cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1571104 - in /cxf/fediz/trunk: plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
Date Sun, 23 Feb 2014 21:59:40 GMT
Author: owulff
Date: Sun Feb 23 21:59:40 2014
New Revision: 1571104

URL: http://svn.apache.org/r1571104
Log:
Support PEM Certificate stored in DB

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1571104&r1=1571103&r2=1571104&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java
Sun Feb 23 21:59:40 2014
@@ -32,18 +32,28 @@ public class TrustManager {
         super();
         this.trustManagerType = trustManagerType;
     }
+    
+    public TrustManager(Crypto crypto) {
+        super();
+        this.crypto = crypto;
+    }
 
     public String getName() {
         if (name != null) {
             return name;
         }
-        if (trustManagerType.getKeyStore().getFile() != null) {
-            name = trustManagerType.getKeyStore().getFile();
-        } else if (trustManagerType.getKeyStore().getUrl() != null) {
-            name = trustManagerType.getKeyStore().getUrl();
-        } else if (trustManagerType.getKeyStore().getResource() != null) {
-            name = trustManagerType.getKeyStore().getResource();
+        if (trustManagerType == null) {
+            name = "N.A.";
+        } else {
+            if (trustManagerType.getKeyStore().getFile() != null) {
+                name = trustManagerType.getKeyStore().getFile();
+            } else if (trustManagerType.getKeyStore().getUrl() != null) {
+                name = trustManagerType.getKeyStore().getUrl();
+            } else if (trustManagerType.getKeyStore().getResource() != null) {
+                name = trustManagerType.getKeyStore().getResource();
+            }
         }
+        
         return name;
     }
 
@@ -56,15 +66,27 @@ public class TrustManager {
     }
     
     public int hashCode() {
-        return trustManagerType.hashCode();
+        if (trustManagerType == null) {
+            return super.hashCode();
+        } else {
+            return trustManagerType.hashCode();
+        }
     }
     
     public boolean equals(Object obj) {
-        return trustManagerType.equals(obj);
+        if (trustManagerType == null) {
+            return super.equals(obj);
+        } else {
+            return trustManagerType.equals(obj);
+        }
     }
 
     public String toString() {
-        return trustManagerType.toString();
+        if (trustManagerType == null) {
+            return super.toString();
+        } else {
+            return trustManagerType.toString();
+        }
     }
     
 

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java?rev=1571104&r1=1571103&r2=1571104&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java
Sun Feb 23 21:59:40 2014
@@ -18,7 +18,12 @@
  */
 package org.apache.cxf.fediz.service.idp.beans;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
 
 import org.w3c.dom.Element;
 import org.apache.cxf.fediz.core.FederationConstants;
@@ -27,6 +32,7 @@ import org.apache.cxf.fediz.core.Federat
 import org.apache.cxf.fediz.core.FederationRequest;
 import org.apache.cxf.fediz.core.FederationResponse;
 import org.apache.cxf.fediz.core.config.FederationContext;
+import org.apache.cxf.fediz.core.config.TrustManager;
 import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
 import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
 import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
@@ -42,7 +48,10 @@ import org.apache.cxf.fediz.service.idp.
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.wss4j.common.crypto.CertificateStore;
+import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.Base64;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.webflow.execution.RequestContext;
@@ -136,17 +145,21 @@ public class ValidateTokenAction {
         config.setName("whatever");
 
         // Configure certificate store
-        CertificateStores certStores = new CertificateStores();
-        TrustManagersType tm0 = new TrustManagersType();
-        KeyStoreType ks0 = new KeyStoreType();
-        ks0.setType("PEM");
-        // ks0.setType("JKS");
-        // ks0.setPassword("changeit");
-        ks0.setFile(trustedIdpConfig.getCertificate());
-        tm0.setKeyStore(ks0);
-        certStores.getTrustManager().add(tm0);
-        config.setCertificateStores(certStores);
-
+        String certificate = trustedIdpConfig.getCertificate();
+        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
+        if (isCertificateLocation) {
+            CertificateStores certStores = new CertificateStores();
+            TrustManagersType tm0 = new TrustManagersType();
+            KeyStoreType ks0 = new KeyStoreType();
+            ks0.setType("PEM");
+            // ks0.setType("JKS");
+            // ks0.setPassword("changeit");
+            ks0.setFile(trustedIdpConfig.getCertificate());
+            tm0.setKeyStore(ks0);
+            certStores.getTrustManager().add(tm0);
+            config.setCertificateStores(certStores);
+        }
+        
         // Configure trusted IDP
         TrustedIssuers trustedIssuers = new TrustedIssuers();
         TrustedIssuerType ti0 = new TrustedIssuerType();
@@ -164,8 +177,35 @@ public class ValidateTokenAction {
         config.setAudienceUris(audienceUris);
 
         FederationContext fedContext = new FederationContext(config);
+        if (!isCertificateLocation) {
+            CertificateStore cs = null;
+            
+            X509Certificate cert;
+            try {
+                cert = parseCertificate(trustedIdpConfig.getCertificate());
+            } catch (Exception ex) {
+                LOG.error("Failed to parse trusted certificate", ex);
+                throw new ProcessingException("Failed to parse trusted certificate");
+            }
+            cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
+            
+            TrustManager tm = new TrustManager(cs);
+            fedContext.getCertificateStores().add(tm);
+        }
+        
         fedContext.init();
         return fedContext;
     }
+    
+    private X509Certificate parseCertificate(String certificate)
+        throws CertificateException, Base64DecodingException {
+        
+        //before decoding we need to get rod off the prefix and suffix
+        byte [] decoded = Base64.decode(certificate.replaceAll("-----BEGIN CERTIFICATE-----",
"").
+                                        replaceAll("-----END CERTIFICATE-----", ""));
+
+        return (X509Certificate)CertificateFactory.getInstance("X.509").
+            generateCertificate(new ByteArrayInputStream(decoded));
+    }
 
 }



Mime
View raw message