juddi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alexo...@apache.org
Subject juddi git commit: JUDDI-862 added and documented
Date Mon, 19 Jan 2015 22:14:30 GMT
Repository: juddi
Updated Branches:
  refs/heads/master 75f1a2b7d -> 6e03b8244


JUDDI-862 added and documented


Project: http://git-wip-us.apache.org/repos/asf/juddi/repo
Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/6e03b824
Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/6e03b824
Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/6e03b824

Branch: refs/heads/master
Commit: 6e03b82446f162a3cb3b6ac4c27acdf847afefd9
Parents: 75f1a2b
Author: Alex <alexoree@apache.org>
Authored: Mon Jan 19 17:14:02 2015 -0500
Committer: Alex <alexoree@apache.org>
Committed: Mon Jan 19 17:14:02 2015 -0500

----------------------------------------------------------------------
 .../en-US/GuideConfigurationServer.asciidoc     |   9 +
 .../juddi/v3/client/cryptor/DigSigUtil.java     | 147 +++++--
 .../java/org/apache/juddi/config/Property.java  | 401 ++++++++++---------
 .../juddi/validation/ValidatePublish.java       | 127 +++++-
 .../src/main/resources/messages.properties      |   3 +-
 .../src/test/resources/juddiv3-enc-3des.xml     |  13 +
 .../src/test/resources/juddiv3-enc-aes128.xml   |  13 +
 .../src/test/resources/juddiv3-enc-aes256.xml   |  13 +
 .../src/test/resources/juddiv3-enc-default.xml  |  13 +
 juddi-core/src/test/resources/juddiv3.xml       |  13 +
 .../resources/juddiv3DisabledTModelKeybag.xml   |  13 +
 .../org/apache/juddi/samples/EntryPoint.java    |   6 +
 .../juddi/samples/UddiDigitalSignatureFile.java | 160 ++++++++
 juddi-tomcat/juddiv3Node2.xml                   |  13 +
 .../src/main/webapp/WEB-INF/classes/juddiv3.xml |  13 +
 .../org/apache/juddi/v3/tck/TckBusiness.java    |   8 +-
 16 files changed, 732 insertions(+), 233 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/docs/asciidoc/Guide/en-US/GuideConfigurationServer.asciidoc
----------------------------------------------------------------------
diff --git a/docs/asciidoc/Guide/en-US/GuideConfigurationServer.asciidoc b/docs/asciidoc/Guide/en-US/GuideConfigurationServer.asciidoc
index cb746ed..598e5f5 100644
--- a/docs/asciidoc/Guide/en-US/GuideConfigurationServer.asciidoc
+++ b/docs/asciidoc/Guide/en-US/GuideConfigurationServer.asciidoc
@@ -143,6 +143,15 @@ RMI Proxy properties that can be referenced in the _juddiv3.xml_ file and is onl
 |===========================================================================================
 |Property Name                   |Description         |Required     |Default Value or [Example Value]
 |_juddi/validation/enforceReferentialIntegrity_|As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelInstanceParms and anything else that references a KeyName default value is true. Set to false for backwards compatibility or for a more lax registry.|N|[_true_]
+|_juddi/validation/rejectInvalidSignatures/enable | Enables or Disables the validation of signatures when a publisher attempts to save an entity | N | false
+|_juddi/validation/rejectInvalidSignatures/enable/trustStorePath | Path to the trust store. Can be overridden via system properties. If not specified, the Windows trust store will be used, else the default JRE trust store will be used. | N | [truststore.jks]
+|_juddi/validation/rejectInvalidSignatures/trustStoreType | The type of store to use | N | JKS
+|_juddi/validation/rejectInvalidSignatures/trustStorePassword | The clear text or encrypted password to the trust store | N | 
+|_juddi/validation/rejectInvalidSignatures/trustStorePassword@isPasswordEncrypted | True/False | N | false
+|_juddi/validation/rejectInvalidSignatures/trustStorePassword@cryptoProvider | A cryptographic provider, representing the one that was used to encrypt | 
+|_juddi/validation/rejectInvalidSignatures/checkTimestamps | If true, certificates are checked against the time validity | N | false
+|_juddi/validation/rejectInvalidSignatures/checkTrust | If true, the certificates trust chain is validated against the trust store | N | false
+|_juddi/validation/rejectInvalidSignatures/checkRevocationCRL | If true, the certificate will attempted to be validated using online certificate revocation protocols | N | false
 |===========================================================================================
 
 

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
----------------------------------------------------------------------
diff --git a/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java b/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
index 80f317b..fd8628d 100644
--- a/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
+++ b/juddi-client/src/main/java/org/apache/juddi/v3/client/cryptor/DigSigUtil.java
@@ -17,6 +17,7 @@ package org.apache.juddi.v3.client.cryptor;
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.StringWriter;
@@ -149,8 +150,38 @@ public class DigSigUtil {
         public final static String SIGNATURE_KEYSTORE_FILE_PASSWORD = "filePassword";
         public final static String SIGNATURE_KEYSTORE_KEY_PASSWORD = "keyPassword";
         public final static String SIGNATURE_KEYSTORE_KEY_ALIAS = "keyAlias";
+        /**
+         *
+         * trust loaded as follows
+         * system property via file
+         * programmatically specified map via file
+         * programmatically specified map thread classloader lookup
+         * programmatically specified map this class's classloader lookup
+         * windows trust store
+         * JDK provided trust store
+         */
         public final static String TRUSTSTORE_FILE = "trustStorePath";
+        /**
+         *
+         * trust loaded as follows
+         * system property via file
+         * programmatically specified map via file
+         * programmatically specified map thread classloader lookup
+         * programmatically specified map this class's classloader lookup
+         * windows trust store
+         * JDK provided trust store
+         */
         public final static String TRUSTSTORE_FILETYPE = "trustStoreType";
+        /**
+         *
+         * trust loaded as follows
+         * system property via file
+         * programmatically specified map via file
+         * programmatically specified map thread classloader lookup
+         * programmatically specified map this class's classloader lookup
+         * windows trust store
+         * JDK provided trust store
+         */
         public final static String TRUSTSTORE_FILE_PASSWORD = "trustStorePassword";
         /**
          * default is CanonicalizationMethod.EXCLUSIVE
@@ -618,6 +649,17 @@ public class DigSigUtil {
                 }
         }
 
+        /**
+         * trust loaded as follows
+         * system property via file
+         * programmatically specified map via file
+         * programmatically specified map thread classloader lookup
+         * programmatically specified map this class's classloader lookup
+         * windows trust store
+         * JDK provided trust store
+         * @return
+         * @throws Exception 
+         */
         private KeyStore GetTrustStore() throws Exception {
                 String type = map.getProperty(TRUSTSTORE_FILETYPE);
                 if (type == null) {
@@ -626,17 +668,61 @@ public class DigSigUtil {
                 KeyStore ks = KeyStore.getInstance(type);
                 boolean ksLoaded = false;
 
-                //try windows trust store first
-                try {
-                        if (map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
-                                ks.load(null, null);
+                if (!ksLoaded) {
+                        String truststore = System.getProperty("javax.net.ssl.keyStore");
+                        try {
+                                
+                                String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
+                                if (truststore != null && pwd != null) {
+                                        ks.load(new File(truststore).toURI().toURL().openStream(), pwd.toCharArray());
+                                        ksLoaded = true;
+                                        logger.info("trust store loaded from sysprop " + truststore);
+                                }
+                        } catch (Exception ex) {
+                                logger.warn("unable to load truststore from sysprop " + truststore + " "  + ex.getMessage());
+                                logger.debug("unable to load truststore from sysprop " + ex.getMessage(),ex);
+                        }
+                }
+                
+                File f=new File(map.getProperty(TRUSTSTORE_FILE));
+                 //load as a file
+                if (!ksLoaded) {
+                        try {
+                                if (f.exists()){
+                                URL url = f.toURI().toURL();
+                                ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
                                 ksLoaded = true;
-                                logger.info("trust store loaded from windows");
+                                logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
+                                }
+                        } catch (Exception x) {
+                                logger.warn("unable to load truststore from file "+map.getProperty(TRUSTSTORE_FILE)+" "+ x.getMessage());
+                                logger.debug("unable to load truststore from file "+ x.getMessage(), x);
+                                
+                        }
+                }
+                
+                if (!ksLoaded) {
+                        try {
+                                //File f = new File(map.getProperty(TRUSTSTORE_FILE));
+                                if (f.exists())
+                                {
+                                        FileInputStream fis = new FileInputStream(f);
+                                        ks.load(fis, (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
+                                        fis.close();
+                                        ksLoaded = true;
+                                logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
+                                }
+                        } catch (Exception x) {
+                                logger.warn("unable to load truststore from file "+map.getProperty(TRUSTSTORE_FILE)+" "+ x.getMessage());
+                                logger.debug("unable to load truststore from file "+ x.getMessage(), x);
+                                
                         }
-                } catch (Exception ex) {
-                        logger.debug("unable to load truststore from windows", ex);
                 }
 
+                
+                
+                
+
                 //load from thread classloader
                 if (!ksLoaded) {
                         try {
@@ -645,6 +731,7 @@ public class DigSigUtil {
                                 ksLoaded = true;
                                 logger.info("trust store loaded from classpath(1) " + map.getProperty(TRUSTSTORE_FILE));
                         } catch (Exception x) {
+                                logger.warn("unable to load truststore from classpath" + map.getProperty(TRUSTSTORE_FILE) + " " +x.getMessage());
                                 logger.debug("unable to load truststore from classpath", x);
                         }
                 }
@@ -657,36 +744,11 @@ public class DigSigUtil {
                                 ksLoaded = true;
                                 logger.info("trust store loaded from classpath(2) " + map.getProperty(TRUSTSTORE_FILE));
                         } catch (Exception x) {
+                                logger.warn("unable to load truststore from classpath "+ map.getProperty(TRUSTSTORE_FILE) + " " +x.getMessage());
                                 logger.debug("unable to load truststore from classpath", x);
                         }
                 }
-                //load as a file
-                if (!ksLoaded) {
-                        try {
-                                URL url = new File(map.getProperty(TRUSTSTORE_FILE)).toURI().toURL();
-                                ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
-                                ksLoaded = true;
-                                logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
-                        } catch (Exception x) {
-                                logger.debug("unable to load truststore from file", x);
-                        }
-                }
-
-        //    logger.error("Unable to load user specified trust store! attempting to load the default", ex);
-                //load from system property
-                if (!ksLoaded) {
-                        try {
-                                String truststore = System.getProperty("javax.net.ssl.keyStore");
-                                String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
-                                if (truststore != null && pwd != null) {
-                                        ks.load(new File(truststore).toURI().toURL().openStream(), pwd.toCharArray());
-                                        ksLoaded = true;
-                                        logger.info("trust store loaded from sysprop " + truststore);
-                                }
-                        } catch (Exception ex) {
-                                logger.debug("unable to load truststore from sysprop", ex);
-                        }
-                }
+               
 
                 if (!ksLoaded) {
                         try {
@@ -695,9 +757,23 @@ public class DigSigUtil {
                                 logger.info("trust store loaded from JRE " + cacerts.toExternalForm());
                                 ksLoaded = true;
                         } catch (Exception c) {
-                                logger.debug("unable to load default JDK truststore", c);
+                                logger.warn("unable to load default JDK truststore "+ c.getMessage());
+                                logger.debug("unable to load default JDK truststore",c);
+                        }
+                }
+                
+                //try windows trust store first
+                try {
+                        if (map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
+                                ks.load(null, null);
+                                ksLoaded = true;
+                                logger.info("trust store loaded from windows");
                         }
+                } catch (Exception ex) {
+                        logger.warn("unable to load truststore from windows " +ex.getMessage());
+                        logger.debug("unable to load truststore from windows", ex);
                 }
+                
                 if (!ksLoaded) {
                         try {
                                 URL cacerts = new File(System.getenv("JAVA_HOME") + File.separator + "jre" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts").toURI().toURL();
@@ -705,6 +781,7 @@ public class DigSigUtil {
                                 logger.info("trust store loaded from JRE " + cacerts.toExternalForm());
                                 ksLoaded = true;
                         } catch (Exception c) {
+                                logger.warn("unable to load default jdk/jre truststore " +c.getMessage());
                                 logger.debug("unable to load default jdk/jre truststore", c);
                         }
                 }

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/main/java/org/apache/juddi/config/Property.java
----------------------------------------------------------------------
diff --git a/juddi-core/src/main/java/org/apache/juddi/config/Property.java b/juddi-core/src/main/java/org/apache/juddi/config/Property.java
index e855a46..e2c1641 100644
--- a/juddi-core/src/main/java/org/apache/juddi/config/Property.java
+++ b/juddi-core/src/main/java/org/apache/juddi/config/Property.java
@@ -23,198 +23,223 @@ import org.apache.juddi.v3.auth.LdapSimpleAuthenticator;
 import org.apache.juddi.v3.auth.MD5XMLDocAuthenticator;
 
 /**
- * This defines constants used for accessing information from jUDDI's juddiv3.properties file
+ * This defines constants used for accessing information from jUDDI's
+ * juddiv3.xml file
+ *
  * @author various
  */
 public interface Property {
-    
-        public final static String JUDDI_BASE_URL="juddi.server.baseurl";
-        public final static String JUDDI_BASE_URL_SECURE="juddi.server.baseurlsecure";
-        
-    public final static String JUDDI_ROOT_PUBLISHER = "juddi.root.publisher";
-    public final static String JUDDI_LOAD_INSTALL_DATA = "juddi.load.install.data";
-    public final static String JUDDI_PERSISTENCEUNIT_NAME = "juddi.persistenceunit.name";
-    public final static String JUDDI_CONFIGURATION_RELOAD_DELAY = "juddi.configuration.reload.delay";
-    
-    /**
-     * This is not used in the code base
-     */
+
+        public final static String JUDDI_BASE_URL = "juddi.server.baseurl";
+        public final static String JUDDI_BASE_URL_SECURE = "juddi.server.baseurlsecure";
+
+        public final static String JUDDI_ROOT_PUBLISHER = "juddi.root.publisher";
+        public final static String JUDDI_LOAD_INSTALL_DATA = "juddi.load.install.data";
+        public final static String JUDDI_PERSISTENCEUNIT_NAME = "juddi.persistenceunit.name";
+        public final static String JUDDI_CONFIGURATION_RELOAD_DELAY = "juddi.configuration.reload.delay";
+
+        /**
+         * This is not used in the code base
+         */
     //public final static String JUDDI_LOCALE = "juddi.locale";
-    
     //public final static String JUDDI_OPERATOR_EMAIL_ADDRESS = "juddi.operatorEmailAddress";
-    
     //public final static String JUDDI_MAX_LENGTH = "juddi.maxNameLength";
-    //public final static String JUDDI_MAX_NAME_ELEMENTS = "juddi.maxNameElementsAllowed";
-    public final static String JUDDI_MAX_BUSINESSES_PER_PUBLISHER = "juddi.maxBusinessesPerPublisher";
-    public final static String JUDDI_MAX_SERVICES_PER_BUSINESS = "juddi.maxServicesPerBusiness";
-    public final static String JUDDI_MAX_BINDINGS_PER_SERVICE = "juddi.maxBindingsPerService";
-    public final static String JUDDI_MAX_TMODELS_PER_PUBLISHER = "juddi.maxTModelsPerPublisher";
-    public final static String JUDDI_CRYPTOR = "juddi.cryptor";
-    public final static String JUDDI_KEYGENERATOR = "juddi.keygenerator";
-    /**
-     * used by the Jboss authenticator
-     */
-    public final static String JUDDI_SECURITY_DOMAIN = "juddi.auth.securityDomain";
-    public final static String JUDDI_USERSFILE = "juddi.auth.usersfile";
-    public final static String JUDDI_MAX_ROWS = "juddi.maxRows";
-    public final static String JUDDI_MAX_IN_CLAUSE = "juddi.maxInClause";
-    public final static String JUDDI_ROOT_PARTITION = "juddi.root.partition";
-    /**
-     * This is the business id that all of the UDDI services on this node will be attached too
-     * (generally as defined in the install_data)
-     * JUDDI-645
-     */
-    public final static String JUDDI_NODE_ROOT_BUSINESS = "juddi.root.businessId";
-    /**
-     * this is the unique identifier of this uddi service provider, primarily used for clustered setups with the replication api
-     * JUDDI-645
-     */
-    public final static String JUDDI_NODE_ID = "juddi.nodeId";
-    public final static String JUDDI_TRANSFER_EXPIRATION_DAYS = "juddi.transfer.expiration.days";
-    /**
-     * identifies whether or not authentication is required for the Inquiry endpoint
-     */
-    public final static String JUDDI_AUTHENTICATE_INQUIRY = "juddi.auth.Inquiry";
-    public final static String JUDDI_AUTH_TOKEN_EXPIRATION = "juddi.auth.token.Expiration";
-    public final static String JUDDI_AUTH_TOKEN_TIMEOUT = "juddi.auth.token.Timeout";
-    
-    /**
-     * when set, auth tokens can only be used from the IP address they were issued to.
-     * 
-     */
-    public final static String JUDDI_AUTH_TOKEN_ENFORCE_SAME_IP = "juddi.auth.token.enforceSameIPRule";
-    
-    /**
-     * Whether not the token is used with each transition, default should be true
-     */
-    public final static String JUDDI_AUTHENTICATOR_USE_TOKEN = "juddi.auth.authenticator[@useAuthToken]";
-    
-    /**
-     * This points to the class of the authenticator
-     */
-    public final static String JUDDI_AUTHENTICATOR = "juddi.auth.authenticator.class";
-    /**
-     * @see LdapSimpleAuthenticator
-     */
-    public final static String JUDDI_AUTHENTICATOR_URL = "juddi.auth.authenticator.url";
-    /**
-     * @see LdapSimpleAuthenticator
-     */
-    public final static String JUDDI_AUTHENTICATOR_INITIAL_CONTEXT = "juddi.auth.authenticator.initialcontext";
-    /**
-     * @see LdapSimpleAuthenticator
-     */
-    public final static String JUDDI_AUTHENTICATOR_STYLE = "juddi.auth.authenticator.style";
-    /**
-     * @see LdapExpandedAuthenticator
-     */
-    public final static String JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR= "juddi.auth.authenticator.ldapexp";
-    
-    
-    /**
-     * if enabled, tmodels must exist before using them
-     * binding templates must exist before a subscription can be made
-     * access point hosting redirector/binding template must exist before it can be made
-     * @since 3.1.5
-     */
-    public final static String JUDDI_ENFORCE_REFERENTIAL_INTEGRITY = "juddi.validation.enforceReferentialIntegrity";
-    public final static String JUDDI_SUBSCRIPTION_EXPIRATION_DAYS = "juddi.subscription.expiration.days";
-    public final static String JUDDI_SUBSCRIPTION_NOTIFICATION = "juddi.subscription.notification";
-    public final static String JUDDI_SUBSCRIPTION_CHUNKEXPIRATION_MINUTES = "juddi.subscription.chunkexpiration.minutes";
-    public final static String JUDDI_SUBSCRIPTION_MAXENTITIES="juddi.subscription.maxentities";
-    
-    /*
-     * These are not yet used
-    public final static Strin   g JUDDI_SUBSCRIPTION_TRUSTSTORE_TYPE="juddi.subscription.truststore.type";
-    public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_FILE="juddi.subscription.truststore.filename";
-    public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_PASSWORD="juddi.subscription.truststore.password";
-    public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_ENCRYPTED="juddi.subscription.truststore.password[@isPasswordEncrypted]";
-    public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_CRYPTOPROVIDER="juddi.subscription.truststore.password[@cryptoProvider]";
-    
-    
-    public final static String JUDDI_SUBSCRIPTION_KEYSTORE_TYPE="juddi.subscription.keystore.type";
-    public final static String JUDDI_SUBSCRIPTION_KEYSTORE_FILE="juddi.subscription.keystore.filename";
-    public final static String JUDDI_SUBSCRIPTION_KEYSTORE_PASSWORD="juddi.subscription.keystore.password";
-    public final static String JUDDI_SUBSCRIPTION_KEYALIAS="juddi.subscription.keystore.alias";
-    public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD="juddi.subscription.keystore.keypassword";
-    public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD_ENCRYPTED="juddi.subscription.keystore.keypassword[@isPasswordEncrypted]";
-    public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD_CRYPTOPROVIDER="juddi.subscription.keypassword.password[@cryptoProvider]";
-    public final static String JUDDI_SUBSCRIPTION_KEYSTORE_ENCRYPTED="juddi.subscription.keystore.password[@isPasswordEncrypted]";
-    public final static String JUDDI_SUBSCRIPTION_KEYSTORE_CRYPTOPROVIDER="juddi.subscription.keystore.password[@cryptoProvider]";
-    */
-    
-    public final static String JUDDI_NOTIFICATION_START_BUFFER = "juddi.notification.start.buffer";
-    public final static String JUDDI_NOTIFICATION_INTERVAL = "juddi.notification.interval";
-    /**
-     * default value = 1000
-     * @see SubscriptionNotifier
-     */
-    public final static String JUDDI_NOTIFICATION_ACCEPTABLE_LAGTIME = "juddi.notification.acceptableLagtime";
-    /**
-     * maximum delivery count
-     * @see SubscriptionNotifier
-     */
-    public final static String JUDDI_NOTIFICATION_MAX_TRIES = "juddi.notification.maxTries";
-    public final static String JUDDI_NOTIFICATION_LIST_RESET_INTERVAL = "juddi.notification.maxTriesResetInterval";
-    /**
-     * send an auth token with the result set? default is false
-     * @see SubscriptionNotifier
-     * @since 3.2
-     */
-    public final static String JUDDI_NOTIFICATION_SENDAUTHTOKEN="juddi.notification.sendAuthTokenWithResultList";
-    public final static String JUDDI_JNDI_REGISTRATION = "juddi.jndi.registration";
-    public final static String JUDDI_RMI_PORT = "juddi.rmi.port";
-    public final static String JUDDI_RMI_REGISTRATION = "juddi.rmi.registration";
-    public final static String JUDDI_RMI_REGISTRY_PORT = "juddi.rmi.registry.port";
-    
-    public final static String JUDDI_EMAIL_PREFIX = "juddi.mail.smtp.prefix";
-    public final static String JUDDI_EMAIL_FROM   = "juddi.mail.smtp.from";
-    public final static String DEFAULT_JUDDI_EMAIL_PREFIX = "juddi.";
-    public final static String DEFAULT_CRYPTOR = "org.apache.juddi.v3.client.cryptor.DefaultCryptor";
-    public final static String DEFAULT_USERSFILE = "juddi-users.properties";
-    public final static String DEFAULT_XML_USERSFILE = "juddi-users.xml";
-    /**
-     * @see CryptedXMLDocAuthenticator
-     */
-    public final static String DEFAULT_ENCRYPTED_XML_USERSFILE = "juddi-users-encrypted.xml";
-    /**
-     * @see MD5XMLDocAuthenticator
-     */
-    public final static String DEFAULT_HASHED_XML_USERSFILE = "juddi-users-hashed.xml";
-    public final static String DEFAULT_SECURITY_DOMAIN = "java:/jaas/other";
-    public final static boolean DEFAULT_LOAD_INSTALL_DATA = true;
-    public final static String DEFAULT_BASE_URL = "http://localhost:8080/juddiv3";
-    public final static String DEFAULT_BASE_URL_SECURE = "https://localhost:8443/juddiv3";
-    /* Allowing the the user to override jpa persistence properties in the juddi.properties file */
-    public final static String PERSISTENCE_PROVIDER = "persistenceProvider";
-    public final static String DATASOURCE = "hibernate.connection.datasource";
-    public final static String HBM_DDL_AUTO = "hibernate.hbm2ddl.auto";
-    public final static String DEFAULT_SCHEMA = "hibernate.default_schema";
-    public final static String HIBERNATE_DIALECT = "hibernate.dialect";
-    /**
-     * @since 3.3 FUTURE USE
-     */
-    public final static String JUDDI_ACCESS_CONTROL_PROVIDER = "juddi.accessControlProvider";
-    /**
-     * @since 3.2, used for Apache Commons Configuration XML config file
-     */
-    public static final String ENCRYPTED_ATTRIBUTE="[@encrypted]";
-    
-    /**
-     * Used for HTTP Header based authentication for web proxies
-     * @since 3.2.1
-     */
-    public static final String JUDDI_AUTHENTICATOR_HTTP_HEADER_NAME="juddi.auth.authenticator.header";
-    
-    /**
-     * Records inquiry find* requests to disk, sans auth token
-     * @since 3.2.1
-     */
-    public final static String JUDDI_LOGGING_FindApiCalls = "juddi.logging.logInquirySearchPayloads";
-    /**
-     * The UDDI v3 spec specifically calls for supporting this, however it creates significant performance problems in jUDDI when there
-     * are a large number of business and services. Defaults to true if not defined
-     * @since 3.3
-     */
-        public static String JUDDI_ENABLE_FIND_BUSINESS_TMODEL_BAG_FILTERING="juddi.preformance.enableFindBusinessTModelBagFiltering";
+        //public final static String JUDDI_MAX_NAME_ELEMENTS = "juddi.maxNameElementsAllowed";
+        public final static String JUDDI_MAX_BUSINESSES_PER_PUBLISHER = "juddi.maxBusinessesPerPublisher";
+        public final static String JUDDI_MAX_SERVICES_PER_BUSINESS = "juddi.maxServicesPerBusiness";
+        public final static String JUDDI_MAX_BINDINGS_PER_SERVICE = "juddi.maxBindingsPerService";
+        public final static String JUDDI_MAX_TMODELS_PER_PUBLISHER = "juddi.maxTModelsPerPublisher";
+        public final static String JUDDI_CRYPTOR = "juddi.cryptor";
+        public final static String JUDDI_KEYGENERATOR = "juddi.keygenerator";
+        /**
+         * used by the Jboss authenticator
+         */
+        public final static String JUDDI_SECURITY_DOMAIN = "juddi.auth.securityDomain";
+        public final static String JUDDI_USERSFILE = "juddi.auth.usersfile";
+        public final static String JUDDI_MAX_ROWS = "juddi.maxRows";
+        public final static String JUDDI_MAX_IN_CLAUSE = "juddi.maxInClause";
+        public final static String JUDDI_ROOT_PARTITION = "juddi.root.partition";
+        /**
+         * This is the business id that all of the UDDI services on this node
+         * will be attached too (generally as defined in the install_data)
+         * JUDDI-645
+         */
+        public final static String JUDDI_NODE_ROOT_BUSINESS = "juddi.root.businessId";
+        /**
+         * this is the unique identifier of this uddi service provider,
+         * primarily used for clustered setups with the replication api
+         * JUDDI-645
+         */
+        public final static String JUDDI_NODE_ID = "juddi.nodeId";
+        public final static String JUDDI_TRANSFER_EXPIRATION_DAYS = "juddi.transfer.expiration.days";
+        /**
+         * identifies whether or not authentication is required for the Inquiry
+         * endpoint
+         */
+        public final static String JUDDI_AUTHENTICATE_INQUIRY = "juddi.auth.Inquiry";
+        public final static String JUDDI_AUTH_TOKEN_EXPIRATION = "juddi.auth.token.Expiration";
+        public final static String JUDDI_AUTH_TOKEN_TIMEOUT = "juddi.auth.token.Timeout";
+
+        /**
+         * when set, auth tokens can only be used from the IP address they were
+         * issued to.
+         *
+         */
+        public final static String JUDDI_AUTH_TOKEN_ENFORCE_SAME_IP = "juddi.auth.token.enforceSameIPRule";
+
+        /**
+         * Whether not the token is used with each transition, default should be
+         * true
+         */
+        public final static String JUDDI_AUTHENTICATOR_USE_TOKEN = "juddi.auth.authenticator[@useAuthToken]";
+
+        /**
+         * This points to the class of the authenticator
+         */
+        public final static String JUDDI_AUTHENTICATOR = "juddi.auth.authenticator.class";
+        /**
+         * @see LdapSimpleAuthenticator
+         */
+        public final static String JUDDI_AUTHENTICATOR_URL = "juddi.auth.authenticator.url";
+        /**
+         * @see LdapSimpleAuthenticator
+         */
+        public final static String JUDDI_AUTHENTICATOR_INITIAL_CONTEXT = "juddi.auth.authenticator.initialcontext";
+        /**
+         * @see LdapSimpleAuthenticator
+         */
+        public final static String JUDDI_AUTHENTICATOR_STYLE = "juddi.auth.authenticator.style";
+        /**
+         * @see LdapExpandedAuthenticator
+         */
+        public final static String JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR = "juddi.auth.authenticator.ldapexp";
+
+        /**
+         * if enabled, tmodels must exist before using them binding templates
+         * must exist before a subscription can be made access point hosting
+         * redirector/binding template must exist before it can be made
+         *
+         * @since 3.1.5
+         */
+        public final static String JUDDI_ENFORCE_REFERENTIAL_INTEGRITY = "juddi.validation.enforceReferentialIntegrity";
+        public final static String JUDDI_SUBSCRIPTION_EXPIRATION_DAYS = "juddi.subscription.expiration.days";
+        public final static String JUDDI_SUBSCRIPTION_NOTIFICATION = "juddi.subscription.notification";
+        public final static String JUDDI_SUBSCRIPTION_CHUNKEXPIRATION_MINUTES = "juddi.subscription.chunkexpiration.minutes";
+        public final static String JUDDI_SUBSCRIPTION_MAXENTITIES = "juddi.subscription.maxentities";
+
+        /*
+         * These are not yet used
+         public final static Strin   g JUDDI_SUBSCRIPTION_TRUSTSTORE_TYPE="juddi.subscription.truststore.type";
+         public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_FILE="juddi.subscription.truststore.filename";
+         public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_PASSWORD="juddi.subscription.truststore.password";
+         public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_ENCRYPTED="juddi.subscription.truststore.password[@isPasswordEncrypted]";
+         public final static String JUDDI_SUBSCRIPTION_TRUSTSTORE_CRYPTOPROVIDER="juddi.subscription.truststore.password[@cryptoProvider]";
+    
+    
+         public final static String JUDDI_SUBSCRIPTION_KEYSTORE_TYPE="juddi.subscription.keystore.type";
+         public final static String JUDDI_SUBSCRIPTION_KEYSTORE_FILE="juddi.subscription.keystore.filename";
+         public final static String JUDDI_SUBSCRIPTION_KEYSTORE_PASSWORD="juddi.subscription.keystore.password";
+         public final static String JUDDI_SUBSCRIPTION_KEYALIAS="juddi.subscription.keystore.alias";
+         public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD="juddi.subscription.keystore.keypassword";
+         public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD_ENCRYPTED="juddi.subscription.keystore.keypassword[@isPasswordEncrypted]";
+         public final static String JUDDI_SUBSCRIPTION_KEYPASSWORD_CRYPTOPROVIDER="juddi.subscription.keypassword.password[@cryptoProvider]";
+         public final static String JUDDI_SUBSCRIPTION_KEYSTORE_ENCRYPTED="juddi.subscription.keystore.password[@isPasswordEncrypted]";
+         public final static String JUDDI_SUBSCRIPTION_KEYSTORE_CRYPTOPROVIDER="juddi.subscription.keystore.password[@cryptoProvider]";
+         */
+        public final static String JUDDI_NOTIFICATION_START_BUFFER = "juddi.notification.start.buffer";
+        public final static String JUDDI_NOTIFICATION_INTERVAL = "juddi.notification.interval";
+        /**
+         * default value = 1000
+         *
+         * @see SubscriptionNotifier
+         */
+        public final static String JUDDI_NOTIFICATION_ACCEPTABLE_LAGTIME = "juddi.notification.acceptableLagtime";
+        /**
+         * maximum delivery count
+         *
+         * @see SubscriptionNotifier
+         */
+        public final static String JUDDI_NOTIFICATION_MAX_TRIES = "juddi.notification.maxTries";
+        public final static String JUDDI_NOTIFICATION_LIST_RESET_INTERVAL = "juddi.notification.maxTriesResetInterval";
+        /**
+         * send an auth token with the result set? default is false
+         *
+         * @see SubscriptionNotifier
+         * @since 3.2
+         */
+        public final static String JUDDI_NOTIFICATION_SENDAUTHTOKEN = "juddi.notification.sendAuthTokenWithResultList";
+        public final static String JUDDI_JNDI_REGISTRATION = "juddi.jndi.registration";
+        public final static String JUDDI_RMI_PORT = "juddi.rmi.port";
+        public final static String JUDDI_RMI_REGISTRATION = "juddi.rmi.registration";
+        public final static String JUDDI_RMI_REGISTRY_PORT = "juddi.rmi.registry.port";
+
+        public final static String JUDDI_EMAIL_PREFIX = "juddi.mail.smtp.prefix";
+        public final static String JUDDI_EMAIL_FROM = "juddi.mail.smtp.from";
+        public final static String DEFAULT_JUDDI_EMAIL_PREFIX = "juddi.";
+        public final static String DEFAULT_CRYPTOR = "org.apache.juddi.v3.client.cryptor.DefaultCryptor";
+        public final static String DEFAULT_USERSFILE = "juddi-users.properties";
+        public final static String DEFAULT_XML_USERSFILE = "juddi-users.xml";
+        /**
+         * @see CryptedXMLDocAuthenticator
+         */
+        public final static String DEFAULT_ENCRYPTED_XML_USERSFILE = "juddi-users-encrypted.xml";
+        /**
+         * @see MD5XMLDocAuthenticator
+         */
+        public final static String DEFAULT_HASHED_XML_USERSFILE = "juddi-users-hashed.xml";
+        public final static String DEFAULT_SECURITY_DOMAIN = "java:/jaas/other";
+        public final static boolean DEFAULT_LOAD_INSTALL_DATA = true;
+        public final static String DEFAULT_BASE_URL = "http://localhost:8080/juddiv3";
+        public final static String DEFAULT_BASE_URL_SECURE = "https://localhost:8443/juddiv3";
+        /* Allowing the the user to override jpa persistence properties in the juddi.properties file */
+        public final static String PERSISTENCE_PROVIDER = "persistenceProvider";
+        public final static String DATASOURCE = "hibernate.connection.datasource";
+        public final static String HBM_DDL_AUTO = "hibernate.hbm2ddl.auto";
+        public final static String DEFAULT_SCHEMA = "hibernate.default_schema";
+        public final static String HIBERNATE_DIALECT = "hibernate.dialect";
+        /**
+         * @since 3.3 FUTURE USE
+         */
+        public final static String JUDDI_ACCESS_CONTROL_PROVIDER = "juddi.accessControlProvider";
+        /**
+         * @since 3.2, used for Apache Commons Configuration XML config file
+         */
+        public static final String ENCRYPTED_ATTRIBUTE = "[@encrypted]";
+
+        /**
+         * Used for HTTP Header based authentication for web proxies
+         *
+         * @since 3.2.1
+         */
+        public static final String JUDDI_AUTHENTICATOR_HTTP_HEADER_NAME = "juddi.auth.authenticator.header";
+
+        /**
+         * Records inquiry find* requests to disk, sans auth token
+         *
+         * @since 3.2.1
+         */
+        public final static String JUDDI_LOGGING_FindApiCalls = "juddi.logging.logInquirySearchPayloads";
+        /**
+         * The UDDI v3 spec specifically calls for supporting this, however it
+         * creates significant performance problems in jUDDI when there are a
+         * large number of business and services. Defaults to true if not
+         * defined
+         *
+         * @since 3.3
+         */
+        public static String JUDDI_ENABLE_FIND_BUSINESS_TMODEL_BAG_FILTERING = "juddi.preformance.enableFindBusinessTModelBagFiltering";
+        /**
+         * When set to true, juddi with reject publish requests when at least
+         * one digitally signed entity cannot be cryptographically validated
+         * JUDDI-862
+         * 
+         * Note: this is a prefix
+         *
+         * @since 3.3
+         */
+        public static String JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX = "juddi.validation.rejectInvalidSignatures.";
+        /**
+         * @since 3.3.
+         */
+        public static String JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_ENABLE = "juddi.validation.rejectInvalidSignatures.enable";
 }

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
----------------------------------------------------------------------
diff --git a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
index 8b3eafa..3bf5b54 100644
--- a/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
+++ b/juddi-core/src/main/java/org/apache/juddi/validation/ValidatePublish.java
@@ -18,12 +18,16 @@ package org.apache.juddi.validation;
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import javax.persistence.EntityManager;
 import javax.persistence.EntityTransaction;
@@ -55,6 +59,8 @@ import org.apache.juddi.query.FindTModelByPublisherQuery;
 import org.apache.juddi.v3.client.UDDIConstants;
 import org.apache.juddi.v3.client.UDDIConstantsV2;
 import org.apache.juddi.v3.client.config.TokenResolver;
+import org.apache.juddi.v3.client.cryptor.CryptorFactory;
+import org.apache.juddi.v3.client.cryptor.DigSigUtil;
 import org.apache.juddi.v3.error.AssertionNotFoundException;
 import org.apache.juddi.v3.error.ErrorMessage;
 import org.apache.juddi.v3.error.FatalErrorException;
@@ -288,8 +294,8 @@ public class ValidatePublish extends ValidateUDDIApi {
                 if (!((UddiEntity) obj).getNodeId().equals(nodeID)) {
                         //prevent changes to data owned by another node in a replicated environment
                         //even if you're the boss
-                        throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidNode", entityKey + " Owning Node: " +((UddiEntity) obj).getNodeId()
-                        + ", this node: " + nodeID));
+                        throw new UserMismatchException(new ErrorMessage("errors.usermismatch.InvalidNode", entityKey + " Owning Node: " + ((UddiEntity) obj).getNodeId()
+                                + ", this node: " + nodeID));
                 }
 
                 if (publisher.isOwner((UddiEntity) obj) && nodeID.equals(((UddiEntity) obj).getNodeId())) {
@@ -343,12 +349,10 @@ public class ValidatePublish extends ValidateUDDIApi {
                                         throw new AssertionNotFoundException(new ErrorMessage("errors.pubassertion.AssertionNotFound", entity.getFromKey() + ", " + entity.getToKey()));
                                 }
                                 //JUDDI-908
-                                if (!publisher.isOwner(pubAssertion.getBusinessEntityByToKey()) &&
-                                        !publisher.isOwner(pubAssertion.getBusinessEntityByFromKey()))
-                                {
-                                         throw new UserMismatchException(new ErrorMessage("errors.usermismatch.assertion"));
+                                if (!publisher.isOwner(pubAssertion.getBusinessEntityByToKey())
+                                        && !publisher.isOwner(pubAssertion.getBusinessEntityByFromKey())) {
+                                        throw new UserMismatchException(new ErrorMessage("errors.usermismatch.assertion"));
                                 }
-                                
 
                         }
 
@@ -734,6 +738,7 @@ public class ValidatePublish extends ValidateUDDIApi {
                 validateIdentifierBag(businessEntity.getIdentifierBag(), config, false);
                 validateDescriptions(businessEntity.getDescription());
                 validateBusinessServices(em, businessEntity.getBusinessServices(), businessEntity, config, publisher);
+                validateSignaturesBusiness(businessEntity, config);
 
         }
 
@@ -903,6 +908,7 @@ public class ValidatePublish extends ValidateUDDIApi {
                         validateCategoryBag(businessService.getCategoryBag(), config, false);
                         validateDescriptions(businessService.getDescription());
                         validateBindingTemplates(em, businessService.getBindingTemplates(), businessService, config, publisher);
+                        validateSignaturesService(businessService, config);
                 }
 
         }
@@ -1061,6 +1067,7 @@ public class ValidatePublish extends ValidateUDDIApi {
                 validateDescriptions(bindingTemplate.getDescription());
                 validateHostingRedirector(em, bindingTemplate.getHostingRedirector(), config);
 
+                validateSignaturesBinding(bindingTemplate, config);
                 //validateCheckedTModels(bindingTemplate, config);
         }
 
@@ -1153,6 +1160,7 @@ public class ValidatePublish extends ValidateUDDIApi {
                                 validateOverviewDoc(overviewDoc);
                         }
                 }
+                validateSignaturesTModel(tModel, config);
 
         }
 
@@ -1671,7 +1679,7 @@ public class ValidatePublish extends ValidateUDDIApi {
                         if (!inserted) {
                                 throw new InvalidKeyPassedException(new ErrorMessage("errors.invalidkey.DuplicateKey", entityKey));
                         }
- 
+
                         //removed a check for checking if the entity exists which was moved to the juddi api class
                         //why? because we were looking up the same object twice in the database and its just not efficient
                 }
@@ -2433,4 +2441,107 @@ public class ValidatePublish extends ValidateUDDIApi {
                 }
         }
 
+       private org.apache.juddi.v3.client.cryptor.DigSigUtil ds = null;
+
+        private synchronized void initDigSig(Configuration config) {
+                if (ds == null) {
+                        
+                        Properties p = new Properties();
+                        /**
+                         * <trustStorePath>truststore.jks</trustStorePath>
+                         * <trustStoreType>JKS</trustStoreType>
+                         * <trustStorePassword
+                         * isPasswordEncrypted="false"
+                         * cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+                         *
+                         * <checkTimestamps>true</checkTimestamps>
+                         * <checkTrust>true</checkTrust>
+                         * <checkRevocationCRL>true</checkRevocationCRL>
+                         */
+                        p.put(DigSigUtil.TRUSTSTORE_FILE, config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "trustStorePath", ""));
+                        p.put(DigSigUtil.TRUSTSTORE_FILETYPE, config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "trustStoreType", ""));
+
+                        String enc = config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "trustStorePassword", "");
+                        if (config.getBoolean(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "trustStorePassword[@isPasswordEncrypted]", false)) {
+                                log.info("trust password is encrypted, decrypting...");
+                                
+                                String prov = config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "trustStorePassword[@cryptoProvider]", "");
+                                try {
+                                        p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, CryptorFactory.getCryptor(prov).decrypt(enc));
+                                } catch (Exception ex) {
+                                        log.warn("unable to decrypt trust store password " + ex.getMessage());
+                                        log.debug("unable to decrypt trust store password " + ex.getMessage(), ex);
+                                }
+
+                        } else if (!"".equals(enc)){
+                                log.warn("Hey, you should consider encrypting your trust store password!");
+                                p.setProperty(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, enc);
+                        }
+
+                        p.put(DigSigUtil.CHECK_REVOCATION_STATUS_CRL, config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "checkRevocationCRL", "true"));
+                        p.put(DigSigUtil.CHECK_TRUST_CHAIN, config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "checkTrust", "true"));
+                        p.put(DigSigUtil.CHECK_TIMESTAMPS, config.getString(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_PREFIX + "checkTimestamps", "true"));
+
+                        try {
+                                ds = new DigSigUtil(p);
+                        } catch (CertificateException ex) {
+                                log.error("", ex);
+                        }
+                        //System.out.println("loaded from " + AppConfig.getConfigFileURL());
+                        //p.list(System.out);
+                }
+        }
+
+        private void validateSignaturesBinding(BindingTemplate bindingTemplate, Configuration config) throws FatalErrorException {
+                boolean shouldcheck = config.getBoolean(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_ENABLE, false);
+                initDigSig(config);
+                if (shouldcheck && !bindingTemplate.getSignature().isEmpty() && ds != null) {
+                        AtomicReference<String> outmsg = new AtomicReference<String>();
+                        boolean ok = ds.verifySignedUddiEntity(bindingTemplate, outmsg);
+                        if (!ok) {
+                                throw new FatalErrorException(new ErrorMessage("errors.digitalsignature.validationfailure", bindingTemplate.getBindingKey() + " " + outmsg.get()));
+                        }
+
+                }
+        }
+
+        private void validateSignaturesService(BusinessService businessService, Configuration config) throws FatalErrorException {
+                boolean shouldcheck = config.getBoolean(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_ENABLE, false);
+                initDigSig(config);
+                if (shouldcheck && !businessService.getSignature().isEmpty() && ds != null) {
+                        AtomicReference<String> outmsg = new AtomicReference<String>();
+                        boolean ok = ds.verifySignedUddiEntity(businessService, outmsg);
+                        if (!ok) {
+                                throw new FatalErrorException(new ErrorMessage("errors.digitalsignature.validationfailure", businessService.getServiceKey() + " " + outmsg.get()));
+                        }
+
+                }
+        }
+
+        private void validateSignaturesTModel(TModel tModel, Configuration config) throws FatalErrorException {
+                boolean shouldcheck = config.getBoolean(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_ENABLE, false);
+                initDigSig(config);
+                if (shouldcheck && !tModel.getSignature().isEmpty() && ds != null) {
+                        AtomicReference<String> outmsg = new AtomicReference<String>();
+                        boolean ok = ds.verifySignedUddiEntity(tModel, outmsg);
+                        if (!ok) {
+                                throw new FatalErrorException(new ErrorMessage("errors.digitalsignature.validationfailure", tModel.getTModelKey() + " " + outmsg.get()));
+                        }
+
+                }
+        }
+
+        private void validateSignaturesBusiness(BusinessEntity businessEntity, Configuration config) throws FatalErrorException {
+                boolean shouldcheck = config.getBoolean(Property.JUDDI_REJECT_ENTITIES_WITH_INVALID_SIG_ENABLE, false);
+                initDigSig(config);
+                if (shouldcheck && !businessEntity.getSignature().isEmpty() && ds != null) {
+                        AtomicReference<String> outmsg = new AtomicReference<String>();
+                        boolean ok = ds.verifySignedUddiEntity(businessEntity, outmsg);
+                        if (!ok) {
+                                throw new FatalErrorException(new ErrorMessage("errors.digitalsignature.validationfailure", businessEntity.getBusinessKey() + " " + outmsg.get()));
+                        }
+
+                }
+        }
+
 }

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/main/resources/messages.properties
----------------------------------------------------------------------
diff --git a/juddi-core/src/main/resources/messages.properties b/juddi-core/src/main/resources/messages.properties
index 04b94cd..5b52e16 100644
--- a/juddi-core/src/main/resources/messages.properties
+++ b/juddi-core/src/main/resources/messages.properties
@@ -302,4 +302,5 @@ errors.deleteNode.InReplicationConfig=The node to be deleted is currently refere
 errors.usermismatch.InvalidNode=The user is not authorized to alter the given entity. It is not owned by this jUDDI node. Try your request again on the authoritative node.
 
 errors.usermismatch.assertion=You have to be either the owner of the 'from' or 'to' business in order to delete a publisher assertion.
-errors.assertionNotFound=The referenced publisher assertion isn't in the database!
\ No newline at end of file
+errors.assertionNotFound=The referenced publisher assertion isn't in the database!
+errors.digitalsignature.validationfailure=The digital signature the following element failed to validate. Because of this, the request was rejected. Key and validation error as follows. 
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3-enc-3des.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3-enc-3des.xml b/juddi-core/src/test/resources/juddiv3-enc-3des.xml
index b4bf2be..163dbc4 100644
--- a/juddi-core/src/test/resources/juddiv3-enc-3des.xml
+++ b/juddi-core/src/test/resources/juddiv3-enc-3des.xml
@@ -167,6 +167,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3-enc-aes128.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3-enc-aes128.xml b/juddi-core/src/test/resources/juddiv3-enc-aes128.xml
index 1b3fadb..6f89433 100644
--- a/juddi-core/src/test/resources/juddiv3-enc-aes128.xml
+++ b/juddi-core/src/test/resources/juddiv3-enc-aes128.xml
@@ -163,6 +163,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3-enc-aes256.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3-enc-aes256.xml b/juddi-core/src/test/resources/juddiv3-enc-aes256.xml
index 582c4bd..1b6999a 100644
--- a/juddi-core/src/test/resources/juddiv3-enc-aes256.xml
+++ b/juddi-core/src/test/resources/juddiv3-enc-aes256.xml
@@ -170,6 +170,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3-enc-default.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3-enc-default.xml b/juddi-core/src/test/resources/juddiv3-enc-default.xml
index b44358b..2519e9d 100644
--- a/juddi-core/src/test/resources/juddiv3-enc-default.xml
+++ b/juddi-core/src/test/resources/juddiv3-enc-default.xml
@@ -167,6 +167,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3.xml b/juddi-core/src/test/resources/juddiv3.xml
index e0b23dd..72e21f1 100644
--- a/juddi-core/src/test/resources/juddiv3.xml
+++ b/juddi-core/src/test/resources/juddiv3.xml
@@ -170,6 +170,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-core/src/test/resources/juddiv3DisabledTModelKeybag.xml
----------------------------------------------------------------------
diff --git a/juddi-core/src/test/resources/juddiv3DisabledTModelKeybag.xml b/juddi-core/src/test/resources/juddiv3DisabledTModelKeybag.xml
index 88dddd9..66e3914 100644
--- a/juddi-core/src/test/resources/juddiv3DisabledTModelKeybag.xml
+++ b/juddi-core/src/test/resources/juddiv3DisabledTModelKeybag.xml
@@ -170,6 +170,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+                        <!-- as of 3.3, reject digitally signed items that are invalid-->
+                        <rejectInvalidSignatures>
+                            <enable>false</enable>
+                            <trustStorePath>./src/test/resources/truststore.jks</trustStorePath>
+                            <trustStoreType>JKS</trustStoreType>
+                            <trustStorePassword
+                                    isPasswordEncrypted="false" 
+                                    cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">Test</trustStorePassword>
+
+                            <checkTimestamps>true</checkTimestamps>
+                            <checkTrust>true</checkTrust>
+                            <checkRevocationCRL>false</checkRevocationCRL>
+                        </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/EntryPoint.java
----------------------------------------------------------------------
diff --git a/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/EntryPoint.java b/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/EntryPoint.java
index 20d0579..fb7700b 100644
--- a/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/EntryPoint.java
+++ b/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/EntryPoint.java
@@ -76,6 +76,9 @@ public class EntryPoint {
                         System.out.println("36) UnRegister a node on a jUDDI server");
                         System.out.println("37) Fetch the replication config from a jUDDI server");
                         System.out.println("38) Set the replication config on a remote jUDDI server");
+                        System.out.println("magic) Sets the replication between two instances of jUDDI on 8080 and 8090");
+                        System.out.println("rep) Prints the current replication status of a given node");
+                        System.out.println("39) Digitally sign a UDDI entity from a file.");
 
                         System.out.println("q) quit");
                         System.out.print("Selection: ");
@@ -466,6 +469,9 @@ public class EntryPoint {
                 if (input.equals("rep")) {
                         new JuddiAdminService().printStatus();
                 }
+                if (input.equals("39")) {
+                        new UddiDigitalSignatureFile().Fire(null, null, null);
+                }
 
         }
 }

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/UddiDigitalSignatureFile.java
----------------------------------------------------------------------
diff --git a/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/UddiDigitalSignatureFile.java b/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/UddiDigitalSignatureFile.java
new file mode 100644
index 0000000..ac1a06f
--- /dev/null
+++ b/juddi-examples/more-uddi-samples/src/main/java/org/apache/juddi/samples/UddiDigitalSignatureFile.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2001-2013 The Apache Software Foundation.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.juddi.samples;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.Scanner;
+import java.util.concurrent.atomic.AtomicReference;
+import javax.xml.bind.JAXB;
+
+import org.apache.juddi.v3.client.config.UDDIClient;
+import org.apache.juddi.v3.client.cryptor.DigSigUtil;
+import org.apache.juddi.v3.client.transport.Transport;
+import org.uddi.api_v3.*;
+import org.uddi.v3_service.UDDIInquiryPortType;
+import org.uddi.v3_service.UDDIPublicationPortType;
+import org.uddi.v3_service.UDDISecurityPortType;
+
+/**
+ * This class shows you how to digital sign a business and save to file
+ *
+ * @author <a href="mailto:alexoree@apache.org">Alex O'Ree</a>
+ */
+public class UddiDigitalSignatureFile {
+
+        private static UDDIClient clerkManager = null;
+
+        /**
+         * This sets up the ws proxies using uddi.xml in META-INF
+         */
+        public UddiDigitalSignatureFile() {
+                try {
+                        // create a manager and read the config in the archive; 
+                        // you can use your config file name
+                        clerkManager = new UDDIClient("META-INF/simple-publish-uddi.xml");
+
+                } catch (Exception e) {
+                        e.printStackTrace();
+                }
+        }
+
+        public enum UddiType {
+
+                Business, Service, Binding, TModel, PublisherAssertion
+        }
+
+        public void Fire(String fileIn, String fileOut, UddiType type) {
+                try {
+                        System.out.println("WARN - All previous signatures will be removed!");
+                        if (fileIn == null || fileOut == null || type == null) {
+                                System.out.print("Input file: ");
+                                fileIn = System.console().readLine();
+                                System.out.print("Out file: ");
+                                fileOut = System.console().readLine();
+                                System.out.println();
+                                for (int i = 0; i < UddiType.values().length; i++) {
+                                        System.out.println("[" + i + "] " + UddiType.values()[i].toString());
+                                }
+                                System.out.print("UDDI Type: ");
+                                String t = System.console().readLine();
+                                type = UddiType.values()[Integer.parseInt(t)];
+                        }
+
+                        DigSigUtil ds = null;
+
+                        //option 1), set everything manually
+                        ds = new DigSigUtil();
+                        ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE, "keystore.jks");
+                        ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILETYPE, "JKS");
+                        ds.put(DigSigUtil.SIGNATURE_KEYSTORE_FILE_PASSWORD, "Test");
+                        ds.put(DigSigUtil.SIGNATURE_KEYSTORE_KEY_ALIAS, "Test");
+                        ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_BASE64, "true");
+
+                        ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SERIAL, "true");
+                        ds.put(DigSigUtil.SIGNATURE_OPTION_CERT_INCLUSION_SUBJECTDN, "true");
+                        ds.put(DigSigUtil.TRUSTSTORE_FILE, "truststore.jks");
+                        ds.put(DigSigUtil.TRUSTSTORE_FILETYPE, "JKS");
+                        ds.put(DigSigUtil.TRUSTSTORE_FILE_PASSWORD, "Test");
+
+                        FileInputStream fis = new FileInputStream(fileIn);
+                        Class expectedType = null;
+                        switch (type) {
+                                case Binding:
+                                        expectedType = BindingTemplate.class;
+                                        break;
+                                case Business:
+                                        expectedType = BusinessEntity.class;
+                                        break;
+                                case PublisherAssertion:
+                                        expectedType = PublisherAssertion.class;
+                                        break;
+                                case Service:
+                                        expectedType = BusinessService.class;
+                                        break;
+                                case TModel:
+                                        expectedType = TModel.class;
+                                        break;
+                        }
+                        Object be = JAXB.unmarshal(fis, expectedType);
+                        fis.close();
+                        fis = null;
+                        
+                        switch (type) {
+                                case Binding:
+                                        ((BindingTemplate)be).getSignature().clear();
+                                        break;
+                                case Business:
+                                        ((BusinessEntity)be).getSignature().clear();
+                                        break;
+                                case PublisherAssertion:
+                                        ((PublisherAssertion)be).getSignature().clear();
+                                        break;
+                                case Service:
+                                        ((BusinessService)be).getSignature().clear();
+                                        break;
+                                case TModel:
+                                        ((TModel)be).getSignature().clear();
+                                        break;
+                        }
+
+                        System.out.println("signing");
+                        Object signUDDI_JAXBObject = ds.signUddiEntity(be);
+                        System.out.println("signed");
+                        DigSigUtil.JAXB_ToStdOut(signUDDI_JAXBObject);
+                        
+
+                        System.out.println("verifing");
+                        AtomicReference<String> msg = new AtomicReference<String>();
+                        boolean verifySigned_UDDI_JAXB_Object = ds.verifySignedUddiEntity(signUDDI_JAXBObject, msg);
+                        if (verifySigned_UDDI_JAXB_Object) {
+                                System.out.println("signature validation passed (expected)");
+                                FileOutputStream fos = new FileOutputStream(fileOut);
+                                JAXB.marshal(signUDDI_JAXBObject, fos);
+                                fos.close();
+                        } else {
+                                System.out.println("signature validation failed (not expected)");
+                        }
+                        System.out.println(msg.get());
+
+                } catch (Exception e) {
+                        e.printStackTrace();
+                }
+        }
+
+       
+}

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddi-tomcat/juddiv3Node2.xml
----------------------------------------------------------------------
diff --git a/juddi-tomcat/juddiv3Node2.xml b/juddi-tomcat/juddiv3Node2.xml
index 1efb830..0b193a4 100644
--- a/juddi-tomcat/juddiv3Node2.xml
+++ b/juddi-tomcat/juddiv3Node2.xml
@@ -171,6 +171,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+			<!-- as of 3.3, reject digitally signed items that are invalid-->
+            <rejectInvalidSignatures>
+                <enable>false</enable>
+                <trustStorePath>truststore.jks</trustStorePath>
+                <trustStoreType>JKS</trustStoreType>
+                <trustStorePassword
+                        isPasswordEncrypted="false" 
+                        cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+
+                <checkTimestamps>true</checkTimestamps>
+                <checkTrust>true</checkTrust>
+                <checkRevocationCRL>true</checkRevocationCRL>
+            </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml
----------------------------------------------------------------------
diff --git a/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml b/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml
index c27f730..39279b0 100644
--- a/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml
+++ b/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml
@@ -171,6 +171,19 @@
 		<validation>
 			<!-- As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelinstanceparms and anything else that references a KeyName default value is true.  set to false for backwards compatibility or for a more lax registry-->
 			<enforceReferentialIntegrity>true</enforceReferentialIntegrity>
+			<!-- as of 3.3, reject digitally signed items that are invalid-->
+            <rejectInvalidSignatures>
+                <enable>false</enable>
+                <trustStorePath>truststore.jks</trustStorePath>
+                <trustStoreType>JKS</trustStoreType>
+                <trustStorePassword
+                        isPasswordEncrypted="false" 
+                        cryptoProvider="org.apache.juddi.v3.client.crypto.AES128Cryptor">password</trustStorePassword>
+
+                <checkTimestamps>true</checkTimestamps>
+                <checkTrust>true</checkTrust>
+                <checkRevocationCRL>true</checkRevocationCRL>
+            </rejectInvalidSignatures>
 		</validation>
 
 		<!--As of 3.1.5 Email delivery options for subscription API functions-->

http://git-wip-us.apache.org/repos/asf/juddi/blob/6e03b824/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
----------------------------------------------------------------------
diff --git a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
index 8710558..4fc25e1 100644
--- a/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
+++ b/uddi-tck-base/src/main/java/org/apache/juddi/v3/tck/TckBusiness.java
@@ -15,6 +15,7 @@
 package org.apache.juddi.v3.tck;
 
 import java.io.File;
+import java.io.FileInputStream;
 import java.net.URL;
 import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertNotNull;
@@ -297,15 +298,20 @@ public class TckBusiness {
                 try {
                         SaveBusiness sb = new SaveBusiness();
                         sb.setAuthInfo(authInfo);
-
+                        
                         BusinessEntity beIn = (BusinessEntity) EntityCreator.buildFromDoc(businessXML, "org.uddi.api_v3");
                         if (beIn == null) {
                                 throw new Exception("Unload to load source xml document from " + businessXML);
                         }
+                        if (serialize) {
+                                System.out.println("before saving");
+                                JAXB.marshal(beIn, System.out);
+                        }
                         sb.getBusinessEntity().add(beIn);
                         BusinessDetail saveBusiness = publication.saveBusiness(sb);
                         logger.info("Business saved with key " + saveBusiness.getBusinessEntity().get(0).getBusinessKey());
                         if (serialize) {
+                                System.out.println("after saving");
                                 JAXB.marshal(saveBusiness, System.out);
                         }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org


Mime
View raw message