cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1521775 - /cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Date Wed, 11 Sep 2013 10:03:19 GMT
Author: coheigea
Date: Wed Sep 11 10:03:19 2013
New Revision: 1521775

URL: http://svn.apache.org/r1521775
Log:
[CXF-5270] - XKMS Crypto Client does not check local keystore for "locate" if the alias is
actually a Subject DN

Modified:
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java

Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java?rev=1521775&r1=1521774&r2=1521775&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
(original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Wed Sep 11 10:03:19 2013
@@ -220,18 +220,41 @@ class XkmsCryptoProvider extends CryptoB
     }
 
     /**
-     * Try to get certificate locally
+     * Try to get certificate locally. First try using the supplied CryptoType. If this
+     * does not work, and if the supplied CryptoType is a ALIAS, then try again with SUBJECT_DN
+     * in case the supplied Alias is actually a Certificate's Subject DN
      * 
      * @param cryptoType
      * @return if found certificate otherwise null returned
      */
     private X509Certificate[] getCertificateLocally(CryptoType cryptoType) {
+        // This only applies if we've configured a local Crypto instance...
+        if (defaultCrypto == null) {
+            return null;
+        }
+        
+        // First try using the supplied CryptoType instance
         X509Certificate[] localCerts = null;
         try {
             localCerts = defaultCrypto.getX509Certificates(cryptoType);
         } catch (Exception e) {
-            LOG.info("Certificate is not found in local keystore and will be requested from
"
-                + "XKMS (first trying the cache): " + cryptoType.getAlias());
+            LOG.info("Certificate is not found in local keystore using desired CryptoType:
" 
+                     + cryptoType.getType().name());
+        }
+        
+        if (localCerts == null && cryptoType.getType() == CryptoType.TYPE.ALIAS)
{
+            // If none found then try using either the Subject DN. This is because an 
+            // Encryption username in CXF is configured as an Alias in WSS4J, but may in
fact 
+            // be a Subject DN
+            CryptoType newCryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
+            newCryptoType.setSubjectDN(cryptoType.getAlias());
+            
+            try {
+                localCerts = defaultCrypto.getX509Certificates(newCryptoType);
+            } catch (Exception e) {
+                LOG.info("Certificate is not found in local keystore and will be requested
from "
+                    + "XKMS (first trying the cache): " + cryptoType.getAlias());
+            }
         }
         return localCerts;
     }



Mime
View raw message