ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1671101 - /webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
Date Fri, 03 Apr 2015 17:09:34 GMT
Author: coheigea
Date: Fri Apr  3 17:09:34 2015
New Revision: 1671101

URL: http://svn.apache.org/r1671101
Log:
Allow the possibilty to subclass the PKIXParameters in WSS4J

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1671101&r1=1671100&r2=1671101&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
Fri Apr  3 17:09:34 2015
@@ -24,6 +24,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -831,12 +832,6 @@ public class Merlin extends CryptoBase {
                 }
             }
 
-            PKIXParameters param = new PKIXParameters(set);
-            param.setRevocationEnabled(enableRevocation);
-            if (enableRevocation && crlCertStore != null) {
-                param.addCertStore(crlCertStore);
-            }
-
             // Verify the trust path using the above settings
             String provider = getCryptoProvider();
             CertPathValidator validator = null;
@@ -845,9 +840,11 @@ public class Merlin extends CryptoBase {
             } else {
                 validator = CertPathValidator.getInstance("PKIX", provider);
             }
+            
+            PKIXParameters param = createPKIXParameters(set, enableRevocation);
             validator.validate(path, param);
         } catch (NoSuchProviderException | NoSuchAlgorithmException 
-            | CertificateException | java.security.InvalidAlgorithmParameterException
+            | CertificateException | InvalidAlgorithmParameterException
             | java.security.cert.CertPathValidatorException 
             | KeyStoreException e) {
                 throw new WSSecurityException(
@@ -861,6 +858,19 @@ public class Merlin extends CryptoBase {
         }
     }
     
+    // Separated out to allow subclasses to override it
+    protected PKIXParameters createPKIXParameters(
+        Set<TrustAnchor> trustAnchors, boolean enableRevocation
+    ) throws InvalidAlgorithmParameterException {
+        PKIXParameters param = new PKIXParameters(trustAnchors);
+        param.setRevocationEnabled(enableRevocation);
+        if (enableRevocation && crlCertStore != null) {
+            param.addCertStore(crlCertStore);
+        }
+        
+        return param;
+    }
+    
     /**
      * Evaluate whether a given public key should be trusted.
      * 



Mime
View raw message