[WSS4J] More ldap

First, thanks for the help so far. 

I can now create, store and retrieve X509 Certificates
 via java and openldap. I also am storing the keystore
as a serialized object. Could someone please evaluate
some of the decisions I've made? 

1) I only access the keystore to create the
certificates when storing them in ldap. 

2) Each client has their own certificate, retrieved
via ldap when sending the message. The web service has
its own certificate, placed in the return. Each cert
is cached after the first ldap call via something
like: 

Map cache; 
cache = Collections.synchronizedMap(new HashMap());

X509Certificate cert = null;
if (cache.containsKey(certDistigushedName))
{
  cert (X509Certificate) =  
cache.get(certDistigushedName);
}
else
{
  cert = (X509Certificate)
getCertFromLDAP(dataSourceName);
  cache.put(certDistigushedName, cert);

[WSS4J] XML Encryption

[WSS4J] XML Encryption

[WSS4J] How to verify XML Signature in SeverSide Handler

[WSS4J] ant test

Hi,

When running ant test, I get the following error.

        unitTests:

        BUILD FAILED
        /home/ws-sec/wss4j/build.xml:462: Could not create task or type
        of type: junit.

There is a junit jar file in lib (junit-3.8.1.jar).
I am using ant 1.6. ant compile works fine.

Any ideas on what the problem might be.
Nadadur

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

AW: [WSS4J] Unable to initialize Crypto Factory

[WSS4J] Unable to initialize Crypto Factory

nithya@...>

[WSS4J] WSS4J

Hi,
I was just wondering when will the project files be available on apache?
We are planning to use this with Axis.
thanx,
Pravir

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

[WSS4J] Moving to Apache.

Werner, Team,

I will be checking in a version of wss4j in Apache's CVS. only diff is the LICENSE has been
updated to Apache 2.0 License as per ASF mandate. 

Thanks,
dims

PS: Please hold off any new check-in's in sf.net cvs till we get the project up and running at
Apache.

=====
Davanum Srinivas - http://webservices.apache.org/~dims/

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

[WSS4J] wss4j/src/org/apache/ws/security/message/token SecurityTokenReference.java,1.8,1.9

Update of /cvsroot/wss4j/wss4j/src/org/apache/ws/security/message/token
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10700/src/org/apache/ws/security/message/token

Modified Files:
	SecurityTokenReference.java 
Log Message:
Add some functions to support SKI KeyIdentifier. Not tested yet, but
doesn't break existing functions.

Index: SecurityTokenReference.java
===================================================================
RCS file: /cvsroot/wss4j/wss4j/src/org/apache/ws/security/message/token/SecurityTokenReference.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- SecurityTokenReference.java	22 Dec 2003 13:36:29 -0000	1.8
+++ SecurityTokenReference.java	13 Feb 2004 16:11:05 -0000	1.9
 <at>  <at>  -54,19 +54,26  <at>  <at> 
  */
 package org.apache.ws.security.message.token;

+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.util.DOM2Writer;
 import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.x509.XMLX509SKI;
 import org.apache.xml.security.utils.Base64;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+import org.w3c.dom.Text;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;

 import javax.xml.namespace.QName;
 import java.security.cert.X509Certificate;

+
 /**
  * Security Token Reference.
  * <p/>
 <at>  <at>  -74,8 +81,15  <at>  <at> 
  *  <at> author Davanum Srinivas (dims@...).
  */
 public class SecurityTokenReference {
+	private static Log log = LogFactory.getLog(SecurityTokenReference.class.getName());
+	private static Log tlog =
+		LogFactory.getLog("org.apache.ws.security.TIME");
+
+	
     public static final QName TOKEN = new QName(WSConstants.WSSE_NS, "SecurityTokenReference");
     protected Element element = null;
+    
+    private boolean doDebug = false;

     /**
      * Constructor.
 <at>  <at>  -85,6 +99,7  <at>  <at> 
      *  <at> throws WSSecurityException 
      */
     public SecurityTokenReference(Element elem) throws WSSecurityException {
+		doDebug = log.isDebugEnabled();
         this.element = elem;
         QName el = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
         if (!el.equals(TOKEN)) {
 <at>  <at>  -99,6 +114,7  <at>  <at> 
      *  <at> param doc 
      */
     public SecurityTokenReference(Document doc) {
+		doDebug = log.isDebugEnabled();
         this.element = doc.createElementNS(WSConstants.WSSE_NS, "wsse:SecurityTokenReference");
     }

 <at>  <at>  -140,7 +156,7  <at>  <at> 
     public void setKeyIdentifier(X509Certificate cert) throws Exception {
         Document doc = this.element.getOwnerDocument();
         byte data[] = cert.getEncoded();
-        org.w3c.dom.Text certText = doc.createTextNode(Base64.encode(data));
+        Text certText = doc.createTextNode(Base64.encode(data));
         Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
 		keyId.setAttributeNS(null, "ValueType", "wsse:X509v3");
 		keyId.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
 <at>  <at>  -152,6 +168,29  <at>  <at> 
             this.element.appendChild(keyId);
         }
     }
+	/**
+	 * Sets the KeyIdentifer Element as a X509 Subject-Key-Identifier (SKI).
+	 * Takes a X509 certificate, gets it SKI data, converts into base 64 and
+	 * inserts it into a <code>wsse:KeyIdentifier</code> element, which is placed
+	 * in the <code>wsse:SecurityTokenReference</code> element.
+	 * 
+	 *  <at> param cert is the X509 certficate to get the SKI
+	 */
+	public void setKeyIdentifierSKI(X509Certificate cert) throws Exception {
+		Document doc = this.element.getOwnerDocument();
+		byte data[] = XMLX509SKI.getSKIBytesFromCert(cert);
+		org.w3c.dom.Text skiText = doc.createTextNode(Base64.encode(data));
+		Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+		keyId.setAttributeNS(null, "ValueType", "wsse:X509SubjectKeyIdentifier");
+		keyId.setAttributeNS(null, "EncodingType", "wsse:Base64Binary");
+		keyId.appendChild(skiText);
+		Element elem = getFirstElement();
+		if (elem != null) {
+			this.element.replaceChild(keyId, elem);
+		} else {
+			this.element.appendChild(keyId);
+		}
+	}

 	/**
 	 * Gets the KeyIdentifer.
 <at>  <at>  -162,15 +201,85  <at>  <at> 
 	 * 			certificate or zero if a unknown key identifier
 	 * 			type was detected.
 	 */
-	public BinarySecurity getKeyIdentifier() throws Exception {
+	public BinarySecurity getKeyIdentifier(Crypto crypto) throws Exception {
 		X509Security cert = null;
 		Element elem = getFirstElement();
 		String value = elem.getAttribute("ValueType");
 		if (value.equals("wsse:X509v3")) {
 			cert = new X509Security(elem);
 		}
+		else if (value.equals("wsse:X509SubjectKeyIdentifier")) {
+			cert = getCertFromSKI(elem, crypto);
+		}
 		return cert;
 	}
+	
+	private X509Security getCertFromSKI(Element elem, Crypto crypto) throws Exception {
+		
+		if (doDebug) {
+			log.debug("getCertFromSKI: enter");
+		}
+		X509Security found = null;
+		
+		byte[] skiBytes = null;
+		Node node = elem.getFirstChild();
+		if (node == null) {
+			return null;
+		}
+		if (node.getNodeType() == Node.TEXT_NODE) {
+			try {
+				skiBytes = Base64.decode(((Text) node).getData());
+			} catch (Exception e) {
+				return null;
+			}
+		}
+		if (doDebug) {
+			log.debug("Cert SKI: got SKI bytes");
+		}
+		NodeList nl =
+			elem.getOwnerDocument().getElementsByTagNameNS(
+				WSConstants.WSSE_NS,
+				"BinarySecurityToken");
+
+		int nlLength = nl.getLength();
+		for (int i = 0; i < nlLength; i++) {
+			if (doDebug) {
+				log.debug("Cert SKI: processing BST " + i);
+			}
+			X509Security token = null;
+			Element bstElement = (Element)nl.item(i);
+			String value = bstElement.getAttribute("ValueType");
+			if (!value.equals("wsse:X509v3")
+				|| ((token = new X509Security(bstElement)) == null)) {
+				continue;
+			}
+			X509Certificate cert = token.getX509Certificate(crypto);
+			if (cert == null) {
+				continue;
+			}
+			if (doDebug) {
+				log.debug("Cert SKI: got cert from BST");
+			}			
+			byte data[] = XMLX509SKI.getSKIBytesFromCert(cert);
+			if (data.length != skiBytes.length) {
+				continue;
+			}
+			if (doDebug) {
+				log.debug("Cert SKI: got SKI bytes from embedded cert");
+			}			
+			for (int ii = 0; ii < data.length; ii++) {
+				if (data[ii] != skiBytes[ii]) {
+					continue;
+				}
+			}
+			if (doDebug) {
+				log.debug("Cert SKI: found embedded BST");
+			}
+			found = token;
+		}
+		return found;
+	}
+	
     /**
      * Sets the X509 IssuerSerial data.
      * 

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click