cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1521777 - /cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Date Wed, 11 Sep 2013 10:05:40 GMT
Author: coheigea
Date: Wed Sep 11 10:05:40 2013
New Revision: 1521777

URL: http://svn.apache.org/r1521777
Log:
Merged revisions 1521775 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1521775 | coheigea | 2013-09-11 11:03:19 +0100 (Wed, 11 Sep 2013) | 2 lines

  [CXF-5270] - XKMS Crypto Client does not check local keystore for "locate" if the alias
is actually a Subject DN

........

Modified:
    cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java

Modified: cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java?rev=1521777&r1=1521776&r2=1521777&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
(original)
+++ cxf/branches/2.7.x-fixes/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Wed Sep 11 10:05:40 2013
@@ -226,18 +226,41 @@ class XkmsCryptoProvider extends CryptoB
     }
 
     /**
-     * Try to get certificate locally
+     * Try to get certificate locally. First try using the supplied CryptoType. If this
+     * does not work, and if the supplied CryptoType is a ALIAS, then try again with SUBJECT_DN
+     * in case the supplied Alias is actually a Certificate's Subject DN
      * 
      * @param cryptoType
      * @return if found certificate otherwise null returned
      */
     private X509Certificate[] getCertificateLocally(CryptoType cryptoType) {
+        // This only applies if we've configured a local Crypto instance...
+        if (defaultCrypto == null) {
+            return null;
+        }
+        
+        // First try using the supplied CryptoType instance
         X509Certificate[] localCerts = null;
         try {
             localCerts = defaultCrypto.getX509Certificates(cryptoType);
         } catch (Exception e) {
-            LOG.info("Certificate is not found in local keystore and will be requested from
"
-                + "XKMS (first trying the cache): " + cryptoType.getAlias());
+            LOG.info("Certificate is not found in local keystore using desired CryptoType:
" 
+                     + cryptoType.getType().name());
+        }
+        
+        if (localCerts == null && cryptoType.getType() == CryptoType.TYPE.ALIAS)
{
+            // If none found then try using either the Subject DN. This is because an 
+            // Encryption username in CXF is configured as an Alias in WSS4J, but may in
fact 
+            // be a Subject DN
+            CryptoType newCryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
+            newCryptoType.setSubjectDN(cryptoType.getAlias());
+            
+            try {
+                localCerts = defaultCrypto.getX509Certificates(newCryptoType);
+            } catch (Exception e) {
+                LOG.info("Certificate is not found in local keystore and will be requested
from "
+                    + "XKMS (first trying the cache): " + cryptoType.getAlias());
+            }
         }
         return localCerts;
     }



Mime
View raw message