ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1671103 - /webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
Date Fri, 03 Apr 2015 17:14:15 GMT
Author: coheigea
Date: Fri Apr  3 17:14:14 2015
New Revision: 1671103

URL: http://svn.apache.org/r1671103
Log:
Allow the possibilty to subclass the PKIXParameters in WSS4J


Conflicts:
	ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1671103&r1=1671102&r2=1671103&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
Fri Apr  3 17:14:14 2015
@@ -24,6 +24,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -910,12 +911,6 @@ public class Merlin extends CryptoBase {
                 }
             }
 
-            PKIXParameters param = new PKIXParameters(set);
-            param.setRevocationEnabled(enableRevocation);
-            if (enableRevocation && crlCertStore != null) {
-                param.addCertStore(crlCertStore);
-            }
-
             // Verify the trust path using the above settings
             String provider = getCryptoProvider();
             CertPathValidator validator = null;
@@ -924,6 +919,8 @@ public class Merlin extends CryptoBase {
             } else {
                 validator = CertPathValidator.getInstance("PKIX", provider);
             }
+            
+            PKIXParameters param = createPKIXParameters(set, enableRevocation);
             validator.validate(path, param);
         } catch (NoSuchProviderException e) {
                 throw new WSSecurityException(
@@ -938,7 +935,7 @@ public class Merlin extends CryptoBase {
                 throw new WSSecurityException(
                     WSSecurityException.ErrorCode.FAILURE, "certpath", e
                 );
-        } catch (java.security.InvalidAlgorithmParameterException e) {
+        } catch (InvalidAlgorithmParameterException e) {
                 throw new WSSecurityException(
                     WSSecurityException.ErrorCode.FAILURE, "certpath", e
                 );
@@ -963,6 +960,19 @@ public class Merlin extends CryptoBase {
         }
     }
     
+    // Separated out to allow subclasses to override it
+    protected PKIXParameters createPKIXParameters(
+        Set<TrustAnchor> trustAnchors, boolean enableRevocation
+    ) throws InvalidAlgorithmParameterException {
+        PKIXParameters param = new PKIXParameters(trustAnchors);
+        param.setRevocationEnabled(enableRevocation);
+        if (enableRevocation && crlCertStore != null) {
+            param.addCertStore(crlCertStore);
+        }
+        
+        return param;
+    }
+    
     /**
      * Evaluate whether a given public key should be trusted.
      * 



Mime
View raw message