cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r723458 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers: AbstractBindingBuilder.java AsymmetricBindingHandler.java SymmetricBindingHandler.java
Date Thu, 04 Dec 2008 21:51:44 GMT
Author: dkulp
Date: Thu Dec  4 13:51:44 2008
New Revision: 723458

URL: http://svn.apache.org/viewvc?rev=723458&view=rev
Log:
Update cert loading to better work with MS pfx stores with no public aliases defined.   
If username not specified, see if one is in the merlin file.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Dec  4 13:51:44 2008
@@ -21,9 +21,11 @@
 
 import java.io.IOException;
 import java.net.URL;
+import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -720,13 +722,13 @@
     protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper, 
                                                        Token token) throws WSSecurityException
{
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
-        
+        Crypto crypto = getEncryptionCrypto(wrapper);
         setKeyIdentifierType(encrKey, wrapper, token);
-        setEncryptionUser(encrKey, wrapper, false);
+        setEncryptionUser(encrKey, wrapper, false, crypto);
         encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
         encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());
         
-        encrKey.prepare(saaj.getSOAPPart(), getEncryptionCrypto(wrapper));
+        encrKey.prepare(saaj.getSOAPPart(), crypto);
         
         return encrKey;
     }
@@ -823,10 +825,30 @@
             secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
         }
     }
-    public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token, boolean
sign) {
+    public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
+                                  boolean sign, Crypto crypto) {
         String encrUser = (String)message.getContextualProperty(sign 
                                                                 ? SecurityConstants.USERNAME
                                                                 : SecurityConstants.ENCRYPT_USERNAME);
+        if (encrUser == null) {
+            encrUser = crypto.getDefaultX509Alias();
+        }
+        if (encrUser == null) {
+            try {
+                Enumeration<String> en = crypto.getKeyStore().aliases();
+                if (en.hasMoreElements()) {
+                    encrUser = en.nextElement();
+                }
+                if (en.hasMoreElements()) {
+                    //more than one alias in the keystore, user WILL need
+                    //to specify
+                    encrUser = null;
+                }            
+            } catch (KeyStoreException e) {
+                //ignore
+            }
+        }
+
         if (encrUser == null || "".equals(encrUser)) {
             policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " username
found.");
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Dec  4 13:51:44 2008
@@ -41,6 +41,7 @@
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecBase;
@@ -275,12 +276,13 @@
                     setKeyIdentifierType(encr, recToken, encrToken);
                     
                     encr.setDocument(saaj.getSOAPPart());
-                    setEncryptionUser(encr, recToken, false);
+                    Crypto crypto = getEncryptionCrypto(recToken);
+                    setEncryptionUser(encr, recToken, false, crypto);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                     encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
                     
                     encr.prepare(saaj.getSOAPPart(),
-                                 getEncryptionCrypto(recToken));
+                                 crypto);
                     
                     if (encr.getBSTTokenId() != null) {
                         encr.prependBSTElementToHeader(secHeader);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=723458&r1=723457&r2=723458&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Dec  4 13:51:44 2008
@@ -52,6 +52,7 @@
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
@@ -461,7 +462,8 @@
                     }
                     encr.setEncKeyId(encrTokId);
                     encr.setEphemeralKey(encrTok.getSecret());
-                    setEncryptionUser(encr, recToken, false);
+                    Crypto crypto = getEncryptionCrypto(recToken);
+                    setEncryptionUser(encr, recToken, false, crypto);
                    
                     encr.setDocument(saaj.getSOAPPart());
                     encr.setEncryptSymmKey(false);
@@ -475,7 +477,7 @@
 
                     
                     encr.prepare(saaj.getSOAPPart(),
-                                 getEncryptionCrypto(recToken));
+                                 crypto);
                    
                     if (encr.getBSTTokenId() != null) {
                         encr.prependBSTElementToHeader(secHeader);



Mime
View raw message