I had a previous keystore sitting on the server and client that I would
load up at servlet start and use that to initialize Merlin. My problem
was that Merlin wanted to load it's properties that contained the
keystore location out of the classpath which presented some proplems
deploying into arbitrary locations, or setting at runtime.
If you don't have a keystore already it's easy enough to stuff what you
need into your own KeyStore object at runtime, then throw that into the
Sender/Receiver
The only real difference to merlin is creating it w/ a null properties
file and filling in what you need manually (or setting properties
later). This prevents it from trying to load a keystore.
from new Merlin:
public class CachedMerlin extends Merlin{
...
...
/** Creates a new instance of CachedMerlin */
public CachedMerlin(Properties p, KeyStore ks) throws
CredentialException, IOException {
super(null);
// set keystore to use
if (ks == null) {
throw new
CredentialException(CredentialException.FAILURE,"Cached keystore not
set", (Object[])null);
}
super.setKeyStore(ks);
// set Merlin properties from input
if (p != null) {
properties = new Properties(p);
} else {
properties = new Properties();
}
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_TYPE)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_TYPE,
Wss4jConstants.WSS4J_DEFAULT_KEYSTORE_TYPE);
}
// set default keystore provider from keystore if not supplied
// usually this isnt' supplied.
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER,
ks.getProvider().getName());
}
// keystore cert provider set to same as MERLIN_KEYSTORE_TYPE
unless
// otherwise specified
if
(!properties.containsKey(Wss4jConstants.WSS4J_MERLIN_CERT_PROVIDER)) {
properties.setProperty(Wss4jConstants.WSS4J_MERLIN_CERT_PROVIDER,
properties.getProperty(Wss4jConstants.WSS4J_MERLIN_KEYSTORE_PROVIDER));
}
}
}
You can create a the new Merlin/crypto in your subclasses
WSDoAllSender/Receiver:
protected Crypto loadSignatureCrypto(WSDoAllReceiver.RequestData
reqData) throws AxisFault {
// keystore and properties static and relevant
// getters/setters not shown
return loadCrypto(signatureKeyStore,signatureProperties);
}
private Crypto loadCrypto(KeyStore ks, Properties p) throws AxisFault {
CachedMerlin cm = null;
if (ks != null) {
try {
cm = new CachedMerlin(p, ks);
} catch (IOException ex) {
LOG.error("Cannot load signature crypto",ex);
throw new AxisFault("Cannot load signature crypto");
} catch (CredentialException ex) {
LOG.error("Cannot load signature crypto",ex);
throw new AxisFault("Cannot load signature crypto");
}
return cm;
} else {
LOG.error("No keystore set for cached receiver");
throw new AxisFault("No keystore set for cached receiver");
}
}
Andrew Kinard wrote:
Mike,
Thanks, that's sounds like a simple solution to my problem. What did
you use to generate your static cached KeyStore? Is it possible for
you to share relevant peices of your Merlin subclass?
Many thanks,
Andrew Kinard
AK;-)
On Jul 28, 2005, at 6:26 PM, Mike wrote:
I extended WSDoAllSender/Receiver to store a static cached KeyStore
and properties, and use that to generate an instance of Merlin by
overriding the load*Crypto functions. A client can push the relevant
keystore into the new WSDoAllSender/Receiver prior to calling, and
server side would initialize the WSDoAll* stuff at servlet startup.
I initially tried using cached certificates and keypairs to generate
my own Crypto, but in the end it was easier to just write a simple
subclass of Merlin that set it's keystore and minimal set of properties.
-Mike
Andrew Kinard wrote:
Hello All,
Has anyone extended a WSS4J to handle cert objects already in
memory instead of certs from a keystore file? I have an app that
is generating certs without storing them and I need a way to load
them into WSDoAllSender. Has anyone extended WSS4J in this way?
If not, I would be glad to write a patch. Any pointers or
recommendations on how I proceed?
Regards,
Andrew Kinard
AK;-)
