> this.cacerts = load(cacertsIs, cacertsPasswd, null, > KeyStore.getDefaultType());
You may also want to add support for javax.net.ssl.trustStoreType here, with a corresponding property tag. Colm. -----Original Message----- From: Olve Hansen [mailto:[EMAIL PROTECTED] Sent: 02 December 2008 12:49 To: [email protected] Subject: RE: Bug in AbstractCrypto; hardcoded loading of default java truststore The patch in clear-text. Index: src/org/apache/ws/security/components/crypto/AbstractCrypto.java =================================================================== --- src/org/apache/ws/security/components/crypto/AbstractCrypto.java (revision 721680) +++ src/org/apache/ws/security/components/crypto/AbstractCrypto.java Tue Dec 02 12:44:50 CET 2008 @@ -102,20 +102,47 @@ is.close(); } + loadCacerts(properties); + } + - /** + /** - * Load cacerts + * Load cacerts from either overridden truststore or from default location. Will look up properties + * <code>javax.net.ssl.trustStore</code> and <code>javax.net.ssl.trustStorePassword</code> and use those values if + * found. + * + * @param properties used to hold the possible overrides given from the WSS4J crypto configuration + * + * @throws java.io.IOException if the cacerts path is not found, or if there is problems closing the inputstream + * @throws CredentialException for any error when loading the keystore - */ + */ - String cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts"; + protected void loadCacerts(final Properties properties) + throws CredentialException, IOException { + + + String cacertsPath = resolveCacertsPath(); + String cacertsPasswd = resolveCacertsPasswd(properties); InputStream cacertsIs = new FileInputStream(cacertsPath); try { - String cacertsPasswd = properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts.pas sword", "changeit"); this.cacerts = load(cacertsIs, cacertsPasswd, null, KeyStore.getDefaultType()); } finally { cacertsIs.close(); } } + protected String resolveCacertsPasswd(Properties properties) { + final String defaultCacertsPasswd = + properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts.pas sword", "changeit"); + return System.getProperty("javax.net.ssl.trustStorePassword", defaultCacertsPasswd); + } + + protected String resolveCacertsPath() { + final String systemDefaultCacertsPath = System.getProperty("java.home") + "/lib/security/cacerts"; + final String defaultCacertsPath = + properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts", systemDefaultCacertsPath); + + return System.getProperty("javax.net.ssl.trustStore", defaultCacertsPath); + } /** * Loads the the keystore from an <code>InputStream </code>. * <p/> ----- -- Olve Hansen -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-defaul t-java-truststore-tp20739755p20791450.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
