You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/29 15:16:04 UTC
svn commit: r1780804 [3/10] - in
/axis/axis2/java/rampart/branches/RAMPART-252: ./ legal/
modules/distribution/ modules/documentation/
modules/documentation/src/site/resources/download/
modules/documentation/src/site/xdoc/ modules/documentation/src/sit...
Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1780804&r1=1780803&r2=1780804&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java Sun Jan 29 15:16:02 2017
@@ -49,6 +49,7 @@ import org.apache.rahas.client.STSClient
import org.apache.rampart.PolicyBasedResultsValidator;
import org.apache.rampart.PolicyValidatorCallbackHandler;
import org.apache.rampart.RampartConfigCallbackHandler;
+import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
@@ -90,13 +91,14 @@ import javax.servlet.http.HttpServletReq
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
public class RampartUtil {
private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
private static Log log = LogFactory.getLog(RampartUtil.class);
- private static Map cryptoStore = new Hashtable();
+ private static Map<String, CachedCrypto> cryptoStore = new ConcurrentHashMap<String, CachedCrypto>();
private static class CachedCrypto {
private Crypto crypto;
@@ -130,9 +132,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -177,9 +181,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPolicyValidatorCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -210,9 +216,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getRampartConfigCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -289,76 +297,51 @@ public class RampartUtil {
*/
public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
+
log.debug("Loading encryption crypto");
-
+
+ Crypto crypto = null;
+
if (config != null && config.getEncrCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
-
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
-
- } else {
- log.debug("Trying the signature crypto info");
-
- // Try using signature crypto information
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(),
- interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
- } else {
- return null;
- }
- }
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+
+ if (cryptoKey != null) {
+ // Crypto caching is enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // Crypto caching is enabled - cache the Crypto object
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ } else {
+ log.debug("Trying the signature crypto info");
+ crypto = getSignatureCrypto(config, loader);
+ }
+ return crypto;
}
/**
@@ -371,42 +354,47 @@ public class RampartUtil {
*/
public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
+
log.debug("Loading Signature crypto");
-
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
-
- return crypto;
-
- } else {
- return null;
- }
+
+ Crypto crypto = null;
+
+ if (config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ String cryptoKey = null;
+ String interval = null;
+
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ }
+ return crypto;
}
@@ -630,7 +618,7 @@ public class RampartUtil {
if(bsPol != null) {
log.debug("BootstrapPolicy found");
- bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
//copy the <wsoma:OptimizedMimeSerialization/> to BootstrapPolicy
if (rmd.getPolicyData().getMTOMAssertion() != null) {
bsPol.addAssertion(rmd.getPolicyData().getMTOMAssertion());
@@ -644,8 +632,10 @@ public class RampartUtil {
String id = getToken(rmd, rstTemplate,
issuerEprAddress, action, stsPolicy);
-
- log.debug("SecureConversationToken obtained: id=" + id);
+
+ if (log.isDebugEnabled()) {
+ log.debug("SecureConversationToken obtained: id=" + id);
+ }
return id;
}
@@ -685,7 +675,9 @@ public class RampartUtil {
String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
stsPolicy);
- log.debug("Issued token obtained: id=" + id);
+ if (log.isDebugEnabled()) {
+ log.debug("Issued token obtained: id=" + id);
+ }
return id;
} catch (TrustException e) {
throw new RampartException("errorInObtainingToken", e);
@@ -816,6 +808,25 @@ public class RampartUtil {
return id;
}
+ /**
+ * Change the owner document of the given node. The method first attempts to move the node using
+ * {@link Document#adoptNode(Node)}. If that fails, it will import the node into the target
+ * document using {@link Document#importNode(Node, boolean)}.
+ *
+ * @param targetDocument
+ * the target document
+ * @param node
+ * the node to adopt or import
+ * @return the adopted or imported node
+ */
+ public static Node adoptNode(Document targetDocument, Node node) {
+ Node result = targetDocument.adoptNode(node);
+ if (result == null) {
+ result = targetDocument.importNode(node, true);
+ }
+ return result;
+ }
+
public static Element appendChildToSecHeader(RampartMessageData rmd,
OMElement elem) {
return appendChildToSecHeader(rmd, (Element)elem);
@@ -824,8 +835,7 @@ public class RampartUtil {
public static Element appendChildToSecHeader(RampartMessageData rmd,
Element elem) {
Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
- Node node = secHeaderElem.getOwnerDocument().importNode(
- elem, true);
+ Node node = adoptNode(secHeaderElem.getOwnerDocument(), elem);
return (Element)secHeaderElem.appendChild(node);
}
@@ -1730,35 +1740,27 @@ public class RampartUtil {
}
}
- private static Crypto retrieveCrytpoFromCache(String cryptoKey, String refreshInterval) {
+ private static Crypto retrieveCryptoFromCache(String cryptoKey, String refreshInterval) {
// cache hit
if (cryptoStore.containsKey(cryptoKey)) {
- CachedCrypto cachedCrypto = (CachedCrypto) cryptoStore.get(cryptoKey);
+ CachedCrypto cachedCrypto = cryptoStore.get(cryptoKey);
if (refreshInterval != null) {
if (cachedCrypto.creationTime + new Long(refreshInterval).longValue() > Calendar
.getInstance().getTimeInMillis()) {
- if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
- }
+ log.debug("Cache Hit : Crypto Object was found in cache.");
return cachedCrypto.crypto;
} else {
- if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object found in cache is expired.");
- }
+ log.debug("Cache Miss : Crypto Object found in cache is expired.");
return null;
}
} else {
- if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
- }
+ log.debug("Cache Hit : Crypto Object was found in cache.");
return cachedCrypto.crypto;
}
}
// cache miss
else {
- if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object was not found in cache.");
- }
+ log.debug("Cache Miss : Crypto Object was not found in cache.");
return null;
}
}
@@ -1766,9 +1768,7 @@ public class RampartUtil {
private static void cacheCrypto(String cryptoKey, Crypto crypto) {
cryptoStore.put(cryptoKey, new CachedCrypto(crypto, Calendar.getInstance()
.getTimeInMillis()));
- if (log.isDebugEnabled()) {
- log.info("Crypto object is inserted into the Cache.");
- }
+ log.debug("Crypto object is inserted into the Cache.");
}