axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From az...@apache.org
Subject svn commit: r450495 - in /webservices/axis2/trunk/java/modules: integration/test-resources/rahas/ integration/test-resources/security/sc/ rahas/src/org/apache/rahas/ rahas/src/org/apache/rahas/impl/
Date Wed, 27 Sep 2006 16:17:33 GMT
Author: azeez
Date: Wed Sep 27 09:17:32 2006
New Revision: 450495

URL: http://svn.apache.org/viewvc?view=rev&rev=450495
Log:
Configure crypto properties using prop file as well as a a crypto XML element


Modified:
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s1-services.xml
Wed Sep 27 09:17:32 2006
@@ -15,8 +15,14 @@
 			<issuerName>Test_STS</issuerName>
 			<issuerKeyAlias>ip</issuerKeyAlias>
 			<issuerKeyPassword>password</issuerKeyPassword>
-			<cryptoProperties>issuer.properties</cryptoProperties>
-			<timeToLive>300000</timeToLive>
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
+            <timeToLive>300000</timeToLive>
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/s3-services.xml
Wed Sep 27 09:17:32 2006
@@ -8,19 +8,25 @@
 	<operation name="echo">
 		<messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
 		<actionMapping>urn:echo</actionMapping>
-	</operation>    
+	</operation>
 
     <parameter name="saml-issuer-config">
 		<saml-issuer-config>
 			<issuerName>Test_STS</issuerName>
 			<issuerKeyAlias>ip</issuerKeyAlias>
 			<issuerKeyPassword>password</issuerKeyPassword>
-			<cryptoProperties>issuer.properties</cryptoProperties>
-			<timeToLive>300000</timeToLive>
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
+            <timeToLive>300000</timeToLive>
 			<keySize>256</keySize>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />
-            
+
             <!--
                Key computation mechanism
                1 - Use Request Entropy
@@ -44,7 +50,7 @@
 			</trusted-services>
 		</saml-issuer-config>
     </parameter>
-	
+
 	<parameter name="InflowSecurity">
       <action>
         <items>UsernameToken Timestamp</items>
@@ -60,5 +66,5 @@
 		<enableSignatureConfirmation>false</enableSignatureConfirmation>
       </action>
     </parameter>
-    
+
 </service>

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s1-services.xml
Wed Sep 27 09:17:32 2006
@@ -22,7 +22,13 @@
         <sct-issuer-config>
             <addRequestedAttachedRef/>
             <addRequestedUnattachedRef/>
-            <cryptoProperties>sctIssuer.properties</cryptoProperties>
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
 
             <!--
                Key computation mechanism

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s2-services.xml
Wed Sep 27 09:17:32 2006
@@ -14,7 +14,13 @@
 		<sct-issuer-config>
 			<addRequestedAttachedRef />
 			<addRequestedUnattachedRef />
-            <cryptoProperties>sctIssuer.properties</cryptoProperties>
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
 
             <!--
                Key computation mechanism

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s3-services.xml
Wed Sep 27 09:17:32 2006
@@ -11,8 +11,14 @@
 
     <parameter name="sct-issuer-config">
 		<sct-issuer-config>
-			<cryptoProperties>sctIssuer.properties</cryptoProperties>
-			<addRequestedAttachedRef />
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
+            <addRequestedAttachedRef />
 
             <!--
                Key computation mechanism

Modified: webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
(original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/security/sc/s4-services.xml
Wed Sep 27 09:17:32 2006
@@ -12,8 +12,14 @@
 
     <parameter name="sct-issuer-config">
 		<sct-issuer-config>
-			<cryptoProperties>sctIssuer.properties</cryptoProperties>
-			<addRequestedAttachedRef />
+            <cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+            </cryptoProperties>
+            <addRequestedAttachedRef />
 
             <!--
                Key computation mechanism

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TrustUtil.java Wed Sep
27 09:17:32 2006
@@ -37,11 +37,15 @@
 import java.security.SecureRandom;
 import java.text.DateFormat;
 import java.util.Date;
+import java.util.Properties;
+import java.util.Iterator;
 
 public class TrustUtil {
     private static final String WSSE_NAMESPACE_URI =
             "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
     private static final String WSSE_PREFIX = "wsse";
+    private static final QName PROVIDER = new QName("provider");
+    private static final QName NAME = new QName("name");
 
     /**
      * Create a wsse:Reference element with the given uri and the value type
@@ -481,5 +485,28 @@
         cancelTargetEle.addChild(secTokenRefEle);
 
         return rst;
+    }
+
+    public static Properties toProperties(OMElement cryptoElem) {
+        Properties properties = new Properties();
+
+        /*
+           Process an element similar to this;
+
+                <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+        */
+        for (Iterator propIter = cryptoElem.getChildElements(); propIter.hasNext();) {
+            OMElement propElem = (OMElement) propIter.next();
+            String name = propElem.getAttribute(NAME).getAttributeValue().trim();
+            String value = propElem.getText().trim();
+            properties.setProperty(name, value);
+        }
+        properties.setProperty("org.apache.ws.security.crypto.provider",
+                               cryptoElem.getAttribute(PROVIDER).getAttributeValue().trim());
+        return properties;
     }
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/AbstractIssuerConfig.java
Wed Sep 27 09:17:32 2006
@@ -15,10 +15,12 @@
  */
 package org.apache.rahas.impl;
 
+import org.apache.axiom.om.OMElement;
+
 import javax.xml.namespace.QName;
 
 /**
- * 
+ *
  */
 public abstract class AbstractIssuerConfig {
 
@@ -36,12 +38,20 @@
     public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
     public static final QName PROOF_KEY_TYPE = new QName("proofKeyType");
 
+    /**
+     * Element name to include the crypto properties used to load the
+     * information used securing the response
+     */
+    public final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
+    public static final QName CRYPTO = new QName("crypto");
+
     protected int keyComputation = KeyComputation.KEY_COMP_PROVIDE_ENT;
     protected String proofKeyType = TokenIssuerUtil.ENCRYPTED_KEY;
     protected boolean addRequestedAttachedRef;
     protected boolean addRequestedUnattachedRef;
     protected long ttl = 300000;
     protected String cryptoPropertiesFile;
+    protected OMElement cryptoPropertiesElement;
     protected int keySize = 128;
 
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuer.java
Wed Sep 27 09:17:32 2006
@@ -107,8 +107,15 @@
         SOAPEnvelope env =
                 TrustUtil.
                         createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace().getNamespaceURI());
-        Crypto crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
-                                                  inMsgCtx.getAxisService().getClassLoader());
+
+        Crypto crypto;
+        if (config.cryptoPropertiesElement != null) { // crypto props defined as elements
+            crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoPropertiesElement),
+                                               inMsgCtx.getAxisService().getClassLoader());
+        } else { // crypto props defined in a properties file
+            crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+                                               inMsgCtx.getAxisService().getClassLoader());
+        }
 
         //Creation and expiration times
         Date creationTime = new Date();
@@ -313,7 +320,7 @@
 
                 data.setEphmeralKey(tempKey);
 
-                //Extract the Encryptedkey DOM element 
+                //Extract the Encryptedkey DOM element
                 encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
             } catch (WSSecurityException e) {
                 throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
Wed Sep 27 09:17:32 2006
@@ -33,7 +33,7 @@
  *
  * @see SAMLTokenIssuer
  */
-public class SAMLTokenIssuerConfig extends AbstractIssuerConfig{
+public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
 
     /**
      * The QName of the configuration element of the SAMLTokenIssuer
@@ -53,12 +53,6 @@
     private final static QName ISSUER_KEY_PASSWD = new QName("issuerKeyPassword");
 
     /**
-     * Element name to include the crypto properties used to load the
-     * information used securing the response
-     */
-    private final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
-
-    /**
      * Element to specify the lifetime of the SAMLToken
      * Dafaults to 300000 milliseconds (5 mins)
      */
@@ -90,7 +84,7 @@
             this.proofKeyType = proofKeyElem.getText().trim();
         }
 
-        //The alias of the private key 
+        //The alias of the private key
         OMElement userElem = elem.getFirstChildWithName(ISSUER_KEY_ALIAS);
         if (userElem != null) {
             this.issuerKeyAlias = userElem.getText().trim();
@@ -120,11 +114,12 @@
 
         OMElement cryptoPropElem = elem.getFirstChildWithName(CRYPTO_PROPERTIES);
         if (cryptoPropElem != null) {
-            this.cryptoPropertiesFile = cryptoPropElem.getText().trim();
-        }
-
-        if (this.cryptoPropertiesFile == null || "".equals(this.cryptoPropertiesFile)) {
-            throw new TrustException("samlPropFileMissing");
+            if ((cryptoPropertiesElement =
+                    cryptoPropElem.getFirstChildWithName(CRYPTO)) == null){
+                // no children. Hence, prop file shud have been defined
+                this.cryptoPropertiesFile = cryptoPropElem.getText().trim();
+            }
+            // else Props should be defined as children of a crypto element
         }
 
         OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuerConfig.java
Wed Sep 27 09:17:32 2006
@@ -49,17 +49,22 @@
                 elem.getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
         this.addRequestedUnattachedRef =
                 elem.getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
-        this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+        if ((cryptoPropertiesElement =
+                cryptoPropertiesElem.getFirstChildWithName(CRYPTO)) == null) { // no children.
Hence, prop file shud have been defined
+            this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+        }
+        // else Props should be defined as children of a crypto element
+        
         OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
         if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem))
{
             this.keyComputation = Integer.parseInt(keyCompElem.getText());
         }
     }
-    
+
     public static SCTIssuerConfig load(OMElement elem) throws TrustException {
         return new SCTIssuerConfig(elem);
     }
-    
+
     public static SCTIssuerConfig load(String configFilePath)
             throws TrustException {
         FileInputStream fis;
@@ -71,7 +76,7 @@
             throw new TrustException("errorLoadingConfigFile",
                     new String[] { configFilePath });
         }
-        
+
         return load(builder.getDocumentElement());
     }
 }

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java?view=diff&rev=450495&r1=450494&r2=450495
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/TokenIssuerUtil.java
Wed Sep 27 09:17:32 2006
@@ -105,10 +105,16 @@
         } else {
             if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
                 WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
-                Crypto crypto =
-                        CryptoFactory.getInstance(config.cryptoPropertiesFile,
-                                                  data.getInMessageContext().
-                                                          getAxisService().getClassLoader());
+                Crypto crypto;
+                if (config.cryptoPropertiesElement != null) { // crypto props defined as
elements
+                    crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoPropertiesElement),
+                                                       data.getInMessageContext().
+                                                               getAxisService().getClassLoader());
+                } else { // crypto props defined in a properties file
+                    crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+                                                       data.getInMessageContext().
+                                                               getAxisService().getClassLoader());
+                }
 
                 encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
                 try {



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message