Sure - just thought about something else as well... What about the settings for javax.net.ssl.keyStore? Should these be picked up as well? As in how I propose for javax.net.ssl.trustStore that is...
-- Olve Colm O hEigeartaigh wrote: > > >> this.cacerts = load(cacertsIs, cacertsPasswd, null, >> KeyStore.getDefaultType()); > > You may also want to add support for javax.net.ssl.trustStoreType here, > with a corresponding property tag. > > Colm. > > -----Original Message----- > From: Olve Hansen [mailto:[EMAIL PROTECTED] > Sent: 02 December 2008 12:49 > To: [email protected] > Subject: RE: Bug in AbstractCrypto; hardcoded loading of default java > truststore > > > The patch in clear-text. > > Index: src/org/apache/ws/security/components/crypto/AbstractCrypto.java > =================================================================== > --- src/org/apache/ws/security/components/crypto/AbstractCrypto.java > (revision 721680) > +++ src/org/apache/ws/security/components/crypto/AbstractCrypto.java > Tue Dec > 02 12:44:50 CET 2008 > @@ -102,20 +102,47 @@ > is.close(); > } > > + loadCacerts(properties); > + } > + > - /** > + /** > - * Load cacerts > + * Load cacerts from either overridden truststore or from default > location. Will look up properties > + * <code>javax.net.ssl.trustStore</code> and > <code>javax.net.ssl.trustStorePassword</code> and use those values if > + * found. > + * > + * @param properties used to hold the possible overrides given from > the > WSS4J crypto configuration > + * > + * @throws java.io.IOException if the cacerts path is not found, or > if > there is problems closing the inputstream > + * @throws CredentialException for any error when loading the > keystore > - */ > + */ > - String cacertsPath = System.getProperty("java.home") + > "/lib/security/cacerts"; > + protected void loadCacerts(final Properties properties) > + throws CredentialException, IOException { > + > + > + String cacertsPath = resolveCacertsPath(); > + String cacertsPasswd = resolveCacertsPasswd(properties); > InputStream cacertsIs = new FileInputStream(cacertsPath); > try { > - String cacertsPasswd = > properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts.pas > sword", > "changeit"); > this.cacerts = load(cacertsIs, cacertsPasswd, null, > KeyStore.getDefaultType()); > } finally { > cacertsIs.close(); > } > } > > + protected String resolveCacertsPasswd(Properties properties) { > + final String defaultCacertsPasswd = > + > properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts.pas > sword", > "changeit"); > > + return System.getProperty("javax.net.ssl.trustStorePassword", > defaultCacertsPasswd); > + } > + > + protected String resolveCacertsPath() { > + final String systemDefaultCacertsPath = > System.getProperty("java.home") + "/lib/security/cacerts"; > + final String defaultCacertsPath = > + > properties.getProperty("org.apache.ws.security.crypto.merlin.cacerts", > systemDefaultCacertsPath); > + > + return System.getProperty("javax.net.ssl.trustStore", > defaultCacertsPath); > + } > /** > * Loads the the keystore from an <code>InputStream </code>. > * <p/> > > > ----- > -- > Olve Hansen > -- > View this message in context: > http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-defaul > t-java-truststore-tp20739755p20791450.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > ----- -- Olve Hansen -- View this message in context: http://www.nabble.com/Bug-in-AbstractCrypto--hardcoded-loading-of-default-java-truststore-tp20739755p20811522.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
