ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: setting keystore instance in wss4j via Merlin
Date Thu, 20 Jan 2011 17:25:41 GMT
Hi George,

The Crypto interface has no concept of a Properties object, that's
only parsed by the CryptoFactory. I've added the ability to
instantiate Crypto objects without having to go through CryptoFactory,
e.g.:

        Crypto crypto = new Merlin();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        ClassLoader loader = Loader.getClassLoader(CryptoTest.class);
        InputStream input = AbstractCrypto.loadInputStream(loader,
"keys/wss40.jks");
        keyStore.load(input, "security".toCharArray());
        crypto.setKeyStore(keyStore);
        Document signedDoc = builder.build(doc, crypto, secHeader);

I see the issue you raise as more of a third-party (Rampart) problem.
Given that WSS4J 1.6 will have the ability to avoid having to use
crypto property files, it's up to Rampart devs to take advantage of
this.

Colm.

On Wed, Jan 19, 2011 at 7:01 PM, George Stanchev <Gstanchev@serena.com> wrote:
> Hi Colm,
>
>
>
> Continuing the discussion from your blog’s comment section [1] which I think
> it’s more appropriate here.
>
>
>
> Having access to keystore and trustore getters and setters in the Crypto
> class hierarchy is great. However it doesn’t help in the case of when used
> in conjunction with Ramprt because rampart creates the Crypto instance and
> initializes it using the configuration tags in the supplied properties. It
> is unfortunate that the property bag is a Properties class because it now
> can store <String, String> data and cannot be retrofitted to hold KeyStore
> instance for example (unless someone subclass it as well and proxy the core
> Properties calls and just snap on a more generic getters/setters which is a
> major PIA).
>
>
>
> My suggestion going forward, would be to convert the configuration property
> bag from Properties to HashMap<String, Object> (or just HashMap) to allow
> passing of objects to the Crypto and change Rampart correspondingly. We can
> keep existing constructors for backward compatibility. Then, once done,
> configuration tags can be added for a keystore and truststore instances to
> be passed in.
>
>
>
> If this is something both the Rampart and WSS4J folks think is appropriate
> approach, I can submit JIRAs in both projects and help out with a patch.
>
>
>
> George
>
>
>
> [1]
> http://coheigea.blogspot.com/2011/01/wss4j-16-crypto-property-change.html#comments
>
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message