Author: asoldano Date: 2014-07-29 03:16:22 -0400 (Tue, 29 Jul 2014) New Revision: 18821 Added: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/Constants.java stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSNonSpringBusFactory.java stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSSpringBusFactory.java stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly900/org/jboss/ws/jaxws-client/main/module.xml stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/config/CXFStackConfigFactory.java Log: [JBWS-3817] Avoid globally installing BouncyCastle Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/Loggers.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -228,4 +228,8 @@ @LogMessage(level = DEBUG) @Message(id = 24102, value = "JASPI authentication isn't enabled, can not find JASPI modules and classes") void cannotFindJaspiClasses(); + + @LogMessage(level = DEBUG) + @Message(id = 24103, value = "Could not load BouncyCastle security provider; either setup your classpath properly or prevent loading by using the '%s' system property.") + void cannotLoadBouncyCastleProvider(String property, @Cause Throwable cause); } Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/Constants.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/Constants.java 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/Constants.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -44,6 +44,7 @@ public static final String CXF_MANAGEMENT_INSTALL_RESPONSE_TIME_INTERCEPTORS = "cxf.management.installResponseTimeInterceptors"; public static final String CXF_WS_DISCOVERY_ENABLED = "cxf.ws-discovery.enabled"; public static final String JBWS_CXF_DISABLE_HANDLER_AUTH_CHECKS = "org.jboss.ws.cxf.disableHandlerAuthChecks"; + public static final String JBWS_CXF_NO_LOCAL_BC = "org.jboss.ws.cxf.noLocalBC"; public static final String JBWS_CXF_JAXWS_CLIENT_BUS_STRATEGY = "org.jboss.ws.cxf.jaxws-client.bus.strategy"; public static final String THREAD_BUS_STRATEGY = "THREAD_BUS"; Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSNonSpringBusFactory.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSNonSpringBusFactory.java 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSNonSpringBusFactory.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -66,5 +66,6 @@ super.initializeBus(bus); final ResourceManager resourceManager = bus.getExtension(ResourceManager.class); resourceManager.addResourceResolver(JBossWSResourceInjectionResolver.getInstance()); + SecurityProviderConfig.setup(bus); } } Modified: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSSpringBusFactory.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSSpringBusFactory.java 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/JBossWSSpringBusFactory.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -154,6 +154,7 @@ super.initializeBus(bus); final ResourceManager resourceManager = bus.getExtension(ResourceManager.class); resourceManager.addResourceResolver(JBossWSResourceInjectionResolver.getInstance()); + SecurityProviderConfig.setup(bus); } void registerAppContextLifeCycleListener(final Bus bus, final BusApplicationContext bac) Added: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java =================================================================== --- stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java (rev 0) +++ stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -0,0 +1,115 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2014, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.wsf.stack.cxf.client.configuration; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.Provider; + +import org.apache.cxf.Bus; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.jboss.wsf.stack.cxf.Loggers; +import org.jboss.wsf.stack.cxf.client.Constants; + + +/** + * Convenient class for setting a BouncyCastle security provider + * through CXF interceptors when not globally available. + * + * @author alessio.soldano(a)jboss.com + * @since 28-Jul-2014 + */ +public class SecurityProviderConfig +{ + public static final boolean BC_GLOBALLY_AVAILABLE = java.security.Security.getProvider("BC") != null; + static { + if (BC_GLOBALLY_AVAILABLE) { + useIvParameterSpec(); + } + } + private static final boolean NO_LOCAL_BC = SecurityActions.getBoolean(Constants.JBWS_CXF_NO_LOCAL_BC); + private static Provider provider; + + private static synchronized Provider getBCProvider() { + if (provider == null) { + try { + Class<?> clazz = SecurityProviderConfig.class.getClassLoader().loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider"); + provider = (Provider)clazz.newInstance(); + if (provider.getVersion() < 1.50) { + useIvParameterSpec(); + } + } catch (Throwable t) { + Loggers.ROOT_LOGGER.cannotLoadBouncyCastleProvider(Constants.JBWS_CXF_NO_LOCAL_BC, t); + } + } + return provider; + } + + + public static void setup(Bus bus) { + if (!NO_LOCAL_BC && !BC_GLOBALLY_AVAILABLE) { + Provider p = getBCProvider(); + if (p != null) { + bus.getInInterceptors().add(new Interceptor(Phase.RECEIVE)); + bus.getOutInterceptors().add(new Interceptor(Phase.SETUP)); + } + } + } + + private static class Interceptor extends AbstractPhaseInterceptor<Message> { + + public Interceptor(String phase) + { + super(phase); + } + + @Override + public void handleMessage(Message message) throws Fault + { + Exchange exchange = message.getExchange(); + exchange.put(Provider.class, getBCProvider()); + } + } + + private static void useIvParameterSpec() { + try { + // Don't override if it was set explicitly + AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + public Boolean run() { + String ivParameterSpec = "org.apache.xml.security.cipher.gcm.useIvParameterSpec"; + if (System.getProperty(ivParameterSpec) == null) { + System.setProperty(ivParameterSpec, "true"); + return false; + } + return true; + } + }); + } catch (Throwable t) { + //ignore + } + } + +} Property changes on: stack/cxf/trunk/modules/client/src/main/java/org/jboss/wsf/stack/cxf/client/configuration/SecurityProviderConfig.java ___________________________________________________________________ Added: svn:keywords + Rev Date Added: svn:eol-style + native Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly800/org/jboss/ws/jaxws-client/main/module.xml 2014-07-29 07:16:22 UTC (rev 18821) @@ -73,5 +73,6 @@ </imports> </module> <module name="javax.wsdl4j.api" /> + <module name="org.bouncycastle" /> </dependencies> </module> Modified: stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly900/org/jboss/ws/jaxws-client/main/module.xml =================================================================== --- stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly900/org/jboss/ws/jaxws-client/main/module.xml 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/resources/src/main/resources/modules/wildfly900/org/jboss/ws/jaxws-client/main/module.xml 2014-07-29 07:16:22 UTC (rev 18821) @@ -73,5 +73,6 @@ </imports> </module> <module name="javax.wsdl4j.api" /> + <module name="org.bouncycastle" /> </dependencies> </module> Modified: stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/config/CXFStackConfigFactory.java =================================================================== --- stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/config/CXFStackConfigFactory.java 2014-07-29 06:43:00 UTC (rev 18820) +++ stack/cxf/trunk/modules/server/src/main/java/org/jboss/wsf/stack/cxf/config/CXFStackConfigFactory.java 2014-07-29 07:16:22 UTC (rev 18821) @@ -26,7 +26,7 @@ import java.security.AccessController; import java.security.PrivilegedAction; -import org.apache.wss4j.dom.WSSConfig; +import org.apache.wss4j.common.crypto.WSProviderConfig; import org.jboss.wsf.spi.classloading.ClassLoaderProvider; import org.jboss.wsf.spi.management.StackConfig; import org.jboss.wsf.spi.management.StackConfigFactory; @@ -48,7 +48,6 @@ class CXFStackConfig implements StackConfig { - public CXFStackConfig() { final ClassLoader orig = getContextClassLoader(); @@ -58,7 +57,7 @@ try { setContextClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader()); - WSSConfig.init(); + WSProviderConfig.init(true, false, true); } catch (Exception e) {