cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf-fediz git commit: Crypto refactor
Date Mon, 21 Mar 2016 17:03:30 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 44b61cfae -> d6e13e521


Crypto refactor


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d86ce5c6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d86ce5c6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d86ce5c6

Branch: refs/heads/master
Commit: d86ce5c699acb4b032ad3e794811c28fdd05a28d
Parents: 44b61cf
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 21 11:10:03 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 21 11:10:03 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/core/config/FedizContext.java     |   2 +-
 .../cxf/fediz/core/metadata/MetadataWriter.java |   2 +-
 .../apache/cxf/fediz/core/util/CertsUtils.java  | 116 ++++++++++++++++---
 .../cxf/fediz/core/util/SignatureUtils.java     |   2 +-
 .../idp/beans/samlsso/SamlResponseCreator.java  |  35 +-----
 .../service/idp/metadata/IdpMetadataWriter.java |   4 +-
 .../idp/metadata/ServiceMetadataWriter.java     |   4 +-
 .../AbstractTrustedIdpProtocolHandler.java      |  72 ------------
 .../TrustedIdpOIDCProtocolHandler.java          |   5 +-
 .../TrustedIdpSAMLProtocolHandler.java          |   6 +-
 .../TrustedIdpWSFedProtocolHandler.java         |   2 +-
 11 files changed, 114 insertions(+), 136 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index bb352f8..d67d49b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -110,7 +110,7 @@ public class FedizContext implements Closeable {
             try {
                 if (manager.getKeyStore().getType().equalsIgnoreCase("PEM")) {
                     X509Certificate[] certificates = new X509Certificate[1];
-                    certificates[0] = CertsUtils.getX509Certificate(tm.getName(), classloader);
+                    certificates[0] = CertsUtils.getX509CertificateFromFile(tm.getName(),
classloader);
                     crypto = new CertificateStore(certificates);
                 } else {
                     Properties sigProperties = createCryptoProperties(manager);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
index 228fd59..076f861 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
@@ -295,7 +295,7 @@ public class MetadataWriter {
                 keyAlias = config.getSigningKey().getCrypto().getDefaultX509Identifier();
             }
             X509Certificate cert = 
-                CertsUtils.getX509Certificate(config.getSigningKey().getCrypto(), keyAlias);
+                CertsUtils.getX509CertificateFromCrypto(config.getSigningKey().getCrypto(),
keyAlias);
             if (cert == null) {
                 throw new ProcessingException(
                     "No signing certs were found to insert into the metadata using name:
" 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
index 038de09..a1e2848 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
@@ -27,8 +27,11 @@ import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 import java.util.Properties;
 
+import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.wss4j.common.crypto.CertificateStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
@@ -47,12 +50,18 @@ public final class CertsUtils {
         super();
     }
     
-    public static X509Certificate getX509Certificate(String filename) throws CertificateException
{
-        return getX509Certificate(filename,
+    /**
+     * Load an X.509 Certificate from a certificate file
+     */
+    public static X509Certificate getX509CertificateFromFile(String filename) throws CertificateException
{
+        return getX509CertificateFromFile(filename,
                                   Thread.currentThread().getContextClassLoader());
     }
     
-    public static X509Certificate getX509Certificate(String filename, ClassLoader classLoader)

+    /**
+     * Load an X.509 Certificate from a certificate file
+     */
+    public static X509Certificate getX509CertificateFromFile(String filename, ClassLoader
classLoader) 
         throws CertificateException {
         if (filename == null) {
             return null;
@@ -92,7 +101,62 @@ public final class CertsUtils {
         }
     }
     
-    public static Crypto createCrypto(String filename) {
+    /**
+     * Load an X.509 Certificate from a WSS4J Crypto instance using a keystore alias
+     */
+    public static X509Certificate getX509CertificateFromCrypto(Crypto crypto, String keyAlias)

+        throws WSSecurityException {
+        if (keyAlias == null || "".equals(keyAlias)) {
+            keyAlias = crypto.getDefaultX509Identifier();
+        }
+        
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(keyAlias);
+        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+        if (issuerCerts == null || issuerCerts.length == 0) {
+            throw new RuntimeException(
+                    "No issuer certs were found to sign the metadata using issuer name: "
+                            + keyAlias);
+        }
+        return issuerCerts[0];
+    }
+    
+    /**
+     * Parse a String parameter into an X.509 Certificate. The parameter can be either the
encoded cert, or else
+     * a filename containing the certificate.
+     */
+    public static X509Certificate parseX509Certificate(String certificate) 
+        throws CertificateException, WSSecurityException, ProcessingException, Base64DecodingException,
IOException {
+        if (certificate == null) {
+            return null;
+        }
+        
+        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
+        if (isCertificateLocation) {
+            try {
+                return CertsUtils.getX509CertificateFromFile(certificate);
+            } catch (CertificateException ex) {
+                // Maybe it's a WSS4J properties file...
+                Crypto crypto = CertsUtils.getCryptoFromFile(certificate);
+                if (crypto != null) {
+                    return CertsUtils.getX509CertificateFromCrypto(crypto, null);
+                }
+            }
+        } 
+        
+        // Here the certificate is encoded in the configuration file
+        try {
+            return CertsUtils.parseCertificate(certificate);
+        } catch (Exception ex) {
+            LOG.error("Failed to parse trusted certificate", ex);
+            throw new ProcessingException("Failed to parse trusted certificate");
+        }
+    }
+   
+    /**
+     * Get a Crypto instance from a file
+     */
+    public static Crypto getCryptoFromFile(String filename) {
         Crypto crypto = null;
         Properties prop = new Properties();
         try {
@@ -110,26 +174,43 @@ public final class CertsUtils {
         return crypto;
     }
     
-    public static X509Certificate getX509Certificate(Crypto crypto, String keyAlias) throws
WSSecurityException {
-        if (keyAlias == null || "".equals(keyAlias)) {
-            keyAlias = crypto.getDefaultX509Identifier();
+    /**
+     * Get a crypto instance using a certificate
+     */
+    public static Crypto getCryptoFromCertificate(String certificate) throws ProcessingException
{
+        if (certificate == null) {
+            return null;
         }
         
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-        cryptoType.setAlias(keyAlias);
-        X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
-        if (issuerCerts == null || issuerCerts.length == 0) {
-            throw new RuntimeException(
-                    "No issuer certs were found to sign the metadata using issuer name: "
-                            + keyAlias);
+        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
+        if (isCertificateLocation) {
+            try {
+                X509Certificate cert = CertsUtils.getX509CertificateFromFile(certificate);
+                if (cert == null) {
+                    return null;
+                }
+                return new CertificateStore(new X509Certificate[]{cert});
+            } catch (CertificateException ex) {
+                // Maybe it's a WSS4J properties file...
+                return CertsUtils.getCryptoFromFile(certificate);
+            }
+        } 
+        
+        // Here the certificate is encoded in the configuration file
+        X509Certificate cert;
+        try {
+            cert = CertsUtils.parseCertificate(certificate);
+        } catch (Exception ex) {
+            LOG.error("Failed to parse trusted certificate", ex);
+            throw new ProcessingException("Failed to parse trusted certificate");
         }
-        return issuerCerts[0];
+        return new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
     }
     
-    public static X509Certificate parseCertificate(String certificate)
+    private static X509Certificate parseCertificate(String certificate)
         throws CertificateException, Base64DecodingException, IOException {
         
-        //before decoding we need to get rod off the prefix and suffix
+        //before decoding we need to get rid off the prefix and suffix
         byte[] decoded = Base64.decode(certificate.replaceAll("-----BEGIN CERTIFICATE-----",
"").
                                         replaceAll("-----END CERTIFICATE-----", ""));
 
@@ -137,4 +218,5 @@ public final class CertsUtils {
             return (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(is);
         }
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index c7b55dd..5ea2b12 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -60,7 +60,7 @@ public final class SignatureUtils {
         if (keyAlias == null || "".equals(keyAlias)) {
             keyAlias = crypto.getDefaultX509Identifier();
         }
-        X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+        X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
 //    }
     
 /*    public static ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream
metaInfo,

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
index 2d8da15..9e27a3a 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/samlsso/SamlResponseCreator.java
@@ -19,8 +19,6 @@
 package org.apache.cxf.fediz.service.idp.beans.samlsso;
 
 import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.List;
 
@@ -40,7 +38,6 @@ import org.apache.cxf.fediz.service.idp.samlsso.SAML2PResponseComponentBuilder;
 import org.apache.cxf.fediz.service.idp.util.WebUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
-import org.apache.wss4j.common.crypto.CertificateStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLCallback;
@@ -138,7 +135,7 @@ public class SamlResponseCreator {
         SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
-        Crypto issuerCrypto = getCrypto(idp.getCertificate());
+        Crypto issuerCrypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
         assertion.signAssertion(issuerCrypto.getDefaultX509Identifier(), idp.getCertificatePassword(),

                                 issuerCrypto, false);
         
@@ -164,36 +161,6 @@ public class SamlResponseCreator {
         return Base64Utility.encode(responseMessage.getBytes());
     }
     
-    private Crypto getCrypto(String certificate) throws ProcessingException {
-        if (certificate == null) {
-            return null;
-        }
-        
-        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
-        if (isCertificateLocation) {
-            try {
-                X509Certificate cert = CertsUtils.getX509Certificate(certificate);
-                if (cert == null) {
-                    return null;
-                }
-                return new CertificateStore(new X509Certificate[]{cert});
-            } catch (CertificateException ex) {
-                // Maybe it's a WSS4J properties file...
-                return CertsUtils.createCrypto(certificate);
-            }
-        } 
-        
-        // Here the certificate is encoded in the configuration file
-        X509Certificate cert;
-        try {
-            cert = CertsUtils.parseCertificate(certificate);
-        } catch (Exception ex) {
-            LOG.error("Failed to parse trusted certificate", ex);
-            throw new ProcessingException("Failed to parse trusted certificate");
-        }
-        return new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
-    }
-
     public boolean isSupportDeflateEncoding() {
         return supportDeflateEncoding;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
index 0d9b0b1..7c5baec 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/IdpMetadataWriter.java
@@ -50,7 +50,7 @@ public class IdpMetadataWriter {
     public Document getMetaData(Idp config) throws RuntimeException {
         try {
             //Return as text/xml
-            Crypto crypto = CertsUtils.createCrypto(config.getCertificate());
+            Crypto crypto = CertsUtils.getCryptoFromFile(config.getCertificate());
 
             W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
 
@@ -123,7 +123,7 @@ public class IdpMetadataWriter {
 
         try {
             String keyAlias = crypto.getDefaultX509Identifier();
-            X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+            X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
             writer.writeCharacters(Base64.encode(cert.getEncoded()));
         } catch (Exception ex) {
             LOG.error("Failed to add certificate information to metadata. Metadata incomplete",
ex);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
index 5eb794c..3118d8f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/metadata/ServiceMetadataWriter.java
@@ -53,7 +53,7 @@ public class ServiceMetadataWriter {
     public Document getMetaData(Idp config, TrustedIdp serviceConfig) throws ProcessingException
{
 
         try {
-            Crypto crypto = CertsUtils.createCrypto(config.getCertificate());
+            Crypto crypto = CertsUtils.getCryptoFromFile(config.getCertificate());
             
             W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
 
@@ -180,7 +180,7 @@ public class ServiceMetadataWriter {
             // Write the Base-64 encoded certificate
             
             String keyAlias = crypto.getDefaultX509Identifier();
-            X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+            X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, keyAlias);
             
             if (cert == null) {
                 throw new ProcessingException(

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
index fb3ec72..2329eb2 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/AbstractTrustedIdpProtocolHandler.java
@@ -19,93 +19,21 @@
 
 package org.apache.cxf.fediz.service.idp.protocols;
 
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.cxf.fediz.core.exception.ProcessingException;
-import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.service.idp.domain.TrustedIdp;
 import org.apache.cxf.fediz.service.idp.spi.TrustedIdpProtocolHandler;
-import org.apache.wss4j.common.crypto.CertificateStore;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.xml.security.exceptions.Base64DecodingException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 public abstract class AbstractTrustedIdpProtocolHandler implements TrustedIdpProtocolHandler
{
     
-    private static final Logger LOG = LoggerFactory.getLogger(AbstractTrustedIdpProtocolHandler.class);
-    
     @Override
     public boolean canHandleRequest(HttpServletRequest request) {
         // TODO Auto-generated method stub
         return false;
     }
 
-    protected Crypto getCrypto(String certificate) throws ProcessingException {
-        if (certificate == null) {
-            return null;
-        }
-        
-        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
-        if (isCertificateLocation) {
-            try {
-                X509Certificate cert = CertsUtils.getX509Certificate(certificate);
-                if (cert == null) {
-                    return null;
-                }
-                return new CertificateStore(new X509Certificate[]{cert});
-            } catch (CertificateException ex) {
-                // Maybe it's a WSS4J properties file...
-                return CertsUtils.createCrypto(certificate);
-            }
-        } 
-        
-        // Here the certificate is encoded in the configuration file
-        X509Certificate cert;
-        try {
-            cert = CertsUtils.parseCertificate(certificate);
-        } catch (Exception ex) {
-            LOG.error("Failed to parse trusted certificate", ex);
-            throw new ProcessingException("Failed to parse trusted certificate");
-        }
-        return new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0]));
-    }
-    
-    protected X509Certificate getCertificate(String certificate) 
-        throws CertificateException, WSSecurityException, ProcessingException, Base64DecodingException,
IOException {
-        if (certificate == null) {
-            return null;
-        }
-        
-        boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE");
-        if (isCertificateLocation) {
-            try {
-                return CertsUtils.getX509Certificate(certificate);
-            } catch (CertificateException ex) {
-                // Maybe it's a WSS4J properties file...
-                Crypto crypto = CertsUtils.createCrypto(certificate);
-                if (crypto != null) {
-                    return CertsUtils.getX509Certificate(crypto, null);
-                }
-            }
-        } 
-        
-        // Here the certificate is encoded in the configuration file
-        try {
-            return CertsUtils.parseCertificate(certificate);
-        } catch (Exception ex) {
-            LOG.error("Failed to parse trusted certificate", ex);
-            throw new ProcessingException("Failed to parse trusted certificate");
-        }
-    }
-    
     protected String getProperty(TrustedIdp trustedIdp, String property) {
         Map<String, String> parameters = trustedIdp.getParameters();
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
index 0f40056..1359a8b 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpOIDCProtocolHandler.java
@@ -42,6 +42,7 @@ import org.w3c.dom.Element;
 
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
+import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.service.idp.IdpConstants;
 import org.apache.cxf.fediz.service.idp.domain.Idp;
@@ -364,7 +365,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpProtocolHan
             return jwtConsumer.verifySignatureWith(verifyingKey, SignatureAlgorithm.getAlgorithm(sigAlgo));
         }
         
-        X509Certificate validatingCert = getCertificate(trustedIdp.getCertificate());
+        X509Certificate validatingCert = CertsUtils.parseX509Certificate(trustedIdp.getCertificate());
         if (validatingCert != null) {
             return jwtConsumer.verifySignatureWith(validatingCert, SignatureAlgorithm.getAlgorithm(sigAlgo));
         }
@@ -421,7 +422,7 @@ public class TrustedIdpOIDCProtocolHandler extends AbstractTrustedIdpProtocolHan
         
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
         
-        Crypto crypto = getCrypto(idp.getCertificate());
+        Crypto crypto = CertsUtils.getCryptoFromCertificate(idp.getCertificate());
         assertion.signAssertion(crypto.getDefaultX509Identifier(), idp.getCertificatePassword(),

                                 crypto, false);
         

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 00df355..3f5c0a2 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -187,7 +187,7 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
             org.opensaml.saml.saml2.core.Response samlResponse = 
                 readSAMLResponse(encodedSAMLResponse, trustedIdp);
             
-            Crypto crypto = getCrypto(trustedIdp.getCertificate());
+            Crypto crypto = CertsUtils.getCryptoFromCertificate(trustedIdp.getCertificate());
             validateSamlResponseProtocol(samlResponse, crypto, trustedIdp);
             // Validate the Response
             SSOValidatorResponse validatorResponse = 
@@ -241,14 +241,14 @@ public class TrustedIdpSAMLProtocolHandler extends AbstractTrustedIdpProtocolHan
         Idp config,
         UriBuilder ub
     ) throws Exception {
-        Crypto crypto = getCrypto(config.getCertificate());
+        Crypto crypto = CertsUtils.getCryptoFromCertificate(config.getCertificate());
         if (crypto == null) {
             LOG.error("No crypto instance of properties file configured for signature");
             throw new IllegalStateException("Invalid IdP configuration");
         }
         
         String alias = crypto.getDefaultX509Identifier();
-        X509Certificate cert = CertsUtils.getX509Certificate(crypto, alias);
+        X509Certificate cert = CertsUtils.getX509CertificateFromCrypto(crypto, alias);
         if (cert == null) {
             LOG.error("No cert was found to sign the request using alias: " + alias);
             throw new IllegalStateException("Invalid IdP configuration");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d86ce5c6/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
index c823e32..25a5e9c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpWSFedProtocolHandler.java
@@ -214,7 +214,7 @@ public class TrustedIdpWSFedProtocolHandler extends AbstractTrustedIdpProtocolHa
             
             X509Certificate cert;
             try {
-                cert = CertsUtils.parseCertificate(trustedIdpConfig.getCertificate());
+                cert = CertsUtils.parseX509Certificate(trustedIdpConfig.getCertificate());
             } catch (Exception ex) {
                 LOG.error("Failed to parse trusted certificate", ex);
                 throw new ProcessingException("Failed to parse trusted certificate");


Mime
View raw message