cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject svn commit: r1554397 - in /cxf/trunk/services/xkms: xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/ xkms-common/src/main/java/org/apache/cxf/xkms/handlers/ xkms-features/src/main/resources/ xkms-itests/src/test/java/org/apache/cxf/xkms/itest...
Date Tue, 31 Dec 2013 10:48:23 GMT
Author: ashakirin
Date: Tue Dec 31 10:48:22 2013
New Revision: 1554397

URL: http://svn.apache.org/r1554397
Log:
[CXF-5443] STS Symmetric HOK: using server endpoint (AppliesTo) as certificate identifier
to encrypt symmetric key

Added:
    cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/http___localhost_8080_services_TestService.cer
  (with props)
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/store1/CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer.cer
      - copied unchanged from r1554225, cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/store1/CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer-11688544847478700689.cer
Removed:
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/resources/store1/CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer-11688544847478700689.cer
Modified:
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
    cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
    cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
    cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
    cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
    cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
    cxf/trunk/services/xkms/xkms-war/pom.xml
    cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
    cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java

Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
(original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XKMSInvoker.java
Tue Dec 31 10:48:22 2013
@@ -73,7 +73,7 @@ class XKMSInvoker {
     }
     
     public X509Certificate getServiceCertificate(QName serviceName) {
-        return getCertificateForId(Applications.SERVICE_SOAP, serviceName.toString());
+        return getCertificateForId(Applications.SERVICE_NAME, serviceName.toString());
     }
     
     public X509Certificate getCertificateForId(Applications application, String id) {
@@ -88,6 +88,12 @@ class XKMSInvoker {
         return getCertificate(ids);
     }
 
+    public X509Certificate getCertificateForEndpoint(String endpoint) {
+        List<X509AppId> ids = new ArrayList<X509AppId>();
+        ids.add(new X509AppId(Applications.SERVICE_ENDPOINT, endpoint));
+        return getCertificate(ids);
+    }
+
     public X509Certificate getCertificate(List<X509AppId> ids) {
         try {
             LocateRequestType locateRequestType = prepareLocateXKMSRequest(ids);

Modified: cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
(original)
+++ cxf/trunk/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/impl/XkmsCryptoProvider.java
Tue Dec 31 10:48:22 2013
@@ -159,7 +159,7 @@ public class XkmsCryptoProvider extends 
     private X509Certificate[] getX509(CryptoType cryptoType) {
         // Try to get X509 certificate from local keystore if it is configured
         if (allowX509FromJKS && (fallbackCrypto != null)) {
-            X509Certificate[] localCerts = getCertificateLocally(cryptoType);
+            X509Certificate[] localCerts = getCertificateLocaly(cryptoType);
             if ((localCerts != null) && localCerts.length > 0) {
                 return localCerts;
             }
@@ -167,14 +167,15 @@ public class XkmsCryptoProvider extends 
         CryptoType.TYPE type = cryptoType.getType();
         if (type == TYPE.SUBJECT_DN) {
             return getX509FromXKMSByID(Applications.PKIX, cryptoType.getSubjectDN());
-            
+        } else if (type == TYPE.ENDPOINT) {
+            return getX509FromXKMSByEndpoint(cryptoType.getEndpoint());
         } else if (type == TYPE.ALIAS) {
             Applications appId = null;
             boolean isServiceName = isServiceName(cryptoType);
             if (!isServiceName) {
                 appId = Applications.PKIX;
             } else {
-                appId = Applications.SERVICE_SOAP;
+                appId = Applications.SERVICE_NAME;
             }
             return getX509FromXKMSByID(appId, cryptoType.getAlias());
             
@@ -220,6 +221,22 @@ public class XkmsCryptoProvider extends 
         return buildX509GetResult(key, cert);
     }
 
+    private X509Certificate[] getX509FromXKMSByEndpoint(String endpoint) {
+        LOG.fine(String.format("Getting public certificate from XKMS for endpoint:%s",
+                               endpoint));
+        
+        // Try local cache first
+        X509Certificate[] certs = checkX509Cache(endpoint);
+        if (certs != null) {
+            return certs;
+        }
+        
+        // Now ask the XKMS Service
+        X509Certificate cert = xkmsInvoker.getCertificateForEndpoint(endpoint);
+        
+        return buildX509GetResult(endpoint, cert);
+    }
+
     private X509Certificate[] checkX509Cache(String key) {
         if (xkmsClientCache == null) {
             return null;
@@ -257,7 +274,7 @@ public class XkmsCryptoProvider extends 
      * @param cryptoType
      * @return if found certificate otherwise null returned
      */
-    private X509Certificate[] getCertificateLocally(CryptoType cryptoType) {
+    private X509Certificate[] getCertificateLocaly(CryptoType cryptoType) {
         // This only applies if we've configured a local Crypto instance...
         if (fallbackCrypto == null) {
             return null;

Modified: cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
(original)
+++ cxf/trunk/services/xkms/xkms-common/src/main/java/org/apache/cxf/xkms/handlers/Applications.java
Tue Dec 31 10:48:22 2013
@@ -28,9 +28,13 @@ public enum Applications {
      */
     TLS_HTTPS("urn:ietf:rfc:2818"),
     /**
-     * Service Endpoint Name
+     * Service Name
      */
-    SERVICE_SOAP("urn:apache:cxf:service:soap"),
+    SERVICE_NAME("urn:apache:cxf:service:name"),
+    /**
+     * Service Endpoint
+     */
+    SERVICE_ENDPOINT("urn:apache:cxf:service:endpoint"),
     /**
      * Certificate Issuer
      */

Modified: cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg (original)
+++ cxf/trunk/services/xkms/xkms-features/src/main/resources/org.apache.cxf.xkms.cfg Tue Dec
31 10:48:22 2013
@@ -39,6 +39,7 @@ xkms.ldap.schema.certObjectClass=inetOrg
 xkms.ldap.schema.attrUID=uid
 xkms.ldap.schema.attrIssuerID=manager
 xkms.ldap.schema.attrSerialNumber=employeeNumber
+xkms.ldap.schema.attrEndpoint=labeledURI
 xkms.ldap.schema.attrCrtBinary=userCertificate;binary
 xkms.ldap.schema.constAttrNamesCSV=sn
 xkms.ldap.schema.constAttrValuesCSV=X509 certificate

Modified: cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
(original)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/BasicIntegrationTest.java
Tue Dec 31 10:48:22 2013
@@ -78,6 +78,9 @@ public class BasicIntegrationTest {
                                      new File("src/test/resources/data/xkms/certificates/cas/alice.cer")),
             replaceConfigurationFile("data/xkms/certificates/dave.cer",
                                      new File("src/test/resources/data/xkms/certificates/dave.cer")),
+            replaceConfigurationFile("data/xkms/certificates/http___localhost_8080_services_TestService.cer",
+                                     new File("src/test/resources/data/xkms/certificates/"

+                                     + "http___localhost_8080_services_TestService.cer")),
             replaceConfigurationFile("data/xkms/certificates/crls/wss40CACRL.cer",
                                      new File("src/test/resources/data/xkms/certificates/crls/wss40CACRL.cer")),
             replaceConfigurationFile("etc/org.apache.cxf.xkms.cfg", getConfigFile()),

Modified: cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
(original)
+++ cxf/trunk/services/xkms/xkms-itests/src/test/java/org/apache/cxf/xkms/itests/service/XKMSServiceTest.java
Tue Dec 31 10:48:22 2013
@@ -49,7 +49,7 @@ public class XKMSServiceTest extends Bas
         new org.apache.cxf.xkms.model.xkms.ObjectFactory();
     
     @Test
-    public void testLocate() throws URISyntaxException, Exception {
+    public void testLocatePKIX() throws URISyntaxException, Exception {
         LocateRequestType request = XKMS_OF.createLocateRequestType();
         setGenericRequestParams(request);
         QueryKeyBindingType queryKeyBindingType = XKMS_OF.createQueryKeyBindingType();
@@ -58,6 +58,25 @@ public class XKMSServiceTest extends Bas
         useKeyWithType.setIdentifier("CN=Dave, OU=Apache, O=CXF, L=CGN, ST=NRW, C=DE");
         useKeyWithType.setApplication(Applications.PKIX.getUri());
 
+        locateCertificate(request, queryKeyBindingType, useKeyWithType);
+    }
+
+    @Test
+    public void testLocateByEndpoint() throws URISyntaxException, Exception {
+        LocateRequestType request = XKMS_OF.createLocateRequestType();
+        setGenericRequestParams(request);
+        QueryKeyBindingType queryKeyBindingType = XKMS_OF.createQueryKeyBindingType();
+
+        UseKeyWithType useKeyWithType = XKMS_OF.createUseKeyWithType();
+        useKeyWithType.setIdentifier("http://localhost:8080/services/TestService");
+        useKeyWithType.setApplication(Applications.SERVICE_ENDPOINT.getUri());
+
+        locateCertificate(request, queryKeyBindingType, useKeyWithType);
+    }
+
+    private void locateCertificate(LocateRequestType request,
+                                   QueryKeyBindingType queryKeyBindingType,
+                                   UseKeyWithType useKeyWithType) {
         queryKeyBindingType.getUseKeyWith().add(useKeyWithType);
 
         request.setQueryKeyBinding(queryKeyBindingType);
@@ -101,8 +120,6 @@ public class XKMSServiceTest extends Bas
                             result.getResultMajor());
         Assert.assertEquals(ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE.value(),
                             result.getResultMinor());
-        ResultDetails message = (ResultDetails)result.getMessageExtension().get(0);
-        Assert.assertEquals("Exactly one useKeyWith element needed", message.getDetails());
     }
     
 }

Added: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/http___localhost_8080_services_TestService.cer
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/http___localhost_8080_services_TestService.cer?rev=1554397&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/trunk/services/xkms/xkms-itests/src/test/resources/data/xkms/certificates/http___localhost_8080_services_TestService.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
(original)
+++ cxf/trunk/services/xkms/xkms-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
Tue Dec 31 10:48:22 2013
@@ -35,6 +35,7 @@
         <property name="attrUID" value="${xkms.ldap.schema.attrUID}"/>
         <property name="attrIssuerID" value="${xkms.ldap.schema.attrIssuerID}"/>
         <property name="attrSerialNumber" value="${xkms.ldap.schema.attrSerialNumber}"/>
+        <property name="attrEndpoint" value="${xkms.ldap.schema.attrEndpoint}"/>
         <property name="attrCrtBinary" value="${xkms.ldap.schema.attrCrtBinary}"/>
         <property name="attrCrlBinary" value="${xkms.ldap.schema.attrCrlBinary}"/>
         <property name="constAttrNamesCSV" value="${xkms.ldap.schema.constAttrNamesCSV}"/>

Modified: cxf/trunk/services/xkms/xkms-war/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/pom.xml?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/pom.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/pom.xml Tue Dec 31 10:48:22 2013
@@ -42,6 +42,11 @@
             <scope>runtime</scope>
         </dependency>
         <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
         </dependency>

Modified: cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml (original)
+++ cxf/trunk/services/xkms/xkms-war/src/main/webapp/WEB-INF/xkms-key-handlers.xml Tue Dec
31 10:48:22 2013
@@ -37,6 +37,7 @@
         <property name="attrUID" value="uid"/>
         <property name="attrIssuerID" value="manager"/>
         <property name="attrSerialNumber" value="employeeNumber"/>
+        <property name="attrEndpoint" value="labeledURI"/>
         <property name="attrCrtBinary" value="userCertificate;binary"/>
         <property name="constAttrNamesCSV" value="sn"/>
         <property name="constAttrValuesCSV" value="X509 certificate"/>

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Locator.java
Tue Dec 31 10:48:22 2013
@@ -80,8 +80,10 @@ public class X509Locator implements Loca
             String id = ids.get(0).getIdentifier();
             if (application == Applications.PKIX) {
                 cert = certRepo.findBySubjectDn(id);
-            } else if (application == Applications.SERVICE_SOAP) {
+            } else if (application == Applications.SERVICE_NAME) {
                 cert = certRepo.findByServiceName(id);
+            } else if (application == Applications.SERVICE_ENDPOINT) {
+                cert = certRepo.findByEndpoint(id);
             }
         }
         String issuer = getIdForApplication(Applications.ISSUER, ids);

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/handlers/X509Register.java
Tue Dec 31 10:48:22 2013
@@ -81,7 +81,7 @@ public class X509Register implements Reg
             X509Utils.assertElementNotNull(binding, KeyInfoType.class);
             List<UseKeyWithType> useKeyWithList = binding.getUseKeyWith();
             if (useKeyWithList == null || useKeyWithList.size() != 1) {
-                throw new IllegalArgumentException("Exactly one useKeyWith element needed");
+                throw new IllegalArgumentException("Exactly one useKeyWith element is supported");
                 //TODO standard requires support for multiple useKeyWith attributes
             }
             UseKeyWithType useKeyWith = useKeyWithList.get(0);

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/CertificateRepo.java
Tue Dec 31 10:48:22 2013
@@ -31,5 +31,6 @@ public interface CertificateRepo {
     void saveCertificate(X509Certificate cert, UseKeyWithType key);
     X509Certificate findBySubjectDn(String dn);
     X509Certificate findByServiceName(String serviceName);
+    X509Certificate findByEndpoint(String endpoint);
     X509Certificate findByIssuerSerial(String issuer, String serial);
 }

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.java
Tue Dec 31 10:48:22 2013
@@ -36,6 +36,7 @@ import java.util.List;
 import java.util.regex.Pattern;
 
 import org.apache.cxf.xkms.exception.XKMSConfigurationException;
+import org.apache.cxf.xkms.handlers.Applications;
 import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
 import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
 import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
@@ -76,7 +77,7 @@ public class FileCertificateRepo impleme
     public void saveCRL(X509CRL crl, UseKeyWithType id) {
         String name = crl.getIssuerX500Principal().getName();
         try {
-            String path = convertDnForFileSystem(name) + ".cer";
+            String path = convertIdForFileSystem(name) + ".cer";
             Pattern p = Pattern.compile("[a-zA-Z_0-9-_]");
             if (!p.matcher(path).find()) {
                 throw new URISyntaxException(path, "Input did not match [a-zA-Z_0-9-_].");
@@ -96,7 +97,6 @@ public class FileCertificateRepo impleme
 
     private boolean saveCategorizedCertificate(X509Certificate cert, UseKeyWithType id, boolean
isTrustedCA,
                                                boolean isCA) {
-        String name = cert.getSubjectX500Principal().getName();
         String category = "";
         if (isTrustedCA) {
             category = TRUSTED_CAS_PATH;
@@ -106,7 +106,7 @@ public class FileCertificateRepo impleme
         }
         try {
             File certFile = new File(storageDir + "/" + category,
-                                     getRelativePathForSubjectDn(cert));
+                                     getCertPath(cert, id));
             certFile.getParentFile().mkdirs();
             FileOutputStream fos = new FileOutputStream(certFile);
             BufferedOutputStream bos = new BufferedOutputStream(fos);
@@ -114,12 +114,12 @@ public class FileCertificateRepo impleme
             bos.close();
             fos.close();
         } catch (Exception e) {
-            throw new RuntimeException("Error saving certificate " + name + ": " + e.getMessage(),
e);
+            throw new RuntimeException("Error saving certificate " + cert.getSubjectDN()
+ ": " + e.getMessage(), e);
         }
         return true;
     }
-    
-    public String convertDnForFileSystem(String dn) {
+
+    public String convertIdForFileSystem(String dn) {
         String result = dn.replace("=", "-");
         result = result.replace(", ", "_");
         result = result.replace(",", "_");
@@ -131,15 +131,26 @@ public class FileCertificateRepo impleme
         return result;
     }
 
-    public String getRelativePathForSubjectDn(X509Certificate cert)
+    public String getCertPath(X509Certificate cert, UseKeyWithType id)
         throws URISyntaxException {
-        BigInteger serialNumber = cert.getSerialNumber();
-        String issuer = cert.getIssuerX500Principal().getName();
-        String path = convertDnForFileSystem(issuer) + "-" + serialNumber.toString() + ".cer";
-        Pattern p = Pattern.compile("[a-zA-Z_0-9-_]");
-        if (p.matcher(path).find()) {
-            return path;
+        Applications application = null;
+        String path = null;
+        if (id != null) {
+            application = Applications.fromUri(id.getApplication());
+        }
+        if (application == Applications.SERVICE_ENDPOINT) {
+            path = id.getIdentifier();
         } else {
+            path = cert.getSubjectDN().getName();
+        }
+        path = convertIdForFileSystem(path) + ".cer";
+        validateCertificatePath(path);
+        return path;
+    }
+
+    private void validateCertificatePath(String path) throws URISyntaxException {
+        Pattern p = Pattern.compile("[a-zA-Z_0-9-_]");
+        if (!p.matcher(path).find()) {
             throw new URISyntaxException(path, "Input did not match [a-zA-Z_0-9-_].");
         }
     }
@@ -246,6 +257,25 @@ public class FileCertificateRepo impleme
     }
 
     @Override
+    public X509Certificate findByEndpoint(String endpoint) {
+        try {
+            String path = convertIdForFileSystem(endpoint) + ".cer";
+            validateCertificatePath(path);
+            File certFile = new File(storageDir.getAbsolutePath() + "/" + path);
+            if (!certFile.exists()) {
+                LOG.warn(String.format("Certificate not found for endpoint %s, path %s",
endpoint,
+                                       certFile.getAbsolutePath()));
+                return null;
+            }
+            return (X509Certificate)certFactory.generateCertificate(new FileInputStream(certFile));
+        } catch (Exception e) {
+            LOG.warn(String.format("Cannot load certificate by endpoint: %s. Error: %s",
endpoint,
+                                   e.getMessage()), e);
+            return null;
+        }
+    }
+
+    @Override
     public X509Certificate findBySubjectDn(String subjectDn) {
         List<X509Certificate> result = new ArrayList<X509Certificate>();
         File[] list = getX509Files();
@@ -299,4 +329,5 @@ public class FileCertificateRepo impleme
         }
         return null;
     }
+
 }

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapCertificateRepo.java
Tue Dec 31 10:48:22 2013
@@ -25,7 +25,9 @@ import java.security.cert.CertificateFac
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Matcher;
@@ -140,13 +142,18 @@ public class LdapCertificateRepo impleme
         }
     }
 
-    private void saveCertificate(X509Certificate cert, String dn) {
+    private void saveCertificate(X509Certificate cert, String dn, Map<String, String>
appAttrs) {
         Attributes attribs = new BasicAttributes();
         attribs.put(new BasicAttribute(ATTR_OBJECT_CLASS, ldapConfig.getCertObjectClass()));
         attribs.put(new BasicAttribute(ldapConfig.getAttrUID(), cert.getSubjectX500Principal().getName()));
         attribs.put(new BasicAttribute(ldapConfig.getAttrIssuerID(), cert.getIssuerX500Principal().getName()));
         attribs.put(new BasicAttribute(ldapConfig.getAttrSerialNumber(), cert.getSerialNumber().toString(16)));
         addConstantAttributes(ldapConfig.getConstAttrNamesCSV(), ldapConfig.getConstAttrValuesCSV(),
attribs);
+        if ((appAttrs != null) && (!appAttrs.isEmpty())) {
+            for (String attrName : appAttrs.keySet()) {
+                attribs.put(new BasicAttribute(attrName, appAttrs.get(attrName)));
+            }
+        }
         try {
             attribs.put(new BasicAttribute(ldapConfig.getAttrCrtBinary(), cert.getEncoded()));
             ldapSearch.bind(dn, attribs);
@@ -192,7 +199,7 @@ public class LdapCertificateRepo impleme
     public X509Certificate findByServiceName(String serviceName) {
         X509Certificate cert = null;
         try {
-            String dn = getDnForServiceName(serviceName);
+            String dn = getDnForIdentifier(serviceName);
             cert = getCertificateForDn(dn);
         } catch (NamingException e) {
             // Not found
@@ -207,8 +214,22 @@ public class LdapCertificateRepo impleme
         return cert;
     }
 
-    private String getDnForServiceName(String serviceName) {
-        String escapedIdentifier = serviceName.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
+    @Override
+    public X509Certificate findByEndpoint(String endpoint) {
+        X509Certificate cert = null;
+        String filter = String.format("(%s=%s)", ldapConfig.getAttrEndpoint(), endpoint);
+        try {
+            Attribute attr = ldapSearch.findAttribute(rootDN, filter, ldapConfig.getAttrCrtBinary());
+            cert = getCert(attr);
+        } catch (NamingException e) {
+            // Not found
+        }
+        return cert;
+    }
+
+    
+    private String getDnForIdentifier(String id) {
+        String escapedIdentifier = id.replaceAll("\\/", Matcher.quoteReplacement("\\/"));
         return String.format(ldapConfig.getServiceCertRDNTemplate(), escapedIdentifier) +
"," + rootDN;
     }
 
@@ -260,15 +281,19 @@ public class LdapCertificateRepo impleme
     @Override
     public void saveCertificate(X509Certificate cert, UseKeyWithType key) {
         Applications application = Applications.fromUri(key.getApplication());
-        String dn;
+        String dn = null;
+        Map<String, String> attrs = new HashMap<String, String>();
         if (application == Applications.PKIX) {
             dn = key.getIdentifier() + "," + rootDN;
-        } else if (application == Applications.SERVICE_SOAP) {
-            dn = getDnForServiceName(key.getIdentifier());
+        } else if (application == Applications.SERVICE_NAME) {
+            dn = getDnForIdentifier(key.getIdentifier());
+        } else if (application == Applications.SERVICE_ENDPOINT) {
+            attrs.put(ldapConfig.getAttrEndpoint(), key.getIdentifier());
+            dn = getDnForIdentifier(key.getIdentifier());
         } else {
             throw new IllegalArgumentException("Unsupported Application " + application);
         }
-        saveCertificate(cert, dn);
+        saveCertificate(cert, dn, attrs);
     }
 
 }

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/main/java/org/apache/cxf/xkms/x509/repo/ldap/LdapSchemaConfig.java
Tue Dec 31 10:48:22 2013
@@ -23,6 +23,7 @@ public class LdapSchemaConfig {
     private String attrUID = "uid";
     private String attrIssuerID = "manager";
     private String attrSerialNumber = "employeeNumber";
+    private String attrEndpoint = "labeledURI";
     private String attrCrtBinary = "userCertificate;binary";
     private String attrCrlBinary = "certificateRevocationList;binary";
     private String constAttrNamesCSV = "sn";
@@ -137,4 +138,12 @@ public class LdapSchemaConfig {
         this.attrCrlBinary = attrCrlBinary;
     }
 
+    public String getAttrEndpoint() {
+        return attrEndpoint;
+    }
+
+    public void setAttrEndpoint(String attrEndpoint) {
+        this.attrEndpoint = attrEndpoint;
+    }
+
 }

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/file/FileCertificateRepoTest.java
Tue Dec 31 10:48:22 2013
@@ -39,8 +39,7 @@ import org.junit.Test;
 
 public class FileCertificateRepoTest {
     private static final String EXAMPLE_SUBJECT_DN = "CN=www.issuer.com, L=CGN, ST=NRW, C=DE,
O=Issuer";
-    private static final String EXPECTED_CERT_FILE_NAME = 
-        "CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer-11688544847478700689.cer";
+    private static final String EXPECTED_CERT_FILE_NAME = "CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer.cer";
 
     @Test
     public void testSaveAndFind() throws CertificateException, IOException {
@@ -113,7 +112,7 @@ public class FileCertificateRepoTest {
     @Test
     public void testConvertDnForFileSystem() throws CertificateException {
         String convertedName = new FileCertificateRepo("src/test/resources/store1")
-            .convertDnForFileSystem(EXAMPLE_SUBJECT_DN);
+            .convertIdForFileSystem(EXAMPLE_SUBJECT_DN);
         Assert.assertEquals("CN-www.issuer.com_L-CGN_ST-NRW_C-DE_O-Issuer", convertedName);
     }
 

Modified: cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java?rev=1554397&r1=1554396&r2=1554397&view=diff
==============================================================================
--- cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
(original)
+++ cxf/trunk/services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/repo/ldap/LDAPCertificateRepoTest.java
Tue Dec 31 10:48:22 2013
@@ -130,7 +130,7 @@ public class LDAPCertificateRepoTest {
 
         c.replay();
         UseKeyWithType key = new UseKeyWithType();
-        key.setApplication(Applications.SERVICE_SOAP.getUri());
+        key.setApplication(Applications.SERVICE_NAME.getUri());
         key.setIdentifier(EXPECTED_SERVICE_URI);
         ldapCertRepo.saveCertificate(cert, key);
         c.verify();



Mime
View raw message