Author: coheigea
Date: Wed Jun 17 14:21:01 2009
New Revision: 785617
URL: http://svn.apache.org/viewvc?rev=785617&view=rev
Log:
Forward-merged Dan's BouncyCastle fix to trunk
- Forward-merged pkcs12 fix as well.
Modified:
webservices/wss4j/trunk/pom.xml
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java
webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java
Modified: webservices/wss4j/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/pom.xml?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/pom.xml (original)
+++ webservices/wss4j/trunk/pom.xml Wed Jun 17 14:21:01 2009
@@ -191,7 +191,7 @@
!org.apache.ws.axis.security.*,
javax.xml.crypto.*,
org.apache.xml.security.*,
- org.bouncycastle.*,
+ org.bouncycastle.*;resolution:=optional,
org.jcp.xml.dsig.internal.*,
org.opensaml.*;resolution:=optional,
*;resolution:=optional
@@ -363,7 +363,7 @@
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk14</artifactId>
<version>${bcprov.jdk14.version}</version>
- <scope>compile</scope>
+ <scope>test</scope>
</dependency>
</dependencies>
</profile>
@@ -377,7 +377,7 @@
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk15</artifactId>
<version>${bcprov.jdk15.version}</version>
- <scope>compile</scope>
+ <scope>test</scope>
</dependency>
</dependencies>
</profile>
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/components/crypto/CryptoBase.java
Wed Jun 17 14:21:01 2009
@@ -24,10 +24,9 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.bouncycastle.asn1.x509.X509Name;
-
import java.io.ByteArrayInputStream;
import java.io.InputStream;
+import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
@@ -76,10 +75,23 @@
public static final String NAME_CONSTRAINTS_OID = "2.5.29.30";
private static Log log = LogFactory.getLog(CryptoBase.class);
+ private static final Constructor BC_509CLASS_CONS;
+
protected static Map certFactMap = new HashMap();
protected KeyStore keystore = null;
protected KeyStore truststore = null;
+ static {
+ Constructor cons = null;
+ try {
+ Class c = Class.forName("org.bouncycastle.asn1.x509.X509Name");
+ cons = c.getConstructor(new Class[] {String.class});
+ } catch (Exception e) {
+ //ignore
+ }
+ BC_509CLASS_CONS = cons;
+ }
+
/**
* Constructor
*/
@@ -254,6 +266,17 @@
java.util.Collections.sort(vr);
return vr;
}
+
+ private Object createBCX509Name(String s) {
+ if (BC_509CLASS_CONS != null) {
+ try {
+ return BC_509CLASS_CONS.newInstance(new Object[] {s});
+ } catch (Exception e) {
+ //ignore
+ }
+ }
+ return new X500Principal(s);
+ }
/**
* Lookup an X509 Certificate in the keystore according to a given serial
number and
@@ -270,8 +293,7 @@
*/
public String getAliasForX509Cert(String issuer, BigInteger serialNumber)
throws WSSecurityException {
- X500Principal issuerRDN = null;
- X509Name issuerName = null;
+ Object issuerName = null;
Certificate cert = null;
if (keystore == null) {
@@ -287,10 +309,10 @@
// back on a direct conversion to a BC X509Name
//
try {
- issuerRDN = new X500Principal(issuer);
- issuerName = new X509Name(issuerRDN.getName());
+ X500Principal issuerRDN = new X500Principal(issuer);
+ issuerName = createBCX509Name(issuerRDN.getName());
} catch (java.lang.IllegalArgumentException ex) {
- issuerName = new X509Name(issuer);
+ issuerName = createBCX509Name(issuer);
}
try {
@@ -311,7 +333,8 @@
}
X509Certificate x509cert = (X509Certificate) cert;
if (x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
- X509Name certName = new
X509Name(x509cert.getIssuerDN().getName());
+ Object certName =
+ createBCX509Name(x509cert.getIssuerDN().getName());
if (certName.equals(issuerName)) {
return alias;
}
@@ -335,8 +358,7 @@
*/
public X509Certificate getX509Certificate(String issuer, BigInteger
serialNumber)
throws WSSecurityException {
- X500Principal issuerRDN = null;
- X509Name issuerName = null;
+ Object issuerName = null;
Certificate cert = null;
if (keystore == null) {
@@ -352,10 +374,10 @@
// back on a direct conversion to a BC X509Name
//
try {
- issuerRDN = new X500Principal(issuer);
- issuerName = new X509Name(issuerRDN.getName());
+ X500Principal issuerRDN = new X500Principal(issuer);
+ issuerName = createBCX509Name(issuerRDN.getName());
} catch (java.lang.IllegalArgumentException ex) {
- issuerName = new X509Name(issuer);
+ issuerName = createBCX509Name(issuer);
}
try {
@@ -376,7 +398,8 @@
}
X509Certificate x509cert = (X509Certificate) cert;
if (x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
- X509Name certName = new
X509Name(x509cert.getIssuerDN().getName());
+ Object certName =
+ createBCX509Name(x509cert.getIssuerDN().getName());
if (certName.equals(issuerName)) {
return x509cert;
}
@@ -481,13 +504,16 @@
if (keystore == null) {
return null;
}
- String alias = keystore.getCertificateAlias(cert);
- if (alias != null) {
- return alias;
- }
- // Use brute force search
+ //
+ // The following code produces the wrong alias in BouncyCastle and
so
+ // we'll just use the brute-force search
+ //
+ // String alias = keystore.getCertificateAlias(cert);
+ // if (alias != null) {
+ // return alias;
+ // }
for (Enumeration e = keystore.aliases(); e.hasMoreElements();) {
- alias = (String) e.nextElement();
+ String alias = (String) e.nextElement();
Certificate retrievedCert = keystore.getCertificate(alias);
if (retrievedCert.equals(cert)) {
return alias;
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS178.java Wed Jun 17
14:21:01 2009
@@ -66,7 +66,7 @@
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("crypto.properties");
+ private Crypto crypto;
/**
* TestWSSecurity constructor
@@ -75,6 +75,8 @@
*/
public TestWSSecurityWSS178(String name) {
super(name);
+ secEngine.getWssConfig(); //make sure BC gets registered
+ crypto = CryptoFactory.getInstance("crypto.properties");
}
/**
@@ -131,7 +133,6 @@
verify(encryptedDoc);
}
-
/**
* Test where the Assertion is referenced using direct reference
* (from the SecurityTokenReference).
Modified: webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java?rev=785617&r1=785616&r2=785617&view=diff
==============================================================================
--- webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java (original)
+++ webservices/wss4j/trunk/test/wssec/TestWSSecurityWSS86.java Wed Jun 17
14:21:01 2009
@@ -69,7 +69,7 @@
+ "</SOAP-ENV:Body>"
+ "</SOAP-ENV:Envelope>";
private WSSecurityEngine secEngine = new WSSecurityEngine();
- private Crypto crypto = CryptoFactory.getInstance("wss86.properties");
+ private Crypto crypto;
/**
* TestWSSecurity constructor
@@ -79,6 +79,8 @@
*/
public TestWSSecurityWSS86(String name) {
super(name);
+ secEngine.getWssConfig(); //make sure BC gets registered
+ crypto = CryptoFactory.getInstance("wss86.properties");
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
