Author: owulff
Date: Mon Jun 4 22:03:39 2012
New Revision: 1346178
URL: http://svn.apache.org/viewvc?rev=1346178&view=rev
Log:
Crypto initialization done once in FederationContext
Removed:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertStore.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyStore.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Mon Jun 4 22:03:39 2012
@@ -20,25 +20,36 @@
package org.apache.cxf.fediz.core.config;
import java.io.Closeable;
+import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
+import java.util.Properties;
import org.apache.cxf.fediz.core.EHCacheTokenReplayCache;
import org.apache.cxf.fediz.core.TokenReplayCache;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
+import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.Loader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class FederationContext implements Closeable {
+ private static final Logger LOG =
LoggerFactory.getLogger(FederationContext.class);
+
private ContextConfig config;
private boolean detectExpiredTokens = true;
@@ -46,6 +57,7 @@ public class FederationContext implement
private String relativePath;
private TokenReplayCache<String> replayCache;
private FederationProtocol protocol;
+ private List<TrustManager> certificateStores;
public FederationContext(ContextConfig config) {
@@ -71,16 +83,28 @@ public class FederationContext implement
}
return trustedIssuers;
}
-
- //[TODO] Return Keystore
+
public List<TrustManager> getCertificateStores() {
+ if (certificateStores != null) {
+ return certificateStores;
+ }
+ certificateStores = new ArrayList<TrustManager>();
CertificateStores certStores = config.getCertificateStores();
- List<TrustManagersType> trustManagers = certStores.getTrustManager();
- List<TrustManager> trustedIssuers = new ArrayList<TrustManager>();
+ List<TrustManagersType> trustManagers = certStores.getTrustManager();
for (TrustManagersType manager:trustManagers) {
- trustedIssuers.add(new TrustManager(manager));
+ TrustManager tm = new TrustManager(manager);
+ Properties sigProperties = createCryptoProperties(manager);
+ Crypto crypto;
+ try {
+ crypto = CryptoFactory.getInstance(sigProperties);
+ tm.setCrypto(crypto);
+ certificateStores.add(tm);
+ } catch (WSSecurityException e) {
+ LOG.error("Failed to load keystore '" + tm.getName() + "'");
+ throw new IllegalConfigurationException("Failed to load
keystore '" + tm.getName() + "'");
+ }
}
- return trustedIssuers;
+ return certificateStores;
}
public BigInteger getMaximumClockSkew() {
@@ -165,5 +189,37 @@ public class FederationContext implement
replayCache.close();
}
}
+
+ private Properties createCryptoProperties(TrustManagersType tm) {
+ String trustStoreFile = null;
+ String trustStorePw = null;
+ KeyStoreType ks = tm.getKeyStore();
+ if (ks.getFile() != null && !ks.getFile().isEmpty()) {
+ trustStoreFile = ks.getFile();
+ trustStorePw = ks.getPassword();
+ } else {
+ throw new IllegalStateException("No certificate store configured");
+ }
+ File f = new File(trustStoreFile);
+ if (!f.exists() && getRelativePath() != null &&
!getRelativePath().isEmpty()) {
+ trustStoreFile = getRelativePath().concat(File.separator +
trustStoreFile);
+ }
+
+ if (trustStoreFile == null || trustStoreFile.isEmpty()) {
+ throw new NullPointerException("truststoreFile not configured");
+ }
+ if (trustStorePw == null || trustStorePw.isEmpty()) {
+ throw new NullPointerException("trustStorePw not configured");
+ }
+ Properties p = new Properties();
+ p.put("org.apache.ws.security.crypto.provider",
+ "org.apache.ws.security.components.crypto.Merlin");
+ p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ p.put("org.apache.ws.security.crypto.merlin.keystore.password",
+ trustStorePw);
+ p.put("org.apache.ws.security.crypto.merlin.keystore.file",
+ trustStoreFile);
+ return p;
+ }
}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
Mon Jun 4 22:03:39 2012
@@ -20,31 +20,40 @@
package org.apache.cxf.fediz.core.config;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
+import org.apache.ws.security.components.crypto.Crypto;
public class TrustManager {
private TrustManagersType trustManagerType;
+ private Crypto crypto;
+ private String name;
public TrustManager(TrustManagersType trustManagerType) {
super();
this.trustManagerType = trustManagerType;
}
- public KeyStore getKeyStore() {
- return new KeyStore(trustManagerType.getKeyStore());
+ public String getName() {
+ if (name != null) {
+ return name;
+ }
+ if (trustManagerType.getKeyStore().getFile() != null) {
+ name = trustManagerType.getKeyStore().getFile();
+ } else if (trustManagerType.getKeyStore().getUrl() != null) {
+ name = trustManagerType.getKeyStore().getUrl();
+ } else if (trustManagerType.getKeyStore().getResource() != null) {
+ name = trustManagerType.getKeyStore().getResource();
+ }
+ return name;
}
- public void setKeyStore(KeyStore keyStore) {
- trustManagerType.setKeyStore(keyStore.getKeyStoreType());
+ public Crypto getCrypto() {
+ return crypto;
}
- public String getProvider() {
- return trustManagerType.getProvider();
+ public void setCrypto(Crypto crypto) {
+ this.crypto = crypto;
}
-
- public void setProvider(String value) {
- trustManagerType.setProvider(value);
- }
-
+
public int hashCode() {
return trustManagerType.hashCode();
}
Modified:
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
Mon Jun 4 22:03:39 2012
@@ -19,7 +19,6 @@
package org.apache.cxf.fediz.core.saml;
-import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
@@ -27,7 +26,6 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.Properties;
import java.util.StringTokenizer;
import org.w3c.dom.Element;
@@ -39,7 +37,6 @@ import org.apache.cxf.fediz.core.TokenVa
import org.apache.cxf.fediz.core.config.CertificateValidationMethod;
import org.apache.cxf.fediz.core.config.FederationContext;
import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.KeyStore;
import org.apache.cxf.fediz.core.config.TrustManager;
import org.apache.cxf.fediz.core.config.TrustedIssuer;
import org.apache.cxf.fediz.core.saml.SamlAssertionValidator.TRUST_TYPE;
@@ -49,8 +46,6 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -133,16 +128,14 @@ public class SAMLTokenValidator implemen
try {
for (TrustManager tm: config.getCertificateStores()) {
try {
- Properties sigProperties =
createCryptoProperties(config, tm);
- Crypto sigCrypto =
CryptoFactory.getInstance(sigProperties);
- requestData.setSigCrypto(sigCrypto);
+ requestData.setSigCrypto(tm.getCrypto());
trustValidator.validate(trustCredential,
requestData);
trusted = true;
break;
} catch (Exception ex) {
if (LOG.isDebugEnabled()) {
LOG.debug("Issuer '" + ti.getName() + "' not
validated in keystore '"
- + tm.getKeyStore().getFile() + "'");
+ + tm.getName() + "'");
}
}
}
@@ -379,37 +372,6 @@ public class SAMLTokenValidator implemen
}
- private Properties createCryptoProperties(FederationContext config,
TrustManager tm) {
- String trustStoreFile = null;
- String trustStorePw = null;
- KeyStore ks = tm.getKeyStore();
- if (ks.getFile() != null && !ks.getFile().isEmpty()) {
- trustStoreFile = ks.getFile();
- trustStorePw = ks.getPassword();
- } else {
- throw new IllegalStateException("No certificate store configured");
- }
- File f = new File(trustStoreFile);
- if (!f.exists() && config.getRelativePath() != null &&
!config.getRelativePath().isEmpty()) {
- trustStoreFile = config.getRelativePath().concat(File.separator +
trustStoreFile);
- }
-
- if (trustStoreFile == null || trustStoreFile.isEmpty()) {
- throw new NullPointerException("truststoreFile not configured");
- }
- if (trustStorePw == null || trustStorePw.isEmpty()) {
- throw new NullPointerException("trustStorePw not configured");
- }
- Properties p = new Properties();
- p.put("org.apache.ws.security.crypto.provider",
- "org.apache.ws.security.components.crypto.Merlin");
- p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
- p.put("org.apache.ws.security.crypto.merlin.keystore.password",
- trustStorePw);
- p.put("org.apache.ws.security.crypto.merlin.keystore.file",
- trustStoreFile);
- return p;
- }
private Date getExpires(AssertionWrapper assertion) {
DateTime validTill = null;
Modified:
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL:
http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
---
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++
cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Mon Jun 4 22:03:39 2012
@@ -245,11 +245,6 @@ public class FedizConfigurationWriterTes
List<TrustManager> trustManagers = fedContext.getCertificateStores();
Assert.assertEquals(1, trustManagers.size());
- TrustManager manager = trustManagers.get(0);
- KeyStore keyStore = manager.getKeyStore();
- Assert.assertEquals(JKS_TYPE, keyStore.getType());
- Assert.assertEquals(KEYSTORE_FILE, keyStore.getFile());
- Assert.assertEquals(KEYSTORE_PASSWORD, keyStore.getPassword());
}
