Author: owulff Date: Sun Feb 23 21:59:40 2014 New Revision: 1571104 URL: http://svn.apache.org/r1571104 Log: Support PEM Certificate stored in DB
Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java?rev=1571104&r1=1571103&r2=1571104&view=diff ============================================================================== --- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java (original) +++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/TrustManager.java Sun Feb 23 21:59:40 2014 @@ -32,18 +32,28 @@ public class TrustManager { super(); this.trustManagerType = trustManagerType; } + + public TrustManager(Crypto crypto) { + super(); + this.crypto = crypto; + } public String getName() { if (name != null) { return name; } - if (trustManagerType.getKeyStore().getFile() != null) { - name = trustManagerType.getKeyStore().getFile(); - } else if (trustManagerType.getKeyStore().getUrl() != null) { - name = trustManagerType.getKeyStore().getUrl(); - } else if (trustManagerType.getKeyStore().getResource() != null) { - name = trustManagerType.getKeyStore().getResource(); + if (trustManagerType == null) { + name = "N.A."; + } else { + if (trustManagerType.getKeyStore().getFile() != null) { + name = trustManagerType.getKeyStore().getFile(); + } else if (trustManagerType.getKeyStore().getUrl() != null) { + name = trustManagerType.getKeyStore().getUrl(); + } else if (trustManagerType.getKeyStore().getResource() != null) { + name = trustManagerType.getKeyStore().getResource(); + } } + return name; } @@ -56,15 +66,27 @@ public class TrustManager { } public int hashCode() { - return trustManagerType.hashCode(); + if (trustManagerType == null) { + return super.hashCode(); + } else { + return trustManagerType.hashCode(); + } } public boolean equals(Object obj) { - return trustManagerType.equals(obj); + if (trustManagerType == null) { + return super.equals(obj); + } else { + return trustManagerType.equals(obj); + } } public String toString() { - return trustManagerType.toString(); + if (trustManagerType == null) { + return super.toString(); + } else { + return trustManagerType.toString(); + } } Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java?rev=1571104&r1=1571103&r2=1571104&view=diff ============================================================================== --- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java (original) +++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ValidateTokenAction.java Sun Feb 23 21:59:40 2014 @@ -18,7 +18,12 @@ */ package org.apache.cxf.fediz.service.idp.beans; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; import org.w3c.dom.Element; import org.apache.cxf.fediz.core.FederationConstants; @@ -27,6 +32,7 @@ import org.apache.cxf.fediz.core.Federat import org.apache.cxf.fediz.core.FederationRequest; import org.apache.cxf.fediz.core.FederationResponse; import org.apache.cxf.fediz.core.config.FederationContext; +import org.apache.cxf.fediz.core.config.TrustManager; import org.apache.cxf.fediz.core.config.jaxb.AudienceUris; import org.apache.cxf.fediz.core.config.jaxb.CertificateStores; import org.apache.cxf.fediz.core.config.jaxb.ContextConfig; @@ -42,7 +48,10 @@ import org.apache.cxf.fediz.service.idp. import org.apache.cxf.fediz.service.idp.domain.TrustedIdp; import org.apache.cxf.fediz.service.idp.util.WebUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.wss4j.common.crypto.CertificateStore; +import org.apache.xml.security.exceptions.Base64DecodingException; import org.apache.xml.security.stax.impl.util.IDGenerator; +import org.apache.xml.security.utils.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.webflow.execution.RequestContext; @@ -136,17 +145,21 @@ public class ValidateTokenAction { config.setName("whatever"); // Configure certificate store - CertificateStores certStores = new CertificateStores(); - TrustManagersType tm0 = new TrustManagersType(); - KeyStoreType ks0 = new KeyStoreType(); - ks0.setType("PEM"); - // ks0.setType("JKS"); - // ks0.setPassword("changeit"); - ks0.setFile(trustedIdpConfig.getCertificate()); - tm0.setKeyStore(ks0); - certStores.getTrustManager().add(tm0); - config.setCertificateStores(certStores); - + String certificate = trustedIdpConfig.getCertificate(); + boolean isCertificateLocation = !certificate.startsWith("-----BEGIN CERTIFICATE"); + if (isCertificateLocation) { + CertificateStores certStores = new CertificateStores(); + TrustManagersType tm0 = new TrustManagersType(); + KeyStoreType ks0 = new KeyStoreType(); + ks0.setType("PEM"); + // ks0.setType("JKS"); + // ks0.setPassword("changeit"); + ks0.setFile(trustedIdpConfig.getCertificate()); + tm0.setKeyStore(ks0); + certStores.getTrustManager().add(tm0); + config.setCertificateStores(certStores); + } + // Configure trusted IDP TrustedIssuers trustedIssuers = new TrustedIssuers(); TrustedIssuerType ti0 = new TrustedIssuerType(); @@ -164,8 +177,35 @@ public class ValidateTokenAction { config.setAudienceUris(audienceUris); FederationContext fedContext = new FederationContext(config); + if (!isCertificateLocation) { + CertificateStore cs = null; + + X509Certificate cert; + try { + cert = parseCertificate(trustedIdpConfig.getCertificate()); + } catch (Exception ex) { + LOG.error("Failed to parse trusted certificate", ex); + throw new ProcessingException("Failed to parse trusted certificate"); + } + cs = new CertificateStore(Collections.singletonList(cert).toArray(new X509Certificate[0])); + + TrustManager tm = new TrustManager(cs); + fedContext.getCertificateStores().add(tm); + } + fedContext.init(); return fedContext; } + + private X509Certificate parseCertificate(String certificate) + throws CertificateException, Base64DecodingException { + + //before decoding we need to get rod off the prefix and suffix + byte [] decoded = Base64.decode(certificate.replaceAll("-----BEGIN CERTIFICATE-----", ""). + replaceAll("-----END CERTIFICATE-----", "")); + + return (X509Certificate)CertificateFactory.getInstance("X.509"). + generateCertificate(new ByteArrayInputStream(decoded)); + } }