Author: coheigea
Date: Wed Feb 23 17:21:02 2011
New Revision: 1073837
URL: http://svn.apache.org/viewvc?rev=1073837&view=rev
Log:
Update following (very) recent changes to WSS4J crypto interface
- Note that you will need the latest WSS4J snapshot in your repo for this to
compile.
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Wed Feb 23 17:21:02 2011
@@ -26,7 +26,6 @@ import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -105,6 +104,7 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
@@ -776,18 +776,14 @@ public class STSClient implements Config
private X509Certificate getCert(Crypto crypto) throws Exception {
String alias =
(String)getProperty(SecurityConstants.STS_TOKEN_USERNAME);
if (alias == null) {
- alias = crypto.getDefaultX509Alias();
+ alias = crypto.getDefaultX509Identifier();
}
if (alias == null) {
- Enumeration<String> as = crypto.getKeyStore().aliases();
- if (as.hasMoreElements()) {
- alias = as.nextElement();
- }
- if (as.hasMoreElements()) {
- throw new Fault("No alias specified for retrieving PublicKey",
LOG);
- }
+ throw new Fault("No alias specified for retrieving PublicKey",
LOG);
}
- return crypto.getCertificates(alias)[0];
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+ return crypto.getX509Certificates(cryptoType)[0];
}
private void addLifetime(XMLStreamWriter writer) throws XMLStreamException
{
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Feb 23 17:21:02 2011
@@ -22,11 +22,9 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -502,8 +500,8 @@ public abstract class AbstractBindingBui
Crypto crypto = secToken.getCrypto();
String uname = null;
try {
- uname =
crypto.getKeyStore().getCertificateAlias(secToken.getX509Certificate());
- } catch (KeyStoreException e1) {
+ uname =
crypto.getX509Identifier(secToken.getX509Certificate());
+ } catch (WSSecurityException e1) {
throw new Fault(e1);
}
@@ -1166,7 +1164,11 @@ public abstract class AbstractBindingBui
?
SecurityConstants.SIGNATURE_USERNAME
:
SecurityConstants.ENCRYPT_USERNAME);
if (crypto != null && encrUser == null) {
- encrUser = getDefaultCryptoAlias(crypto);
+ try {
+ encrUser = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
} else if (encrUser == null || "".equals(encrUser)) {
policyNotAsserted(token, "No " + (sign ? "signature" :
"encryption") + " crypto object found.");
}
@@ -1192,26 +1194,6 @@ public abstract class AbstractBindingBui
}
}
- protected String getDefaultCryptoAlias(Crypto crypto) {
- String user = crypto.getDefaultX509Alias();
- if (user == null) {
- try {
- Enumeration<String> en = crypto.getKeyStore().aliases();
- if (en.hasMoreElements()) {
- user = en.nextElement();
- }
- if (en.hasMoreElements()) {
- //more than one alias in the keystore, user WILL need
- //to specify
- user = null;
- }
- } catch (KeyStoreException e) {
- //ignore
- }
- }
- return user;
- }
-
private static X509Certificate getReqSigCert(List<WSHandlerResult>
results) {
/*
* Scan the results for a matching actor. Use results only if the
@@ -1317,7 +1299,11 @@ public abstract class AbstractBindingBui
}
String user = (String)message.getContextualProperty(userNameKey);
if (crypto != null && StringUtils.isEmpty(user)) {
- user = getDefaultCryptoAlias(crypto);
+ try {
+ user = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
}
if (StringUtils.isEmpty(user)) {
policyNotAsserted(token, "No " + type + " username found.");
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Feb 23 17:21:02 2011
@@ -417,7 +417,7 @@ public class TransportBindingHandler ext
sig.setX509Certificate(secTok.getX509Certificate());
crypto = secTok.getCrypto();
- String uname =
crypto.getKeyStore().getCertificateAlias(secTok.getX509Certificate());
+ String uname =
crypto.getX509Identifier(secTok.getX509Certificate());
String password = getPassword(uname, token,
WSPasswordCallback.SIGNATURE);
if (password == null) {
password = "";
Modified:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1073837&r1=1073836&r2=1073837&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
(original)
+++
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Wed Feb 23 17:21:02 2011
@@ -73,6 +73,7 @@ import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -856,7 +857,9 @@ public class PolicyBasedWss4JInOutTest e
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
String alias =
cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
- issuedToken.setX509Certificate(crypto.getCertificates(alias)[0],
crypto);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(alias);
+
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0],
crypto);
msg.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID,
issuedToken.getId());
