ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1664304 - in /webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common: crypto/Crypto.java crypto/CryptoBase.java crypto/Merlin.java saml/SamlAssertionWrapper.java
Date Thu, 05 Mar 2015 11:04:34 GMT
Author: coheigea
Date: Thu Mar  5 11:04:33 2015
New Revision: 1664304

URL: http://svn.apache.org/r1664304
Log:
More refactoring

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Crypto.java
Thu Mar  5 11:04:33 2015
@@ -72,10 +72,9 @@ public interface Crypto {
     /**
      * Sets the CertificateFactory instance on this Crypto instance
      *
-     * @param provider the CertificateFactory provider name
      * @param certFactory the CertificateFactory the CertificateFactory instance to set
      */
-    void setCertificateFactory(String provider, CertificateFactory certFactory);
+    void setCertificateFactory(CertificateFactory certFactory);
     
     /**
      * Get the CertificateFactory instance on this Crypto instance

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/CryptoBase.java
Thu Mar  5 11:04:33 2015
@@ -32,10 +32,8 @@ import java.security.cert.CertificateFac
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -62,9 +60,9 @@ public abstract class CryptoBase impleme
                     
     private static final Constructor<?> BC_509CLASS_CONS;
 
-    protected Map<String, CertificateFactory> certFactMap = new HashMap<>();
-    private String defaultAlias = null;
-    private String cryptoProvider = null;
+    protected CertificateFactory certificateFactory;
+    private String defaultAlias;
+    private String cryptoProvider;
     
     static {
         Constructor<?> cons = null;
@@ -127,15 +125,10 @@ public abstract class CryptoBase impleme
     /**
      * Sets the CertificateFactory instance on this Crypto instance
      *
-     * @param provider the CertificateFactory provider name
      * @param certFactory the CertificateFactory the CertificateFactory instance to set
      */
-    public void setCertificateFactory(String provider, CertificateFactory certFactory) {
-        if (provider == null || provider.length() == 0) {
-            certFactMap.put(certFactory.getProvider().getName(), certFactory);
-        } else {
-            certFactMap.put(provider, certFactory);
-        }
+    public void setCertificateFactory(CertificateFactory certFactory) {
+        this.certificateFactory = certFactory;
     }
     
     /**
@@ -146,37 +139,28 @@ public abstract class CryptoBase impleme
      * @throws WSSecurityException
      */
     public CertificateFactory getCertificateFactory() throws WSSecurityException {
-        String provider = getCryptoProvider();
-
-        //Try to find a CertificateFactory that generates certs that are fully
-        //compatible with the certs in the KeyStore  (Sun -> Sun, BC -> BC, etc...)
-        CertificateFactory factory = null;
-        if (provider != null && provider.length() != 0) {
-            factory = certFactMap.get(provider);
-        } else {
-            factory = certFactMap.get("DEFAULT");
+        if (certificateFactory != null) {
+            return certificateFactory;
         }
-        if (factory == null) {
-            try {
-                if (provider == null || provider.length() == 0) {
-                    factory = CertificateFactory.getInstance("X.509");
-                    certFactMap.put("DEFAULT", factory);
-                } else {
-                    factory = CertificateFactory.getInstance("X.509", provider);
-                    certFactMap.put(provider, factory);
-                }
-                certFactMap.put(factory.getProvider().getName(), factory);
-            } catch (CertificateException e) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType",
e
-                );
-            } catch (NoSuchProviderException e) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider",
e
-                );
+        
+        try {
+            String provider = getCryptoProvider();
+            if (provider == null || provider.length() == 0) {
+                certificateFactory = CertificateFactory.getInstance("X.509");
+            } else {
+                certificateFactory = CertificateFactory.getInstance("X.509", provider);
             }
+        } catch (CertificateException e) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType",
e
+            );
+        } catch (NoSuchProviderException e) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider",
e
+            );
         }
-        return factory;
+        
+        return certificateFactory;
     }
 
     /**

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
Thu Mar  5 11:04:33 2015
@@ -356,7 +356,7 @@ public class Merlin extends CryptoBase {
      * @param input <code>InputStream</code> to read from
      * @throws WSSecurityException
      */
-    public KeyStore load(InputStream input, String storepass, String provider, String type)

+    protected KeyStore load(InputStream input, String storepass, String provider, String
type) 
         throws WSSecurityException {
         KeyStore ks = null;
         
@@ -448,65 +448,47 @@ public class Merlin extends CryptoBase {
      */
     @Override
     public CertificateFactory getCertificateFactory() throws WSSecurityException {
+        if (certificateFactory != null) {
+            return certificateFactory;
+        }
+        
         String provider = getCryptoProvider();
         String keyStoreProvider = null;
         if (keystore != null) {
             keyStoreProvider = keystore.getProvider().getName();
         }
-
-        //Try to find a CertificateFactory that generates certs that are fully
-        //compatible with the certs in the KeyStore  (Sun -> Sun, BC -> BC, etc...)
-        CertificateFactory factory = null;
-        if (provider != null) {
-            factory = certFactMap.get(provider);
-        } else if (keyStoreProvider != null) {
-            factory = 
-                certFactMap.get(mapKeystoreProviderToCertProvider(keyStoreProvider));
-            if (factory == null) {
-                factory = certFactMap.get(keyStoreProvider);                
-            }
-        } else {
-            factory = certFactMap.get("DEFAULT");
-        }
-        if (factory == null) {
-            try {
-                if (provider == null || provider.length() == 0) {
-                    if (keyStoreProvider != null && keyStoreProvider.length() !=
0) {
-                        try {
-                            factory = 
-                                CertificateFactory.getInstance(
-                                    "X.509", mapKeystoreProviderToCertProvider(keyStoreProvider)
-                                );
-                            certFactMap.put(keyStoreProvider, factory);
-                            certFactMap.put(
-                                mapKeystoreProviderToCertProvider(keyStoreProvider), factory
+        
+        try {
+            if (provider == null || provider.length() == 0) {
+                if (keyStoreProvider != null && keyStoreProvider.length() != 0) {
+                    try {
+                        certificateFactory = 
+                            CertificateFactory.getInstance(
+                                "X.509", mapKeystoreProviderToCertProvider(keyStoreProvider)
                             );
-                        } catch (Exception ex) {
-                            LOG.debug(ex.getMessage(), ex);
-                            //Ignore, we'll just use the default since they didn't specify
one.
-                            //Hopefully that will work for them.
-                        }
-                    }
-                    if (factory == null) {
-                        factory = CertificateFactory.getInstance("X.509");
-                        certFactMap.put("DEFAULT", factory);
+                    } catch (Exception ex) {
+                        LOG.debug(ex.getMessage(), ex);
+                        //Ignore, we'll just use the default since they didn't specify one.
+                        //Hopefully that will work for them.
                     }
-                } else {
-                    factory = CertificateFactory.getInstance("X.509", provider);
-                    certFactMap.put(provider, factory);
                 }
-                certFactMap.put(factory.getProvider().getName(), factory);
-            } catch (CertificateException e) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType",
e
-                );
-            } catch (NoSuchProviderException e) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider",
e
-                );
+                if (certificateFactory == null) {
+                    certificateFactory = CertificateFactory.getInstance("X.509");
+                }
+            } else {
+                certificateFactory = CertificateFactory.getInstance("X.509", provider);
             }
+        } catch (CertificateException e) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedCertType",
e
+            );
+        } catch (NoSuchProviderException e) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noSecProvider",
e
+            );
         }
-        return factory;
+
+        return certificateFactory;
     }
     
     private String mapKeystoreProviderToCertProvider(String s) {

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1664304&r1=1664303&r2=1664304&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Thu Mar  5 11:04:33 2015
@@ -34,9 +34,10 @@ import org.apache.wss4j.common.saml.buil
 import org.apache.wss4j.common.saml.builder.SAML2ComponentBuilder;
 import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.wss4j.common.util.InetAddressUtils;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.exceptions.Base64DecodingException;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.XMLUtils;
 import org.joda.time.DateTime;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.saml.common.SAMLObjectContentReference;
@@ -750,18 +751,31 @@ public class SamlAssertionWrapper {
             sig = saml1.getSignature();
         }
         if (sig != null) {
-            Element signatureElement = sig.getDOM();
-            
-            try {
-                // Use XML-Security class to obtain SignatureValue
-                XMLSignature xmlSignature = new XMLSignature(signatureElement, "");
-                return xmlSignature.getSignatureValue();
-            } catch (XMLSecurityException e) {
-                throw new WSSecurityException(
-                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", e
-                );
+            return getSignatureValue(sig);
+        }
+        return null;
+    }
+    
+    private byte[] getSignatureValue(Signature signature) throws WSSecurityException {
+        Element signatureElement = signature.getDOM();
+        
+        if (signatureElement != null) {
+            Element signedInfoElem = XMLUtils.getNextElement(signatureElement.getFirstChild());
+            if (signedInfoElem != null) {
+                Element signatureValueElement = 
+                    XMLUtils.getNextElement(signedInfoElem.getNextSibling());
+                if (signatureValueElement != null) {
+                    try {
+                        return Base64.decode(signatureValueElement);
+                    } catch (Base64DecodingException ex) {
+                        throw new WSSecurityException(
+                            WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
ex
+                        );
+                    }
+                }
             }
         }
+        
         return null;
     }
 



Mime
View raw message