ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1241502 [1/3] - in /webservices/wss4j/branches/swssf: ./ streaming-ws-policy/src/test/java/org/swssf/policy/test/ streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ streaming-ws-security/src/main/java/org/swssf/wss/imp...
Date Tue, 07 Feb 2012 15:51:16 GMT
Author: coheigea
Date: Tue Feb  7 15:51:14 2012
New Revision: 1241502

URL: http://svn.apache.org/viewvc?rev=1241502&view=rev
Log:
Upgrading SWSSF Crypto implementation to be almost identical to WSS4J

Added:
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoType.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/DERDecoder.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Loader.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/MerlinBase.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/X509SubjectPublicKeyInfo.java
Modified:
    webservices/wss4j/branches/swssf/pom.xml
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/CryptoBase.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Merlin.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityProperties.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/resources/messages/errors.properties

Modified: webservices/wss4j/branches/swssf/pom.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/pom.xml?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/pom.xml (original)
+++ webservices/wss4j/branches/swssf/pom.xml Tue Feb  7 15:51:14 2012
@@ -45,7 +45,7 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <xmlsec.version>1.4.6</xmlsec.version>
+        <xmlsec.version>1.5.0</xmlsec.version>
         <wss4j.version>1.6.4</wss4j.version>
     </properties>
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java Tue Feb  7 15:51:14 2012
@@ -26,6 +26,7 @@ import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSSecurityProperties;
 import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.crypto.Merlin;
 import org.swssf.xmlsec.ext.SecurePart;
 import org.testng.Assert;
@@ -2064,7 +2065,9 @@ public class AsymmetricBindingIntegratio
         keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
         Merlin crypto = new Merlin();
         crypto.setKeyStore(keyStore);
-        callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("transmitter");
+        callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
         outSecurityProperties.setCallbackHandler(callbackHandler);
         outSecurityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
         outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java Tue Feb  7 15:51:14 2012
@@ -18,6 +18,11 @@
  */
 package org.swssf.wss.impl.processor.input;
 
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.events.XMLEvent;
+
 import org.swssf.binding.xmldsig.KeyInfoType;
 import org.swssf.binding.xmlenc.EncryptedDataType;
 import org.swssf.binding.xmlenc.ReferenceList;
@@ -29,12 +34,16 @@ import org.swssf.wss.securityEvent.Conte
 import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
 import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
 import org.swssf.wss.securityEvent.TokenSecurityEvent;
-import org.swssf.xmlsec.ext.*;
+import org.swssf.xmlsec.ext.ComparableAttribute;
+import org.swssf.xmlsec.ext.ComparableNamespace;
+import org.swssf.xmlsec.ext.InputProcessorChain;
+import org.swssf.xmlsec.ext.SecurePart;
+import org.swssf.xmlsec.ext.SecurityContext;
+import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.ext.XMLSecurityProperties;
 import org.swssf.xmlsec.impl.processor.input.AbstractDecryptInputProcessor;
-
-import javax.xml.namespace.QName;
-import javax.xml.stream.events.XMLEvent;
-import java.util.List;
+import org.swssf.xmlsec.impl.securityToken.SecurityTokenFactory;
 
 /**
  * Processor for decryption of EncryptedData XML structures
@@ -82,6 +91,15 @@ public class DecryptInputProcessor exten
                 this,
                 securityToken);
     }
+    
+    @Override
+    protected SecurityToken findSecurityToken(
+            KeyInfoType keyInfoType, XMLSecurityProperties securityProperties,
+            SecurityContext securityContext, Object processor) throws XMLSecurityException {
+        return SecurityTokenFactory.newInstance().getSecurityToken(
+                keyInfoType, getSecurityProperties().getDecryptionCrypto(),
+                getSecurityProperties().getCallbackHandler(), securityContext, processor);
+    }
 
     @Override
     protected void handleSecurityToken(

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/BinarySecurityTokenOutputProcessor.java Tue Feb  7 15:51:14 2012
@@ -23,6 +23,7 @@ import org.swssf.wss.impl.securityToken.
 import org.swssf.wss.securityEvent.SecurityEvent;
 import org.swssf.wss.securityEvent.TokenSecurityEvent;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.*;
 
 import javax.xml.stream.XMLStreamException;
@@ -64,7 +65,9 @@ public class BinarySecurityTokenOutputPr
                     throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noPassword", alias);
                 }
                 key = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, password);
-                x509Certificates = getSecurityProperties().getSignatureCrypto().getCertificates(getSecurityProperties().getSignatureUser());
+                CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                cryptoType.setAlias(getSecurityProperties().getSignatureUser());
+                x509Certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
                 if (x509Certificates == null || x509Certificates.length == 0) {
                     throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "noUserCertsFound", alias);
                 }
@@ -79,7 +82,9 @@ public class BinarySecurityTokenOutputPr
                     x509Certificates = new X509Certificate[1];
                     x509Certificates[0] = x509Certificate;
                 } else {
-                    x509Certificates = getSecurityProperties().getEncryptionCrypto().getCertificates(getSecurityProperties().getEncryptionUser());
+                    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                    cryptoType.setAlias(getSecurityProperties().getEncryptionUser());
+                    x509Certificates = getSecurityProperties().getEncryptionCrypto().getX509Certificates(cryptoType);
                     if (x509Certificates == null || x509Certificates.length == 0) {
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "noUserCertsFound", getSecurityProperties().getEncryptionUser());
                     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/EncryptOutputProcessor.java Tue Feb  7 15:51:14 2012
@@ -18,26 +18,27 @@
  */
 package org.swssf.wss.impl.processor.output;
 
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.xmlsec.ext.*;
-import org.swssf.xmlsec.impl.EncryptionPartDef;
-import org.swssf.xmlsec.impl.processor.output.AbstractEncryptOutputProcessor;
-
-import javax.crypto.NoSuchPaddingException;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
-import java.util.UUID;
+
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.StartElement;
+
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSDocumentContext;
+import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.xmlsec.ext.OutputProcessorChain;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.swssf.xmlsec.impl.EncryptionPartDef;
+import org.swssf.xmlsec.impl.processor.output.XMLEncryptOutputProcessor;
 
 /**
  * Processor to encrypt XML structures
@@ -45,58 +46,37 @@ import java.util.UUID;
  * @author $Author$
  * @version $Revision$ $Date$
  */
-public class EncryptOutputProcessor extends AbstractEncryptOutputProcessor {
+public class EncryptOutputProcessor extends XMLEncryptOutputProcessor {
 
     public EncryptOutputProcessor(WSSSecurityProperties securityProperties, XMLSecurityConstants.Action action) throws XMLSecurityException {
         super(securityProperties, action);
     }
-
+    
+    /**
+     * Return InternalEncryptionOutputProcessor, which writes out a SecurityTokenReference in the KeyInfo
+     * of the EncryptedData
+     */
     @Override
-    public void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
-
-        if (xmlEvent.isStartElement()) {
-            StartElement startElement = xmlEvent.asStartElement();
-
-            //avoid double encryption when child elements matches too
-            if (getActiveInternalEncryptionOutputProcessor() == null) {
-                SecurePart securePart = securePartMatches(startElement, outputProcessorChain, securityProperties.getEncryptionSecureParts());
-                if (securePart != null) {
-                    logger.debug("Matched securePart for encryption");
-                    InternalEncryptionOutputProcessor internalEncryptionOutputProcessor = null;
-                    try {
-                        String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION);
-                        SecurityTokenProvider securityTokenProvider = outputProcessorChain.getSecurityContext().getSecurityTokenProvider(tokenId);
-                        EncryptionPartDef encryptionPartDef = new EncryptionPartDef();
-                        encryptionPartDef.setModifier(securePart.getModifier());
-                        encryptionPartDef.setEncRefId("ED-" + UUID.randomUUID().toString());
-                        encryptionPartDef.setKeyId(securityTokenProvider.getId());
-                        encryptionPartDef.setSymmetricKey(securityTokenProvider.getSecurityToken(null).getSecretKey(getSecurityProperties().getEncryptionSymAlgorithm(), null));
-                        outputProcessorChain.getSecurityContext().putAsList(EncryptionPartDef.class, encryptionPartDef);
-                        internalEncryptionOutputProcessor =
-                                new InternalEncryptionOutputProcessor(
-                                        ((WSSSecurityProperties) getSecurityProperties()),
+    protected AbstractInternalEncryptionOutputProcessor createInternalEncryptionOutputProcessor(
+        EncryptionPartDef encryptionPartDef,
+        StartElement startElement,
+        OutputProcessorChain outputProcessorChain
+    ) throws XMLStreamException, XMLSecurityException {
+        try {
+            return new InternalEncryptionOutputProcessor((WSSSecurityProperties)getSecurityProperties(),
                                         getAction(),
                                         encryptionPartDef,
                                         startElement,
-                                        outputProcessorChain.getDocumentContext().getEncoding()
-                                );
-                    } catch (NoSuchAlgorithmException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
-                    } catch (NoSuchPaddingException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
-                    } catch (InvalidKeyException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
-                    } catch (IOException e) {
-                        throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
-                    }
-
-                    setActiveInternalEncryptionOutputProcessor(internalEncryptionOutputProcessor);
-                    outputProcessorChain.addProcessor(internalEncryptionOutputProcessor);
-                }
-            }
+                                        outputProcessorChain.getDocumentContext().getEncoding());
+        } catch (NoSuchAlgorithmException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+        } catch (NoSuchPaddingException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+        } catch (InvalidKeyException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
+        } catch (IOException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_ENCRYPTION, e);
         }
-
-        outputProcessorChain.processEvent(xmlEvent);
     }
 
     /**

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/output/SAMLTokenOutputProcessor.java Tue Feb  7 15:51:14 2012
@@ -29,6 +29,7 @@ import org.swssf.wss.impl.saml.bean.Subj
 import org.swssf.wss.impl.securityToken.ProcessorInfoSecurityToken;
 import org.swssf.wss.impl.securityToken.SAMLSecurityToken;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.*;
 import org.w3c.dom.*;
 
@@ -91,7 +92,9 @@ public class SAMLTokenOutputProcessor ex
 
             if (senderVouches) {
                 // prepare to sign the SAML token
-                certificates = samlCallback.getIssuerCrypto().getCertificates(samlCallback.getIssuerKeyName());
+                CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                cryptoType.setAlias(samlCallback.getIssuerKeyName());
+                certificates = samlCallback.getIssuerCrypto().getX509Certificates(cryptoType);
                 if (certificates == null) {
                     throw new WSSecurityException(
                             "No issuer certs were found to sign the SAML Assertion using issuer name: "
@@ -110,13 +113,15 @@ public class SAMLTokenOutputProcessor ex
                     if (keyInfoBean != null) {
                         X509Certificate x509Certificate = keyInfoBean.getCertificate();
                         if (x509Certificate != null) {
-                            String alias = getSecurityProperties().getSignatureCrypto().getAliasForX509Cert(x509Certificate);
+                            String alias = getSecurityProperties().getSignatureCrypto().getX509Identifier(x509Certificate);
                             if (alias == null) {
                                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
                             }
                             WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(alias, WSPasswordCallback.Usage.SIGNATURE);
                             WSSUtils.doPasswordCallback(getSecurityProperties().getCallbackHandler(), wsPasswordCallback);
-                            certificates = getSecurityProperties().getSignatureCrypto().getCertificates(alias);
+                            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+                            cryptoType.setAlias(alias);
+                            certificates = getSecurityProperties().getSignatureCrypto().getX509Certificates(cryptoType);
                             privateKey = getSecurityProperties().getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword());
                         }
                     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/saml/SAMLAssertionWrapper.java Tue Feb  7 15:51:14 2012
@@ -41,6 +41,7 @@ import org.swssf.wss.ext.*;
 import org.swssf.wss.impl.saml.builder.SAML1ComponentBuilder;
 import org.swssf.wss.impl.saml.builder.SAML2ComponentBuilder;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.XMLSecurityException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -292,7 +293,9 @@ public class SAMLAssertionWrapper {
         signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm);
 
         // prepare to sign the SAML token
-        X509Certificate[] issuerCerts = issuerCrypto.getCertificates(issuerKeyName);
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(issuerKeyName);
+        X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
         if (issuerCerts == null) {
             throw new WSSecurityException(
                     "No issuer certs were found to sign the SAML Assertion using issuer name: "
@@ -457,7 +460,11 @@ public class SAMLAssertionWrapper {
                                         WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"
                                 );
                             }
-                            certs = securityProperties.getSignatureVerificationCrypto().getCertificates(((X509IssuerSerial) x509obj).getIssuerName(), ((X509IssuerSerial) x509obj).getSerialNumber());
+                            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+                            cryptoType.setIssuerSerial(
+                                    ((X509IssuerSerial) x509obj).getIssuerName(), ((X509IssuerSerial) x509obj).getSerialNumber()
+                            );
+                            certs = securityProperties.getSignatureVerificationCrypto().getX509Certificates(cryptoType);
                             if (certs == null || certs.length < 1) {
                                 throw new WSSecurityException(
                                         WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
@@ -742,7 +749,9 @@ public class SAMLAssertionWrapper {
         String issuerString = cert.getIssuerX500Principal().getName();
         BigInteger issuerSerial = cert.getSerialNumber();
 
-        X509Certificate[] foundCerts = crypto.getCertificates(issuerString, issuerSerial);
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+        cryptoType.setIssuerSerial(issuerString, issuerSerial);
+        X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
 
         //
         // If a certificate has been found, the certificates must be compared
@@ -804,7 +813,9 @@ public class SAMLAssertionWrapper {
         // SECOND step - Search for the issuer cert (chain) of the transmitted certificate in the
         // keystore or the truststore
         //
-        X509Certificate[] foundCerts = crypto.getCertificates(issuerString);
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(issuerString);
+        X509Certificate[] foundCerts = crypto.getX509Certificates(cryptoType);
 
         // If the certs have not been found, the issuer is not in the keystore/truststore
         // As a direct result, do not trust the transmitted certificate

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Tue Feb  7 15:51:14 2012
@@ -56,10 +56,10 @@ public class SecurityTokenFactoryImpl ex
             final SecurityTokenReferenceType securityTokenReferenceType
                     = XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
             return getSecurityToken(securityTokenReferenceType, crypto, callbackHandler, securityContext, processor);
-        } else if (crypto.getDefaultX509Alias() != null) {
+        } else if (crypto.getDefaultX509Identifier() != null) {
             return new X509DefaultSecurityToken(
-                    (WSSecurityContext) securityContext, crypto, callbackHandler, crypto.getDefaultX509Alias(),
-                    crypto.getDefaultX509Alias(), null, processor
+                    (WSSecurityContext) securityContext, crypto, callbackHandler, crypto.getDefaultX509Identifier(),
+                    crypto.getDefaultX509Identifier(), null, processor
             );
         }
         throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ThumbprintSHA1SecurityToken.java Tue Feb  7 15:51:14 2012
@@ -18,9 +18,12 @@
  */
 package org.swssf.wss.impl.securityToken;
 
+import java.security.cert.X509Certificate;
+
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.XMLSecurityException;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -41,7 +44,11 @@ public class ThumbprintSHA1SecurityToken
 
     protected String getAlias() throws XMLSecurityException {
         if (this.alias == null) {
-            this.alias = getCrypto().getAliasForX509CertThumb(binaryContent);
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
+            cryptoType.setBytes(binaryContent);
+            X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+            
+            this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java Tue Feb  7 15:51:14 2012
@@ -18,11 +18,14 @@
  */
 package org.swssf.wss.impl.securityToken;
 
+import java.security.cert.X509Certificate;
+
 import org.swssf.binding.xmldsig.X509DataType;
 import org.swssf.binding.xmldsig.X509IssuerSerialType;
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.XMLSecurityException;
 import org.swssf.xmlsec.ext.XMLSecurityUtils;
 
@@ -47,7 +50,12 @@ public class X509DataSecurityToken exten
         if (this.alias == null) {
             X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(
                     x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
-            this.alias = getCrypto().getAliasForX509Cert(x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber());
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+            cryptoType.setIssuerSerial(
+                    x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber()
+            );
+            X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+            this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509PKIPathv1SecurityToken.java Tue Feb  7 15:51:14 2012
@@ -24,7 +24,15 @@ import org.swssf.xmlsec.crypto.Crypto;
 import org.swssf.xmlsec.ext.XMLSecurityException;
 
 import javax.security.auth.callback.CallbackHandler;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.cert.CertPath;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.List;
 
 /**
  * @author $Author$
@@ -38,15 +46,27 @@ public class X509PKIPathv1SecurityToken 
     X509PKIPathv1SecurityToken(WSSecurityContext wsSecurityContext, Crypto crypto, CallbackHandler callbackHandler,
                                byte[] binaryContent, String id, WSSConstants.KeyIdentifierType keyIdentifierType, Object processor) throws XMLSecurityException {
         super(WSSConstants.X509PkiPathV1Token, wsSecurityContext, crypto, callbackHandler, id, keyIdentifierType, processor);
-        X509Certificate[] x509Certificates = crypto.getX509Certificates(binaryContent, false);
-        if (x509Certificates != null && x509Certificates.length > 0) {
-            this.x509Certificates = x509Certificates;
+        
+        InputStream in = new ByteArrayInputStream(binaryContent);
+        try {
+            CertPath certPath = getCrypto().getCertificateFactory().generateCertPath(in);
+            List<? extends Certificate> l = certPath.getCertificates();
+            X509Certificate[] certs = new X509Certificate[l.size()];
+            Iterator<? extends Certificate> iterator = l.iterator();
+            for (int i = 0; i < l.size(); i++) {
+                certs[i] = (X509Certificate) iterator.next();
+            }
+            if (certs.length > 0) {
+                this.x509Certificates = certs;
+            }
+        } catch (CertificateException e) {
+            throw new XMLSecurityException(XMLSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "parseError", e);
         }
     }
 
     protected String getAlias() throws XMLSecurityException {
         if (this.alias == null) {
-            this.alias = getCrypto().getAliasForX509Cert(this.x509Certificates[0]);
+            this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
         }
         return this.alias;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SecurityToken.java Tue Feb  7 15:51:14 2012
@@ -22,6 +22,7 @@ import org.swssf.wss.ext.WSPasswordCallb
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.SecurityToken;
 import org.swssf.xmlsec.ext.XMLSecurityConstants;
 import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -73,7 +74,9 @@ public abstract class X509SecurityToken 
     @Override
     public X509Certificate[] getX509Certificates() throws XMLSecurityException {
         if (this.x509Certificates == null) {
-            this.x509Certificates = getCrypto().getCertificates(getAlias());
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias(getAlias());
+            this.x509Certificates = getCrypto().getX509Certificates(cryptoType);
         }
         return this.x509Certificates;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509SubjectKeyIdentifierSecurityToken.java Tue Feb  7 15:51:14 2012
@@ -18,9 +18,12 @@
  */
 package org.swssf.wss.impl.securityToken;
 
+import java.security.cert.X509Certificate;
+
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.XMLSecurityException;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -41,7 +44,10 @@ public class X509SubjectKeyIdentifierSec
 
     protected String getAlias() throws XMLSecurityException {
         if (this.alias == null) {
-            this.alias = getCrypto().getAliasForX509Cert(binaryContent);
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SKI_BYTES);
+            cryptoType.setBytes(binaryContent);
+            X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+            this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509_V3SecurityToken.java Tue Feb  7 15:51:14 2012
@@ -43,7 +43,7 @@ public class X509_V3SecurityToken extend
 
     protected String getAlias() throws XMLSecurityException {
         if (this.alias == null) {
-            this.alias = getCrypto().getAliasForX509Cert(this.x509Certificates[0]);
+            this.alias = getCrypto().getX509Identifier(this.x509Certificates[0]);
         }
         return this.alias;
     }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/CallbackHandlerImpl.java Tue Feb  7 15:51:14 2012
@@ -26,8 +26,8 @@ import org.swssf.wss.impl.saml.SAMLCallb
 import org.swssf.wss.impl.saml.bean.*;
 import org.swssf.wss.impl.saml.builder.SAML1Constants;
 import org.swssf.wss.impl.saml.builder.SAML2Constants;
-import org.swssf.xmlsec.crypto.CryptoBase;
 import org.swssf.xmlsec.crypto.Merlin;
+import org.swssf.xmlsec.crypto.MerlinBase;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -108,7 +108,7 @@ public class CallbackHandlerImpl impleme
                 SAMLCallback samlCallback = (SAMLCallback) callbacks[0];
                 KeyStore keyStore = KeyStore.getInstance("jks");
                 keyStore.load(this.getClass().getClassLoader().getResourceAsStream("saml/issuer.jks"), "default".toCharArray());
-                CryptoBase crypto = new Merlin();
+                MerlinBase crypto = new Merlin();
                 crypto.setKeyStore(keyStore);
                 samlCallback.setIssuerCrypto(crypto);
                 samlCallback.setIssuerKeyName("samlissuer");

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenHOKTest.java Tue Feb  7 15:51:14 2012
@@ -30,6 +30,7 @@ import org.swssf.wss.ext.WSSSecurityProp
 import org.swssf.wss.securityEvent.SecurityEvent;
 import org.swssf.wss.test.AbstractTestBase;
 import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.crypto.Merlin;
 import org.swssf.xmlsec.test.utils.StAX2DOM;
 import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
@@ -72,7 +73,9 @@ public class SAMLTokenHOKTest extends Ab
             keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
             Merlin crypto = new Merlin();
             crypto.setKeyStore(keyStore);
-            callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("transmitter");
+            callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
             securityProperties.setSignatureUser("transmitter");
 
@@ -204,7 +207,9 @@ public class SAMLTokenHOKTest extends Ab
             keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
             Merlin crypto = new Merlin();
             crypto.setKeyStore(keyStore);
-            callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("transmitter");
+            callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
             securityProperties.setSignatureUser("transmitter");
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/saml/SAMLTokenReferenceTest.java Tue Feb  7 15:51:14 2012
@@ -30,6 +30,7 @@ import org.swssf.wss.ext.WSSSecurityProp
 import org.swssf.wss.securityEvent.SecurityEvent;
 import org.swssf.wss.test.AbstractTestBase;
 import org.swssf.wss.test.CallbackHandlerImpl;
+import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.crypto.Merlin;
 import org.swssf.xmlsec.test.utils.StAX2DOM;
 import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
@@ -150,7 +151,9 @@ public class SAMLTokenReferenceTest exte
             keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
             Merlin crypto = new Merlin();
             crypto.setKeyStore(keyStore);
-            callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("transmitter");
+            callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
             securityProperties.setCallbackHandler(callbackHandler);
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
             securityProperties.setSignatureUser("transmitter");
@@ -369,7 +372,9 @@ public class SAMLTokenReferenceTest exte
             keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
             Merlin crypto = new Merlin();
             crypto.setKeyStore(keyStore);
-            callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("transmitter");
+            callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
             securityProperties.setCallbackHandler(callbackHandler);
             securityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER);
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
@@ -453,7 +458,9 @@ public class SAMLTokenReferenceTest exte
             keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
             Merlin crypto = new Merlin();
             crypto.setKeyStore(keyStore);
-            callbackHandler.setCerts(crypto.getCertificates("transmitter"));
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("transmitter");
+            callbackHandler.setCerts(crypto.getX509Certificates(cryptoType));
             securityProperties.setCallbackHandler(callbackHandler);
             securityProperties.setSignatureKeyIdentifierType(WSSConstants.KeyIdentifierType.EMBEDDED_KEYIDENTIFIER_REF);
             securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java?rev=1241502&r1=1241501&r2=1241502&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/crypto/Crypto.java Tue Feb  7 15:51:14 2012
@@ -16,200 +16,183 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
 package org.swssf.xmlsec.crypto;
 
-import org.swssf.xmlsec.ext.XMLSecurityException;
-
 import java.io.InputStream;
-import java.math.BigInteger;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
-/**
- * class lent from apache wss4j
- */
+import org.swssf.xmlsec.ext.XMLSecurityException;
 
-/**
- * Crypto.
- * <p/>
- *
- * @author Davanum Srinivas (dims@yahoo.com).
- */
 public interface Crypto {
+    
+    //
+    // Accessor methods
+    //
+    
     /**
-     * load a X509Certificate from the input stream.
-     * <p/>
-     *
-     * @param in The <code>InputStream</code> array containing the X509 data
-     * @return An X509 certificate
-     * @throws org.swssf.ext.XMLSecurityException
-     *
+     * Get the crypto provider associated with this implementation
+     * @return the crypto provider
      */
-    X509Certificate loadCertificate(InputStream in) throws XMLSecurityException;
-
+    public String getCryptoProvider();
+    
     /**
-     * Construct an array of X509Certificate's from the byte array.
-     * <p/>
-     *
-     * @param data    The <code>byte</code> array containing the X509 data
-     * @param reverse If set the first certificate in input data will
-     *                the last in the array
-     * @return An array of X509 certificates, ordered according to
-     *         the reverse flag
-     * @throws org.swssf.ext.XMLSecurityException
-     *
+     * Set the crypto provider associated with this implementation
+     * @param provider the crypto provider to set
      */
-    X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws XMLSecurityException;
-
+    public void setCryptoProvider(String provider);
+    
     /**
-     * Gets the private key identified by <code>alias</> and <code>password</code>.
-     * <p/>
+     * Retrieves the identifier name of the default certificate. This should be the certificate 
+     * that is used for signature and encryption. This identifier corresponds to the certificate 
+     * that should be used whenever KeyInfo is not present in a signed or an encrypted 
+     * message. May return null. The identifier is implementation specific, e.g. it could be the
+     * KeyStore alias.
      *
-     * @param alias    The alias (<code>KeyStore</code>) of the key owner
-     * @param password The password needed to access the private key
-     * @return The private key
-     * @throws Exception
+     * @return name of the default X509 certificate.
      */
-    public PrivateKey getPrivateKey(String alias, String password) throws XMLSecurityException;
-
+    public String getDefaultX509Identifier() throws XMLSecurityException;
+    
     /**
-     * get the list of certificates for a given alias. This method
-     * reads a new certificate chain and overwrites a previously
-     * stored certificate chain.
-     * <p/>
+     * Sets the identifier name of the default certificate. This should be the certificate 
+     * that is used for signature and encryption. This identifier corresponds to the certificate 
+     * that should be used whenever KeyInfo is not present in a signed or an encrypted 
+     * message. The identifier is implementation specific, e.g. it could be the KeyStore alias.
      *
-     * @param alias Lookup certificate chain for this alias
-     * @return Array of X509 certificates for this alias name, or
-     *         null if this alias does not exist in the keystore
+     * @param identifier name of the default X509 certificate.
      */
-    public X509Certificate[] getCertificates(String alias) throws XMLSecurityException;
-
+    public void setDefaultX509Identifier(String identifier);
+    
     /**
-     * Return a X509 Certificate alias in the keystore according to a given Certificate
-     * <p/>
+     * Sets the CertificateFactory instance on this Crypto instance
      *
-     * @param cert The certificate to lookup
-     * @return alias name of the certificate that matches the given certificate
-     *         or null if no such certificate was found.
-     *         <p/>
-     *         See comment above
-     *         <p/>
-     *         See comment above
+     * @param provider the CertificateFactory provider name
+     * @param certFactory the CertificateFactory the CertificateFactory instance to set
      */
-    /*
-     * See comment above
-     */
-    public String getAliasForX509Cert(Certificate cert) throws XMLSecurityException;
-
+    public void setCertificateFactory(String provider, CertificateFactory certFactory);
+    
     /**
-     * Search a X509 Certificate in the keystore according to a given serial number and
-     * the issuer of a Certificate.
-     * <p/>
-     * The search gets all alias names of the keystore and gets the certificate chain
-     * for each alias. Then the SerialNumber and Issuer of each certificate of the chain
-     * is compared with the parameters.
-     *
-     * @param issuer       The issuer's name for the certificate
-     * @param serialNumber The serial number of the certificate from the named issuer
-     * @return alias name of the certificate that matches serialNumber and issuer name
-     *         or null if no such certificate was found.
-     */
-    public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws XMLSecurityException;
-
-    /**
-     * Search a X509 Certificate in the keystore according to a given serial number and
-     * the issuer of a Certificate.
-     * <p/>
-     * The search gets all alias names of the keystore and gets the certificate chain
-     * for each alias. Then the SerialNumber and Issuer of each certificate of the chain
-     * is compared with the parameters.
-     *
-     * @param issuer       The issuer's name for the certificate
-     * @param serialNumber The serial number of the certificate from the named issuer
-     * @return alias name of the certificate that matches serialNumber and issuer name
-     *         or null if no such certificate was found.
-     */
-    public X509Certificate[] getCertificates(String issuer, BigInteger serialNumber) throws XMLSecurityException;
-
-    /**
-     * Lookup a X509 Certificate in the keystore according to a given
-     * SubjectKeyIdentifier.
-     * <p/>
-     * The search gets all alias names of the keystore and gets the certificate chain
-     * or certificate for each alias. Then the SKI for each user certificate
-     * is compared with the SKI parameter.
-     *
-     * @param skiBytes The SKI info bytes
-     * @return alias name of the certificate that matches serialNumber and issuer name
-     *         or null if no such certificate was found.
+     * Get the CertificateFactory instance on this Crypto instance
+     *
+     * @return Returns a <code>CertificateFactory</code> to construct
+     *         X509 certificates
+     * @throws org.apache.ws.security.XMLSecurityException
      */
-    public String getAliasForX509Cert(byte[] skiBytes) throws XMLSecurityException;
-
+    public CertificateFactory getCertificateFactory() throws XMLSecurityException;
+    
+    //
+    // Base Crypto functionality methods
+    //
+    
     /**
-     * Retrieves the alias name of the default certificate which has been
-     * specified as a property. This should be the certificate that is used for
-     * signature and encryption. This alias corresponds to the certificate that
-     * should be used whenever KeyInfo is not present in a signed or
-     * an encrypted message. May return null.
+     * Load a X509Certificate from the input stream.
      *
-     * @return alias name of the default X509 certificate.
+     * @param in The <code>InputStream</code> containing the X509 data
+     * @return An X509 certificate
+     * @throws XMLSecurityException
      */
-    public String getDefaultX509Alias();
-
+    public X509Certificate loadCertificate(InputStream in) throws XMLSecurityException;
+    
     /**
      * Reads the SubjectKeyIdentifier information from the certificate.
      * <p/>
+     * If the the certificate does not contain a SKI extension then
+     * try to compute the SKI according to RFC3280 using the
+     * SHA-1 hash value of the public key. The second method described
+     * in RFC3280 is not support. Also only RSA public keys are supported.
+     * If we cannot compute the SKI throw a XMLSecurityException.
      *
      * @param cert The certificate to read SKI
      * @return The byte array containing the binary SKI data
      */
     public byte[] getSKIBytesFromCert(X509Certificate cert) throws XMLSecurityException;
-
+    
     /**
-     * Lookup a X509 Certificate in the keystore according to a given
-     * Thumbprint.
+     * Get a byte array given an array of X509 certificates.
      * <p/>
-     * The search gets all alias names of the keystore, then reads the certificate chain
-     * or certificate for each alias. Then the thumbprint for each user certificate
-     * is compared with the thumbprint parameter.
-     *
-     * @param thumb The SHA1 thumbprint info bytes
-     * @return alias name of the certificate that matches the thumbprint
-     *         or null if no such certificate was found.
-     * @throws org.swssf.ext.XMLSecurityException
-     *          if problems during keystore handling or wrong certificate
+     *
+     * @param certs The certificates to convert
+     * @return The byte array for the certificates
+     * @throws XMLSecurityException
      */
-
-    public String getAliasForX509CertThumb(byte[] thumb) throws XMLSecurityException;
+    public byte[] getBytesFromCertificates(X509Certificate[] certs) throws XMLSecurityException;
 
     /**
-     * Gets the CertificateFactory instantiated by the underlying implementation
+     * Construct an array of X509Certificate's from the byte array.
      *
-     * @return the CertificateFactory
-     * @throws org.swssf.ext.XMLSecurityException
+     * @param data The <code>byte</code> array containing the X509 data
+     * @return An array of X509 certificates
+     * @throws XMLSecurityException
+     */
+    public X509Certificate[] getCertificatesFromBytes(byte[] data) throws XMLSecurityException;
+    
+    //
+    // Implementation-specific Crypto functionality methods
+    //
+    
+    /**
+     * Get an X509Certificate (chain) corresponding to the CryptoType argument. The supported
+     * types are as follows:
+     * 
+     * TYPE.ISSUER_SERIAL - A certificate (chain) is located by the issuer name and serial number
+     * TYPE.THUMBPRINT_SHA1 - A certificate (chain) is located by the SHA1 of the (root) cert
+     * TYPE.SKI_BYTES - A certificate (chain) is located by the SKI bytes of the (root) cert
+     * TYPE.SUBJECT_DN - A certificate (chain) is located by the Subject DN of the (root) cert
+     * TYPE.ALIAS - A certificate (chain) is located by an alias. This alias is implementation
+     * specific, for example - it could be a java KeyStore alias.
+     */
+    public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws XMLSecurityException;
+    
+    /**
+     * Get the implementation-specific identifier corresponding to the cert parameter, e.g. the
+     * identifier could be a KeyStore alias.
+     * @param cert The X509Certificate for which to search for an identifier
+     * @return the identifier corresponding to the cert parameter
+     * @throws XMLSecurityException
+     */
+    public String getX509Identifier(X509Certificate cert) throws XMLSecurityException;
+    
+    /**
+     * Gets the private key corresponding to the identifier.
      *
+     * @param identifier The implementation-specific identifier corresponding to the key
+     * @param password The password needed to get the key
+     * @return The private key
      */
-    public CertificateFactory getCertificateFactory() throws XMLSecurityException;
-
+    public PrivateKey getPrivateKey(
+        String identifier, String password
+    ) throws XMLSecurityException;
+    
     /**
      * Evaluate whether a given certificate chain should be trusted.
      *
      * @param certs Certificate chain to validate
      * @return true if the certificate chain is valid, false otherwise
-     * @throws org.swssf.ext.XMLSecurityException
-     *
+     * @throws XMLSecurityException
      */
+    @Deprecated
     public boolean verifyTrust(X509Certificate[] certs) throws XMLSecurityException;
-
+    
     /**
-     * Evaluate whether a given public key should be trusted.
+     * Evaluate whether a given certificate chain should be trusted.
      *
+     * @param certs Certificate chain to validate
+     * @param enableRevocation whether to enable CRL verification or not
+     * @return true if the certificate chain is valid, false otherwise
+     * @throws XMLSecurityException
+     */
+    public boolean verifyTrust(
+        X509Certificate[] certs, boolean enableRevocation
+    ) throws XMLSecurityException;
+    
+    /**
+     * Evaluate whether a given public key should be trusted.
+     * 
      * @param publicKey The PublicKey to be evaluated
      * @return whether the PublicKey parameter is trusted or not
      */
     public boolean verifyTrust(PublicKey publicKey) throws XMLSecurityException;
+
 }



Mime
View raw message