Author: coheigea
Date: Tue Mar 31 15:47:58 2009
New Revision: 760492
URL: http://svn.apache.org/viewvc?rev=760492&view=rev
Log:
[WSS-84] - Made use of lib/security/cacerts optional
- This is controlled by a new config variable:
"org.apache.ws.security.crypto.merlin.load.cacerts"
- This is set to true by default on the 1_5_x-fixes branch for backwards
compatibility.
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/Merlin.java
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
webservices/wss4j/branches/1_5_x-fixes/test/wss86.properties
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AbstractCrypto.java?rev=760492&r1=760491&r2=760492&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/AbstractCrypto.java
Tue Mar 31 15:47:58 2009
@@ -96,9 +96,18 @@
* Load the keystore
*/
try {
- String provider =
properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.provider");
- String passwd =
properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.password",
"security");
- String type =
properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type",
KeyStore.getDefaultType());
+ String provider =
+
properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.provider");
+ String passwd =
+ properties.getProperty(
+ "org.apache.ws.security.crypto.merlin.keystore.password",
+ "security"
+ );
+ String type =
+ properties.getProperty(
+ "org.apache.ws.security.crypto.merlin.keystore.type",
+ KeyStore.getDefaultType()
+ );
this.keystore = load(is, passwd, provider, type);
} finally {
if (is != null) {
@@ -109,13 +118,31 @@
/**
* Load cacerts
*/
- String cacertsPath = System.getProperty("java.home") +
"/lib/security/cacerts";
- InputStream cacertsIs = new FileInputStream(cacertsPath);
- try {
- String cacertsPasswd =
properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts.password",
"changeit");
- this.cacerts = load(cacertsIs, cacertsPasswd, null,
KeyStore.getDefaultType());
- } finally {
- cacertsIs.close();
+ String loadCacerts =
+ properties.getProperty(
+ "org.apache.ws.security.crypto.merlin.load.cacerts",
+ "true"
+ );
+ if (Boolean.valueOf(loadCacerts).booleanValue()) {
+ String cacertsPath = System.getProperty("java.home") +
"/lib/security/cacerts";
+ InputStream cacertsIs = new FileInputStream(cacertsPath);
+ try {
+ String cacertsPasswd =
+ properties.getProperty(
+
"org.apache.ws.security.crypto.merlin.cacerts.password",
+ "changeit"
+ );
+ this.cacerts = load(cacertsIs, cacertsPasswd, null,
KeyStore.getDefaultType());
+ if (doDebug) {
+ log.debug("CA certs have been loaded");
+ }
+ } finally {
+ cacertsIs.close();
+ }
+ } else {
+ if (doDebug) {
+ log.debug("CA certs have not been loaded");
+ }
}
}
@@ -127,7 +154,8 @@
* @param input <code>InputStream</code> to read from
* @throws CredentialException
*/
- public KeyStore load(InputStream input, String storepass, String provider,
String type) throws CredentialException {
+ public KeyStore load(InputStream input, String storepass, String provider,
String type)
+ throws CredentialException {
KeyStore ks = null;
try {
@@ -137,7 +165,8 @@
ks = KeyStore.getInstance(type, provider);
}
- ks.load(input, (storepass == null || storepass.length() == 0) ?
new char[0] : storepass.toCharArray());
+ ks.load(input, (storepass == null || storepass.length() == 0)
+ ? new char[0] : storepass.toCharArray());
} catch (IOException e) {
if (doDebug) {
log.debug(e.getMessage(), e);
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=760492&r1=760491&r2=760492&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/CryptoBase.java
Tue Mar 31 15:47:58 2009
@@ -588,7 +588,7 @@
Vector aliases = getAlias(subjectRDN, keystore);
//If we can't find the issuer in the keystore then look at cacerts
- if (aliases.size() == 0) {
+ if (aliases.size() == 0 && cacerts != null) {
aliases = getAlias(subjectRDN, cacerts);
}
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/Merlin.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/Merlin.java?rev=760492&r1=760491&r2=760492&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/Merlin.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/components/crypto/Merlin.java
Tue Mar 31 15:47:58 2009
@@ -146,14 +146,16 @@
CertPath path =
this.getCertificateFactory().generateCertPath(certList);
java.util.Set set = new HashSet();
- Enumeration cacertsAliases = this.cacerts.aliases();
- while (cacertsAliases.hasMoreElements()) {
- String alias = (String) cacertsAliases.nextElement();
- X509Certificate cert =
- (X509Certificate) this.cacerts.getCertificate(alias);
- TrustAnchor anchor =
- new TrustAnchor(cert,
cert.getExtensionValue(NAME_CONSTRAINTS_OID));
- set.add(anchor);
+ if (this.cacerts != null) {
+ Enumeration cacertsAliases = this.cacerts.aliases();
+ while (cacertsAliases.hasMoreElements()) {
+ String alias = (String) cacertsAliases.nextElement();
+ X509Certificate cert =
+ (X509Certificate) this.cacerts.getCertificate(alias);
+ TrustAnchor anchor =
+ new TrustAnchor(cert,
cert.getExtensionValue(NAME_CONSTRAINTS_OID));
+ set.add(anchor);
+ }
}
// Add certificates from the keystore
Modified:
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java?rev=760492&r1=760491&r2=760492&view=diff
==============================================================================
---
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
(original)
+++
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/util/WSSecurityUtil.java
Tue Mar 31 15:47:58 2009
@@ -787,7 +787,7 @@
actions.add(new Integer(WSConstants.UT_SIGN));
} else {
throw new WSSecurityException(
- "WSDoAllSender: Unknown action defined" + single[i]
+ "Unknown action defined: " + single[i]
);
}
}
Modified: webservices/wss4j/branches/1_5_x-fixes/test/wss86.properties
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wss86.properties?rev=760492&r1=760491&r2=760492&view=diff
==============================================================================
--- webservices/wss4j/branches/1_5_x-fixes/test/wss86.properties (original)
+++ webservices/wss4j/branches/1_5_x-fixes/test/wss86.properties Tue Mar 31
15:47:58 2009
@@ -2,4 +2,5 @@
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=wss86
+org.apache.ws.security.crypto.merlin.load.cacerts=true
org.apache.ws.security.crypto.merlin.file=keys/wss86.keystore
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
