You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/02/28 01:09:26 UTC
svn commit: r1451049 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/
ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/
Author: coheigea
Date: Thu Feb 28 00:09:25 2013
New Revision: 1451049
URL: http://svn.apache.org/r1451049
Log:
Made it possible to work with the 1.6 Crypto Merlin property tags
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java?rev=1451049&r1=1451048&r2=1451049&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoFactory.java Thu Feb 28 00:09:25 2013
@@ -99,6 +99,10 @@ public abstract class CryptoFactory {
ClassLoader classLoader
) throws WSSecurityException {
String cryptoClassName = properties.getProperty("org.apache.wss4j.crypto.provider");
+ if (cryptoClassName == null) {
+ cryptoClassName = properties.getProperty("org.apache.ws.security.crypto.provider");
+ }
+
Class<? extends Crypto> cryptoClass = null;
if (cryptoClassName == null
|| cryptoClassName.equals("org.apache.wss4j.common.crypto.Merlin")
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1451049&r1=1451048&r2=1451049&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Thu Feb 28 00:09:25 2013
@@ -68,62 +68,52 @@ import org.apache.wss4j.common.util.Load
*/
public class Merlin extends CryptoBase {
+ public static final String PREFIX = "org.apache.wss4j.crypto.merlin.";
+ public static final String OLD_PREFIX = "org.apache.ws.security.crypto.merlin.";
+
/*
* Deprecated types
*/
- public static final String OLD_KEYSTORE_FILE =
- "org.apache.wss4j.crypto.merlin.file";
+ public static final String OLD_KEYSTORE_FILE = "file";
/*
* Crypto providers
*/
- public static final String CRYPTO_KEYSTORE_PROVIDER =
- "org.apache.wss4j.crypto.merlin.keystore.provider";
- public static final String CRYPTO_CERT_PROVIDER =
- "org.apache.wss4j.crypto.merlin.cert.provider";
+ public static final String CRYPTO_KEYSTORE_PROVIDER = "keystore.provider";
+ public static final String CRYPTO_CERT_PROVIDER = "cert.provider";
/*
* KeyStore configuration types
*/
- public static final String KEYSTORE_FILE =
- "org.apache.wss4j.crypto.merlin.keystore.file";
- public static final String KEYSTORE_PASSWORD =
- "org.apache.wss4j.crypto.merlin.keystore.password";
- public static final String KEYSTORE_TYPE =
- "org.apache.wss4j.crypto.merlin.keystore.type";
- public static final String KEYSTORE_ALIAS =
- "org.apache.wss4j.crypto.merlin.keystore.alias";
- public static final String KEYSTORE_PRIVATE_PASSWORD =
- "org.apache.wss4j.crypto.merlin.keystore.private.password";
+ public static final String KEYSTORE_FILE = "keystore.file";
+ public static final String KEYSTORE_PASSWORD ="keystore.password";
+ public static final String KEYSTORE_TYPE ="keystore.type";
+ public static final String KEYSTORE_ALIAS ="keystore.alias";
+ public static final String KEYSTORE_PRIVATE_PASSWORD ="keystore.private.password";
/*
* TrustStore configuration types
*/
- public static final String LOAD_CA_CERTS =
- "org.apache.wss4j.crypto.merlin.load.cacerts";
- public static final String TRUSTSTORE_FILE =
- "org.apache.wss4j.crypto.merlin.truststore.file";
- public static final String TRUSTSTORE_PASSWORD =
- "org.apache.wss4j.crypto.merlin.truststore.password";
- public static final String TRUSTSTORE_TYPE =
- "org.apache.wss4j.crypto.merlin.truststore.type";
+ public static final String LOAD_CA_CERTS ="load.cacerts";
+ public static final String TRUSTSTORE_FILE ="truststore.file";
+ public static final String TRUSTSTORE_PASSWORD ="truststore.password";
+ public static final String TRUSTSTORE_TYPE = "truststore.type";
/*
* CRL configuration
*/
- public static final String X509_CRL_FILE =
- "org.apache.wss4j.crypto.merlin.x509crl.file";
+ public static final String X509_CRL_FILE = "x509crl.file";
private static final org.apache.commons.logging.Log LOG =
org.apache.commons.logging.LogFactory.getLog(Merlin.class);
private static final boolean DO_DEBUG = LOG.isDebugEnabled();
- protected Properties properties = null;
- protected KeyStore keystore = null;
- protected KeyStore truststore = null;
- protected CertStore crlCertStore = null;
- protected boolean loadCACerts = false;
- protected boolean privatePasswordSet = false;
+ protected Properties properties;
+ protected KeyStore keystore;
+ protected KeyStore truststore;
+ protected CertStore crlCertStore;
+ protected boolean loadCACerts;
+ protected boolean privatePasswordSet;
public Merlin() {
// default constructor
@@ -178,39 +168,53 @@ public class Merlin extends CryptoBase {
return;
}
this.properties = properties;
+
+ String prefix = PREFIX;
+ for (Object key : properties.keySet()) {
+ if (key instanceof String) {
+ String propKey = (String)key;
+ if (propKey.startsWith(PREFIX)) {
+ break;
+ } else if (propKey.startsWith(OLD_PREFIX)) {
+ prefix = OLD_PREFIX;
+ break;
+ }
+ }
+ }
+
//
// Load the provider(s)
//
- String provider = properties.getProperty(CRYPTO_KEYSTORE_PROVIDER);
+ String provider = properties.getProperty(prefix + CRYPTO_KEYSTORE_PROVIDER);
if (provider != null) {
provider = provider.trim();
}
- String certProvider = properties.getProperty(CRYPTO_CERT_PROVIDER);
+ String certProvider = properties.getProperty(prefix + CRYPTO_CERT_PROVIDER);
if (certProvider != null) {
setCryptoProvider(certProvider);
}
//
// Load the KeyStore
//
- String alias = properties.getProperty(KEYSTORE_ALIAS);
+ String alias = properties.getProperty(prefix + KEYSTORE_ALIAS);
if (alias != null) {
alias = alias.trim();
defaultAlias = alias;
}
- String keyStoreLocation = properties.getProperty(KEYSTORE_FILE);
+ String keyStoreLocation = properties.getProperty(prefix + KEYSTORE_FILE);
if (keyStoreLocation == null) {
- keyStoreLocation = properties.getProperty(OLD_KEYSTORE_FILE);
+ keyStoreLocation = properties.getProperty(prefix + OLD_KEYSTORE_FILE);
}
if (keyStoreLocation != null) {
keyStoreLocation = keyStoreLocation.trim();
InputStream is = loadInputStream(loader, keyStoreLocation);
try {
- String passwd = properties.getProperty(KEYSTORE_PASSWORD, "security");
+ String passwd = properties.getProperty(prefix + KEYSTORE_PASSWORD, "security");
if (passwd != null) {
passwd = passwd.trim();
}
- String type = properties.getProperty(KEYSTORE_TYPE, KeyStore.getDefaultType());
+ String type = properties.getProperty(prefix + KEYSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
type = type.trim();
}
@@ -221,7 +225,7 @@ public class Merlin extends CryptoBase {
+ " has been loaded"
);
}
- String privatePasswd = properties.getProperty(KEYSTORE_PRIVATE_PASSWORD);
+ String privatePasswd = properties.getProperty(prefix + KEYSTORE_PRIVATE_PASSWORD);
if (privatePasswd != null) {
privatePasswordSet = true;
}
@@ -239,17 +243,17 @@ public class Merlin extends CryptoBase {
//
// Load the TrustStore
//
- String trustStoreLocation = properties.getProperty(TRUSTSTORE_FILE);
+ String trustStoreLocation = properties.getProperty(prefix + TRUSTSTORE_FILE);
if (trustStoreLocation != null) {
trustStoreLocation = trustStoreLocation.trim();
InputStream is = loadInputStream(loader, trustStoreLocation);
try {
- String passwd = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
+ String passwd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (passwd != null) {
passwd = passwd.trim();
}
- String type = properties.getProperty(TRUSTSTORE_TYPE, KeyStore.getDefaultType());
+ String type = properties.getProperty(prefix + TRUSTSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
type = type.trim();
}
@@ -267,7 +271,7 @@ public class Merlin extends CryptoBase {
}
}
} else {
- String loadCacerts = properties.getProperty(LOAD_CA_CERTS, "false");
+ String loadCacerts = properties.getProperty(prefix + LOAD_CA_CERTS, "false");
if (loadCacerts != null) {
loadCacerts = loadCacerts.trim();
}
@@ -278,7 +282,7 @@ public class Merlin extends CryptoBase {
}
InputStream is = new FileInputStream(cacertsPath);
try {
- String cacertsPasswd = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
+ String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
cacertsPasswd = cacertsPasswd.trim();
}
@@ -297,7 +301,7 @@ public class Merlin extends CryptoBase {
//
// Load the CRL file
//
- String crlLocation = properties.getProperty(X509_CRL_FILE);
+ String crlLocation = properties.getProperty(prefix + X509_CRL_FILE);
if (crlLocation != null) {
crlLocation = crlLocation.trim();
InputStream is = loadInputStream(loader, crlLocation);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1451049&r1=1451048&r2=1451049&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Thu Feb 28 00:09:25 2013
@@ -96,6 +96,7 @@ public class RequestData {
private int originalSignatureActionPosition;
private AlgorithmSuite algorithmSuite;
private AlgorithmSuite samlAlgorithmSuite;
+ private boolean disableBSPEnforcement;
public void clear() {
soapConstants = null;
@@ -126,6 +127,7 @@ public class RequestData {
algorithmSuite = null;
samlAlgorithmSuite = null;
setOriginalSignatureActionPosition(0);
+ setDisableBSPEnforcement(false);
}
public Object getMsgContext() {
@@ -555,6 +557,9 @@ public class RequestData {
}
public BSPEnforcer getBSPEnforcer() {
+ if (disableBSPEnforcement) {
+ return new BSPEnforcer(true);
+ }
return new BSPEnforcer(ignoredBSPRules);
}
@@ -589,5 +594,13 @@ public class RequestData {
public void setOriginalSignatureActionPosition(int originalSignatureActionPosition) {
this.originalSignatureActionPosition = originalSignatureActionPosition;
}
+
+ public boolean isDisableBSPEnforcement() {
+ return disableBSPEnforcement;
+ }
+
+ public void setDisableBSPEnforcement(boolean disableBSPEnforcement) {
+ this.disableBSPEnforcement = disableBSPEnforcement;
+ }
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1451049&r1=1451048&r2=1451049&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Thu Feb 28 00:09:25 2013
@@ -301,6 +301,10 @@ public abstract class WSHandler {
);
wssConfig.setSecretKeyLength(reqData.getSecretKeyLength());
+ boolean bspCompliant = decodeBSPCompliance(reqData);
+ if (!bspCompliant) {
+ reqData.setDisableBSPEnforcement(true);
+ }
reqData.setWssConfig(wssConfig);
if (((doAction & WSConstants.SIGN) == WSConstants.SIGN)
@@ -705,6 +709,13 @@ public abstract class WSHandler {
);
}
+ protected boolean decodeBSPCompliance(RequestData reqData)
+ throws WSSecurityException {
+ return decodeBooleanConfigValue(
+ reqData, WSHandlerConstants.IS_BSP_COMPLIANT, true
+ );
+ }
+
protected String decodePasswordType(RequestData reqData) throws WSSecurityException {
String type = getString(WSHandlerConstants.PASSWORD_TYPE, reqData.getMsgContext());
if (type != null) {
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1451049&r1=1451048&r2=1451049&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Thu Feb 28 00:09:25 2013
@@ -363,6 +363,17 @@ public final class WSHandlerConstants {
public static final String MUST_UNDERSTAND = "mustUnderstand";
/**
+ * Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The
+ * default value is "true".
+ * <p/>
+ * The application may set this parameter using the following method:
+ * <pre>
+ * call.setProperty(WSHandlerConstants.IS_BSP_COMPLIANT, "false");
+ * </pre>
+ */
+ public static final String IS_BSP_COMPLIANT = "isBSPCompliant";
+
+ /**
* Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
* child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
* The default is true.