You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/06/29 13:25:36 UTC
svn commit: r1688189 - in /webservices/wss4j/branches/2_0_x-fixes:
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
Author: coheigea
Date: Mon Jun 29 11:25:36 2015
New Revision: 1688189
URL: http://svn.apache.org/r1688189
Log:
Fixing backmerge
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java?rev=1688189&r1=1688188&r2=1688189&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinAKI.java Mon Jun 29 11:25:36 2015
@@ -104,7 +104,11 @@ public class MerlinAKI extends Merlin {
if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(certs[0])) {
try {
certs[0].checkValidity();
- } catch (CertificateExpiredException | CertificateNotYetValidException e) {
+ } catch (CertificateExpiredException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_CHECK, e, "invalidCert"
+ );
+ } catch (CertificateNotYetValidException e) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_CHECK, e, "invalidCert"
);
@@ -153,7 +157,9 @@ public class MerlinAKI extends Merlin {
x509certs[0] = certs[0];
System.arraycopy(foundCerts, 0, x509certs, 1, foundCerts.length);
}
- } catch (NoSuchAlgorithmException | CertificateException ex) {
+ } catch (NoSuchAlgorithmException ex) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex, "certpath");
+ } catch (CertificateException ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex, "certpath");
}
@@ -172,7 +178,7 @@ public class MerlinAKI extends Merlin {
List<X509Certificate> certList = Arrays.asList(x509certs);
CertPath path = getCertificateFactory().generateCertPath(certList);
- Set<TrustAnchor> set = new HashSet<>();
+ Set<TrustAnchor> set = new HashSet<TrustAnchor>();
if (truststore != null) {
Enumeration<String> truststoreAliases = truststore.aliases();
while (truststoreAliases.hasMoreElements()) {
@@ -217,13 +223,36 @@ public class MerlinAKI extends Merlin {
PKIXParameters param = createPKIXParameters(set, enableRevocation);
validator.validate(path, param);
- } catch (NoSuchProviderException | NoSuchAlgorithmException
- | CertificateException | InvalidAlgorithmParameterException
- | java.security.cert.CertPathValidatorException
- | KeyStoreException e) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.FAILURE, e, "certpath"
- );
+ } catch (NoSuchProviderException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "certpath"
+ );
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e,
+ "certpath", new Object[] {e.getMessage()}
+ );
+ } catch (CertificateException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "certpath"
+ );
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "certpath"
+ );
+ } catch (java.security.cert.CertPathValidatorException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e, "certpath"
+ );
+ } catch (KeyStoreException e) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "certpath"
+ );
+ } catch (NullPointerException e) {
+ // NPE thrown by JDK 1.7 for one of the test cases
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.FAILURE, e, "certpath"
+ );
}
// Finally check Cert Constraints
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java?rev=1688189&r1=1688188&r2=1688189&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureAKITest.java Mon Jun 29 11:25:36 2015
@@ -19,6 +19,8 @@
package org.apache.wss4j.dom.message;
+import java.util.List;
+
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.util.XMLUtils;
@@ -28,7 +30,7 @@ import org.apache.wss4j.dom.WSSecurityEn
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
-import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -58,8 +60,8 @@ public class SignatureAKITest extends or
builder.setUserInfo("wss40", "security");
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
Crypto signingCrypto = CryptoFactory.getInstance("wss40.properties");
Document signedDoc = builder.build(doc, signingCrypto, secHeader);
@@ -68,10 +70,10 @@ public class SignatureAKITest extends or
XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
- WSHandlerResult results = verify(signedDoc);
+ List<WSSecurityEngineResult> results = verify(signedDoc);
WSSecurityEngineResult actionResult =
- results.getActionResults().get(WSConstants.SIGN).get(0);
+ WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
}
@@ -83,7 +85,7 @@ public class SignatureAKITest extends or
* @param env soap envelope
* @throws java.lang.Exception Thrown when there is a problem in verification
*/
- private WSHandlerResult verify(Document doc) throws Exception {
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
return secEngine.processSecurityHeader(doc, null, null, crypto);
}