You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/17 12:51:33 UTC
svn commit: r1504072 - in /cxf/trunk:
services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/
systests/ws-security/src/test/resources/certs/xkms/trusted_cas/
Author: coheigea
Date: Wed Jul 17 10:51:32 2013
New Revision: 1504072
URL: http://svn.apache.org/r1504072
Log:
Re-enabling Asymmetric XKMS test
Added:
cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/
cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/cxfca.crt
Modified:
cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java
Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java?rev=1504072&r1=1504071&r2=1504072&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java Wed Jul 17 10:51:32 2013
@@ -96,18 +96,19 @@ public class XkmsCryptoProvider extends
}
@Override
- public boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation)
+ public void verifyTrust(X509Certificate[] certs, boolean enableRevocation)
throws WSSecurityException {
- if (certs == null) {
- return false;
+ if (certs != null) {
+ LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
+ }
+ if (certs == null || !xkmsInvoker.validateCertificate(certs[0])) {
+ throw new CryptoProviderException("The given certificate is not valid");
}
- LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
- return xkmsInvoker.validateCertificate(certs[0]);
}
@Override
- public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException {
- return false;
+ public void verifyTrust(PublicKey publicKey) throws WSSecurityException {
+ throw new CryptoProviderException("PublicKeys cannot be verified");
}
private void assertDefaultCryptoProvider() {
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java?rev=1504072&r1=1504071&r2=1504072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java Wed Jul 17 10:51:32 2013
@@ -94,10 +94,10 @@ public class XKMSTest extends AbstractBu
bus.shutdown(true);
}
- // TODO The client uses XKMS to locate the public key of the service with which to encrypt
- // the message.
+ // The client uses XKMS to locate the public key of the service with which to encrypt
+ // the message. Then the client uses XKMS to both locate + validate the signing cert
+ // on processing the service response
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricBinding() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Added: cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/cxfca.crt
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/cxfca.crt?rev=1504072&view=auto
==============================================================================
Files cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/cxfca.crt (added) and cxf/trunk/systests/ws-security/src/test/resources/certs/xkms/trusted_cas/cxfca.crt Wed Jul 17 10:51:32 2013 differ