You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/01/14 10:19:48 UTC
svn commit: r1872762 - in
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys:
keyresolver/ storage/ storage/implementations/
Author: coheigea
Date: Tue Jan 14 10:19:48 2020
New Revision: 1872762
URL: http://svn.apache.org/viewvc?rev=1872762&view=rev
Log:
Some work on making the StorageResolvers thread-safe
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/StorageResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/KeyStoreResolver.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java?rev=1872762&r1=1872761&r2=1872762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java Tue Jan 14 10:19:48 2020
@@ -43,6 +43,8 @@ import org.xml.sax.SAXException;
* <KeyResolver URI="http://www.w3.org/2000/09/xmldsig#KeyValue"
* JAVACLASS="MyPackage.MyKeyValueImpl"//gt;
* </PRE>
+ *
+ * Extensions of this class must be thread-safe.
*/
public abstract class KeyResolverSpi {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/StorageResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/StorageResolver.java?rev=1872762&r1=1872761&r2=1872762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/StorageResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/StorageResolver.java Tue Jan 14 10:19:48 2020
@@ -38,7 +38,7 @@ public class StorageResolver {
org.slf4j.LoggerFactory.getLogger(StorageResolver.class);
/** Field storageResolvers */
- private List<StorageResolverSpi> storageResolvers;
+ private final List<StorageResolverSpi> storageResolvers = new ArrayList<>();
/**
* Constructor StorageResolver
@@ -61,9 +61,6 @@ public class StorageResolver {
* @param resolver
*/
public void add(StorageResolverSpi resolver) {
- if (storageResolvers == null) {
- storageResolvers = new ArrayList<>();
- }
this.storageResolvers.add(resolver);
}
@@ -122,10 +119,10 @@ public class StorageResolver {
static class StorageResolverIterator implements Iterator<Certificate> {
/** Field resolvers */
- Iterator<StorageResolverSpi> resolvers = null;
+ private final Iterator<StorageResolverSpi> resolvers;
/** Field currentResolver */
- Iterator<Certificate> currentResolver = null;
+ private Iterator<Certificate> currentResolver;
/**
* Constructor StorageResolverIterator
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java?rev=1872762&r1=1872761&r2=1872762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java Tue Jan 14 10:19:48 2020
@@ -31,8 +31,10 @@ import java.security.cert.CertificateFac
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Iterator;
import java.util.List;
+import java.util.NoSuchElementException;
import org.apache.xml.security.keys.storage.StorageResolverException;
import org.apache.xml.security.keys.storage.StorageResolverSpi;
@@ -49,11 +51,8 @@ public class CertsInFilesystemDirectoryR
CertsInFilesystemDirectoryResolver.class
);
- /** Field merlinsCertificatesDir */
- private String merlinsCertificatesDir;
-
/** Field certs */
- private List<X509Certificate> certs = new ArrayList<>();
+ private final List<X509Certificate> certs;
/**
* @param directoryName
@@ -61,19 +60,8 @@ public class CertsInFilesystemDirectoryR
*/
public CertsInFilesystemDirectoryResolver(String directoryName)
throws StorageResolverException {
- this.merlinsCertificatesDir = directoryName;
-
- this.readCertsFromHarddrive();
- }
- /**
- * Method readCertsFromHarddrive
- *
- * @throws StorageResolverException
- */
- private void readCertsFromHarddrive() throws StorageResolverException {
-
- File certDir = new File(this.merlinsCertificatesDir);
+ File certDir = new File(directoryName);
List<String> al = new ArrayList<>();
String[] names = certDir.list();
@@ -88,13 +76,13 @@ public class CertsInFilesystemDirectoryR
}
CertificateFactory cf = null;
-
try {
cf = CertificateFactory.getInstance("X.509");
} catch (CertificateException ex) {
throw new StorageResolverException(ex);
}
+ List<X509Certificate> tmpCerts = new ArrayList<>();
for (int i = 0; i < al.size(); i++) {
String filename = certDir.getAbsolutePath() + File.separator + al.get(i);
boolean added = false;
@@ -106,7 +94,7 @@ public class CertsInFilesystemDirectoryR
//add to ArrayList
cert.checkValidity();
- this.certs.add(cert);
+ tmpCerts.add(cert);
dn = cert.getSubjectX500Principal().getName();
added = true;
@@ -136,6 +124,8 @@ public class CertsInFilesystemDirectoryR
LOG.debug("Added certificate: {}", dn);
}
}
+
+ certs = Collections.unmodifiableList(tmpCerts);
}
/** {@inheritDoc} */
@@ -149,7 +139,7 @@ public class CertsInFilesystemDirectoryR
private static class FilesystemIterator implements Iterator<Certificate> {
/** Field certs */
- private List<X509Certificate> certs;
+ private final List<X509Certificate> certs;
/** Field i */
private int i;
@@ -171,7 +161,11 @@ public class CertsInFilesystemDirectoryR
/** {@inheritDoc} */
public Certificate next() {
- return this.certs.get(this.i++);
+ if (hasNext()) {
+ return this.certs.get(this.i++);
+ }
+
+ throw new NoSuchElementException();
}
/**
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/KeyStoreResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/KeyStoreResolver.java?rev=1872762&r1=1872761&r2=1872762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/KeyStoreResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/KeyStoreResolver.java Tue Jan 14 10:19:48 2020
@@ -21,8 +21,11 @@ package org.apache.xml.security.keys.sto
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
+import java.util.List;
import java.util.NoSuchElementException;
import org.apache.xml.security.keys.storage.StorageResolverException;
@@ -34,8 +37,11 @@ import org.apache.xml.security.keys.stor
*/
public class KeyStoreResolver extends StorageResolverSpi {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(KeyStoreResolver.class);
+
/** Field keyStore */
- private KeyStore keyStore;
+ private final KeyStore keyStore;
/**
* Constructor KeyStoreResolver
@@ -63,14 +69,9 @@ public class KeyStoreResolver extends St
*/
static class KeyStoreIterator implements Iterator<Certificate> {
- /** Field keyStore */
- KeyStore keyStore = null;
-
- /** Field aliases */
- Enumeration<String> aliases = null;
+ private final List<Certificate> certs;
- /** Field nextCert */
- Certificate nextCert = null;
+ private int i;
/**
* Constructor KeyStoreIterator
@@ -78,45 +79,37 @@ public class KeyStoreResolver extends St
* @param keyStore
*/
public KeyStoreIterator(KeyStore keyStore) {
+
+ List<Certificate> tmpCerts = new ArrayList<>();
try {
- this.keyStore = keyStore;
- this.aliases = this.keyStore.aliases();
- } catch (KeyStoreException ex) {
- // empty Enumeration
- this.aliases = new Enumeration<String>() {
- public boolean hasMoreElements() {
- return false;
- }
- public String nextElement() {
- return null;
+ Enumeration<String> aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = aliases.nextElement();
+ Certificate cert = keyStore.getCertificate(alias);
+ if (cert != null) {
+ tmpCerts.add(cert);
}
- };
+ }
+ } catch (KeyStoreException ex) {
+ LOG.debug("Error reading certificates: {}", ex.getMessage());
}
+
+ certs = Collections.unmodifiableList(tmpCerts);
+ this.i = 0;
}
/** {@inheritDoc} */
public boolean hasNext() {
- if (nextCert == null) {
- nextCert = findNextCert();
- }
-
- return nextCert != null;
+ return this.i < this.certs.size();
}
/** {@inheritDoc} */
public Certificate next() {
- if (nextCert == null) {
- // maybe caller did not call hasNext()
- nextCert = findNextCert();
-
- if (nextCert == null) {
- throw new NoSuchElementException();
- }
+ if (hasNext()) {
+ return this.certs.get(this.i++);
}
- Certificate ret = nextCert;
- nextCert = null;
- return ret;
+ throw new NoSuchElementException();
}
/**
@@ -126,24 +119,6 @@ public class KeyStoreResolver extends St
throw new UnsupportedOperationException("Can't remove keys from KeyStore");
}
- // Find the next entry that contains a certificate and return it.
- // In particular, this skips over entries containing symmetric keys.
- private Certificate findNextCert() {
- while (this.aliases.hasMoreElements()) {
- String alias = this.aliases.nextElement();
- try {
- Certificate cert = this.keyStore.getCertificate(alias);
- if (cert != null) {
- return cert;
- }
- } catch (KeyStoreException ex) {
- return null;
- }
- }
-
- return null;
- }
-
}
}
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java?rev=1872762&r1=1872761&r2=1872762&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/keys/storage/implementations/SingleCertificateResolver.java Tue Jan 14 10:19:48 2020
@@ -32,7 +32,7 @@ import org.apache.xml.security.keys.stor
public class SingleCertificateResolver extends StorageResolverSpi {
/** Field certificate */
- private X509Certificate certificate;
+ private final X509Certificate certificate;
/**
* @param x509cert the single {@link X509Certificate}
@@ -52,10 +52,10 @@ public class SingleCertificateResolver e
static class InternalIterator implements Iterator<Certificate> {
/** Field alreadyReturned */
- boolean alreadyReturned = false;
+ private boolean alreadyReturned;
/** Field certificate */
- X509Certificate certificate = null;
+ private final X509Certificate certificate;
/**
* Constructor InternalIterator