Author: alexoree
Date: Mon Aug 19 00:52:01 2013
New Revision: 1515252
URL: http://svn.apache.org/r1515252
Log:
JUDDI-614 adding digital signature settings to the juddi client config, java
and dotnet. new config settings are integrated with the digital signature util.
Client config xsd updated. Java samples updated
Modified:
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/DigSigUtil.java
juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureBusiness.java
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureService.java
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureTmodel.java
Modified:
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
(original)
+++
juddi/trunk/juddi-client.net/juddi-client.net/org.apache.juddi.v3.client.config/uddi-client.cs
Mon Aug 19 00:52:01 2013
@@ -61,6 +61,8 @@ namespace org.apache.juddi.v3.client.con
private uddiClientClerks clerksField;
+ private uddiClientSignature signatureField;
+
private string nameField;
/// <remarks/>
@@ -85,6 +87,16 @@ namespace org.apache.juddi.v3.client.con
}
/// <remarks/>
+ public uddiClientSignature signature {
+ get {
+ return this.signatureField;
+ }
+ set {
+ this.signatureField = value;
+ }
+ }
+
+ /// <remarks/>
[System.Xml.Serialization.XmlAttributeAttribute()]
public string name {
get {
@@ -792,4 +804,360 @@ namespace org.apache.juddi.v3.client.con
}
}
}
+
+ /// <remarks/>
+ [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")]
+ [System.SerializableAttribute()]
+ [System.Diagnostics.DebuggerStepThroughAttribute()]
+ [System.ComponentModel.DesignerCategoryAttribute("code")]
+ [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true,
Namespace="urn:juddi-apache-org:v3_client")]
+ public partial class uddiClientSignature {
+
+ private string signingKeyStorePathField;
+
+ private string signingKeyStoreTypeField;
+
+ private uddiClientSignatureSigningKeyStoreFilePassword
signingKeyStoreFilePasswordField;
+
+ private uddiClientSignatureSigningKeyPassword signingKeyPasswordField;
+
+ private string signingKeyAliasField;
+
+ private string canonicalizationMethodField;
+
+ private string signatureMethodField;
+
+ private string xML_DIGSIG_NSField;
+
+ private string trustStorePathField;
+
+ private string trustStoreTypeField;
+
+ private uddiClientSignatureTrustStorePassword trustStorePasswordField;
+
+ private bool checkTimestampsField;
+
+ private bool checkTrustField;
+
+ private bool checkRevocationCRLField;
+
+ private bool checkRevocationOCSPField;
+
+ public uddiClientSignature() {
+ this.xML_DIGSIG_NSField = "http://www.w3.org/2000/09/xmldsig#";;
+ this.checkTimestampsField = true;
+ this.checkTrustField = true;
+ this.checkRevocationCRLField = false;
+ this.checkRevocationOCSPField = false;
+ }
+
+ /// <remarks/>
+ public string signingKeyStorePath {
+ get {
+ return this.signingKeyStorePathField;
+ }
+ set {
+ this.signingKeyStorePathField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string signingKeyStoreType {
+ get {
+ return this.signingKeyStoreTypeField;
+ }
+ set {
+ this.signingKeyStoreTypeField = value;
+ }
+ }
+
+ /// <remarks/>
+ public uddiClientSignatureSigningKeyStoreFilePassword
signingKeyStoreFilePassword {
+ get {
+ return this.signingKeyStoreFilePasswordField;
+ }
+ set {
+ this.signingKeyStoreFilePasswordField = value;
+ }
+ }
+
+ /// <remarks/>
+ public uddiClientSignatureSigningKeyPassword signingKeyPassword {
+ get {
+ return this.signingKeyPasswordField;
+ }
+ set {
+ this.signingKeyPasswordField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string signingKeyAlias {
+ get {
+ return this.signingKeyAliasField;
+ }
+ set {
+ this.signingKeyAliasField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string canonicalizationMethod {
+ get {
+ return this.canonicalizationMethodField;
+ }
+ set {
+ this.canonicalizationMethodField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string signatureMethod {
+ get {
+ return this.signatureMethodField;
+ }
+ set {
+ this.signatureMethodField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string XML_DIGSIG_NS {
+ get {
+ return this.xML_DIGSIG_NSField;
+ }
+ set {
+ this.xML_DIGSIG_NSField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string trustStorePath {
+ get {
+ return this.trustStorePathField;
+ }
+ set {
+ this.trustStorePathField = value;
+ }
+ }
+
+ /// <remarks/>
+ public string trustStoreType {
+ get {
+ return this.trustStoreTypeField;
+ }
+ set {
+ this.trustStoreTypeField = value;
+ }
+ }
+
+ /// <remarks/>
+ public uddiClientSignatureTrustStorePassword trustStorePassword {
+ get {
+ return this.trustStorePasswordField;
+ }
+ set {
+ this.trustStorePasswordField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool checkTimestamps {
+ get {
+ return this.checkTimestampsField;
+ }
+ set {
+ this.checkTimestampsField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool checkTrust {
+ get {
+ return this.checkTrustField;
+ }
+ set {
+ this.checkTrustField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool checkRevocationCRL {
+ get {
+ return this.checkRevocationCRLField;
+ }
+ set {
+ this.checkRevocationCRLField = value;
+ }
+ }
+
+ /// <remarks/>
+ public bool checkRevocationOCSP {
+ get {
+ return this.checkRevocationOCSPField;
+ }
+ set {
+ this.checkRevocationOCSPField = value;
+ }
+ }
+ }
+
+ /// <remarks/>
+ [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")]
+ [System.SerializableAttribute()]
+ [System.Diagnostics.DebuggerStepThroughAttribute()]
+ [System.ComponentModel.DesignerCategoryAttribute("code")]
+ [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true,
Namespace="urn:juddi-apache-org:v3_client")]
+ public partial class uddiClientSignatureSigningKeyStoreFilePassword {
+
+ private bool isPasswordEncryptedField;
+
+ private string cryptoProviderField;
+
+ private string valueField;
+
+ public uddiClientSignatureSigningKeyStoreFilePassword() {
+ this.isPasswordEncryptedField = false;
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ [System.ComponentModel.DefaultValueAttribute(false)]
+ public bool isPasswordEncrypted {
+ get {
+ return this.isPasswordEncryptedField;
+ }
+ set {
+ this.isPasswordEncryptedField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ public string cryptoProvider {
+ get {
+ return this.cryptoProviderField;
+ }
+ set {
+ this.cryptoProviderField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlTextAttribute()]
+ public string Value {
+ get {
+ return this.valueField;
+ }
+ set {
+ this.valueField = value;
+ }
+ }
+ }
+
+ /// <remarks/>
+ [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")]
+ [System.SerializableAttribute()]
+ [System.Diagnostics.DebuggerStepThroughAttribute()]
+ [System.ComponentModel.DesignerCategoryAttribute("code")]
+ [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true,
Namespace="urn:juddi-apache-org:v3_client")]
+ public partial class uddiClientSignatureSigningKeyPassword {
+
+ private bool isPasswordEncryptedField;
+
+ private string cryptoProviderField;
+
+ private string valueField;
+
+ public uddiClientSignatureSigningKeyPassword() {
+ this.isPasswordEncryptedField = false;
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ [System.ComponentModel.DefaultValueAttribute(false)]
+ public bool isPasswordEncrypted {
+ get {
+ return this.isPasswordEncryptedField;
+ }
+ set {
+ this.isPasswordEncryptedField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ public string cryptoProvider {
+ get {
+ return this.cryptoProviderField;
+ }
+ set {
+ this.cryptoProviderField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlTextAttribute()]
+ public string Value {
+ get {
+ return this.valueField;
+ }
+ set {
+ this.valueField = value;
+ }
+ }
+ }
+
+ /// <remarks/>
+ [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")]
+ [System.SerializableAttribute()]
+ [System.Diagnostics.DebuggerStepThroughAttribute()]
+ [System.ComponentModel.DesignerCategoryAttribute("code")]
+ [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true,
Namespace="urn:juddi-apache-org:v3_client")]
+ public partial class uddiClientSignatureTrustStorePassword {
+
+ private bool isPasswordEncryptedField;
+
+ private string cryptoProviderField;
+
+ private string valueField;
+
+ public uddiClientSignatureTrustStorePassword() {
+ this.isPasswordEncryptedField = false;
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ [System.ComponentModel.DefaultValueAttribute(false)]
+ public bool isPasswordEncrypted {
+ get {
+ return this.isPasswordEncryptedField;
+ }
+ set {
+ this.isPasswordEncryptedField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlAttributeAttribute()]
+ public string cryptoProvider {
+ get {
+ return this.cryptoProviderField;
+ }
+ set {
+ this.cryptoProviderField = value;
+ }
+ }
+
+ /// <remarks/>
+ [System.Xml.Serialization.XmlTextAttribute()]
+ public string Value {
+ get {
+ return this.valueField;
+ }
+ set {
+ this.valueField = value;
+ }
+ }
+ }
}
Modified:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
(original)
+++
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/ClientConfig.java
Mon Aug 19 00:52:01 2013
@@ -21,6 +21,9 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.Configuration;
@@ -30,6 +33,8 @@ import org.apache.commons.configuration.
import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.juddi.v3.client.crypto.CryptorFactory;
+import org.apache.juddi.v3.client.crypto.DigSigUtil;
/**
* Handles the client configuration of the uddi-client. By default it first
@@ -56,7 +61,7 @@ public class ClientConfig
*/
public ClientConfig(String configurationFile) throws
ConfigurationException
{
- loadConfiguration(configurationFile, null);
+ loadConfiguration(configurationFile, null);
}
/**
* Constructor (note Singleton pattern).
@@ -301,15 +306,68 @@ public class ClientConfig
return xBusinessRegistrations;
}
- public Configuration getConfiguration() {
- return config;
- }
-
- public String getClientName() {
- return clientName;
- }
-
- public String getConfigurationFile() {
- return configurationFile;
- }
-}
+ public Configuration getConfiguration() {
+ return config;
+ }
+
+ public String getClientName() {
+ return clientName;
+ }
+
+ public String getConfigurationFile() {
+ return configurationFile;
+ }
+
+ /**
+ * Fetches all digital signature related properties for the digital
signature utility.
+ * warning, this will decrypt all passwords
+ * @return
+ * @throws Exception
+ */
+ public Properties getDigitalSignatureConfiguration() throws Exception{
+ Properties p = new Properties();
+ p.setProperty(DigSigUtil.CHECK_TIMESTAMPS,
((Boolean)(this.config.getBoolean("client.signature.checkTimestamps",
true))).toString());
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_CRL,
((Boolean)(this.config.getBoolean("client.signature.checkRevocationCRL",
true))).toString());
+ p.setProperty(DigSigUtil.CHECK_REVOCATION_STATUS_OCSP,
((Boolean)(this.config.getBoolean("client.signature.checkRevocationOCSP",
true))).toString());
+ p.setProperty(DigSigUtil.CHECK_TRUST_CHAIN,
((Boolean)(this.config.getBoolean("client.signature.checkTrust",
true))).toString());
+
+ p.setProperty(DigSigUtil.CANONICALIZATIONMETHOD,
this.config.getString("client.signature.canonicalizationMethod",
CanonicalizationMethod.EXCLUSIVE));
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS,
this.config.getString("client.signature.signingKeyAlias"));
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE,
this.config.getString("client.signature.trustStorePath"));
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILETYPE,
this.config.getString("client.signature.trustStoreType"));
+ p.setProperty(DigSigUtil.SIGNATURE_METHOD,
this.config.getString("client.signature.signatureMethod","RSA_SHA1"));
+
+ if
(this.config.getBoolean("client.signature.trustStorePassword[@isPasswordEncrypted]",
false))
+ {
+ String enc =
this.config.getString("client.signature.trustStorePassword");
+ String prov =
this.config.getString("client.signature.trustStorePassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD,
CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD,
this.config.getString("client.signature.trustStorePassword"));
+
+ if
(this.config.getBoolean("client.signature.signingKeyPassword[@isPasswordEncrypted]",
false))
+ {
+ String enc =
this.config.getString("client.signature.signingKeyPassword");
+ String prov =
this.config.getString("client.signature.signingKeyPassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD,
CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD,
this.config.getString("client.signature.signingKeyPassword"));
+
+ if
(this.config.getBoolean("client.signature.signingKeyStoreFilePassword[@isPasswordEncrypted]",
false))
+ {
+ String enc =
this.config.getString("client.signature.signingKeyStoreFilePassword");
+ String prov =
this.config.getString("client.signature.signingKeyStoreFilePassword[@cryptoProvider]");
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD,
CryptorFactory.getCryptor(prov).decrypt(enc));
+ }
+ else
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_KEY_PASSWORD,
this.config.getString("client.signature.signingKeyStoreFilePassword"));
+
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE,
this.config.getString("client.signature.signingKeyStoreType"));
+ p.setProperty(DigSigUtil.SIGNATURE_KEYSTORE_FILE,
this.config.getString("client.signature.signingKeyStorePath"));
+
+
+ return p;
+ }
+}
\ No newline at end of file
Modified:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
(original)
+++
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/config/UDDIClerk.java
Mon Aug 19 00:52:01 2013
@@ -796,18 +796,43 @@ public class UDDIClerk implements Serial
this.uddiNode = uddiNode;
}
+ /**
+ * This is the username
+ * @return
+ */
public String getPublisher() {
return publisher;
}
+ /**
+ * This is the username
+ * @param publisher
+ */
public void setPublisher(String publisher) {
this.publisher = publisher;
}
+ /**
+ * If the password is encrypted, it will be decrypted if possible,
otherwise
+ * the cipher text will be returned.
+ * @return
+ */
public String getPassword() {
+ if (isencrypted)
+ {
+ try {
+ return
CryptorFactory.getCryptor(cryptoProvider).decrypt(password);
+ } catch (Exception ex) {
+ log.fatal("Unable to decrypt the password", ex);
+ }
+ }
return password;
}
+ /**
+ * Use with caution, don't forget to set the IsEncrypted and Crypto
provider
+ * @param password
+ */
public void setPassword(String password) {
this.password = password;
}
Modified:
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/DigSigUtil.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/DigSigUtil.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/DigSigUtil.java
(original)
+++
juddi/trunk/juddi-client/src/main/java/org/apache/juddi/v3/client/crypto/DigSigUtil.java
Mon Aug 19 00:52:01 2013
@@ -87,8 +87,18 @@ import sun.security.provider.certpath.OC
*
* @author <a href="mailto:[email protected]";>Alex O'Ree </a>
*/
-public final class DigSigUtil {
+public class DigSigUtil {
+ /**
+ * Expects a properties object containing the desired configuration
+ * @param config
+ * @throws CertificateException
+ */
+ public DigSigUtil(Properties config) throws CertificateException {
+ cf = CertificateFactory.getInstance("X.509");
+ this.map = config;
+ }
+
public DigSigUtil() throws CertificateException {
cf = CertificateFactory.getInstance("X.509");
}
@@ -121,9 +131,9 @@ public final class DigSigUtil {
public final static String SIGNATURE_KEYSTORE_FILE_PASSWORD =
"filePassword";
public final static String SIGNATURE_KEYSTORE_KEY_PASSWORD = "keyPassword";
public final static String SIGNATURE_KEYSTORE_KEY_ALIAS = "keyAlias";
- public final static String TRUSTSTORE_FILE = "keyStorePath";
- public final static String TRUSTSTORE_FILETYPE = "keyStoreType";
- public final static String TRUSTSTORE_FILE_PASSWORD = "filePassword";
+ public final static String TRUSTSTORE_FILE = "trustStorePath";
+ public final static String TRUSTSTORE_FILETYPE = "trustStoreType";
+ public final static String TRUSTSTORE_FILE_PASSWORD = "trustStorePassword";
/**
* default is CanonicalizationMethod.EXCLUSIVE
*
@@ -468,10 +478,11 @@ public final class DigSigUtil {
if (signingcert != null && signingcert instanceof X509Certificate)
{
logger.info("verifying signature based on X509 public key " +
signingcert.getSubjectDN().toString());
- if (map.containsKey(CHECK_TIMESTAMPS)) {
+ if (map.containsKey(CHECK_TIMESTAMPS)&&
Boolean.parseBoolean(map.getProperty(CHECK_TIMESTAMPS))) {
signingcert.checkValidity();
}
- if (map.containsKey(CHECK_REVOCATION_STATUS_OCSP)) {
+ if (map.containsKey(CHECK_REVOCATION_STATUS_OCSP)
+ &&
Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_OCSP))) {
logger.info("verifying revocation status via OSCP for X509
public key " + signingcert.getSubjectDN().toString());
X500Principal issuerX500Principal =
signingcert.getIssuerX500Principal();
logger.info("certificate " +
signingcert.getSubjectDN().toString() + " was issued by " +
issuerX500Principal.getName() + ", attempting to retrieve certificate");
@@ -486,7 +497,7 @@ public final class DigSigUtil {
throw new CertificateException("Certificate status is
" + check.getCertStatus().toString() + " reason " +
check.getRevocationReason().toString());
}
}
- if (map.containsKey(CHECK_REVOCATION_STATUS_CRL)) {
+ if (map.containsKey(CHECK_REVOCATION_STATUS_CRL)&&
Boolean.parseBoolean(map.getProperty(CHECK_REVOCATION_STATUS_CRL))) {
logger.info("verifying revokation status via CRL for X509
public key " + signingcert.getSubjectDN().toString());
Security.setProperty("ocsp.enable", "false");
@@ -505,7 +516,7 @@ public final class DigSigUtil {
logger.info("revokation status via CRL PASSED for X509
public key " + signingcert.getSubjectDN().toString());
}
- if (map.containsKey(CHECK_TRUST_CHAIN)) {
+ if (map.containsKey(CHECK_TRUST_CHAIN)&&
Boolean.parseBoolean(map.getProperty(CHECK_TRUST_CHAIN))) {
logger.info("verifying trust chain X509 public key " +
signingcert.getSubjectDN().toString());
PKIXParameters params = new
PKIXParameters(GetTrustStore());
params.setRevocationEnabled(false);
Modified: juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd (original)
+++ juddi/trunk/juddi-client/src/main/resources/xsd/uddi-client.xsd Mon Aug 19
00:52:01 2013
@@ -18,7 +18,7 @@
<xsd:sequence>
<xsd:element type="xsd:string" name="name" />
<xsd:element type="xsd:string" name="description" />
-
+
<xsd:element name="properties" minOccurs="0">
<xsd:complexType>
<xsd:sequence>
@@ -55,7 +55,7 @@
use="optional" />
</xsd:complexType>
</xsd:element>
-
+
</xsd:sequence>
</xsd:complexType>
</xsd:element>
@@ -81,7 +81,7 @@
use="optional" default="false" />
<xsd:attribute type="xsd:string" name="cryptoProvider"
use="optional" />
-
+
<xsd:attribute type="xsd:string" name="businessKey"
use="optional" />
<xsd:attribute type="xsd:string" name="businessName"
@@ -128,14 +128,69 @@
use="optional" />
</xsd:complexType>
</xsd:element>
+ <xsd:element name="signature">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element type="xsd:string"
name="signingKeyStorePath"></xsd:element>
+ <xsd:element type="xsd:string"
name="signingKeyStoreType"></xsd:element>
+ <xsd:element name="signingKeyStoreFilePassword">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute type="xsd:boolean"
name="isPasswordEncrypted"
+ use="optional" default="false" />
+ <xsd:attribute type="xsd:string"
name="cryptoProvider"
+ use="optional" />
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="signingKeyPassword">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute type="xsd:boolean"
name="isPasswordEncrypted"
+ use="optional" default="false" />
+ <xsd:attribute type="xsd:string"
name="cryptoProvider"
+ use="optional" />
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element type="xsd:string"
name="signingKeyAlias"></xsd:element>
+ <xsd:element type="xsd:string"
name="canonicalizationMethod"></xsd:element>
+ <xsd:element type="xsd:string"
name="signatureMethod"></xsd:element>
+ <xsd:element type="xsd:string" name="XML_DIGSIG_NS"
default="http://www.w3.org/2000/09/xmldsig#";></xsd:element>
+
+ <xsd:element type="xsd:string"
name="trustStorePath"></xsd:element>
+ <xsd:element type="xsd:string"
name="trustStoreType"></xsd:element>
+ <xsd:element name="trustStorePassword">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute type="xsd:boolean"
name="isPasswordEncrypted"
+ use="optional" default="false" />
+ <xsd:attribute type="xsd:string"
name="cryptoProvider"
+ use="optional" />
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element type="xsd:boolean" name="checkTimestamps"
default="true"></xsd:element>
+ <xsd:element type="xsd:boolean" name="checkTrust"
default="true"></xsd:element>
+ <xsd:element type="xsd:boolean" name="checkRevocationCRL"
default="false"></xsd:element>
+ <xsd:element type="xsd:boolean" name="checkRevocationOCSP"
default="false"></xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
</xsd:sequence>
<xsd:attribute type="xsd:string" name="name" />
</xsd:complexType>
</xsd:element>
-
+
</xsd:sequence>
-
+
</xsd:complexType>
</xsd:element>
Modified: juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml (original)
+++ juddi/trunk/juddi-client/src/test/resources/META-INF/uddi.xml Mon Aug 19
00:52:01 2013
@@ -65,6 +65,30 @@
<service
bindingKey="uddi:juddi.apache.org:servicebindings-subscriptionlistener-ws"
fromClerk="default" toClerk="medroot"/>
</xregister>
</clerks>
-
+ <signature>
+ <!-- signing stuff -->
+ <signingKeyStorePath>keystore.jks</signingKeyStorePath>
+ <signingKeyStoreType>JKS</signingKeyStoreType>
+ <signingKeyStoreFilePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyStoreFilePassword>
+ <signingKeyPassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyPassword>
+ <signingKeyAlias>my special key</signingKeyAlias>
+
<canonicalizationMethod>http://www.w3.org/2001/10/xml-exc-c14n#</canonicalizationMethod>
+ <signatureMethod>RSA_SHA1</signatureMethod>
+
<XML_DIGSIG_NS>http://www.w3.org/2000/09/xmldsig#</XML_DIGSIG_NS>
+ <!-- validation stuff -->
+ <trustStorePath>truststore.jks</trustStorePath>
+ <trustStoreType>JKS</trustStoreType>
+ <trustStorePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+
+ <checkTimestamps>true</checkTimestamps>
+ <checkTrust>true</checkTrust>
+ <checkRevocationCRL>true</checkRevocationCRL>
+ </signature>
</client>
</uddi>
\ No newline at end of file
Modified: juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml (original)
+++ juddi/trunk/juddi-client/src/test/resources/META-INF/uddi2.xml Mon Aug 19
00:52:01 2013
@@ -43,6 +43,31 @@
<service
bindingKey="uddi:juddi.apache.org:servicebindings-subscriptionlistener-ws"
fromClerk="default" toClerk="medroot"/>
</xregister>
</clerks>
+ <signature>
+ <!-- signing stuff -->
+ <signingKeyStorePath>keystore.jks</signingKeyStorePath>
+ <signingKeyStoreType>JKS</signingKeyStoreType>
+ <signingKeyStoreFilePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyStoreFilePassword>
+ <signingKeyPassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyPassword>
+ <signingKeyAlias>my special key</signingKeyAlias>
+
<canonicalizationMethod>http://www.w3.org/2001/10/xml-exc-c14n#</canonicalizationMethod>
+ <signatureMethod>RSA_SHA1</signatureMethod>
+
<XML_DIGSIG_NS>http://www.w3.org/2000/09/xmldsig#</XML_DIGSIG_NS>
+ <!-- validation stuff -->
+ <trustStorePath>truststore.jks</trustStorePath>
+ <trustStoreType>JKS</trustStoreType>
+ <trustStorePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+
+ <checkTimestamps>true</checkTimestamps>
+ <checkTrust>true</checkTrust>
+ <checkRevocationCRL>true</checkRevocationCRL>
+ </signature>
</client>
</uddi>
\ No newline at end of file
Modified:
juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
--- juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
(original)
+++ juddi/trunk/juddi-client/src/test/resources/META-INF/uddi3-enc-aes128.xml
Mon Aug 19 00:52:01 2013
@@ -47,6 +47,30 @@
<service
bindingKey="uddi:juddi.apache.org:servicebindings-subscriptionlistener-ws"
fromClerk="default" toClerk="medroot"/>
</xregister>
</clerks>
-
+ <signature>
+ <!-- signing stuff -->
+ <signingKeyStorePath>keystore.jks</signingKeyStorePath>
+ <signingKeyStoreType>JKS</signingKeyStoreType>
+ <signingKeyStoreFilePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyStoreFilePassword>
+ <signingKeyPassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</signingKeyPassword>
+ <signingKeyAlias>my special key</signingKeyAlias>
+
<canonicalizationMethod>http://www.w3.org/2001/10/xml-exc-c14n#</canonicalizationMethod>
+ <signatureMethod>RSA_SHA1</signatureMethod>
+
<XML_DIGSIG_NS>http://www.w3.org/2000/09/xmldsig#</XML_DIGSIG_NS>
+ <!-- validation stuff -->
+ <trustStorePath>truststore.jks</trustStorePath>
+ <trustStoreType>JKS</trustStoreType>
+ <trustStorePassword
+ isPasswordEncrypted="false"
+
cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+
+ <checkTimestamps>true</checkTimestamps>
+ <checkTrust>true</checkTrust>
+ <checkRevocationCRL>true</checkRevocationCRL>
+ </signature>
</client>
</uddi>
\ No newline at end of file
Modified:
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureBusiness.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureBusiness.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureBusiness.java
(original)
+++
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureBusiness.java
Mon Aug 19 00:52:01 2013
@@ -23,6 +23,7 @@ import org.uddi.v3_service.UDDISecurityP
/**
* This class shows you how to digital sign a business
+ *
* @author Alex O'ree
*/
public class UddiDigitalSignatureBusiness {
@@ -30,6 +31,7 @@ public class UddiDigitalSignatureBusines
private static UDDISecurityPortType security = null;
private static UDDIInquiryPortType inquiry = null;
private static UDDIPublicationPortType publish = null;
+ private static UDDIClient clerkManager = null;
/**
* This sets up the ws proxies using uddi.xml in META-INF
@@ -38,7 +40,7 @@ public class UddiDigitalSignatureBusines
try {
// create a manager and read the config in the archive;
// you can use your config file name
- UDDIClient clerkManager = new
UDDIClient("META-INF/simple-publish-uddi.xml");
+ clerkManager = new UDDIClient("META-INF/simple-publish-uddi.xml");
// register the clerkManager with the client side container
UDDIClientContainer.addClient(clerkManager); // a
ClerkManager can be a client to multiple UDDI nodes, so
// supply the nodeName (defined in your uddi.xml.
@@ -53,34 +55,39 @@ public class UddiDigitalSignatureBusines
}
}
- private static void DisplayHelp() {
- //TODO
- }
-
/**
* Main entry point
*
* @param args
*/
public static void main(String args[]) {
-
+
UddiDigitalSignatureBusiness sp = new UddiDigitalSignatureBusiness();
sp.Fire(args);
}
public void Fire(String[] args) {
try {
-
- org.apache.juddi.v3.client.crypto.DigSigUtil ds = new DigSigUtil();
+
+ org.apache.juddi.v3.client.crypto.DigSigUtil ds = null;
+
+ //option 1), set everything manually
+ ds = new DigSigUtil();
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE, "keystore.jks");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, "JKS");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, "password");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, "selfsigned");
ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, "t");
-
+
+ //option 2), load it from the juddi config file
+ ds = new
DigSigUtil(clerkManager.getClientConfig().getDigitalSignatureConfiguration());
+
//login
- String token = GetAuthKey("root", "root");
-
+ String token = null;
+ //option, load from juddi config
+ token =
GetAuthKey(clerkManager.getClerk("default").getPublisher(),
+ clerkManager.getClerk("default").getPassword());
+
//make a new business
SaveBusiness sb = new SaveBusiness();
sb.setAuthInfo(token);
@@ -91,16 +98,16 @@ public class UddiDigitalSignatureBusines
sb.getBusinessEntity().add(ob);
//save it
BusinessDetail saveBusiness = publish.saveBusiness(sb);
-
+
System.out.println("business created with key " +
saveBusiness.getBusinessEntity().get(0).getBusinessKey());
-
+
BusinessEntity be = saveBusiness.getBusinessEntity().get(0);
//sign the copy returned from the UDDI node (it may have made
changes)
DigSigUtil.JAXB_ToStdOut(be);
-
+
//if it's already signed, remove all existing signatures
-
+
be.getSignature().clear();
System.out.println("signing");
BusinessEntity signUDDI_JAXBObject = ds.signUddiEntity(be);
@@ -134,7 +141,6 @@ public class UddiDigitalSignatureBusines
}
}
-
/**
* Gets a UDDI style auth token, otherwise, appends credentials to the ws
* proxies (not yet implemented)
@@ -160,5 +166,4 @@ public class UddiDigitalSignatureBusines
}
return null;
}
-
}
Modified:
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureService.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureService.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureService.java
(original)
+++
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureService.java
Mon Aug 19 00:52:01 2013
@@ -16,6 +16,7 @@ import org.uddi.v3_service.UDDISecurityP
/**
* This class shows you how to digitally sign a service and verify the
signature
+ *
* @author Alex O'Ree
*/
public class UddiDigitalSignatureService {
@@ -23,6 +24,7 @@ public class UddiDigitalSignatureService
private static UDDISecurityPortType security = null;
private static UDDIInquiryPortType inquiry = null;
private static UDDIPublicationPortType publish = null;
+ private static UDDIClient clerkManager = null;
/**
* This sets up the ws proxies using uddi.xml in META-INF
@@ -31,7 +33,7 @@ public class UddiDigitalSignatureService
try {
// create a manager and read the config in the archive;
// you can use your config file name
- UDDIClient clerkManager = new
UDDIClient("META-INF/simple-publish-uddi.xml");
+ clerkManager = new UDDIClient("META-INF/simple-publish-uddi.xml");
// register the clerkManager with the client side container
UDDIClientContainer.addClient(clerkManager); // a
ClerkManager can be a client to multiple UDDI nodes, so
// supply the nodeName (defined in your uddi.xml.
@@ -46,32 +48,43 @@ public class UddiDigitalSignatureService
}
}
-
/**
* Main entry point
*
* @param args
*/
public static void main(String args[]) {
-
+
UddiDigitalSignatureService sp = new UddiDigitalSignatureService();
sp.Fire(args);
}
public void Fire(String[] args) {
try {
- org.apache.juddi.v3.client.crypto.DigSigUtil ds = new DigSigUtil();
+
+ org.apache.juddi.v3.client.crypto.DigSigUtil ds = null;
+
+ //option 1), set everything manually
+ ds = new DigSigUtil();
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE, "keystore.jks");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, "JKS");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, "password");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, "selfsigned");
ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, "t");
- String token = GetAuthKey("root", "root");
-
+
+ //option 2), load it from the juddi config file
+ ds = new
DigSigUtil(clerkManager.getClientConfig().getDigitalSignatureConfiguration());
+
+ //login
+ String token = null;
+ //option, load from juddi config
+ token = GetAuthKey(clerkManager.getClerk("default").getPublisher(),
+ clerkManager.getClerk("default").getPassword());
+
//TODO replace this with something more useful
- String
key="uddi:juddi.apache.org:da314f49-b84f-4ede-a434-0b0178632f10";
+ String key =
"uddi:juddi.apache.org:da314f49-b84f-4ede-a434-0b0178632f10";
BusinessService be = null;
- be = GetServiceDetails( key);
+ be = GetServiceDetails(key);
be.getSignature().clear();
//DigSigUtil.JAXB_ToStdOut(be);
System.out.println("signing");
@@ -85,8 +98,8 @@ public class UddiDigitalSignatureService
publish.saveService(sb);
System.out.println("saved, fetching");
-
- be = GetServiceDetails( key);
+
+ be = GetServiceDetails(key);
DigSigUtil.JAXB_ToStdOut(be);
System.out.println("verifing");
AtomicReference<String> msg = new AtomicReference<String>();
@@ -103,8 +116,6 @@ public class UddiDigitalSignatureService
}
}
-
-
private BusinessService GetServiceDetails(String key) throws Exception {
// BusinessInfo get
GetServiceDetail r = new GetServiceDetail();
@@ -113,7 +124,6 @@ public class UddiDigitalSignatureService
return inquiry.getServiceDetail(r).getBusinessService().get(0);
}
-
/**
* Gets a UDDI style auth token, otherwise, appends credentials to the ws
* proxies (not yet implemented)
@@ -139,5 +149,4 @@ public class UddiDigitalSignatureService
}
return null;
}
-
}
Modified:
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureTmodel.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureTmodel.java?rev=1515252&r1=1515251&r2=1515252&view=diff
==============================================================================
---
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureTmodel.java
(original)
+++
juddi/trunk/juddi-examples/uddi-samples/src/uddi/examples/UddiDigitalSignatureTmodel.java
Mon Aug 19 00:52:01 2013
@@ -23,6 +23,7 @@ public class UddiDigitalSignatureTmodel
private static UDDISecurityPortType security = null;
private static UDDIInquiryPortType inquiry = null;
private static UDDIPublicationPortType publish = null;
+ private static UDDIClient clerkManager = null;
/**
* This sets up the ws proxies using uddi.xml in META-INF
@@ -31,7 +32,7 @@ public class UddiDigitalSignatureTmodel
try {
// create a manager and read the config in the archive;
// you can use your config file name
- UDDIClient clerkManager = new
UDDIClient("META-INF/simple-publish-uddi.xml");
+ clerkManager = new UDDIClient("META-INF/simple-publish-uddi.xml");
// register the clerkManager with the client side container
UDDIClientContainer.addClient(clerkManager); // a
ClerkManager can be a client to multiple UDDI nodes, so
// supply the nodeName (defined in your uddi.xml.
@@ -46,9 +47,6 @@ public class UddiDigitalSignatureTmodel
}
}
- private static void DisplayHelp() {
- //TODO
- }
/**
* Main entry point
@@ -66,16 +64,26 @@ public class UddiDigitalSignatureTmodel
public void Fire(String[] args) {
try {
- org.apache.juddi.v3.client.crypto.DigSigUtil ds = new DigSigUtil();
+ org.apache.juddi.v3.client.crypto.DigSigUtil ds = null;
+
+ //option 1), set everything manually
+ ds = new DigSigUtil();
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE, "keystore.jks");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, "JKS");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, "password");
ds.put(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, "selfsigned");
-
- //obmit this statement if you don't need the certificate to be
included.
ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, "t");
- String token = GetAuthKey("root", "root");
-
+
+ //option 2), load it from the juddi config file
+ ds = new
DigSigUtil(clerkManager.getClientConfig().getDigitalSignatureConfiguration());
+
+ //login
+ String token = null;
+ //option, load from juddi config
+ token = GetAuthKey(clerkManager.getClerk("default").getPublisher(),
+ clerkManager.getClerk("default").getPassword());
+
+
String key
="uddi:juddi.apache.org:23748881-bb2f-4896-8283-4a15be1d0bc1";
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
