss4j.crypto.merlin.keystore.file=keys/wss40.jks</li>
+</ul>
+<p>
+Note that in WSS4J 2.0.0 the "org.apache.ws.security.crypto" prefix used previously is now "org.apache.wss4j.crypto", however both prefixes are accepted by the code. For WSS4J 1.6.X and 1.5.X, you must use the "org.apache.ws.security.crypto" prefix.
</p>
</subsection>