cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1346178 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/config/ main/java/org/apache/cxf/fediz/core/saml/ test/java/org/apache/cxf/fediz/core/config/
Date Mon, 04 Jun 2012 22:03:39 GMT
Author: owulff
Date: Mon Jun  4 22:03:39 2012
New Revision: 1346178

URL: http://svn.apache.org/viewvc?rev=1346178&view=rev
Log:
Crypto initialization done once in FederationContext

Removed:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertStore.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/KeyStore.java
Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Mon Jun  4 22:03:39 2012
@@ -20,25 +20,36 @@
 package org.apache.cxf.fediz.core.config;
 
 import java.io.Closeable;
+import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Properties;
 
 import org.apache.cxf.fediz.core.EHCacheTokenReplayCache;
 import org.apache.cxf.fediz.core.TokenReplayCache;
 import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
 import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
 import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
+import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
 import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
 import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
+import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
 
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.util.Loader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class FederationContext implements Closeable {
 
+    private static final Logger LOG = LoggerFactory.getLogger(FederationContext.class);
+    
     private ContextConfig config;
 
     private boolean detectExpiredTokens = true;
@@ -46,6 +57,7 @@ public class FederationContext implement
     private String relativePath;
     private TokenReplayCache<String> replayCache;
     private FederationProtocol protocol;
+    private List<TrustManager> certificateStores;
     
 
     public FederationContext(ContextConfig config) {
@@ -71,16 +83,28 @@ public class FederationContext implement
         }
         return trustedIssuers; 
     }
-
-    //[TODO] Return Keystore
+    
     public List<TrustManager> getCertificateStores() {
+        if (certificateStores != null) {
+            return certificateStores;
+        }
+        certificateStores = new ArrayList<TrustManager>();
         CertificateStores certStores = config.getCertificateStores();
-        List<TrustManagersType> trustManagers =  certStores.getTrustManager();
-        List<TrustManager> trustedIssuers = new ArrayList<TrustManager>();
+        List<TrustManagersType> trustManagers = certStores.getTrustManager();
         for (TrustManagersType manager:trustManagers) {
-            trustedIssuers.add(new TrustManager(manager));
+            TrustManager tm = new TrustManager(manager);
+            Properties sigProperties = createCryptoProperties(manager);
+            Crypto crypto;
+            try {
+                crypto = CryptoFactory.getInstance(sigProperties);
+                tm.setCrypto(crypto);
+                certificateStores.add(tm);
+            } catch (WSSecurityException e) {
+                LOG.error("Failed to load keystore '" + tm.getName() + "'");
+                throw new IllegalConfigurationException("Failed to load keystore '" + tm.getName()
+ "'");
+            }
         }
-        return trustedIssuers; 
+        return certificateStores; 
     }
 
     public BigInteger getMaximumClockSkew() {
@@ -165,5 +189,37 @@ public class FederationContext implement
             replayCache.close();
         }
     }
+    
+    private Properties createCryptoProperties(TrustManagersType tm) {
+        String trustStoreFile = null;
+        String trustStorePw = null;
+        KeyStoreType ks = tm.getKeyStore();
+        if (ks.getFile() != null && !ks.getFile().isEmpty()) {
+            trustStoreFile = ks.getFile();
+            trustStorePw = ks.getPassword();
+        } else {
+            throw new IllegalStateException("No certificate store configured");
+        }
+        File f = new File(trustStoreFile);
+        if (!f.exists() && getRelativePath() != null && !getRelativePath().isEmpty())
{
+            trustStoreFile = getRelativePath().concat(File.separator + trustStoreFile);
+        }
+        
+        if (trustStoreFile == null || trustStoreFile.isEmpty()) {
+            throw new NullPointerException("truststoreFile not configured");
+        }
+        if (trustStorePw == null || trustStorePw.isEmpty()) {
+            throw new NullPointerException("trustStorePw not configured");
+        }
+        Properties p = new Properties();
+        p.put("org.apache.ws.security.crypto.provider",
+                "org.apache.ws.security.components.crypto.Merlin");
+        p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+        p.put("org.apache.ws.security.crypto.merlin.keystore.password",
+              trustStorePw);
+        p.put("org.apache.ws.security.crypto.merlin.keystore.file",
+              trustStoreFile);
+        return p;
+    }
 
 }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
Mon Jun  4 22:03:39 2012
@@ -20,31 +20,40 @@
 package org.apache.cxf.fediz.core.config;
 
 import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
+import org.apache.ws.security.components.crypto.Crypto;
 
 public class TrustManager {
     private TrustManagersType trustManagerType;
+    private Crypto crypto;
+    private String name;
 
     public TrustManager(TrustManagersType trustManagerType) {
         super();
         this.trustManagerType = trustManagerType;
     }
 
-    public KeyStore getKeyStore() {
-        return new KeyStore(trustManagerType.getKeyStore());
+    public String getName() {
+        if (name != null) {
+            return name;
+        }
+        if (trustManagerType.getKeyStore().getFile() != null) {
+            name = trustManagerType.getKeyStore().getFile();
+        } else if (trustManagerType.getKeyStore().getUrl() != null) {
+            name = trustManagerType.getKeyStore().getUrl();
+        } else if (trustManagerType.getKeyStore().getResource() != null) {
+            name = trustManagerType.getKeyStore().getResource();
+        }
+        return name;
     }
 
-    public void setKeyStore(KeyStore keyStore) {
-        trustManagerType.setKeyStore(keyStore.getKeyStoreType());
+    public Crypto getCrypto() {
+        return crypto;
     }
 
-    public String getProvider() {
-        return trustManagerType.getProvider();
+    public void setCrypto(Crypto crypto) {
+        this.crypto = crypto;
     }
-
-    public void setProvider(String value) {
-        trustManagerType.setProvider(value);
-    }
-
+    
     public int hashCode() {
         return trustManagerType.hashCode();
     }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
Mon Jun  4 22:03:39 2012
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.fediz.core.saml;
 
-import java.io.File;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -27,7 +26,6 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Properties;
 import java.util.StringTokenizer;
 
 import org.w3c.dom.Element;
@@ -39,7 +37,6 @@ import org.apache.cxf.fediz.core.TokenVa
 import org.apache.cxf.fediz.core.config.CertificateValidationMethod;
 import org.apache.cxf.fediz.core.config.FederationContext;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.KeyStore;
 import org.apache.cxf.fediz.core.config.TrustManager;
 import org.apache.cxf.fediz.core.config.TrustedIssuer;
 import org.apache.cxf.fediz.core.saml.SamlAssertionValidator.TRUST_TYPE;
@@ -49,8 +46,6 @@ import org.apache.ws.security.WSConstant
 import org.apache.ws.security.WSDocInfo;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
@@ -133,16 +128,14 @@ public class SAMLTokenValidator implemen
                 try {
                     for (TrustManager tm: config.getCertificateStores()) {
                         try {
-                            Properties sigProperties = createCryptoProperties(config, tm);
-                            Crypto sigCrypto = CryptoFactory.getInstance(sigProperties);
-                            requestData.setSigCrypto(sigCrypto);
+                            requestData.setSigCrypto(tm.getCrypto());
                             trustValidator.validate(trustCredential, requestData);
                             trusted = true;
                             break;
                         } catch (Exception ex) {
                             if (LOG.isDebugEnabled()) {
                                 LOG.debug("Issuer '" + ti.getName() + "' not validated in
keystore '"
-                                          + tm.getKeyStore().getFile() + "'");
+                                          + tm.getName() + "'");
                             }
                         }
                     }
@@ -379,37 +372,6 @@ public class SAMLTokenValidator implemen
 
     }
 
-    private Properties createCryptoProperties(FederationContext config, TrustManager tm)
{
-        String trustStoreFile = null;
-        String trustStorePw = null;
-        KeyStore ks = tm.getKeyStore();
-        if (ks.getFile() != null && !ks.getFile().isEmpty()) {
-            trustStoreFile = ks.getFile();
-            trustStorePw = ks.getPassword();
-        } else {
-            throw new IllegalStateException("No certificate store configured");
-        }
-        File f = new File(trustStoreFile);
-        if (!f.exists() && config.getRelativePath() != null && !config.getRelativePath().isEmpty())
{
-            trustStoreFile = config.getRelativePath().concat(File.separator + trustStoreFile);
-        }
-        
-        if (trustStoreFile == null || trustStoreFile.isEmpty()) {
-            throw new NullPointerException("truststoreFile not configured");
-        }
-        if (trustStorePw == null || trustStorePw.isEmpty()) {
-            throw new NullPointerException("trustStorePw not configured");
-        }
-        Properties p = new Properties();
-        p.put("org.apache.ws.security.crypto.provider",
-                "org.apache.ws.security.components.crypto.Merlin");
-        p.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
-        p.put("org.apache.ws.security.crypto.merlin.keystore.password",
-              trustStorePw);
-        p.put("org.apache.ws.security.crypto.merlin.keystore.file",
-              trustStoreFile);
-        return p;
-    }
     
     private Date getExpires(AssertionWrapper assertion) {
         DateTime validTill = null;

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java?rev=1346178&r1=1346177&r2=1346178&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationWriterTest.java
Mon Jun  4 22:03:39 2012
@@ -245,11 +245,6 @@ public class FedizConfigurationWriterTes
         
         List<TrustManager> trustManagers = fedContext.getCertificateStores();
         Assert.assertEquals(1, trustManagers.size());
-        TrustManager manager = trustManagers.get(0);
-        KeyStore keyStore = manager.getKeyStore();
-        Assert.assertEquals(JKS_TYPE, keyStore.getType());
-        Assert.assertEquals(KEYSTORE_FILE, keyStore.getFile());
-        Assert.assertEquals(KEYSTORE_PASSWORD, keyStore.getPassword());
 
     }
 



Mime
View raw message