You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2011/08/04 11:03:22 UTC
svn commit: r1153794 - in
/webservices/wss4j/trunk/src/main/java/org/apache/ws/security:
components/crypto/Merlin.java saml/WSSecSignatureSAML.java
Author: coheigea
Date: Thu Aug 4 09:03:21 2011
New Revision: 1153794
URL: http://svn.apache.org/viewvc?rev=1153794&view=rev
Log:
[WSS-303] - Support SKI_KEY_IDENTIFIER, THUMBPRINT_IDENTIFIER, ISSUER_SERIAL when signing "sender vouches" assertions
- Patch applied, thanks.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java?rev=1153794&r1=1153793&r2=1153794&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/components/crypto/Merlin.java Thu Aug 4 09:03:21 2011
@@ -964,10 +964,6 @@ public class Merlin extends CryptoBase {
private X509Certificate[] getX509Certificates(byte[] thumbprint) throws WSSecurityException {
MessageDigest sha = null;
- if (keystore == null) {
- return null;
- }
-
try {
sha = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java?rev=1153794&r1=1153793&r2=1153794&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/WSSecSignatureSAML.java Thu Aug 4 09:03:21 2011
@@ -29,6 +29,8 @@ import org.apache.ws.security.components
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.token.DOMX509Data;
+import org.apache.ws.security.message.token.DOMX509IssuerSerial;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
@@ -395,9 +397,28 @@ public class WSSecSignatureSAML extends
case WSConstants.X509_KEY_IDENTIFIER :
secRef.setKeyIdentifier(certs[0]);
break;
+
+ case WSConstants.SKI_KEY_IDENTIFIER:
+ secRef.setKeyIdentifierSKI(certs[0], iCrypto != null ? iCrypto : uCrypto);
+ break;
+
+ case WSConstants.THUMBPRINT_IDENTIFIER:
+ secRef.setKeyIdentifierThumb(certs[0]);
+ break;
+
+ case WSConstants.ISSUER_SERIAL:
+ final String issuer = certs[0].getIssuerDN().getName();
+ final java.math.BigInteger serialNumber = certs[0].getSerialNumber();
+ final DOMX509IssuerSerial domIssuerSerial =
+ new DOMX509IssuerSerial(document, issuer, serialNumber);
+ final DOMX509Data domX509Data = new DOMX509Data(document, domIssuerSerial);
+ secRef.setX509Data(domX509Data);
+ break;
default:
- throw new WSSecurityException(WSSecurityException.FAILURE, "unsupportedKeyId");
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "unsupportedKeyId", new Object[]{}
+ );
}
} else if (useDirectReferenceToAssertion) {
Reference ref = new Reference(doc);