cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1494653 - in /cxf/trunk/services/xkms/xkms-client: ./ src/main/java/org/apache/cxf/xkms/crypto/ src/main/resources/OSGI-INF/blueprint/
Date Wed, 19 Jun 2013 15:19:03 GMT
Author: ashakirin
Date: Wed Jun 19 15:19:03 2013
New Revision: 1494653

URL: http://svn.apache.org/r1494653
Log:
Added XKMS based WSS4J crypto provider

Added:
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java
Modified:
    cxf/trunk/services/xkms/xkms-client/pom.xml
    cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml

Modified: cxf/trunk/services/xkms/xkms-client/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/pom.xml?rev=1494653&r1=1494652&r2=1494653&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-client/pom.xml Wed Jun 19 15:19:03 2013
@@ -45,6 +45,26 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-ws-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
+            <version>${cxf.wss4j.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
         </dependency>

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.xkms.crypto;
+
+public class CryptoProviderException extends RuntimeException {
+
+    private static final long serialVersionUID = 7177198444823997289L;
+
+    public CryptoProviderException() {
+        super();
+    }
+
+    public CryptoProviderException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public CryptoProviderException(String message) {
+        super(message);
+    }
+
+    public CryptoProviderException(Throwable cause) {
+        super(cause);
+    }
+
+}

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.crypto;
+
+import org.apache.cxf.message.Message;
+import org.apache.wss4j.common.crypto.Crypto;
+
+public interface CryptoProviderFactory {
+
+    Crypto create(Message message);
+
+}

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.crypto;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSPasswordCallback.Usage;
+
+public final class CryptoProviderUtils {
+
+    private CryptoProviderUtils() {
+    }
+
+    public static Properties loadKeystoreProperties(Message message, String propKey) {
+        Object o = message.getContextualProperty(propKey);
+        if (o == null) {
+            throw new CryptoProviderException("Keystore properties path is not defined");
+        }
+
+        Properties properties = null;
+        if (o instanceof Properties) {
+            properties = (Properties)o;
+        } else if (o instanceof String) {
+            ResourceManager rm = message.getExchange().get(Bus.class)
+                .getExtension(ResourceManager.class);
+            URL url = rm.resolveResource((String)o, URL.class);
+            try {
+                if (url == null) {
+                    url = ClassLoaderUtils.getResource((String)o, CryptoProviderUtils.class);
+                }
+                if (url == null) {
+                    try {
+                        url = new URL((String)o);
+                    } catch (Exception ex) {
+                        // ignore
+                    }
+                }
+                if (url != null) {
+                    InputStream ins = url.openStream();
+                    properties = new Properties();
+                    properties.load(ins);
+                    ins.close();
+                } else {
+                    throw new CryptoProviderException("Keystore properties url is not resolved:
"
+                                                      + o);
+                }
+            } catch (IOException e) {
+                throw new CryptoProviderException("Cannot load keystore properties: "
+                                                  + e.getMessage(), e);
+            }
+        } else if (o instanceof URL) {
+            properties = new Properties();
+            try {
+                InputStream ins = ((URL)o).openStream();
+                properties.load(ins);
+                ins.close();
+            } catch (IOException e) {
+                throw new CryptoProviderException("Cannot load keystore properties: "
+                                                  + e.getMessage(), e);
+            }
+        }
+        if (properties == null) {
+            throw new CryptoProviderException("Cannot load keystore properties: " + o);
+        }
+
+        return properties;
+    }
+
+    public static String getKeystoreAlias(Properties keystoreProps) {
+        String keystoreAlias = null;
+
+        if (keystoreProps.containsKey(Merlin.KEYSTORE_ALIAS)) {
+            keystoreAlias = keystoreProps.getProperty(Merlin.KEYSTORE_ALIAS);
+        }
+
+        if (keystoreAlias == null) {
+            throw new CryptoProviderException("Alias is not found in keystore properties
file: "
+                                              + Merlin.KEYSTORE_ALIAS);
+        }
+
+        return keystoreAlias;
+    }
+
+    public static CallbackHandler getCallbackHandler(Message message) {
+        Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+
+        CallbackHandler handler = null;
+        if (o instanceof CallbackHandler) {
+            handler = (CallbackHandler)o;
+        } else if (o instanceof String) {
+            try {
+                handler = (CallbackHandler)ClassLoaderUtils
+                    .loadClass((String)o, CryptoProviderUtils.class).newInstance();
+            } catch (Exception e) {
+                handler = null;
+            }
+        }
+
+        return handler;
+    }
+
+    public static String getCallbackPwdFromMessage(Message message, String userName, Usage
usage) {
+        // Then try to get the password from the given callback handler
+        CallbackHandler handler = getCallbackHandler(message);
+        if (handler == null) {
+            throw new CryptoProviderException("No callback handler and no password available");
+        }
+
+        return getCallbackPwd(userName, usage, handler);
+    }
+
+    public static String getCallbackPwd(String userName, Usage usage, CallbackHandler handler)
{
+        if (handler == null) {
+            return null;
+        }
+        WSPasswordCallback[] cb = {
+            new WSPasswordCallback(userName, usage)
+        };
+        try {
+            handler.handle(cb);
+        } catch (Exception e) {
+            throw new CryptoProviderException("Cannot get password from callback: " + e,
e);
+        }
+
+        // get the password
+        return cb[0].getPassword();
+    }
+
+}

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.crypto;
+
+public class MissingPrincipalException extends CryptoProviderException {
+
+    private static final long serialVersionUID = 7177198444823997289L;
+
+    public MissingPrincipalException() {
+        super();
+    }
+
+    public MissingPrincipalException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public MissingPrincipalException(String message) {
+        super(message);
+    }
+
+    public MissingPrincipalException(Throwable cause) {
+        super(cause);
+    }
+
+}

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,194 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.crypto;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.xkms.client.XKMSInvoker;
+import org.apache.cxf.xkms.handlers.Applications;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoBase;
+import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.crypto.CryptoType.TYPE;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.w3._2002._03.xkms_wsdl.XKMSPortType;
+
+public class XkmsCryptoProvider extends CryptoBase {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(XkmsCryptoProvider.class);
+
+    private final XKMSInvoker xkmsInvoker;
+    private final Map<String, X509Certificate> certsCache = new ConcurrentHashMap<String,
X509Certificate>();
+    private Crypto defaultCrypto;
+
+    public XkmsCryptoProvider(XKMSPortType xkmsConsumer) {
+        this(xkmsConsumer, null);
+    }
+
+    public XkmsCryptoProvider(XKMSPortType xkmsConsumer, Crypto defaultCrypto) {
+        if (xkmsConsumer == null) {
+            throw new IllegalArgumentException("xkmsConsumer may not be null");
+        }
+        this.xkmsInvoker = new XKMSInvoker(xkmsConsumer);
+        this.defaultCrypto = defaultCrypto;
+    }
+
+    @Override
+    public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException
{
+        if (LOG.isLoggable(Level.INFO)) {
+            LOG.info(String
+                .format("TESB Runtime: getting public certificate for alias: %s; issuer:
%s; subjectDN: %s",
+                        cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
+        }
+        X509Certificate[] certs = getX509CertificatesInternal(cryptoType);
+        if (certs == null) {
+            LOG.severe(String
+                .format(
+                        "Cannot find certificate for alias: %s, issuer: %s; subjectDN: %s",
+                        cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN()));
+        }
+        return certs;
+    }
+
+    @Override
+    public String getX509Identifier(X509Certificate cert) throws WSSecurityException {
+        assertDefaultCryptoProvider();
+        return defaultCrypto.getX509Identifier(cert);
+    }
+
+    @Override
+    public PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler)
+        throws WSSecurityException {
+        assertDefaultCryptoProvider();
+        return defaultCrypto.getPrivateKey(certificate, callbackHandler);
+    }
+
+    @Override
+    public PrivateKey getPrivateKey(String identifier, String password) throws WSSecurityException
{
+        assertDefaultCryptoProvider();
+        return defaultCrypto.getPrivateKey(identifier, password);
+    }
+
+    @Override
+    public boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation)
+        throws WSSecurityException {
+        if (certs == null) {
+            return false;
+        }
+        LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
+        return xkmsInvoker.validateCertificate(certs[0]);
+    }
+
+    @Override
+    public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException {
+        return false;
+    }
+
+    private void assertDefaultCryptoProvider() {
+        if (defaultCrypto == null) {
+            throw new UnsupportedOperationException("Not supported by this crypto provider");
+        }
+    }
+
+    private X509Certificate[] getX509CertificatesInternal(CryptoType cryptoType) {
+        CryptoType.TYPE type = cryptoType.getType();
+        if (type == TYPE.SUBJECT_DN) {
+            return getX509CertificatesFromXKMS(Applications.PKIX, cryptoType.getSubjectDN());
+        } else if (type == TYPE.ALIAS) {
+            return getX509CertificatesFromXKMS(cryptoType);
+        } else if (type == TYPE.ISSUER_SERIAL) {
+            X509Certificate certificate = xkmsInvoker.getCertificateForIssuerSerial(cryptoType
+                .getIssuer(), cryptoType.getSerial());
+            return new X509Certificate[] {
+                certificate
+            };
+        }
+        throw new IllegalArgumentException("Unsupported type " + type);
+    }
+
+    private X509Certificate[] getX509CertificatesFromXKMS(CryptoType cryptoType) {
+        Applications appId = null;
+        boolean isServiceName = isServiceName(cryptoType);
+        if (!isServiceName) {
+            X509Certificate[] localCerts = getCertificateLocally(cryptoType);
+            if (localCerts != null) {
+                return localCerts;
+            }
+            appId = Applications.PKIX;
+        } else {
+            appId = Applications.SERVICE_SOAP;
+        }
+        return getX509CertificatesFromXKMS(appId, cryptoType.getAlias());
+    }
+
+    private X509Certificate[] getX509CertificatesFromXKMS(Applications application, String
id) {
+        LOG.fine(String.format("Getting public certificate from XKMS for application:%s;
id: %s",
+                               application, id));
+        if (id == null) {
+            throw new CryptoProviderException("Id is not specified for certificate request");
+        }
+        X509Certificate cert;
+        if (certsCache.containsKey(id.toLowerCase())) {
+            cert = certsCache.get(id.toLowerCase());
+        } else {
+            cert = xkmsInvoker.getCertificateForId(application, id);
+            certsCache.put(id.toLowerCase(), cert);
+        }
+        return new X509Certificate[] {
+            cert
+        };
+    }
+
+    /**
+     * Try to get certificate locally
+     * 
+     * @param cryptoType
+     * @return if found certificate otherwise null returned
+     */
+    private X509Certificate[] getCertificateLocally(CryptoType cryptoType) {
+        X509Certificate[] localCerts = null;
+        try {
+            localCerts = defaultCrypto.getX509Certificates(cryptoType);
+        } catch (Exception e) {
+            LOG.info("Certificate is not found in local keystore and will be requested from
XKMS: "
+                     + cryptoType.getAlias());
+        }
+        return localCerts;
+    }
+
+    /**
+     * Service Aliases contain namespace
+     * 
+     * @param cryptoType
+     * @return
+     */
+    private boolean isServiceName(CryptoType cryptoType) {
+        return cryptoType.getAlias().contains("{");
+    }
+}

Added: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java?rev=1494653&view=auto
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java
(added)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java
Wed Jun 19 15:19:03 2013
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.xkms.crypto;
+
+import java.util.Properties;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.w3._2002._03.xkms_wsdl.XKMSPortType;
+
+public class XkmsCryptoProviderFactory implements CryptoProviderFactory {
+    
+    private final XKMSPortType xkmsConsumer;
+        
+    public XkmsCryptoProviderFactory(XKMSPortType xkmsConsumer) {
+        this.xkmsConsumer = xkmsConsumer;
+    }
+
+    public Crypto create(Message message) {
+        Properties keystoreProps = CryptoProviderUtils
+            .loadKeystoreProperties(message,
+                                    SecurityConstants.SIGNATURE_PROPERTIES);
+        try {
+            Crypto defaultCrypto = CryptoFactory.getInstance(keystoreProps);
+            return new XkmsCryptoProvider(xkmsConsumer, defaultCrypto);
+        } catch (WSSecurityException e) {
+            throw new CryptoProviderException("Cannot instantiate crypto factory: "
+                                              + e.getMessage(), e);
+        }
+    }
+}

Modified: cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml?rev=1494653&r1=1494652&r2=1494653&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml (original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml Wed
Jun 19 15:19:03 2013
@@ -38,7 +38,7 @@
     <bean id="additionalClasses"
         class="org.apache.cxf.xkms.model.extensions.AdditionalClassesFactory" />
 
-    <jaxws:client id="XKMSConsumer" xmlns:serviceNamespace="http://www.w3.org/2002/03/xkms#wsdl"
+    <jaxws:client id="xkmsClient" xmlns:serviceNamespace="http://www.w3.org/2002/03/xkms#wsdl"
         serviceClass="org.w3._2002._03.xkms_wsdl.XKMSPortType"
         serviceName="serviceNamespace:XKMSPortType" endpointName="serviceNamespace:XKMSService"
         address="${xkms.endpoint}">
@@ -50,6 +50,13 @@
         </jaxws:properties>
     </jaxws:client>
 
-    <service ref="XKMSConsumer" interface="org.w3._2002._03.xkms_wsdl.XKMSPortType" />
+    <service ref="xkmsClient" interface="org.w3._2002._03.xkms_wsdl.XKMSPortType" />
+
+    <bean id="xkmsCryptoProviderFactory"
+        class="org.apache.cxf.xkms.crypto.XkmsCryptoProviderFactory">
+        <argument ref="xkmsClient" />
+    </bean>        
+
+    <service ref="xkmsCryptoProviderFactory" interface="org.apache.cxf.xkms.crypto.CryptoProviderFactory"
/>
 
 </blueprint>



Mime
View raw message