Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 403541020A for ; Sat, 10 Aug 2013 07:53:30 +0000 (UTC) Received: (qmail 90830 invoked by uid 500); 10 Aug 2013 07:53:22 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 90553 invoked by uid 500); 10 Aug 2013 07:53:20 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 90409 invoked by uid 99); 10 Aug 2013 07:53:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Aug 2013 07:53:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Aug 2013 07:53:06 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id AC38F2388900; Sat, 10 Aug 2013 07:52:43 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1512574 [1/6] - in /cxf/branches/2.7.x-fixes: parent/ services/ services/xkms/ services/xkms/xkms-client/ services/xkms/xkms-client/src/ services/xkms/xkms-client/src/main/ services/xkms/xkms-client/src/main/java/ services/xkms/xkms-client... Date: Sat, 10 Aug 2013 07:52:39 -0000 To: commits@cxf.apache.org From: cschneider@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20130810075243.AC38F2388900@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: cschneider Date: Sat Aug 10 07:52:35 2013 New Revision: 1512574 URL: http://svn.apache.org/r1512574 Log: Backport of xkms from trunk Added: cxf/branches/2.7.x-fixes/services/xkms/ (with props) cxf/branches/2.7.x-fixes/services/xkms/README.txt cxf/branches/2.7.x-fixes/services/xkms/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-client/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-client/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSCacheToken.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/X509AppId.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/XKMSInvoker.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/cxf-xkms-client-ehcache.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-common/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-common/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/ExceptionMapper.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSArgumentNotMatchException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSCertificateException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSConfigurationException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSLocateException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSNotFoundException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSRequestException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSTooManyResponsesException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/exception/XKMSValidateException.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/DnUtils.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/HandlerContext.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Locator.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Register.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Validator.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/XKMSConstants.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/model/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/model/extensions/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/model/extensions/AdditionalClassesFactory.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/model/extensions/ClassArrayFactoryBean.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/model/extensions/ResultDetails.java cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/ cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/binding.xjb cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/xenc-schema.xsd cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/xkms.wsdl cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/xkms.xsd cxf/branches/2.7.x-fixes/services/xkms/xkms-common/src/main/model/xmldsig-core-schema.xsd cxf/branches/2.7.x-fixes/services/xkms/xkms-features/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-features/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/main/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/main/resources/features.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg cxf/branches/2.7.x-fixes/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.client.cfg cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/handlers/validator/ValidatorTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKRSSDisableTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/cas/alice.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/dave.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/expired.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/oscar.cer (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/trusted_cas/root.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/etc/ cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms.cfg cxf/branches/2.7.x-fixes/services/xkms/xkms-itests/src/test/resources/etc/org.apache.cxf.xkms_noXKRSS.cfg cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/main/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/test-requests/ cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/test-requests/request-locate.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/test-requests/request-validate.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/test-requests/response-locate.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-osgi/src/test/resources/test-requests/response-validate.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-service/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-service/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/XKMSResponseFactory.java cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/main/java/org/apache/cxf/xkms/service/XKMSService.java cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/apache/cxf/xkms/service/ cxf/branches/2.7.x-fixes/services/xkms/xkms-service/src/test/java/org/apache/cxf/xkms/service/CheckXKRSS.java cxf/branches/2.7.x-fixes/services/xkms/xkms-war/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-war/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/resources/log4j.properties cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/resources/logging.properties cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/ cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/WEB-INF/ cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/WEB-INF/cxf-servlet.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/WEB-INF/web.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-endpoint.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/ (with props) cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/pom.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepoFactory.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSearch.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/utils/X509Utils.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/DateValidator.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidator.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/validator/ValidateRequestParser.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/handlers/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/handlers/X509LocatorTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPSearchTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/utils/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/utils/X509UtilsTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/BasicValidationTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/DateValidatorTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorTest.java cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/cert1.bas64 cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/cert1.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/registerRequest.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/registerRequestWithCertificate.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/registerResult.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/reissueRequest.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/revokeRequest.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/store1/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/store1/CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer-11688544847478700689-CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/ cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/alice.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/dave.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/oscar.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/root.cer cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestInvalidOscar.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKAlice.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKDave.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/trustedAuthorityValidator/validateRequestOKRoot.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/validateRequestCorrupted.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/validateRequestExpired.xml cxf/branches/2.7.x-fixes/services/xkms/xkms-x509-handlers/src/test/resources/validateRequestOK.xml Modified: cxf/branches/2.7.x-fixes/parent/pom.xml cxf/branches/2.7.x-fixes/services/pom.xml Modified: cxf/branches/2.7.x-fixes/parent/pom.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/parent/pom.xml?rev=1512574&r1=1512573&r2=1512574&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/parent/pom.xml (original) +++ cxf/branches/2.7.x-fixes/parent/pom.xml Sat Aug 10 07:52:35 2013 @@ -156,7 +156,7 @@ 4.2.0 3.1.1 1.6.3 - 1.6.11 + 1.6.12-SNAPSHOT 2.6.0 2.0.3 1.1.4c_6 Modified: cxf/branches/2.7.x-fixes/services/pom.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/pom.xml?rev=1512574&r1=1512573&r2=1512574&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/services/pom.xml (original) +++ cxf/branches/2.7.x-fixes/services/pom.xml Sat Aug 10 07:52:35 2013 @@ -36,6 +36,7 @@ sts wsn ws-discovery + xkms Propchange: cxf/branches/2.7.x-fixes/services/xkms/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Sat Aug 10 07:52:35 2013 @@ -0,0 +1 @@ +.settings Added: cxf/branches/2.7.x-fixes/services/xkms/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/README.txt?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/README.txt (added) +++ cxf/branches/2.7.x-fixes/services/xkms/README.txt Sat Aug 10 07:52:35 2013 @@ -0,0 +1,19 @@ + +This folder contains the XKMS (XML Key Management Service) implementation of +Apache CXF. It contains: + + +xkms-client - The XKMS client and invoker implementations +xkms-common - Common functionality, XML schemas, generated code +xkms-service - The XKMS core service implementation +xkms-x509-handlers - The implementation of pluggable commands for X509 keys. +xkms-features - Karaf features for XKMS client and service +xkms-itests - Integration tests +xkms-osgi - OSGi blueprint configuration for OSGi deployment +xkms-war - Web spring configuration for Web depoyment + +Installation +------------ + +features:addurl mvn:org.apache.cxf.services.xkms/cxf-services-xkms-features/2.7.7-SNAPSHOT/xml +features:install cxf-xkms-service cxf-xkms-client Added: cxf/branches/2.7.x-fixes/services/xkms/pom.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/pom.xml?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/pom.xml (added) +++ cxf/branches/2.7.x-fixes/services/xkms/pom.xml Sat Aug 10 07:52:35 2013 @@ -0,0 +1,48 @@ + + + + 4.0.0 + + org.apache.cxf.services.xkms + cxf-services-xkms + pom + Apache CXF XKMS + Apache CXF XKMS service + http://cxf.apache.org + + + org.apache.cxf.services + cxf-services + 2.7.7-SNAPSHOT + ../pom.xml + + + + xkms-common + xkms-x509-handlers + xkms-service + xkms-client + xkms-features + xkms-osgi + xkms-war + + + + Propchange: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/ ------------------------------------------------------------------------------ --- svn:ignore (added) +++ svn:ignore Sat Aug 10 07:52:35 2013 @@ -0,0 +1,7 @@ +.settings + +.project + +.classpath + +target Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/pom.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/pom.xml?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/pom.xml (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/pom.xml Sat Aug 10 07:52:35 2013 @@ -0,0 +1,92 @@ + + + + 4.0.0 + org.apache.cxf.services.xkms + cxf-services-xkms-client + bundle + Apache CXF XKMS Client + http://cxf.apache.org + + + org.apache.cxf + cxf-parent + 2.7.7-SNAPSHOT + ../../../parent/pom.xml + + + + + org.apache.cxf.services.xkms + cxf-services-xkms-common + ${project.version} + + + org.apache.cxf + cxf-api + ${project.version} + + + net.sf.ehcache + ehcache-core + ${cxf.ehcache.version} + + + org.apache.cxf + cxf-rt-ws-security + ${project.version} + + + org.apache.ws.security + wss4j + ${cxf.wss4j.version} + + + xerces + xercesImpl + + + xml-apis + xml-apis + + + + + org.slf4j + slf4j-api + + + + + + + org.apache.felix + maven-bundle-plugin + true + + + ${project.artifactId} + + + + + + Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheUtil.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,88 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.cache; + +import java.lang.reflect.Method; + +import net.sf.ehcache.CacheException; +import net.sf.ehcache.CacheManager; +import net.sf.ehcache.config.CacheConfiguration; +import net.sf.ehcache.config.Configuration; + +/** + */ +public final class EHCacheUtil { + private static Method cacheManagerCreateMethodNoArg; + private static Method cacheManagerCreateMethodConfigurationArg; + static { + // these methods are either completely available or absent (valid assumption from 2.5.0 to 2.7.2 so far) + try { + // from 2.5.2 + cacheManagerCreateMethodNoArg = CacheManager.class.getMethod("newInstance", (Class[])null); + cacheManagerCreateMethodConfigurationArg = CacheManager.class.getMethod("newInstance", Configuration.class); + } catch (NoSuchMethodException e) { + try { + // before 2.5.2 + cacheManagerCreateMethodNoArg = CacheManager.class.getMethod("create", (Class[])null); + cacheManagerCreateMethodConfigurationArg = CacheManager.class.getMethod("create", Configuration.class); + } catch (Throwable t) { + // ignore + } + } + } + + private EHCacheUtil() { + // + } + + public static CacheConfiguration getCacheConfiguration(String key, CacheManager cacheManager) { + CacheConfiguration cc = cacheManager.getConfiguration().getCacheConfigurations().get(key); + if (cc == null && key.contains("-")) { + cc = cacheManager.getConfiguration().getCacheConfigurations().get( + key.substring(0, key.lastIndexOf('-') - 1)); + } + if (cc == null) { + cc = cacheManager.getConfiguration().getDefaultCacheConfiguration(); + } + if (cc == null) { + cc = new CacheConfiguration(); + } else { + cc = (CacheConfiguration)cc.clone(); + } + cc.setName(key); + return cc; + } + + public static CacheManager createCacheManager() throws CacheException { + try { + return (CacheManager)cacheManagerCreateMethodNoArg.invoke(null, (Object[])null); + } catch (Exception e) { + throw new CacheException(e); + } + } + + public static CacheManager createCacheManager(Configuration conf) throws CacheException { + try { + return (CacheManager)cacheManagerCreateMethodConfigurationArg.invoke(null, new Object[]{conf}); + } catch (Exception e) { + throw new CacheException(e); + } + } +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/EHCacheXKMSClientCache.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,131 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.cache; + +import java.io.File; +import java.io.IOException; +import java.net.URL; + +import net.sf.ehcache.Cache; +import net.sf.ehcache.CacheManager; +import net.sf.ehcache.Ehcache; +import net.sf.ehcache.Element; +import net.sf.ehcache.config.CacheConfiguration; +import net.sf.ehcache.config.Configuration; +import net.sf.ehcache.config.ConfigurationFactory; +import net.sf.ehcache.config.DiskStoreConfiguration; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.common.classloader.ClassLoaderUtils; + +/** + * An in-memory EHCache implementation of the XKMSClientCache interface. + */ +public class EHCacheXKMSClientCache implements XKMSClientCache { + + public static final String CACHE_KEY = "cxf.xkms.client.cache"; + private static final String DEFAULT_CONFIG_URL = "cxf-xkms-client-ehcache.xml"; + + private Ehcache cache; + private CacheManager cacheManager; + + public EHCacheXKMSClientCache() { + this(DEFAULT_CONFIG_URL, null); + } + + public EHCacheXKMSClientCache(Bus bus) { + this(DEFAULT_CONFIG_URL, bus); + } + + public EHCacheXKMSClientCache(String configFileURL) { + this(configFileURL, null); + } + + public EHCacheXKMSClientCache(String configFileURL, Bus bus) { + createCache(configFileURL, bus); + } + + private void createCache(String configFile, Bus bus) { + if (bus == null) { + bus = BusFactory.getThreadDefaultBus(true); + } + URL configFileURL = null; + try { + configFileURL = + ClassLoaderUtils.getResource(configFile, EHCacheXKMSClientCache.class); + } catch (Exception ex) { + // ignore + } + if (configFileURL == null) { + cacheManager = EHCacheUtil.createCacheManager(); + } else { + Configuration conf = ConfigurationFactory.parseConfiguration(configFileURL); + + if (bus != null) { + conf.setName(bus.getId()); + DiskStoreConfiguration dsc = conf.getDiskStoreConfiguration(); + if (dsc != null && "java.io.tmpdir".equals(dsc.getOriginalPath())) { + String path = conf.getDiskStoreConfiguration().getPath() + File.separator + + bus.getId(); + conf.getDiskStoreConfiguration().setPath(path); + } + } + + cacheManager = EHCacheUtil.createCacheManager(conf); + } + + CacheConfiguration cc = EHCacheUtil.getCacheConfiguration(CACHE_KEY, cacheManager); + + Ehcache newCache = new Cache(cc); + cache = cacheManager.addCacheIfAbsent(newCache); + } + + /** + * Store an XKMSCacheToken in the Cache using the given key + */ + public void put(String key, XKMSCacheToken cacheToken) { + cache.put(new Element(key, cacheToken)); + } + + /** + * Get an XKMSCacheToken from the cache matching the given key. Returns null if there + * is no such XKMSCacheToken in the cache, or if the certificate has expired in the cache + */ + public XKMSCacheToken get(String key) { + Element element = cache.get(key); + if (element != null && !element.isExpired()) { + return (XKMSCacheToken)element.getObjectValue(); + } + return null; + } + + public void close() throws IOException { + if (cacheManager != null) { + if (cache != null) { + cache.removeAll(); + } + cacheManager.shutdown(); + cacheManager = null; + cache = null; + } + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSCacheToken.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSCacheToken.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSCacheToken.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSCacheToken.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.cache; + +import java.io.Serializable; +import java.security.cert.X509Certificate; + +public class XKMSCacheToken implements Serializable { + + /** + * + */ + private static final long serialVersionUID = 7097585680022947024L; + private X509Certificate x509Certificate; + private boolean xkmsValidated; + + public XKMSCacheToken() { + // + } + + public XKMSCacheToken(X509Certificate x509Certificate) { + this.x509Certificate = x509Certificate; + } + + public X509Certificate getX509Certificate() { + return x509Certificate; + } + + public void setX509Certificate(X509Certificate x509Certificate) { + this.x509Certificate = x509Certificate; + } + + public boolean isXkmsValidated() { + return xkmsValidated; + } + + public void setXkmsValidated(boolean xkmsValidated) { + this.xkmsValidated = xkmsValidated; + } + +} \ No newline at end of file Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/cache/XKMSClientCache.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.cache; + +import java.io.Closeable; +import java.io.IOException; + +public interface XKMSClientCache extends Closeable { + + /** + * Store an XKMSCacheToken in the Cache using the given key + */ + void put(String key, XKMSCacheToken cacheToken); + + /** + * Get an XKMSCacheToken from the cache matching the given key. Returns null if there + * is no such XKMSCacheToken in the cache. + */ + XKMSCacheToken get(String key); + + void close() throws IOException; +} \ No newline at end of file Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/X509AppId.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/X509AppId.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/X509AppId.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/X509AppId.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.xkms.client; + +import org.apache.cxf.xkms.handlers.Applications; + +public class X509AppId { + private final Applications application; + private final String id; + + public X509AppId(Applications application, String id) { + this.id = id; + this.application = application; + } + + public Applications getApplication() { + return application; + } + + public String getId() { + return id; + } + + @Override + public String toString() { + return String.format("application: %s; id: %s", application, id); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((application == null) + ? 0 + : application.hashCode()); + result = prime * result + ((id == null) + ? 0 + : id.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof X509AppId)) { + return false; + } + X509AppId other = (X509AppId) obj; + if (application != other.application) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + return true; + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/XKMSInvoker.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/XKMSInvoker.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/XKMSInvoker.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/client/XKMSInvoker.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,249 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.xkms.client; + +import java.io.ByteArrayInputStream; +import java.math.BigInteger; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.UUID; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.apache.cxf.xkms.exception.ExceptionMapper; +import org.apache.cxf.xkms.exception.XKMSException; +import org.apache.cxf.xkms.exception.XKMSLocateException; +import org.apache.cxf.xkms.exception.XKMSNotFoundException; +import org.apache.cxf.xkms.exception.XKMSValidateException; +import org.apache.cxf.xkms.handlers.Applications; +import org.apache.cxf.xkms.handlers.XKMSConstants; +import org.apache.cxf.xkms.model.xkms.KeyBindingEnum; +import org.apache.cxf.xkms.model.xkms.LocateRequestType; +import org.apache.cxf.xkms.model.xkms.LocateResultType; +import org.apache.cxf.xkms.model.xkms.MessageAbstractType; +import org.apache.cxf.xkms.model.xkms.QueryKeyBindingType; +import org.apache.cxf.xkms.model.xkms.StatusType; +import org.apache.cxf.xkms.model.xkms.UseKeyWithType; +import org.apache.cxf.xkms.model.xkms.ValidateRequestType; +import org.apache.cxf.xkms.model.xkms.ValidateResultType; +import org.apache.cxf.xkms.model.xmldsig.KeyInfoType; +import org.apache.cxf.xkms.model.xmldsig.X509DataType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3._2002._03.xkms_wsdl.XKMSPortType; + +public class XKMSInvoker { + private static final Logger LOG = LoggerFactory.getLogger(XKMSInvoker.class); + + private static final org.apache.cxf.xkms.model.xmldsig.ObjectFactory DSIG_OF = + new org.apache.cxf.xkms.model.xmldsig.ObjectFactory(); + private static final org.apache.cxf.xkms.model.xkms.ObjectFactory XKMS_OF = + new org.apache.cxf.xkms.model.xkms.ObjectFactory(); + + private static final String XKMS_LOCATE_INVALID_CERTIFICATE = + "Cannot instantiate X509 certificate from XKMS response"; + private static final String XKMS_VALIDATE_ERROR = "Certificate [%s] is not valid"; + + private final XKMSPortType xkmsConsumer; + + public XKMSInvoker(XKMSPortType xkmsConsumer) { + this.xkmsConsumer = xkmsConsumer; + } + + public X509Certificate getServiceCertificate(QName serviceName) { + return getCertificateForId(Applications.SERVICE_SOAP, serviceName.toString()); + } + + public X509Certificate getCertificateForId(Applications application, String id) { + List ids = Collections.singletonList(new X509AppId(application, id)); + return getCertificate(ids); + } + + public X509Certificate getCertificateForIssuerSerial(String issuerDN, BigInteger serial) { + List ids = new ArrayList(); + ids.add(new X509AppId(Applications.ISSUER, issuerDN)); + ids.add(new X509AppId(Applications.SERIAL, serial.toString(16))); + return getCertificate(ids); + } + + public X509Certificate getCertificate(List ids) { + try { + LocateRequestType locateRequestType = prepareLocateXKMSRequest(ids); + LocateResultType locateResultType = xkmsConsumer.locate(locateRequestType); + return parseLocateXKMSResponse(locateResultType, ids); + } catch (RuntimeException e) { + String msg = String + .format("XKMS locate call fails for certificate: %s. Error: %s", + ids, + e.getMessage()); + LOG.warn(msg, e); + throw new XKMSLocateException(msg, e); + } + } + + public boolean validateCertificate(X509Certificate cert) { + try { + ValidateRequestType validateRequestType = prepareValidateXKMSRequest(cert); + ValidateResultType validateResultType = xkmsConsumer.validate(validateRequestType); + String id = cert.getSubjectDN().getName(); + CertificateValidationResult result = parseValidateXKMSResponse(validateResultType, id); + if (!result.isValid()) { + LOG.warn(String.format("Certificate %s is not valid: %s", + cert.getSubjectDN(), result.getDescription())); + } + return result.isValid(); + } catch (RuntimeException e) { + String msg = String.format("XKMS validate call fails for certificate: %s. Error: %s", + cert.getSubjectDN(), + e.getMessage()); + LOG.warn(msg, e); + throw new XKMSValidateException(msg, e); + } + } + + protected LocateRequestType prepareLocateXKMSRequest(List ids) { + QueryKeyBindingType queryKeyBindingType = XKMS_OF + .createQueryKeyBindingType(); + + for (X509AppId id : ids) { + UseKeyWithType useKeyWithType = XKMS_OF.createUseKeyWithType(); + useKeyWithType.setIdentifier(id.getId()); + useKeyWithType.setApplication(id.getApplication().getUri()); + + queryKeyBindingType.getUseKeyWith().add(useKeyWithType); + } + + LocateRequestType locateRequestType = XKMS_OF.createLocateRequestType(); + locateRequestType.setQueryKeyBinding(queryKeyBindingType); + setGenericRequestParams(locateRequestType); + return locateRequestType; + } + + @SuppressWarnings("unchecked") + protected X509Certificate parseLocateXKMSResponse(LocateResultType locateResultType, List ids) { + + XKMSException exception = ExceptionMapper.fromResponse(locateResultType); + if (exception != null) { + throw exception; + } + + if (!locateResultType.getUnverifiedKeyBinding().iterator().hasNext()) { + throw new XKMSNotFoundException( + "X509Certificate is not found for id: " + ids); + } + KeyInfoType keyInfo = locateResultType.getUnverifiedKeyBinding() + .iterator().next().getKeyInfo(); + if (!keyInfo.getContent().iterator().hasNext()) { + throw new XKMSNotFoundException( + "X509Certificate is not found for id: " + ids); + } + JAXBElement x509Data = (JAXBElement)keyInfo + .getContent().iterator().next(); + JAXBElement certificate = (JAXBElement)x509Data + .getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName() + .iterator().next(); + + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)cf + .generateCertificate(new ByteArrayInputStream(certificate + .getValue())); + return cert; + } catch (CertificateException e) { + throw new XKMSLocateException(XKMS_LOCATE_INVALID_CERTIFICATE, e); + } + } + + protected ValidateRequestType prepareValidateXKMSRequest( + X509Certificate cert) { + JAXBElement x509Cert; + try { + x509Cert = DSIG_OF.createX509DataTypeX509Certificate(cert + .getEncoded()); + } catch (CertificateEncodingException e) { + throw new IllegalArgumentException(e); + } + X509DataType x509DataType = DSIG_OF.createX509DataType(); + x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add( + x509Cert); + JAXBElement x509Data = DSIG_OF + .createX509Data(x509DataType); + + KeyInfoType keyInfoType = DSIG_OF.createKeyInfoType(); + keyInfoType.getContent().add(x509Data); + + QueryKeyBindingType queryKeyBindingType = XKMS_OF + .createQueryKeyBindingType(); + queryKeyBindingType.setKeyInfo(keyInfoType); + + ValidateRequestType validateRequestType = XKMS_OF + .createValidateRequestType(); + setGenericRequestParams(validateRequestType); + validateRequestType.setQueryKeyBinding(queryKeyBindingType); + // temporary + validateRequestType.setId(cert.getSubjectDN().toString()); + return validateRequestType; + } + + protected CertificateValidationResult parseValidateXKMSResponse(ValidateResultType validateResultType, + String id) { + XKMSException exception = ExceptionMapper.fromResponse(validateResultType); + if (exception != null) { + throw exception; + } + + StatusType status = validateResultType.getKeyBinding().iterator() + .next().getStatus(); + if (KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID != status.getStatusValue()) { + return new CertificateValidationResult(false, XKMS_VALIDATE_ERROR); + } + return new CertificateValidationResult(true, null); + } + + public static class CertificateValidationResult { + + private final boolean valid; + private final String description; + + public CertificateValidationResult(boolean valid, String description) { + this.valid = valid; + this.description = description; + } + + public boolean isValid() { + return valid; + } + + public String getDescription() { + return description; + } + } + + private void setGenericRequestParams(MessageAbstractType request) { + request.setService(XKMSConstants.XKMS_ENDPOINT_NAME); + request.setId(UUID.randomUUID().toString()); + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderException.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.xkms.crypto; + +public class CryptoProviderException extends RuntimeException { + + private static final long serialVersionUID = 7177198444823997289L; + + public CryptoProviderException() { + super(); + } + + public CryptoProviderException(String message, Throwable cause) { + super(message, cause); + } + + public CryptoProviderException(String message) { + super(message); + } + + public CryptoProviderException(Throwable cause) { + super(cause); + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderFactory.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,29 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.crypto; + +import org.apache.cxf.message.Message; +import org.apache.ws.security.components.crypto.Crypto; + +public interface CryptoProviderFactory { + + Crypto create(Message message); + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/CryptoProviderUtils.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,157 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.crypto; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Properties; + +import javax.security.auth.callback.CallbackHandler; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.resource.ResourceManager; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.ws.security.WSPasswordCallback; +import org.apache.ws.security.components.crypto.Merlin; + +public final class CryptoProviderUtils { + + private CryptoProviderUtils() { + } + + public static Properties loadKeystoreProperties(Message message, String propKey) { + Object o = message.getContextualProperty(propKey); + if (o == null) { + throw new CryptoProviderException("Keystore properties path is not defined"); + } + + Properties properties = null; + if (o instanceof Properties) { + properties = (Properties)o; + } else if (o instanceof String) { + ResourceManager rm = message.getExchange().get(Bus.class) + .getExtension(ResourceManager.class); + URL url = rm.resolveResource((String)o, URL.class); + try { + if (url == null) { + url = ClassLoaderUtils.getResource((String)o, CryptoProviderUtils.class); + } + if (url == null) { + try { + url = new URL((String)o); + } catch (Exception ex) { + // ignore + } + } + if (url != null) { + InputStream ins = url.openStream(); + properties = new Properties(); + properties.load(ins); + ins.close(); + } else { + throw new CryptoProviderException("Keystore properties url is not resolved: " + + o); + } + } catch (IOException e) { + throw new CryptoProviderException("Cannot load keystore properties: " + + e.getMessage(), e); + } + } else if (o instanceof URL) { + properties = new Properties(); + try { + InputStream ins = ((URL)o).openStream(); + properties.load(ins); + ins.close(); + } catch (IOException e) { + throw new CryptoProviderException("Cannot load keystore properties: " + + e.getMessage(), e); + } + } + if (properties == null) { + throw new CryptoProviderException("Cannot load keystore properties: " + o); + } + + return properties; + } + + public static String getKeystoreAlias(Properties keystoreProps) { + String keystoreAlias = null; + + if (keystoreProps.containsKey(Merlin.KEYSTORE_ALIAS)) { + keystoreAlias = keystoreProps.getProperty(Merlin.KEYSTORE_ALIAS); + } + + if (keystoreAlias == null) { + throw new CryptoProviderException("Alias is not found in keystore properties file: " + + Merlin.KEYSTORE_ALIAS); + } + + return keystoreAlias; + } + + public static CallbackHandler getCallbackHandler(Message message) { + Object o = message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER); + + CallbackHandler handler = null; + if (o instanceof CallbackHandler) { + handler = (CallbackHandler)o; + } else if (o instanceof String) { + try { + handler = (CallbackHandler)ClassLoaderUtils + .loadClass((String)o, CryptoProviderUtils.class).newInstance(); + } catch (Exception e) { + handler = null; + } + } + + return handler; + } + + public static String getCallbackPwdFromMessage(Message message, String userName, int usage) { + // Then try to get the password from the given callback handler + CallbackHandler handler = getCallbackHandler(message); + if (handler == null) { + throw new CryptoProviderException("No callback handler and no password available"); + } + + return getCallbackPwd(userName, usage, handler); + } + + public static String getCallbackPwd(String userName, int usage, CallbackHandler handler) { + if (handler == null) { + return null; + } + WSPasswordCallback[] cb = { + new WSPasswordCallback(userName, usage) + }; + try { + handler.handle(cb); + } catch (Exception e) { + throw new CryptoProviderException("Cannot get password from callback: " + e, e); + } + + // get the password + return cb[0].getPassword(); + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/MissingPrincipalException.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,42 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.crypto; + +public class MissingPrincipalException extends CryptoProviderException { + + private static final long serialVersionUID = 7177198444823997289L; + + public MissingPrincipalException() { + super(); + } + + public MissingPrincipalException(String message, Throwable cause) { + super(message, cause); + } + + public MissingPrincipalException(String message) { + super(message); + } + + public MissingPrincipalException(Throwable cause) { + super(cause); + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProvider.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,241 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.crypto; + +import java.math.BigInteger; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.xkms.cache.EHCacheXKMSClientCache; +import org.apache.cxf.xkms.cache.XKMSCacheToken; +import org.apache.cxf.xkms.cache.XKMSClientCache; +import org.apache.cxf.xkms.client.XKMSInvoker; +import org.apache.cxf.xkms.handlers.Applications; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.components.crypto.Crypto; +import org.apache.ws.security.components.crypto.CryptoBase; +import org.apache.ws.security.components.crypto.CryptoType; +import org.apache.ws.security.components.crypto.CryptoType.TYPE; +import org.w3._2002._03.xkms_wsdl.XKMSPortType; + +public class XkmsCryptoProvider extends CryptoBase { + + private static final Logger LOG = LogUtils.getL7dLogger(XkmsCryptoProvider.class); + + private final XKMSInvoker xkmsInvoker; + private Crypto defaultCrypto; + private XKMSClientCache xkmsClientCache; + + public XkmsCryptoProvider(XKMSPortType xkmsConsumer) { + this(xkmsConsumer, null); + } + + public XkmsCryptoProvider(XKMSPortType xkmsConsumer, Crypto defaultCrypto) { + this(xkmsConsumer, defaultCrypto, new EHCacheXKMSClientCache()); + } + + public XkmsCryptoProvider(XKMSPortType xkmsConsumer, Crypto defaultCrypto, XKMSClientCache xkmsClientCache) { + if (xkmsConsumer == null) { + throw new IllegalArgumentException("xkmsConsumer may not be null"); + } + this.xkmsInvoker = new XKMSInvoker(xkmsConsumer); + this.defaultCrypto = defaultCrypto; + this.xkmsClientCache = xkmsClientCache; + } + + @Override + public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException { + if (LOG.isLoggable(Level.INFO)) { + LOG.info(String + .format("XKMS Runtime: getting public certificate for alias: %s; issuer: %s; subjectDN: %s", + cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN())); + } + X509Certificate[] certs = getX509CertificatesInternal(cryptoType); + if (certs == null) { + LOG.severe(String + .format( + "Cannot find certificate for alias: %s, issuer: %s; subjectDN: %s", + cryptoType.getAlias(), cryptoType.getIssuer(), cryptoType.getSubjectDN())); + } + return certs; + } + + @Override + public String getX509Identifier(X509Certificate cert) throws WSSecurityException { + assertDefaultCryptoProvider(); + return defaultCrypto.getX509Identifier(cert); + } + + @Override + public PrivateKey getPrivateKey(X509Certificate certificate, CallbackHandler callbackHandler) + throws WSSecurityException { + assertDefaultCryptoProvider(); + return defaultCrypto.getPrivateKey(certificate, callbackHandler); + } + + @Override + public PrivateKey getPrivateKey(String identifier, String password) throws WSSecurityException { + assertDefaultCryptoProvider(); + return defaultCrypto.getPrivateKey(identifier, password); + } + + @Override + public boolean verifyTrust(X509Certificate[] certs) { + return verifyTrust(certs, false); + } + + @Override + public boolean verifyTrust(X509Certificate[] certs, boolean enableRevocation) { + if (certs != null) { + LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN())); + } + return certs != null && xkmsInvoker.validateCertificate(certs[0]); + } + + @Override + public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException { + throw new CryptoProviderException("PublicKeys cannot be verified"); + } + + private void assertDefaultCryptoProvider() { + if (defaultCrypto == null) { + throw new UnsupportedOperationException("Not supported by this crypto provider"); + } + } + + private X509Certificate[] getX509CertificatesInternal(CryptoType cryptoType) { + CryptoType.TYPE type = cryptoType.getType(); + if (type == TYPE.SUBJECT_DN) { + return getX509CertificatesFromXKMS(Applications.PKIX, cryptoType.getSubjectDN()); + } else if (type == TYPE.ALIAS) { + return getX509CertificatesFromXKMS(cryptoType); + } else if (type == TYPE.ISSUER_SERIAL) { + String key = getKeyForIssuerSerial(cryptoType.getIssuer(), cryptoType.getSerial()); + // Try local cache first + if (xkmsClientCache != null) { + XKMSCacheToken cachedToken = xkmsClientCache.get(key); + if (cachedToken != null && cachedToken.getX509Certificate() != null) { + return new X509Certificate[] {cachedToken.getX509Certificate()}; + } + } + // Now ask the XKMS Service + X509Certificate certificate = xkmsInvoker.getCertificateForIssuerSerial(cryptoType + .getIssuer(), cryptoType.getSerial()); + + // Store in the cache + if (certificate != null && xkmsClientCache != null) { + XKMSCacheToken cacheToken = new XKMSCacheToken(certificate); + xkmsClientCache.put(key, cacheToken); + // Store it using the Subject DN as well + xkmsClientCache.put(certificate.getSubjectX500Principal().getName(), cacheToken); + } + return new X509Certificate[] { + certificate + }; + } + throw new IllegalArgumentException("Unsupported type " + type); + } + + private X509Certificate[] getX509CertificatesFromXKMS(CryptoType cryptoType) { + Applications appId = null; + boolean isServiceName = isServiceName(cryptoType); + if (!isServiceName) { + X509Certificate[] localCerts = getCertificateLocally(cryptoType); + if (localCerts != null) { + return localCerts; + } + appId = Applications.PKIX; + } else { + appId = Applications.SERVICE_SOAP; + } + return getX509CertificatesFromXKMS(appId, cryptoType.getAlias()); + } + + private X509Certificate[] getX509CertificatesFromXKMS(Applications application, String id) { + LOG.fine(String.format("Getting public certificate from XKMS for application:%s; id: %s", + application, id)); + if (id == null) { + throw new CryptoProviderException("Id is not specified for certificate request"); + } + + // Try local cache first + if (xkmsClientCache != null) { + XKMSCacheToken cachedToken = xkmsClientCache.get(id.toLowerCase()); + if (cachedToken != null && cachedToken.getX509Certificate() != null) { + return new X509Certificate[] {cachedToken.getX509Certificate()}; + } + } + + // Now ask the XKMS Service + X509Certificate cert = xkmsInvoker.getCertificateForId(application, id); + + // Store in the cache + if (cert != null && xkmsClientCache != null) { + XKMSCacheToken cacheToken = new XKMSCacheToken(cert); + xkmsClientCache.put(id.toLowerCase(), cacheToken); + // Store it using IssuerSerial as well + String key = getKeyForIssuerSerial(cert.getIssuerX500Principal().getName(), + cert.getSerialNumber()); + xkmsClientCache.put(key, cacheToken); + } + + return new X509Certificate[] { + cert + }; + } + + /** + * Try to get certificate locally + * + * @param cryptoType + * @return if found certificate otherwise null returned + */ + private X509Certificate[] getCertificateLocally(CryptoType cryptoType) { + X509Certificate[] localCerts = null; + try { + localCerts = defaultCrypto.getX509Certificates(cryptoType); + } catch (Exception e) { + LOG.info("Certificate is not found in local keystore and will be requested from XKMS: " + + cryptoType.getAlias()); + } + return localCerts; + } + + /** + * Service Aliases contain namespace + * + * @param cryptoType + * @return + */ + private boolean isServiceName(CryptoType cryptoType) { + return cryptoType.getAlias().contains("{"); + } + + private String getKeyForIssuerSerial(String issuer, BigInteger serial) { + return issuer + "-" + serial.toString(16); + } + +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/XkmsCryptoProviderFactory.java Sat Aug 10 07:52:35 2013 @@ -0,0 +1,51 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.xkms.crypto; + +import java.util.Properties; + +import org.apache.cxf.message.Message; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.ws.security.WSSecurityException; +import org.apache.ws.security.components.crypto.Crypto; +import org.apache.ws.security.components.crypto.CryptoFactory; +import org.w3._2002._03.xkms_wsdl.XKMSPortType; + +public class XkmsCryptoProviderFactory implements CryptoProviderFactory { + + private final XKMSPortType xkmsConsumer; + + public XkmsCryptoProviderFactory(XKMSPortType xkmsConsumer) { + this.xkmsConsumer = xkmsConsumer; + } + + public Crypto create(Message message) { + Properties keystoreProps = CryptoProviderUtils + .loadKeystoreProperties(message, + SecurityConstants.SIGNATURE_PROPERTIES); + try { + Crypto defaultCrypto = CryptoFactory.getInstance(keystoreProps); + return new XkmsCryptoProvider(xkmsConsumer, defaultCrypto); + } catch (WSSecurityException e) { + throw new CryptoProviderException("Cannot instantiate crypto factory: " + + e.getMessage(), e); + } + } +} Added: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml?rev=1512574&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml (added) +++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/resources/OSGI-INF/blueprint/beans.xml Sat Aug 10 07:52:35 2013 @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + +