Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 798FF10671 for ; Tue, 5 May 2015 14:30:08 +0000 (UTC) Received: (qmail 58454 invoked by uid 500); 5 May 2015 14:30:08 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 58381 invoked by uid 500); 5 May 2015 14:30:08 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 58248 invoked by uid 99); 5 May 2015 14:30:08 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 May 2015 14:30:08 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id EAE2CE042F; Tue, 5 May 2015 14:30:07 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Tue, 05 May 2015 14:30:07 -0000 Message-Id: <3b6b1bf940334a8e85100d6af3b41895@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/3] cxf-fediz git commit: More cleanup work Repository: cxf-fediz Updated Branches: refs/heads/master 5ad84a6ff -> 30b672396 More cleanup work Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/30b67239 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/30b67239 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/30b67239 Branch: refs/heads/master Commit: 30b672396b6a20ce3d9c9185cb8e8d3d1dc0a103 Parents: 9a8c751 Author: Colm O hEigeartaigh Authored: Tue May 5 15:29:34 2015 +0100 Committer: Colm O hEigeartaigh Committed: Tue May 5 15:29:52 2015 +0100 ---------------------------------------------------------------------- .../cxf/fediz/core/config/FedizContext.java | 51 +------------------- .../core/processor/FederationProcessorImpl.java | 4 +- .../apache/cxf/fediz/core/util/CertsUtils.java | 28 +++++------ .../was/mapper/FileBasedRoleToGroupMapper.java | 21 ++++---- .../java/org/apache/cxf/fediz/sts/Utils.java | 6 ++- 5 files changed, 32 insertions(+), 78 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30b67239/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java index 06476fe..489fafe 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java @@ -19,14 +19,10 @@ package org.apache.cxf.fediz.core.config; -import java.io.BufferedInputStream; import java.io.Closeable; import java.io.File; import java.io.IOException; -import java.io.InputStream; import java.math.BigInteger; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; @@ -43,12 +39,12 @@ import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType; import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType; import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers; import org.apache.cxf.fediz.core.exception.IllegalConfigurationException; +import org.apache.cxf.fediz.core.util.CertsUtils; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.cache.ReplayCacheFactory; import org.apache.wss4j.common.crypto.CertificateStore; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; -import org.apache.wss4j.common.crypto.Merlin; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.Loader; import org.slf4j.Logger; @@ -113,7 +109,7 @@ public class FedizContext implements Closeable { try { if (manager.getKeyStore().getType().equalsIgnoreCase("PEM")) { X509Certificate[] certificates = new X509Certificate[1]; - certificates[0] = readX509Certificate(tm.getName()); + certificates[0] = CertsUtils.getX509Certificate(tm.getName(), classloader); crypto = new CertificateStore(certificates); } else { Properties sigProperties = createCryptoProperties(manager); @@ -351,49 +347,6 @@ public class FedizContext implements Closeable { return p; } - private X509Certificate readX509Certificate(String filename) { - Certificate cert = null; - BufferedInputStream bis = null; - try { - ClassLoader cl = getClassloader(); - if (cl == null) { - cl = Thread.currentThread().getContextClassLoader(); - } - InputStream is = Merlin.loadInputStream(cl, filename); - - bis = new BufferedInputStream(is); - - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - - if (bis.available() > 0) { - cert = cf.generateCertificate(bis); - if (!(cert instanceof X509Certificate)) { - LOG.error("Certificate " + filename + " is not of type X509Certificate"); - throw new IllegalConfigurationException("Certificate " - + filename + " is not of type X509Certificate"); - } - if (bis.available() > 0) { - LOG.warn("There are more certificates configured in " + filename + ". Only first is parsed"); - } - return (X509Certificate)cert; - } else { - LOG.error("No bytes can be read in certificate file " + filename); - throw new IllegalConfigurationException("No bytes can be read in certificate file " + filename); - } - } catch (IllegalConfigurationException ex) { - throw ex; - } catch (Exception ex) { - LOG.error("Failed to read certificate file " + filename, ex); - throw new IllegalConfigurationException("Failed to read certificate file " + filename, ex); - } finally { - try { - bis.close(); - } catch (IOException ex) { - LOG.error("Failed to close certificate file " + filename, ex); - } - } - } - public ClassLoader getClassloader() { return classloader; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30b67239/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java index 0fc6a15..f828bbf 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java @@ -28,7 +28,7 @@ import java.net.URLEncoder; import java.security.cert.Certificate; import java.text.DateFormat; import java.text.ParseException; -import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.List; import java.util.Map; @@ -642,7 +642,7 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { @Override public List handleToken(Element arg0, RequestData arg1, WSDocInfo arg2) throws WSSecurityException { - return new ArrayList(); + return Collections.emptyList(); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30b67239/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java index ad338f4..0737ea1 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java @@ -44,19 +44,23 @@ public final class CertsUtils { } public static X509Certificate getX509Certificate(String filename) { - Certificate cert = null; - BufferedInputStream bis = null; - try { - - InputStream is = Merlin.loadInputStream(Thread.currentThread().getContextClassLoader(), filename); - - //FileInputStream fis = new FileInputStream(filename); - bis = new BufferedInputStream(is); + return getX509Certificate(filename, + Thread.currentThread().getContextClassLoader()); + } + + public static X509Certificate getX509Certificate(String filename, ClassLoader classLoader) { + ClassLoader cl = classLoader; + if (cl == null) { + cl = Thread.currentThread().getContextClassLoader(); + } + + try (InputStream is = Merlin.loadInputStream(cl, filename); + BufferedInputStream bis = new BufferedInputStream(is)) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); if (bis.available() > 0) { - cert = cf.generateCertificate(bis); + Certificate cert = cf.generateCertificate(bis); if (!(cert instanceof X509Certificate)) { LOG.error("Certificate " + filename + " is not of type X509Certificate"); throw new RuntimeException("Certificate " @@ -73,12 +77,6 @@ public final class CertsUtils { } catch (Exception ex) { LOG.error("Failed to read certificate file " + filename, ex); throw new RuntimeException("Failed to read certificate file " + filename, ex); - } finally { - try { - bis.close(); - } catch (IOException ex) { - LOG.error("Failed to close certificate file " + filename, ex); - } } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30b67239/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java ---------------------------------------------------------------------- diff --git a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java index ce28b7b..87af215 100644 --- a/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java +++ b/plugins/websphere/src/main/java/org/apache/cxf/fediz/was/mapper/FileBasedRoleToGroupMapper.java @@ -168,19 +168,20 @@ public class FileBasedRoleToGroupMapper implements RoleToGroupMapper { } private Map> loadMappingFile() throws FileNotFoundException, JAXBException { - InputSource input = new InputSource(new FileInputStream(groupMappingFilename)); - JAXBContext context = JAXBContext.newInstance(Mapping.class); - Mapping localmappings = (Mapping) context.createUnmarshaller().unmarshal(input); - Map> map = new HashMap<>(10); - Iterator i = localmappings.getSamlToJ2EE().iterator(); - while (i.hasNext()) { - SamlToJ2EE mapping = i.next(); - if (LOG.isDebugEnabled()) { - LOG.debug("{} mapped to {} entries", mapping.getClaim(), mapping.getGroups().getJ2EeGroup().size()); + try (InputSource input = new InputSource(new FileInputStream(groupMappingFilename))) { + JAXBContext context = JAXBContext.newInstance(Mapping.class); + Mapping localmappings = (Mapping) context.createUnmarshaller().unmarshal(input); + + Iterator i = localmappings.getSamlToJ2EE().iterator(); + while (i.hasNext()) { + SamlToJ2EE mapping = i.next(); + if (LOG.isDebugEnabled()) { + LOG.debug("{} mapped to {} entries", mapping.getClaim(), mapping.getGroups().getJ2EeGroup().size()); + } + map.put(mapping.getClaim(), mapping.getGroups().getJ2EeGroup()); } - map.put(mapping.getClaim(), mapping.getGroups().getJ2EeGroup()); } return map; http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30b67239/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java ---------------------------------------------------------------------- diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java index 56e1805..9bee17f 100644 --- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java +++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/Utils.java @@ -96,8 +96,10 @@ public final class Utils { char[] password = ksPassword != null ? ksPassword.toCharArray() : null; // We just use the default Keystore provider KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(new FileInputStream(file), password); + try (FileInputStream inputStream = new FileInputStream(file)) { + keyStore.load(inputStream, password); + } return keyStore; } -} \ No newline at end of file +}