You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/02/07 16:51:16 UTC
svn commit: r1241502 [1/3] - in /webservices/wss4j/branches/swssf: ./
streaming-ws-policy/src/test/java/org/swssf/policy/test/
streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/
streaming-ws-security/src/main/java/org/swssf/wss/imp...
Author: coheigea
Date: Tue Feb 7 15:51:14 2012
New Revision: 1241502
URL: http://svn.apache.org/viewvc?rev=1241502&view=rev
Log:
Upgrading SWSSF Crypto implementation to be almost identical to WSS4J
Added:
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoType.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/DERDecoder.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Loader.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/MerlinBase.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/X509SubjectPublicKeyInfo.java
Modified:
webservices/wss4j/branches/swssf/pom.xml
webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/resources/messages/errors.properties
Modified: webservices/wss4j/branches/swssf/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/pom.xml?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/pom.xml (original)
+++ webservices/wss4j/branches/swssf/pom.xml Tue Feb 7 15:51:14 2012
@@ -45,7 +45,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <xmlsec.version>1.4.6</xmlsec.version>
+ <xmlsec.version>1.5.0</xmlsec.version>
<wss4j.version>1.6.4</wss4j.version>
</properties>
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java Tue Feb 7 15:51:14 2012
@@ -26,6 +26,7 @@ import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSecurityException;
import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.ext.SecurePart;
import org.testng.Assert;
@@ -2064,7 +2065,9 @@ public class AsymmetricBindingIntegratio
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
outSecurityProperties.setCallbackHandler(callbackHandler);
outSecurityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java Tue Feb 7 15:51:14 2012
@@ -18,6 +18,11 @@
*/
package org.swssf.wss.impl.processor.input;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.events.XMLEvent;
+
import org.swssf.binding.xmldsig.KeyInfoType;
import org.swssf.binding.xmlenc.EncryptedDataType;
import org.swssf.binding.xmlenc.ReferenceList;
@@ -29,12 +34,16 @@ import org.swssf.wss.securityEvent.Conte
import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
import org.swssf.wss.securityEvent.TokenSecurityEvent;
-import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.ext.ComparableAttribute;
+import org.swssf.xmlsec.ext.ComparableNamespace;
+import org.swssf.xmlsec.ext.InputProcessorChain;
+import org.swssf.xmlsec.ext.SecurePart;
+import org.swssf.xmlsec.ext.SecurityContext;
+import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.ext.XMLSecurityProperties;
import org.swssf.xmlsec.impl.processor.input.AbstractDecryptInputProcessor;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.events.XMLEvent;
-import java.util.List;
+import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
/**
* Processor for decryption of EncryptedData XML structures
@@ -82,6 +91,15 @@ public class DecryptInputProcessor exten
this,
securityToken);
}
+
+ @Override
+ protected SecurityToken findSecurityToken(
+ KeyInfoType keyInfoType, XMLSecurityProperties securityProperties,
+ SecurityContext securityContext, Object processor) throws XMLSecurityException {
+ return SecurityTokenFactory.newInstance().getSecurityToken(
+ keyInfoType, getSecurityProperties().getDecryptionCrypto(),
+ getSecurityProperties().getCallbackHandler(), securityContext, processor);
+ }
@Override
protected void handleSecurityToken(
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Tue Feb 7 15:51:14 2012
@@ -23,6 +23,7 @@ import org.swssf.wss.impl.securityToken.
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.securityEvent.TokenSecurityEvent;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.*;
import javax.xml.stream.XMLStreamException;
@@ -64,7 +65,9 @@ public class BinarySecurityTokenOutputPr
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noPassword", alias);
}
key = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, password);
- x509Certificates = getSecurityProperties().getSignatureCrypto().getCertificates(getSecurityProperties().getSignatureUser());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(getSecurityProperties().getSignatureUser());
+ x509Certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
if (x509Certificates == null || x509Certificates.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", alias);
}
@@ -79,7 +82,9 @@ public class BinarySecurityTokenOutputPr
x509Certificates = new X509Certificate[1];
x509Certificates[0] = x509Certificate;
} else {
- x509Certificates = getSecurityProperties().getEncryptionCrypto().getCertificates(getSecurityProperties().getEncryptionUser());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(getSecurityProperties().getEncryptionUser());
+ x509Certificates = getSecurityProperties().getEncryptionCrypto().getX509Certificates(cryptoType);
if (x509Certificates == null || x509Certificates.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound", getSecurityProperties().getEncryptionUser());
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java Tue Feb 7 15:51:14 2012
@@ -18,26 +18,27 @@
*/
package org.swssf.wss.impl.processor.output;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.xmlsec.ext.*;
-import org.swssf.xmlsec.impl.EncryptionPartDef;
-import org.swssf.xmlsec.impl.processor.output.AbstractEncryptOutputProcessor;
-
-import javax.crypto.NoSuchPaddingException;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
-import java.util.UUID;
+
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.StartElement;
+
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSDocumentContext;
+import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.xmlsec.ext.OutputProcessorChain;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.impl.EncryptionPartDef;
+import org.swssf.xmlsec.impl.processor.output.XMLEncryptOutputProcessor;
/**
* Processor to encrypt XML structures
@@ -45,58 +46,37 @@ import java.util.UUID;
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
+public class EncryptOutputProcessor extends XMLEncryptOutputProcessor {
public EncryptOutputProcessor(WSSSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
super(securityProperties, action);
}
-
+
+ /**
+ * Return InternalEncryptionOutputProcessor, which writes out a SecurityTokenReference in the KeyInfo
+ * of the EncryptedData
+ */
@Override
- public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
-
- if (xmlEvent.isStartElement()) {
- StartElement startElement = xmlEvent.asStartElement();
-
- //avoid double encryption when child elements matches too
- if (getActiveInternalEncryptionOutputProcessor() == null) {
- SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getEncryptionSecureParts());
- if (securePart != null) {
- logger.debug("Matched securePart for encryption");
- InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;
- try {
- String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
- SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
- EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
- encryptionPartDef.setModifier(securePart.getModifier());
- encryptionPartDef.setEncRefId("ED-" + UUID.randomUUID().toString());
- encryptionPartDef.setKeyId(securityTokenProvider.getId());
- encryptionPartDef.setSymmetricKey(securityTokenProvider.getSecurityToken(null).getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null));
- outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
- internalEncryptionOutputProcessor =
- new InternalEncryptionOutputProcessor(
- ((WSSSecurityProperties) getSecurityProperties()),
+ protected AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(
+ EncryptionPartDef encryptionPartDef,
+ StartElement startElement,
+ OutputProcessorChain outputProcessorChain
+ ) throws XMLStreamException, XMLSecurityException {
+ try {
+ return new InternalEncryptionOutputProcessor((WSSSecurityProperties)getSecurityProperties(),
getAction(),
encryptionPartDef,
startElement,
- outputProcessorChain.getDocumentContext().getEncoding()
- );
- } catch (NoSuchAlgorithmException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (NoSuchPaddingException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (InvalidKeyException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- } catch (IOException e) {
- throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
- }
-
- setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
- outputProcessorChain.addProcessor(internalEncryptionOutputProcessor);
- }
- }
+ outputProcessorChain.getDocumentContext().getEncoding());
+ } catch (NoSuchAlgorithmException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (NoSuchPaddingException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (InvalidKeyException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+ } catch (IOException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
}
-
- outputProcessorChain.processEvent(xmlEvent);
}
/**
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java Tue Feb 7 15:51:14 2012
@@ -29,6 +29,7 @@ import org.swssf.wss.impl.saml.bean.Subj
import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.*;
import org.w3c.dom.*;
@@ -91,7 +92,9 @@ public class SAMLTokenOutputProcessor ex
if (senderVouches) {
// prepare to sign the SAML token
- certificates = samlCallback.getIssuerCrypto().getCertificates(samlCallback.getIssuerKeyName());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(samlCallback.getIssuerKeyName());
+ certificates = samlCallback.getIssuerCrypto().getX509Certificates(cryptoType);
if (certificates == null) {
throw new WSSecurityException(
"No issuer certs were found to sign the SAML Assertion using issuer name: "
@@ -110,13 +113,15 @@ public class SAMLTokenOutputProcessor ex
if (keyInfoBean != null) {
X509Certificate x509Certificate = keyInfoBean.getCertificate();
if (x509Certificate != null) {
- String alias = getSecurityProperties().getSignatureCrypto().getAliasForX509Cert(x509Certificate);
+ String alias = getSecurityProperties().getSignatureCrypto().getX509Identifier(x509Certificate);
if (alias == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
}
WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(alias, WSPasswordCallback.Usage.SIGNATURE);
WSSUtils.doPasswordCallback(getSecurityProperties().getCallbackHandler(), wsPasswordCallback);
- certificates = getSecurityProperties().getSignatureCrypto().getCertificates(alias);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
privateKey = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword());
}
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java Tue Feb 7 15:51:14 2012
@@ -41,6 +41,7 @@ import org.swssf.wss.ext.*;
import org.swssf.wss.impl.saml.builder.SAML1ComponentBuilder;
import org.swssf.wss.impl.saml.builder.SAML2ComponentBuilder;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.XMLSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -292,7 +293,9 @@ public class SAMLAssertionWrapper {
signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm);
// prepare to sign the SAML token
- X509Certificate[] issuerCerts = issuerCrypto.getCertificates(issuerKeyName);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(issuerKeyName);
+ X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
throw new WSSecurityException(
"No issuer certs were found to sign the SAML Assertion using issuer name: "
@@ -457,7 +460,11 @@ public class SAMLAssertionWrapper {
WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"
);
}
- certs = securityProperties.getSignatureVerificationCrypto().getCertificates(((X509IssuerSerial) x509obj).getIssuerName(), ((X509IssuerSerial) x509obj).getSerialNumber());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+ cryptoType.setIssuerSerial(
+ ((X509IssuerSerial) x509obj).getIssuerName(), ((X509IssuerSerial) x509obj).getSerialNumber()
+ );
+ certs = securityProperties.getSignatureVerificationCrypto().getX509Certificates(cryptoType);
if (certs == null || certs.length < 1) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
@@ -742,7 +749,9 @@ public class SAMLAssertionWrapper {
String issuerString = cert.getIssuerX500Principal().getName();
BigInteger issuerSerial = cert.getSerialNumber();
- X509Certificate[] foundCerts = crypto.getCertificates(issuerString, issuerSerial);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+ cryptoType.setIssuerSerial(issuerString, issuerSerial);
+ X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
//
// If a certificate has been found, the certificates must be compared
@@ -804,7 +813,9 @@ public class SAMLAssertionWrapper {
// SECOND step - Search for the issuer cert (chain) of the transmitted certificate in the
// keystore or the truststore
//
- X509Certificate[] foundCerts = crypto.getCertificates(issuerString);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(issuerString);
+ X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
// If the certs have not been found, the issuer is not in the keystore/truststore
// As a direct result, do not trust the transmitted certificate
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Tue Feb 7 15:51:14 2012
@@ -56,10 +56,10 @@ public class SecurityTokenFactoryImpl ex
final SecurityTokenReferenceType securityTokenReferenceType
= XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
return getSecurityToken(securityTokenReferenceType, crypto, callbackHandler, securityContext, processor);
- } else if (crypto.getDefaultX509Alias() != null) {
+ } else if (crypto.getDefaultX509Identifier() != null) {
return new X509DefaultSecurityToken(
- (WSSecurityContext) securityContext, crypto, callbackHandler, crypto.getDefaultX509Alias(),
- crypto.getDefaultX509Alias(), null, processor
+ (WSSecurityContext) securityContext, crypto, callbackHandler, crypto.getDefaultX509Identifier(),
+ crypto.getDefaultX509Identifier(), null, processor
);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java Tue Feb 7 15:51:14 2012
@@ -18,9 +18,12 @@
*/
package org.swssf.wss.impl.securityToken;
+import java.security.cert.X509Certificate;
+
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.XMLSecurityException;
import javax.security.auth.callback.CallbackHandler;
@@ -41,7 +44,11 @@ public class ThumbprintSHA1SecurityToken
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getAliasForX509CertThumb(binaryContent);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
+ cryptoType.setBytes(binaryContent);
+ X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+
+ this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java Tue Feb 7 15:51:14 2012
@@ -18,11 +18,14 @@
*/
package org.swssf.wss.impl.securityToken;
+import java.security.cert.X509Certificate;
+
import org.swssf.binding.xmldsig.X509DataType;
import org.swssf.binding.xmldsig.X509IssuerSerialType;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.XMLSecurityException;
import org.swssf.xmlsec.ext.XMLSecurityUtils;
@@ -47,7 +50,12 @@ public class X509DataSecurityToken exten
if (this.alias == null) {
X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
- this.alias = getCrypto().getAliasForX509Cert(x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+ cryptoType.setIssuerSerial(
+ x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber()
+ );
+ X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+ this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java Tue Feb 7 15:51:14 2012
@@ -24,7 +24,15 @@ import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.ext.XMLSecurityException;
import javax.security.auth.callback.CallbackHandler;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertPath;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.List;
/**
* @author $Author$
@@ -38,15 +46,27 @@ public class X509PKIPathv1SecurityToken
X509PKIPathv1SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler,
byte[] binaryContent, String id, WSSConstants.KeyIdentifierType keyIdentifierType, Object processor) throws XMLSecurityException {
super(WSSConstants.X509PkiPathV1Token, wsSecurityContext, crypto, callbackHandler, id, keyIdentifierType, processor);
- X509Certificate[] x509Certificates = crypto.getX509Certificates(binaryContent, false);
- if (x509Certificates != null && x509Certificates.length > 0) {
- this.x509Certificates = x509Certificates;
+
+ InputStream in = new ByteArrayInputStream(binaryContent);
+ try {
+ CertPath certPath = getCrypto().getCertificateFactory().generateCertPath(in);
+ List<? extends Certificate> l = certPath.getCertificates();
+ X509Certificate[] certs = new X509Certificate[l.size()];
+ Iterator<? extends Certificate> iterator = l.iterator();
+ for (int i = 0; i < l.size(); i++) {
+ certs[i] = (X509Certificate) iterator.next();
+ }
+ if (certs.length > 0) {
+ this.x509Certificates = certs;
+ }
+ } catch (CertificateException e) {
+ throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
}
}
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getAliasForX509Cert(this.x509Certificates[0]);
+ this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java Tue Feb 7 15:51:14 2012
@@ -22,6 +22,7 @@ import org.swssf.wss.ext.WSPasswordCallb
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.SecurityToken;
import org.swssf.xmlsec.ext.XMLSecurityConstants;
import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -73,7 +74,9 @@ public abstract class X509SecurityToken
@Override
public X509Certificate[] getX509Certificates() throws XMLSecurityException {
if (this.x509Certificates == null) {
- this.x509Certificates = getCrypto().getCertificates(getAlias());
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(getAlias());
+ this.x509Certificates = getCrypto().getX509Certificates(cryptoType);
}
return this.x509Certificates;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java Tue Feb 7 15:51:14 2012
@@ -18,9 +18,12 @@
*/
package org.swssf.wss.impl.securityToken;
+import java.security.cert.X509Certificate;
+
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.XMLSecurityException;
import javax.security.auth.callback.CallbackHandler;
@@ -41,7 +44,10 @@ public class X509SubjectKeyIdentifierSec
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getAliasForX509Cert(binaryContent);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SKI_BYTES);
+ cryptoType.setBytes(binaryContent);
+ X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+ this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java Tue Feb 7 15:51:14 2012
@@ -43,7 +43,7 @@ public class X509_V3SecurityToken extend
protected String getAlias() throws XMLSecurityException {
if (this.alias == null) {
- this.alias = getCrypto().getAliasForX509Cert(this.x509Certificates[0]);
+ this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
}
return this.alias;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java Tue Feb 7 15:51:14 2012
@@ -26,8 +26,8 @@ import org.swssf.wss.impl.saml.SAMLCallb
import org.swssf.wss.impl.saml.bean.*;
import org.swssf.wss.impl.saml.builder.SAML1Constants;
import org.swssf.wss.impl.saml.builder.SAML2Constants;
-import org.swssf.xmlsec.crypto.CryptoBase;
import org.swssf.xmlsec.crypto.Merlin;
+import org.swssf.xmlsec.crypto.MerlinBase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -108,7 +108,7 @@ public class CallbackHandlerImpl impleme
SAMLCallback samlCallback = (SAMLCallback) callbacks[0];
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("saml/issuer.jks"), "default".toCharArray());
- CryptoBase crypto = new Merlin();
+ MerlinBase crypto = new Merlin();
crypto.setKeyStore(keyStore);
samlCallback.setIssuerCrypto(crypto);
samlCallback.setIssuerKeyName("samlissuer");
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java Tue Feb 7 15:51:14 2012
@@ -30,6 +30,7 @@ import org.swssf.wss.ext.WSSSecurityProp
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.test.AbstractTestBase;
import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.test.utils.StAX2DOM;
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
@@ -72,7 +73,9 @@ public class SAMLTokenHOKTest extends Ab
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
securityProperties.setSignatureUser("transmitter");
@@ -204,7 +207,9 @@ public class SAMLTokenHOKTest extends Ab
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
securityProperties.setSignatureUser("transmitter");
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java Tue Feb 7 15:51:14 2012
@@ -30,6 +30,7 @@ import org.swssf.wss.ext.WSSSecurityProp
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.test.AbstractTestBase;
import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.test.utils.StAX2DOM;
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
@@ -150,7 +151,9 @@ public class SAMLTokenReferenceTest exte
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
securityProperties.setCallbackHandler(callbackHandler);
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
securityProperties.setSignatureUser("transmitter");
@@ -369,7 +372,9 @@ public class SAMLTokenReferenceTest exte
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
securityProperties.setCallbackHandler(callbackHandler);
securityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER);
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
@@ -453,7 +458,9 @@ public class SAMLTokenReferenceTest exte
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
Merlin crypto = new Merlin();
crypto.setKeyStore(keyStore);
- callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
securityProperties.setCallbackHandler(callbackHandler);
securityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java Tue Feb 7 15:51:14 2012
@@ -16,200 +16,183 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.swssf.xmlsec.crypto;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-
import java.io.InputStream;
-import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-/**
- * class lent from apache wss4j
- */
+import org.swssf.xmlsec.ext.XMLSecurityException;
-/**
- * Crypto.
- * <p/>
- *
- * @author Davanum Srinivas (dims@yahoo.com).
- */
public interface Crypto {
+
+ //
+ // Accessor methods
+ //
+
/**
- * load a X509Certificate from the input stream.
- * <p/>
- *
- * @param in The <code>InputStream</code> array containing the X509 data
- * @return An X509 certificate
- * @throws org.swssf.ext.XMLSecurityException
- *
+ * Get the crypto provider associated with this implementation
+ * @return the crypto provider
*/
- X509Certificate loadCertificate(InputStream in) throws XMLSecurityException;
-
+ public String getCryptoProvider();
+
/**
- * Construct an array of X509Certificate's from the byte array.
- * <p/>
- *
- * @param data The <code>byte</code> array containing the X509 data
- * @param reverse If set the first certificate in input data will
- * the last in the array
- * @return An array of X509 certificates, ordered according to
- * the reverse flag
- * @throws org.swssf.ext.XMLSecurityException
- *
+ * Set the crypto provider associated with this implementation
+ * @param provider the crypto provider to set
*/
- X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws XMLSecurityException;
-
+ public void setCryptoProvider(String provider);
+
/**
- * Gets the private key identified by <code>alias</> and <code>password</code>.
- * <p/>
+ * Retrieves the identifier name of the default certificate. This should be the certificate
+ * that is used for signature and encryption. This identifier corresponds to the certificate
+ * that should be used whenever KeyInfo is not present in a signed or an encrypted
+ * message. May return null. The identifier is implementation specific, e.g. it could be the
+ * KeyStore alias.
*
- * @param alias The alias (<code>KeyStore</code>) of the key owner
- * @param password The password needed to access the private key
- * @return The private key
- * @throws Exception
+ * @return name of the default X509 certificate.
*/
- public PrivateKey getPrivateKey(String alias, String password) throws XMLSecurityException;
-
+ public String getDefaultX509Identifier() throws XMLSecurityException;
+
/**
- * get the list of certificates for a given alias. This method
- * reads a new certificate chain and overwrites a previously
- * stored certificate chain.
- * <p/>
+ * Sets the identifier name of the default certificate. This should be the certificate
+ * that is used for signature and encryption. This identifier corresponds to the certificate
+ * that should be used whenever KeyInfo is not present in a signed or an encrypted
+ * message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
*
- * @param alias Lookup certificate chain for this alias
- * @return Array of X509 certificates for this alias name, or
- * null if this alias does not exist in the keystore
+ * @param identifier name of the default X509 certificate.
*/
- public X509Certificate[] getCertificates(String alias) throws XMLSecurityException;
-
+ public void setDefaultX509Identifier(String identifier);
+
/**
- * Return a X509 Certificate alias in the keystore according to a given Certificate
- * <p/>
+ * Sets the CertificateFactory instance on this Crypto instance
*
- * @param cert The certificate to lookup
- * @return alias name of the certificate that matches the given certificate
- * or null if no such certificate was found.
- * <p/>
- * See comment above
- * <p/>
- * See comment above
+ * @param provider the CertificateFactory provider name
+ * @param certFactory the CertificateFactory the CertificateFactory instance to set
*/
- /*
- * See comment above
- */
- public String getAliasForX509Cert(Certificate cert) throws XMLSecurityException;
-
+ public void setCertificateFactory(String provider, CertificateFactory certFactory);
+
/**
- * Search a X509 Certificate in the keystore according to a given serial number and
- * the issuer of a Certificate.
- * <p/>
- * The search gets all alias names of the keystore and gets the certificate chain
- * for each alias. Then the SerialNumber and Issuer of each certificate of the chain
- * is compared with the parameters.
- *
- * @param issuer The issuer's name for the certificate
- * @param serialNumber The serial number of the certificate from the named issuer
- * @return alias name of the certificate that matches serialNumber and issuer name
- * or null if no such certificate was found.
- */
- public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws XMLSecurityException;
-
- /**
- * Search a X509 Certificate in the keystore according to a given serial number and
- * the issuer of a Certificate.
- * <p/>
- * The search gets all alias names of the keystore and gets the certificate chain
- * for each alias. Then the SerialNumber and Issuer of each certificate of the chain
- * is compared with the parameters.
- *
- * @param issuer The issuer's name for the certificate
- * @param serialNumber The serial number of the certificate from the named issuer
- * @return alias name of the certificate that matches serialNumber and issuer name
- * or null if no such certificate was found.
- */
- public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws XMLSecurityException;
-
- /**
- * Lookup a X509 Certificate in the keystore according to a given
- * SubjectKeyIdentifier.
- * <p/>
- * The search gets all alias names of the keystore and gets the certificate chain
- * or certificate for each alias. Then the SKI for each user certificate
- * is compared with the SKI parameter.
- *
- * @param skiBytes The SKI info bytes
- * @return alias name of the certificate that matches serialNumber and issuer name
- * or null if no such certificate was found.
+ * Get the CertificateFactory instance on this Crypto instance
+ *
+ * @return Returns a <code>CertificateFactory</code> to construct
+ * X509 certificates
+ * @throws org.apache.ws.security.XMLSecurityException
*/
- public String getAliasForX509Cert(byte[] skiBytes) throws XMLSecurityException;
-
+ public CertificateFactory getCertificateFactory() throws XMLSecurityException;
+
+ //
+ // Base Crypto functionality methods
+ //
+
/**
- * Retrieves the alias name of the default certificate which has been
- * specified as a property. This should be the certificate that is used for
- * signature and encryption. This alias corresponds to the certificate that
- * should be used whenever KeyInfo is not present in a signed or
- * an encrypted message. May return null.
+ * Load a X509Certificate from the input stream.
*
- * @return alias name of the default X509 certificate.
+ * @param in The <code>InputStream</code> containing the X509 data
+ * @return An X509 certificate
+ * @throws XMLSecurityException
*/
- public String getDefaultX509Alias();
-
+ public X509Certificate loadCertificate(InputStream in) throws XMLSecurityException;
+
/**
* Reads the SubjectKeyIdentifier information from the certificate.
* <p/>
+ * If the the certificate does not contain a SKI extension then
+ * try to compute the SKI according to RFC3280 using the
+ * SHA-1 hash value of the public key. The second method described
+ * in RFC3280 is not support. Also only RSA public keys are supported.
+ * If we cannot compute the SKI throw a XMLSecurityException.
*
* @param cert The certificate to read SKI
* @return The byte array containing the binary SKI data
*/
public byte[] getSKIBytesFromCert(X509Certificate cert) throws XMLSecurityException;
-
+
/**
- * Lookup a X509 Certificate in the keystore according to a given
- * Thumbprint.
+ * Get a byte array given an array of X509 certificates.
* <p/>
- * The search gets all alias names of the keystore, then reads the certificate chain
- * or certificate for each alias. Then the thumbprint for each user certificate
- * is compared with the thumbprint parameter.
- *
- * @param thumb The SHA1 thumbprint info bytes
- * @return alias name of the certificate that matches the thumbprint
- * or null if no such certificate was found.
- * @throws org.swssf.ext.XMLSecurityException
- * if problems during keystore handling or wrong certificate
+ *
+ * @param certs The certificates to convert
+ * @return The byte array for the certificates
+ * @throws XMLSecurityException
*/
-
- public String getAliasForX509CertThumb(byte[] thumb) throws XMLSecurityException;
+ public byte[] getBytesFromCertificates(X509Certificate[] certs) throws XMLSecurityException;
/**
- * Gets the CertificateFactory instantiated by the underlying implementation
+ * Construct an array of X509Certificate's from the byte array.
*
- * @return the CertificateFactory
- * @throws org.swssf.ext.XMLSecurityException
+ * @param data The <code>byte</code> array containing the X509 data
+ * @return An array of X509 certificates
+ * @throws XMLSecurityException
+ */
+ public X509Certificate[] getCertificatesFromBytes(byte[] data) throws XMLSecurityException;
+
+ //
+ // Implementation-specific Crypto functionality methods
+ //
+
+ /**
+ * Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported
+ * types are as follows:
+ *
+ * TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number
+ * TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert
+ * TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert
+ * TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert
+ * TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation
+ * specific, for example - it could be a java KeyStore alias.
+ */
+ public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws XMLSecurityException;
+
+ /**
+ * Get the implementation-specific identifier corresponding to the cert parameter, e.g. the
+ * identifier could be a KeyStore alias.
+ * @param cert The X509Certificate for which to search for an identifier
+ * @return the identifier corresponding to the cert parameter
+ * @throws XMLSecurityException
+ */
+ public String getX509Identifier(X509Certificate cert) throws XMLSecurityException;
+
+ /**
+ * Gets the private key corresponding to the identifier.
*
+ * @param identifier The implementation-specific identifier corresponding to the key
+ * @param password The password needed to get the key
+ * @return The private key
*/
- public CertificateFactory getCertificateFactory() throws XMLSecurityException;
-
+ public PrivateKey getPrivateKey(
+ String identifier, String password
+ ) throws XMLSecurityException;
+
/**
* Evaluate whether a given certificate chain should be trusted.
*
* @param certs Certificate chain to validate
* @return true if the certificate chain is valid, false otherwise
- * @throws org.swssf.ext.XMLSecurityException
- *
+ * @throws XMLSecurityException
*/
+ @Deprecated
public boolean verifyTrust(X509Certificate[] certs) throws XMLSecurityException;
-
+
/**
- * Evaluate whether a given public key should be trusted.
+ * Evaluate whether a given certificate chain should be trusted.
*
+ * @param certs Certificate chain to validate
+ * @param enableRevocation whether to enable CRL verification or not
+ * @return true if the certificate chain is valid, false otherwise
+ * @throws XMLSecurityException
+ */
+ public boolean verifyTrust(
+ X509Certificate[] certs, boolean enableRevocation
+ ) throws XMLSecurityException;
+
+ /**
+ * Evaluate whether a given public key should be trusted.
+ *
* @param publicKey The PublicKey to be evaluated
* @return whether the PublicKey parameter is trusted or not
*/
public boolean verifyTrust(PublicKey publicKey) throws XMLSecurityException;
+
}