ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r785617 - in /webservices/wss4j/trunk: pom.xml src/org/apache/ws/security/components/crypto/CryptoBase.java test/wssec/TestWSSecurityWSS178.java test/wssec/TestWSSecurityWSS86.java
Date Wed, 17 Jun 2009 14:21:02 GMT
Author: coheigea
Date: Wed Jun 17 14:21:01 2009
New Revision: 785617

URL: http://svn.apache.org/viewvc?rev=785617&view=rev
Log:
Forward-merged Dan's BouncyCastle fix to trunk
 - Forward-merged pkcs12 fix as well.

Modified:
    webservices/wss4j/trunk/pom.xml
    webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java
    webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java

Modified: webservices/wss4j/trunk/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/pom.xml?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/pom.xml (original)
+++ webservices/wss4j/trunk/pom.xml Wed Jun 17 14:21:01 2009
@@ -191,7 +191,7 @@
                               !org.apache.ws.axis.security.*,
                               javax.xml.crypto.*,
                               org.apache.xml.security.*,
-                              org.bouncycastle.*,
+                              org.bouncycastle.*;resolution:=optional,
                               org.jcp.xml.dsig.internal.*,
                               org.opensaml.*;resolution:=optional,
                               *;resolution:=optional
@@ -363,7 +363,7 @@
                     <groupId>bouncycastle</groupId>
                     <artifactId>bcprov-jdk14</artifactId>
                     <version>${bcprov.jdk14.version}</version>
-                    <scope>compile</scope>
+                    <scope>test</scope>
                 </dependency>
             </dependencies>
         </profile>
@@ -377,7 +377,7 @@
                     <groupId>bouncycastle</groupId>
                     <artifactId>bcprov-jdk15</artifactId>
                     <version>${bcprov.jdk15.version}</version>
-                    <scope>compile</scope>
+                    <scope>test</scope>
                 </dependency>
             </dependencies>
         </profile>

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java Wed
Jun 17 14:21:01 2009
@@ -24,10 +24,9 @@
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.util.WSSecurityUtil;
 
-import org.bouncycastle.asn1.x509.X509Name;
-
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.lang.reflect.Constructor;
 import java.math.BigInteger;
 import java.security.Key;
 import java.security.KeyStore;
@@ -76,10 +75,23 @@
     public static final String NAME_CONSTRAINTS_OID = "2.5.29.30";
     
     private static Log log = LogFactory.getLog(CryptoBase.class);
+    private static final Constructor BC_509CLASS_CONS;
+
     protected static Map certFactMap = new HashMap();
     protected KeyStore keystore = null;
     protected KeyStore truststore = null;
     
+    static {
+        Constructor cons = null;
+        try {
+            Class c = Class.forName("org.bouncycastle.asn1.x509.X509Name");
+            cons = c.getConstructor(new Class[] {String.class});
+        } catch (Exception e) {
+            //ignore
+        }
+        BC_509CLASS_CONS = cons;
+    }
+    
     /**
      * Constructor
      */
@@ -254,6 +266,17 @@
         java.util.Collections.sort(vr);
         return vr;
     }
+    
+    private Object createBCX509Name(String s) {
+        if (BC_509CLASS_CONS != null) {
+             try {
+                 return BC_509CLASS_CONS.newInstance(new Object[] {s});
+             } catch (Exception e) {
+                 //ignore
+             }
+        }
+        return new X500Principal(s);
+    }
 
     /**
      * Lookup an X509 Certificate in the keystore according to a given serial number and
@@ -270,8 +293,7 @@
      */
     public String getAliasForX509Cert(String issuer, BigInteger serialNumber)
         throws WSSecurityException {
-        X500Principal issuerRDN = null;
-        X509Name issuerName = null;
+        Object issuerName = null;
         Certificate cert = null;
         
         if (keystore == null) {
@@ -287,10 +309,10 @@
         // back on a direct conversion to a BC X509Name
         //
         try {
-            issuerRDN = new X500Principal(issuer);
-            issuerName =  new X509Name(issuerRDN.getName());
+            X500Principal issuerRDN = new X500Principal(issuer);
+            issuerName =  createBCX509Name(issuerRDN.getName());
         } catch (java.lang.IllegalArgumentException ex) {
-            issuerName = new X509Name(issuer);
+            issuerName = createBCX509Name(issuer);
         }
 
         try {
@@ -311,7 +333,8 @@
                 }
                 X509Certificate x509cert = (X509Certificate) cert;
                 if (x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
-                    X509Name certName = new X509Name(x509cert.getIssuerDN().getName());
+                    Object certName = 
+                        createBCX509Name(x509cert.getIssuerDN().getName());
                     if (certName.equals(issuerName)) {
                         return alias;
                     }
@@ -335,8 +358,7 @@
      */
     public X509Certificate getX509Certificate(String issuer, BigInteger serialNumber)
         throws WSSecurityException {
-        X500Principal issuerRDN = null;
-        X509Name issuerName = null;
+        Object issuerName = null;
         Certificate cert = null;
         
         if (keystore == null) {
@@ -352,10 +374,10 @@
         // back on a direct conversion to a BC X509Name
         //
         try {
-            issuerRDN = new X500Principal(issuer);
-            issuerName =  new X509Name(issuerRDN.getName());
+            X500Principal issuerRDN = new X500Principal(issuer);
+            issuerName =  createBCX509Name(issuerRDN.getName());
         } catch (java.lang.IllegalArgumentException ex) {
-            issuerName = new X509Name(issuer);
+            issuerName = createBCX509Name(issuer);
         }
 
         try {
@@ -376,7 +398,8 @@
                 }
                 X509Certificate x509cert = (X509Certificate) cert;
                 if (x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
-                    X509Name certName = new X509Name(x509cert.getIssuerDN().getName());
+                    Object certName = 
+                        createBCX509Name(x509cert.getIssuerDN().getName());
                     if (certName.equals(issuerName)) {
                         return x509cert;
                     }
@@ -481,13 +504,16 @@
             if (keystore == null) {
                 return null;
             }
-            String alias = keystore.getCertificateAlias(cert);
-            if (alias != null) {
-                return alias;
-            }
-            // Use brute force search
+            //
+            // The following code produces the wrong alias in BouncyCastle and so
+            // we'll just use the brute-force search
+            //
+            // String alias = keystore.getCertificateAlias(cert);
+            // if (alias != null) {
+            //     return alias;
+            // }
             for (Enumeration e = keystore.aliases(); e.hasMoreElements();) {
-                alias = (String) e.nextElement();
+                String alias = (String) e.nextElement();
                 Certificate retrievedCert = keystore.getCertificate(alias);
                 if (retrievedCert.equals(cert)) {
                     return alias;

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java Wed Jun 17 14:21:01 2009
@@ -66,7 +66,7 @@
         + "</SOAP-ENV:Envelope>";
 
     private WSSecurityEngine secEngine = new WSSecurityEngine();
-    private Crypto crypto = CryptoFactory.getInstance("crypto.properties");
+    private Crypto crypto;
 
     /**
      * TestWSSecurity constructor
@@ -75,6 +75,8 @@
      */
     public TestWSSecurityWSS178(String name) {
         super(name);
+        secEngine.getWssConfig(); //make sure BC gets registered
+        crypto = CryptoFactory.getInstance("crypto.properties");
     }
 
     /**
@@ -131,7 +133,6 @@
         verify(encryptedDoc);
     }
     
-    
     /**
      * Test where the Assertion is referenced using direct reference
      * (from the SecurityTokenReference).

Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java Wed Jun 17 14:21:01 2009
@@ -69,7 +69,7 @@
         +   "</SOAP-ENV:Body>" 
         + "</SOAP-ENV:Envelope>";
     private WSSecurityEngine secEngine = new WSSecurityEngine();
-    private Crypto crypto = CryptoFactory.getInstance("wss86.properties");
+    private Crypto crypto;
 
     /**
      * TestWSSecurity constructor
@@ -79,6 +79,8 @@
      */
     public TestWSSecurityWSS86(String name) {
         super(name);
+        secEngine.getWssConfig(); //make sure BC gets registered
+        crypto = CryptoFactory.getInstance("wss86.properties");
     }
 
     /**



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message