You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/07/05 12:47:47 UTC
svn commit: r1357548 - in
/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss:
ext/ impl/processor/input/ impl/processor/output/ impl/securityToken/
Author: coheigea
Date: Thu Jul 5 10:47:47 2012
New Revision: 1357548
URL: http://svn.apache.org/viewvc?rev=1357548&view=rev
Log:
Moved the Crypto signature stuff from Santuario into WSSSecurityProperties
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java Thu Jul 5 10:47:47 2012
@@ -18,8 +18,14 @@
*/
package org.swssf.wss.ext;
+import org.apache.xml.security.stax.crypto.Crypto;
+import org.apache.xml.security.stax.crypto.MerlinBase;
+import org.apache.xml.security.stax.ext.XMLSecurityConfigurationException;
+import org.apache.xml.security.stax.ext.XMLSecurityException;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
+import java.net.URL;
+import java.security.KeyStore;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -161,4 +167,115 @@ public class WSSSecurityProperties exten
public List<WSSConstants.BSPRule> getIgnoredBSPRules() {
return Collections.unmodifiableList(ignoredBSPRules);
}
+
+ private Class<? extends MerlinBase> signatureCryptoClass;
+ private KeyStore signatureKeyStore;
+ private String signatureUser;
+
+ public void setSignatureUser(String signatureUser) {
+ this.signatureUser = signatureUser;
+ }
+
+ public String getSignatureUser() {
+ return signatureUser;
+ }
+
+ public KeyStore getSignatureKeyStore() {
+ return signatureKeyStore;
+ }
+
+ public void loadSignatureKeyStore(URL url, char[] keyStorePassword) throws Exception {
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(url.openStream(), keyStorePassword);
+ this.signatureKeyStore = keyStore;
+ }
+
+ public Class<? extends MerlinBase> getSignatureCryptoClass() {
+ if (signatureCryptoClass != null) {
+ return signatureCryptoClass;
+ }
+ signatureCryptoClass = org.apache.xml.security.stax.crypto.Merlin.class;
+ return signatureCryptoClass;
+ }
+
+ public void setSignatureCryptoClass(Class<? extends MerlinBase> signatureCryptoClass) {
+ this.signatureCryptoClass = signatureCryptoClass;
+ }
+
+ private Crypto cachedSignatureCrypto;
+ private KeyStore cachedSignatureKeyStore;
+
+ public Crypto getSignatureCrypto() throws XMLSecurityException {
+
+ if (this.getSignatureKeyStore() == null) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "signatureKeyStoreNotSet");
+ }
+
+ if (this.getSignatureKeyStore() == cachedSignatureKeyStore) {
+ return cachedSignatureCrypto;
+ }
+
+ Class<? extends MerlinBase> signatureCryptoClass = this.getSignatureCryptoClass();
+
+ try {
+ MerlinBase signatureCrypto = signatureCryptoClass.newInstance();
+ signatureCrypto.setKeyStore(this.getSignatureKeyStore());
+ cachedSignatureCrypto = signatureCrypto;
+ cachedSignatureKeyStore = this.getSignatureKeyStore();
+ return signatureCrypto;
+ } catch (Exception e) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "signatureCryptoFailure", e);
+ }
+ }
+
+ private Class<? extends MerlinBase> signatureVerificationCryptoClass;
+ private KeyStore signatureVerificationKeyStore;
+
+ public KeyStore getSignatureVerificationKeyStore() {
+ return signatureVerificationKeyStore;
+ }
+
+ public void loadSignatureVerificationKeystore(URL url, char[] keyStorePassword) throws Exception {
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(url.openStream(), keyStorePassword);
+ this.signatureVerificationKeyStore = keyStore;
+ }
+
+ public Class<? extends MerlinBase> getSignatureVerificationCryptoClass() {
+ if (signatureVerificationCryptoClass != null) {
+ return signatureVerificationCryptoClass;
+ }
+ signatureVerificationCryptoClass = org.apache.xml.security.stax.crypto.Merlin.class;
+ return signatureVerificationCryptoClass;
+ }
+
+ public void setSignatureVerificationCryptoClass(Class<? extends MerlinBase> signatureVerificationCryptoClass) {
+ this.signatureVerificationCryptoClass = signatureVerificationCryptoClass;
+ }
+
+ private Crypto cachedSignatureVerificationCrypto;
+ private KeyStore cachedSignatureVerificationKeyStore;
+
+ public Crypto getSignatureVerificationCrypto() throws XMLSecurityException {
+
+ if (this.getSignatureVerificationKeyStore() == null) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "signatureVerificationKeyStoreNotSet");
+ }
+
+ if (this.getSignatureVerificationKeyStore() == cachedSignatureVerificationKeyStore) {
+ return cachedSignatureVerificationCrypto;
+ }
+
+ Class<? extends MerlinBase> signatureVerificationCryptoClass = this.getSignatureVerificationCryptoClass();
+
+ try {
+ MerlinBase signatureVerificationCrypto = signatureVerificationCryptoClass.newInstance();
+ signatureVerificationCrypto.setKeyStore(this.getSignatureVerificationKeyStore());
+ cachedSignatureVerificationCrypto = signatureVerificationCrypto;
+ cachedSignatureVerificationKeyStore = this.getSignatureVerificationKeyStore();
+ return signatureVerificationCrypto;
+ } catch (Exception e) {
+ throw new XMLSecurityConfigurationException(XMLSecurityException.ErrorCode.FAILURE, "signatureVerificationCryptoFailure", e);
+ }
+ }
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java Thu Jul 5 10:47:47 2012
@@ -20,6 +20,7 @@ package org.swssf.wss.impl.processor.inp
import org.swssf.binding.wss10.BinarySecurityTokenType;
import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.wss.ext.WSSecurityException;
import org.swssf.wss.ext.WSSecurityToken;
@@ -71,7 +72,7 @@ public class BinarySecurityTokenInputHan
}
Crypto crypto = null;
try {
- crypto = securityProperties.getSignatureVerificationCrypto();
+ crypto = ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto();
} catch (XMLSecurityConfigurationException e) {
//ignore
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SAMLTokenInputHandler.java Thu Jul 5 10:47:47 2012
@@ -94,7 +94,8 @@ public class SAMLTokenInputHandler exten
this.securityToken = new SAMLSecurityToken(samlAssertionWrapper.getSAMLVersion(), samlSubjectKeyInfo,
samlAssertionWrapper.getIssuerString(),
- (WSSecurityContext) inputProcessorChain.getSecurityContext(), securityProperties.getSignatureVerificationCrypto(),
+ (WSSecurityContext) inputProcessorChain.getSecurityContext(),
+ ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto(),
securityProperties.getCallbackHandler(), samlAssertionWrapper.getId(), null);
this.securityToken.setElementPath(elementPath);
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/WSSSignatureInputHandler.java Thu Jul 5 10:47:47 2012
@@ -26,6 +26,7 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig.ObjectType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSUtils;
import org.swssf.wss.ext.WSSecurityContext;
import org.swssf.wss.ext.WSSecurityException;
@@ -158,7 +159,7 @@ public class WSSSignatureInputHandler ex
XMLSecurityProperties securityProperties,
SecurityContext securityContext) throws XMLSecurityException {
return SecurityTokenFactory.getInstance().getSecurityToken(keyInfoType,
- securityProperties.getSignatureVerificationCrypto(), securityProperties.getCallbackHandler(),
+ ((WSSSecurityProperties)securityProperties).getSignatureVerificationCrypto(), securityProperties.getCallbackHandler(),
securityContext);
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Thu Jul 5 10:47:47 2012
@@ -57,17 +57,17 @@ public class BinarySecurityTokenOutputPr
|| action.equals(WSSConstants.SAML_TOKEN_SIGNED)
|| action.equals(WSSConstants.SIGNATURE_WITH_DERIVED_KEY)) {
- String alias = getSecurityProperties().getSignatureUser();
+ String alias = ((WSSSecurityProperties)getSecurityProperties()).getSignatureUser();
WSPasswordCallback pwCb = new WSPasswordCallback(alias, WSPasswordCallback.Usage.SIGNATURE);
WSSUtils.doPasswordCallback(getSecurityProperties().getCallbackHandler(), pwCb);
String password = pwCb.getPassword();
if (password == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noPassword", alias);
}
- key = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, password);
+ key = ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto().getPrivateKey(alias, password);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias(getSecurityProperties().getSignatureUser());
- x509Certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
+ cryptoType.setAlias(alias);
+ x509Certificates = ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto().getX509Certificates(cryptoType);
if (x509Certificates == null || x509Certificates.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", alias);
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java Thu Jul 5 10:47:47 2012
@@ -114,7 +114,7 @@ public class SAMLTokenOutputProcessor ex
if (keyInfoBean != null) {
X509Certificate x509Certificate = keyInfoBean.getCertificate();
if (x509Certificate != null) {
- String alias = getSecurityProperties().getSignatureCrypto().getX509Identifier(x509Certificate);
+ String alias = ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto().getX509Identifier(x509Certificate);
if (alias == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
}
@@ -122,8 +122,8 @@ public class SAMLTokenOutputProcessor ex
WSSUtils.doPasswordCallback(getSecurityProperties().getCallbackHandler(), wsPasswordCallback);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
- certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
- privateKey = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword());
+ certificates = ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto().getX509Certificates(cryptoType);
+ privateKey = ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword());
}
}
}
@@ -211,7 +211,7 @@ public class SAMLTokenOutputProcessor ex
}
this.samlSecurityToken = new SAMLSecurityToken(
samlCallback.getSamlVersion(), samlKeyInfo, (WSSecurityContext) outputProcessorChain.getSecurityContext(),
- getSecurityProperties().getSignatureCrypto(), getSecurityProperties().getCallbackHandler(), tokenId);
+ ((WSSSecurityProperties)getSecurityProperties()).getSignatureCrypto(), getSecurityProperties().getCallbackHandler(), tokenId);
this.samlSecurityToken.setProcessor(finalSAMLTokenOutputProcessor);
return this.samlSecurityToken;
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1357548&r1=1357547&r2=1357548&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Thu Jul 5 10:47:47 2012
@@ -44,7 +44,6 @@ public class SecurityTokenFactoryImpl ex
public SecurityTokenFactoryImpl() {
}
- @Override
public SecurityToken getSecurityToken(KeyInfoType keyInfoType, Crypto crypto, final CallbackHandler callbackHandler,
SecurityContext securityContext) throws XMLSecurityException {
if (keyInfoType != null) {