[jbossws-commits] JBossWS SVN: r3586 - in branches/jbossws-2.0/jbossws-core/src/main: java/org/jboss/ws/metadata/wsse and 1 other directories.
jbossws-commits at lists.jboss.org
jbossws-commits at lists.jboss.org
Thu Jun 14 15:06:31 EDT 2007
Author: thomas.diesler at jboss.com
Date: 2007-06-14 15:06:30 -0400 (Thu, 14 Jun 2007)
New Revision: 3586
Modified:
branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java
branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
branches/jbossws-2.0/jbossws-core/src/main/resources/schema/jboss-ws-security_1_0.xsd
Log:
[JBWS-1594] Support certificate password different from keystore
Modified: branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
===================================================================
--- branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2007-06-14 18:38:23 UTC (rev 3585)
+++ branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2007-06-14 19:06:30 UTC (rev 3586)
@@ -45,6 +45,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.List;
import java.util.StringTokenizer;
@@ -54,8 +55,8 @@
* <code>SecurityStore</code> holds and loads the keystore and truststore required for encyption and signing.
*
* @author <a href="mailto:jason.greene at jboss.com">Jason T. Greene</a>
- * @author <a href="mailto:jason.greene at jboss.com">Magesh Kumar B</a>
- * @version $Revision$
+ * @author Magesh Kumar B
+ * @author Thomas.Diesler at jboss.com
*/
public class SecurityStore
{
@@ -69,22 +70,26 @@
private String trustStorePassword;
+ private HashMap<String, String> keyPasswords;
+
public SecurityStore() throws WSSecurityException
{
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null, null, null);
}
- public SecurityStore(URL keyStoreURL, String keyStoreType, String keyStorePassword) throws WSSecurityException
+ public SecurityStore(URL keyStoreURL, String keyStoreType, String keyStorePassword, HashMap<String, String> keyPasswords) throws WSSecurityException
{
loadKeyStore(keyStoreURL, keyStoreType, keyStorePassword);
loadTrustStore(keyStoreURL, keyStoreType, keyStorePassword);
+ this.keyPasswords = keyPasswords;
}
- public SecurityStore(URL keyStoreURL, String keyStoreType, String keyStorePassword, URL trustStoreURL, String trustStoreType, String trustStorePassword)
+ public SecurityStore(URL keyStoreURL, String keyStoreType, String keyStorePassword, HashMap<String, String> keyPasswords, URL trustStoreURL, String trustStoreType, String trustStorePassword)
throws WSSecurityException
{
loadKeyStore(keyStoreURL, keyStoreType, keyStorePassword);
loadTrustStore(trustStoreURL, trustStoreType, trustStorePassword);
+ this.keyPasswords = keyPasswords;
}
private void loadKeyStore(URL keyStoreURL, String keyStoreType, String keyStorePassword) throws WSSecurityException
@@ -405,7 +410,10 @@
PrivateKey key;
try
{
- key = (PrivateKey)keyStore.getKey(alias, decryptPassword(keyStorePassword).toCharArray());
+ String password = keyStorePassword;
+ if (keyPasswords != null && keyPasswords.containsKey(alias))
+ password = keyPasswords.get(alias);
+ key = (PrivateKey)keyStore.getKey(alias, decryptPassword(password).toCharArray());
}
catch (Exception e)
{
Modified: branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-06-14 18:38:23 UTC (rev 3585)
+++ branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2007-06-14 19:06:30 UTC (rev 3586)
@@ -138,7 +138,7 @@
try
{
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getTrustStoreURL(),
+ SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords(), config.getTrustStoreURL(),
config.getTrustStoreType(), config.getTrustStorePassword());
SecurityDecoder decoder = new SecurityDecoder(securityStore);
@@ -289,7 +289,7 @@
try
{
- SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getTrustStoreURL(),
+ SecurityStore securityStore = new SecurityStore(config.getKeyStoreURL(), config.getKeyStoreType(), config.getKeyStorePassword(), config.getKeyPasswords() , config.getTrustStoreURL(),
config.getTrustStoreType(), config.getTrustStorePassword());
SecurityEncoder encoder = new SecurityEncoder(operations, securityStore);
encoder.encode(soapMessage.getSOAPPart());
Modified: branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java
===================================================================
--- branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java 2007-06-14 18:38:23 UTC (rev 3585)
+++ branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java 2007-06-14 19:06:30 UTC (rev 3586)
@@ -45,6 +45,7 @@
private URL trustStoreURL;
private String trustStoreType;
private String trustStorePassword;
+ private HashMap<String, String> keyPasswords = new HashMap<String, String>();
public WSSecurityConfiguration()
{
@@ -154,4 +155,14 @@
{
this.trustStoreFile = trustStoreFile;
}
+
+ public HashMap<String, String> getKeyPasswords()
+ {
+ return keyPasswords;
+ }
+
+ public void setKeyPasswords(HashMap<String, String> keyPasswords)
+ {
+ this.keyPasswords = keyPasswords;
+ }
}
Modified: branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java
===================================================================
--- branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-06-14 18:38:23 UTC (rev 3585)
+++ branches/jbossws-2.0/jbossws-core/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2007-06-14 19:06:30 UTC (rev 3586)
@@ -1,24 +1,24 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.ws.metadata.wsse;
import java.io.IOException;
@@ -88,7 +88,7 @@
try
{
Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
- WSSecurityConfiguration configuration = (WSSecurityConfiguration) unmarshaller.unmarshal(is, this, null);
+ WSSecurityConfiguration configuration = (WSSecurityConfiguration)unmarshaller.unmarshal(is, this, null);
return configuration;
}
catch (JBossXBException e)
@@ -105,28 +105,27 @@
}
}
-
public WSSecurityConfiguration parse(String xmlString) throws JBossXBException
{
if (xmlString == null)
throw new IllegalArgumentException("Security config xml String cannot be null");
Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
- WSSecurityConfiguration configuration = (WSSecurityConfiguration) unmarshaller.unmarshal(xmlString, this, null);
+ WSSecurityConfiguration configuration = (WSSecurityConfiguration)unmarshaller.unmarshal(xmlString, this, null);
return configuration;
-
+
}
-
+
public WSSecurityConfiguration parse(StringReader strReader) throws JBossXBException
{
if (strReader == null)
throw new IllegalArgumentException("Security InputStream cannot be null");
Unmarshaller unmarshaller = UnmarshallerFactory.newInstance().newUnmarshaller();
- WSSecurityConfiguration configuration = (WSSecurityConfiguration) unmarshaller.unmarshal(strReader, this, null);
+ WSSecurityConfiguration configuration = (WSSecurityConfiguration)unmarshaller.unmarshal(strReader, this, null);
return configuration;
}
-
+
/**
* This method is called on the factory by the object model builder when the
* parsing starts.
@@ -141,18 +140,17 @@
return root;
}
- public void setValue(WSSecurityConfiguration configuration, UnmarshallingContext navigator, String namespaceURI,
- String localName, String value)
+ public void setValue(WSSecurityConfiguration configuration, UnmarshallingContext navigator, String namespaceURI, String localName, String value)
{
log.trace("setValue: [obj=" + configuration + ",value=" + value + "]");
- String method = (String) options.get(localName);
+ String method = (String)options.get(localName);
if (method == null)
return;
// Dispatch to propper initializer
try
{
- WSSecurityConfiguration.class.getMethod(method, new Class[] {String.class}).invoke(configuration, new Object[]{value});
+ WSSecurityConfiguration.class.getMethod(method, new Class[] { String.class }).invoke(configuration, new Object[] { value });
}
catch (Exception e)
{
@@ -163,14 +161,19 @@
/**
* Called when parsing of a new element started.
*/
- public Object newChild(WSSecurityConfiguration configuration, UnmarshallingContext navigator, String namespaceURI,
- String localName, Attributes attrs)
+ public Object newChild(WSSecurityConfiguration configuration, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
{
log.trace("newChild: " + localName);
if ("config".equals(localName))
{
return new Config();
}
+ if ("key-passwords".equals(localName))
+ {
+ HashMap pwds = new HashMap();
+ configuration.setKeyPasswords(pwds);
+ return pwds;
+ }
if ("port".equals(localName))
{
return new Port(attrs.getValue("", "name"));
@@ -179,10 +182,24 @@
}
/**
+ * Called when parsing the contents of the <key-password> tag.
+ */
+ public Object newChild(HashMap passwords, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
+ {
+ log.trace("newChild: " + localName);
+ if ("key-password".equals(localName))
+ {
+ String alias = attrs.getValue("", "alias");
+ String pwd = attrs.getValue("", "password");
+ passwords.put(alias, pwd);
+ }
+ return null;
+ }
+
+ /**
* Called when parsing character is complete.
*/
- public void addChild(WSSecurityConfiguration configuration, Config defaultConfig, UnmarshallingContext navigator,
- String namespaceURI, String localName)
+ public void addChild(WSSecurityConfiguration configuration, Config defaultConfig, UnmarshallingContext navigator, String namespaceURI, String localName)
{
log.trace("addChild: [obj=" + configuration + ",child=" + defaultConfig + "]");
configuration.setDefaultConfig(defaultConfig);
@@ -191,8 +208,7 @@
/**
* Called when parsing character is complete.
*/
- public void addChild(WSSecurityConfiguration configuration, Port port, UnmarshallingContext navigator, String namespaceURI,
- String localName)
+ public void addChild(WSSecurityConfiguration configuration, Port port, UnmarshallingContext navigator, String namespaceURI, String localName)
{
log.trace("addChild: [obj=" + configuration + ",child=" + port + "]");
configuration.addPort(port);
@@ -210,7 +226,7 @@
Boolean include = new Boolean(true);
String timestamp = attrs.getValue("", "includeTimestamp");
if (timestamp != null)
- include = (Boolean) SimpleTypeBindings.unmarshal(timestamp, SimpleTypeBindings.XS_BOOLEAN_NAME, null);
+ include = (Boolean)SimpleTypeBindings.unmarshal(timestamp, SimpleTypeBindings.XS_BOOLEAN_NAME, null);
return new Sign(attrs.getValue("", "type"), attrs.getValue("", "alias"), include.booleanValue());
}
@@ -279,7 +295,6 @@
config.setRequires(requires);
}
-
private Object handleTargets(Object object, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
{
log.trace("newChild: " + localName);
@@ -456,8 +471,7 @@
/**
* Called when parsing of a new element started.
*/
- public Object newChild(Operation operation, UnmarshallingContext navigator, String namespaceURI, String localName,
- Attributes attrs)
+ public Object newChild(Operation operation, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs)
{
log.trace("newChild: " + localName);
if ("config".equals(localName))
Modified: branches/jbossws-2.0/jbossws-core/src/main/resources/schema/jboss-ws-security_1_0.xsd
===================================================================
--- branches/jbossws-2.0/jbossws-core/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-06-14 18:38:23 UTC (rev 3585)
+++ branches/jbossws-2.0/jbossws-core/src/main/resources/schema/jboss-ws-security_1_0.xsd 2007-06-14 19:06:30 UTC (rev 3586)
@@ -33,6 +33,11 @@
<xs:documentation>This specifies the trust store's password.</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="key-passwords" type="passwordsType" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>The passwords for the private keys in the keystore. Only required if the passwords are different from that of the keystore.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
<xs:element name="config" type="configType" minOccurs="0">
<xs:annotation>
<xs:documentation>The default security configuration that is applied to all operations on all ports. This is only used if there is no port/operation config.</xs:documentation>
@@ -46,6 +51,27 @@
</xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:complexType name="passwordsType">
+ <xs:sequence>
+ <xs:element name="key-password" type="passwordType" minOccurs="0" maxOccurs="unbounded">
+ <xs:annotation>
+ <xs:documentation>The password for a private key in the keystore. Necessary only if the password is different from that of the keystore.</xs:documentation>
+ </xs:annotation>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="passwordType">
+ <xs:attribute name="alias" type="xs:string" use="required">
+ <xs:annotation>
+ <xs:documentation>The name of the private key.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ <xs:attribute name="password" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>The password of this private key. If not specified, the keystore password will be used.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+ </xs:complexType>
<xs:complexType name="configType" mixed="true">
<xs:all>
<xs:element name="timestamp" type="timestampType" minOccurs="0">
More information about the jbossws-commits
mailing list