cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1499090 - /cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Date Tue, 02 Jul 2013 20:06:48 GMT
Author: owulff
Date: Tue Jul  2 20:06:48 2013
New Revision: 1499090

URL: http://svn.apache.org/r1499090
Log:
[FEDIZ-63] Support PEM format for certificate store

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1499090&r1=1499089&r2=1499090&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Tue Jul  2 20:06:48 2013
@@ -19,10 +19,15 @@
 
 package org.apache.cxf.fediz.core.config;
 
+import java.io.BufferedInputStream;
 import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 import java.math.BigInteger;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -41,8 +46,10 @@ import org.apache.cxf.fediz.core.config.
 import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
 
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.CertificateStore;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.Merlin;
 import org.apache.ws.security.util.Loader;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -98,10 +105,17 @@ public class FederationContext implement
         List<TrustManagersType> trustManagers = certStores.getTrustManager();
         for (TrustManagersType manager:trustManagers) {
             TrustManager tm = new TrustManager(manager);
-            Properties sigProperties = createCryptoProperties(manager);
-            Crypto crypto;
+            
+            Crypto crypto = null;
             try {
-                crypto = CryptoFactory.getInstance(sigProperties);
+                if (manager.getKeyStore().getType().equalsIgnoreCase("PEM")) {
+                    X509Certificate[] certificates = new X509Certificate[1];
+                    certificates[0] = readX509Certificate(tm.getName());
+                    crypto = new CertificateStore(certificates);
+                } else {
+                    Properties sigProperties = createCryptoProperties(manager);
+                    crypto = CryptoFactory.getInstance(sigProperties);
+                }
                 tm.setCrypto(crypto);
                 certificateStores.add(tm);
             } catch (WSSecurityException e) {
@@ -260,10 +274,10 @@ public class FederationContext implement
         }
         
         if (trustStoreFile == null || trustStoreFile.isEmpty()) {
-            throw new NullPointerException("truststoreFile not configured");
+            throw new IllegalConfigurationException("truststoreFile not configured");
         }
         if (trustStorePw == null || trustStorePw.isEmpty()) {
-            throw new NullPointerException("trustStorePw not configured");
+            throw new IllegalConfigurationException("trustStorePw not configured");
         }
         Properties p = new Properties();
         p.put("org.apache.ws.security.crypto.provider",
@@ -293,10 +307,10 @@ public class FederationContext implement
         }
         
         if (keyStoreFile == null || keyStoreFile.isEmpty()) {
-            throw new NullPointerException("truststoreFile not configured");
+            throw new IllegalConfigurationException("truststoreFile not configured");
         }
         if (keyStorePw == null || keyStorePw.isEmpty()) {
-            throw new NullPointerException("trustStorePw not configured");
+            throw new IllegalConfigurationException("trustStorePw not configured");
         }
         if (ks.getType() != null) {
             keyType = ks.getType();
@@ -313,6 +327,47 @@ public class FederationContext implement
         return p;
     }
     
+    private X509Certificate readX509Certificate(String filename) {
+        Certificate cert = null;
+        BufferedInputStream bis = null;
+        try {
+            
+            InputStream is = Merlin.loadInputStream(Thread.currentThread().getContextClassLoader(),
filename);
+            
+            //FileInputStream fis = new FileInputStream(filename);
+            bis = new BufferedInputStream(is);
+
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+            if (bis.available() > 0) {
+                cert = cf.generateCertificate(bis);
+                if (!(cert instanceof X509Certificate)) {
+                    LOG.error("Certificate " + filename + " is not of type X509Certificate");
+                    throw new IllegalConfigurationException("Certificate "
+                                                            + filename + " is not of type
X509Certificate");
+                }
+                if (bis.available() > 0) {
+                    LOG.warn("There are more certificates configured in " + filename + ".
Only first is parsed");
+                }
+                return (X509Certificate)cert;    
+            } else  {
+                LOG.error("No bytes can be read in certificate file " + filename);
+                throw new IllegalConfigurationException("No bytes can be read in certificate
file " + filename);
+            }
+        } catch (IllegalConfigurationException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            LOG.error("Failed to read certificate file " + filename, ex);
+            throw new IllegalConfigurationException("Failed to read certificate file " +
filename, ex);
+        } finally {
+            try {
+                bis.close();
+            } catch (IOException ex) {
+                LOG.error("Failed to close certificate file " + filename, ex);
+            }
+        }
+    }
+    
     
 
 }



Mime
View raw message