Menu
▾
▴
ebxmlms-commits — commit log
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(44) |
Aug
(98) |
Sep
(97) |
Oct
(130) |
Nov
(118) |
Dec
(102) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(139) |
Feb
(74) |
Mar
(128) |
Apr
(104) |
May
(121) |
Jun
(32) |
Jul
(29) |
Aug
(9) |
Sep
(16) |
Oct
|
Nov
(11) |
Dec
(29) |
| 2004 |
Jan
(15) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(9) |
Sep
(2) |
Oct
(9) |
Nov
(3) |
Dec
(2) |
| 2005 |
Jan
(1) |
Feb
(3) |
Mar
(3) |
Apr
|
May
(1) |
Jun
(5) |
Jul
|
Aug
(12) |
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2006 |
Jan
(3) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
(5) |
Nov
(5) |
Dec
|
| 2007 |
Jan
(2) |
Feb
(5) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <bob...@us...> - 2003-11-04 07:00:32
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv3213/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Mail.java
Log Message:
Make smpt port configurable on msh.properties.xml
Change the behaviour that it will not throw exception if it cannot
verify the signature
Index: Mail.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Mail.java,v
retrieving revision 1.40
retrieving revision 1.41
diff -C2 -d -r1.40 -r1.41
*** Mail.java 11 Jul 2003 03:50:35 -0000 1.40
--- Mail.java 4 Nov 2003 07:00:28 -0000 1.41
***************
*** 201,205 ****
*/
public static final String PROPERTY_JAVA_MAIL_SMTP_HOST_PORT =
! "mail.smtp.host.port";
/**
--- 201,205 ----
*/
public static final String PROPERTY_JAVA_MAIL_SMTP_HOST_PORT =
! "mail.smtp.port";
/**
***************
*** 338,341 ****
--- 338,343 ----
*/
private static boolean changeSubType;
+
+ private static String smtpPort = null;
protected static boolean isConfigured = false;
***************
*** 359,362 ****
--- 361,365 ----
smtpHost = prop.get(PROPERTY_MAIL_SMTP_HOST);
+ smtpPort = prop.get(PROPERTY_MAIL_SMTP_HOST_PORT);
smtpAuthUser = prop.get(PROPERTY_MAIL_SMTP_AUTH_USER);
smtpAuthPass = prop.get(PROPERTY_MAIL_SMTP_AUTH_PASS);
***************
*** 507,510 ****
--- 510,516 ----
final Properties properties = new Properties();
properties.put(PROPERTY_JAVA_MAIL_SMTP_HOST, smtpHost);
+ if (smtpPort != null) {
+ properties.put(PROPERTY_JAVA_MAIL_SMTP_HOST_PORT, smtpPort);
+ }
Session session;
|
|
From: <bob...@us...> - 2003-11-04 07:00:31
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv3213/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
MessageServiceHandler.java
Log Message:
Make smpt port configurable on msh.properties.xml
Change the behaviour that it will not throw exception if it cannot
verify the signature
Index: MessageServiceHandler.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/MessageServiceHandler.java,v
retrieving revision 1.175
retrieving revision 1.176
diff -C2 -d -r1.175 -r1.176
*** MessageServiceHandler.java 22 Sep 2003 08:04:41 -0000 1.175
--- MessageServiceHandler.java 4 Nov 2003 07:00:27 -0000 1.176
***************
*** 4429,4433 ****
logger.debug("=> MessageServiceHandler.dispatchMessage");
final String messageId = ebxmlMessage.getMessageId();
! if (hasSignature(ebxmlMessage) && !verify(ebxmlMessage)) {
final String status = "Signature verification failed";
requestProperty.put(DbTableManager.ATTRIBUTE_STATUS, status);
--- 4429,4442 ----
logger.debug("=> MessageServiceHandler.dispatchMessage");
final String messageId = ebxmlMessage.getMessageId();
! boolean isVerifyFail = false;
! try {
! isVerifyFail = hasSignature(ebxmlMessage)
! && !verify(ebxmlMessage);
! } catch (Exception e) {
! String err = "Error on verifying signature : " + e;
! logger.error(err);
! isVerifyFail = true;
! }
! if (isVerifyFail) {
final String status = "Signature verification failed";
requestProperty.put(DbTableManager.ATTRIBUTE_STATUS, status);
|
|
From: <bob...@us...> - 2003-11-04 07:00:30
|
Update of /cvsroot/ebxmlms/ebxmlms/conf
In directory sc8-pr-cvs1:/tmp/cvs-serv3213/conf
Modified Files:
msh.properties.xml
Log Message:
Make smpt port configurable on msh.properties.xml
Change the behaviour that it will not throw exception if it cannot
verify the signature
Index: msh.properties.xml
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/conf/msh.properties.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** msh.properties.xml 11 Sep 2003 08:58:08 -0000 1.27
--- msh.properties.xml 4 Nov 2003 07:00:26 -0000 1.28
***************
*** 70,73 ****
--- 70,74 ----
<!-- Mail server for sending messages -->
<Host>host.domain</Host>
+ <Port>25</Port>
<User>user</User>
<Password>password</Password>
|
|
From: <bob...@us...> - 2003-11-04 06:55:03
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv2111/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Tag: b0931
Mail.java
Log Message:
Make smpt port configurable on msh.properties.xml
Index: Mail.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Mail.java,v
retrieving revision 1.35.2.6
retrieving revision 1.35.2.7
diff -C2 -d -r1.35.2.6 -r1.35.2.7
*** Mail.java 17 Jul 2003 09:41:59 -0000 1.35.2.6
--- Mail.java 4 Nov 2003 06:55:00 -0000 1.35.2.7
***************
*** 201,205 ****
*/
public static final String PROPERTY_JAVA_MAIL_SMTP_HOST_PORT =
! "mail.smtp.host.port";
/**
--- 201,205 ----
*/
public static final String PROPERTY_JAVA_MAIL_SMTP_HOST_PORT =
! "mail.smtp.port";
/**
***************
*** 338,341 ****
--- 338,343 ----
*/
private static boolean changeSubType;
+
+ private static String smtpPort;
protected static boolean isConfigured = false;
***************
*** 360,363 ****
--- 362,366 ----
smtpHost = prop.get(PROPERTY_MAIL_SMTP_HOST);
+ smtpPort = prop.get(PROPERTY_JAVA_MAIL_SMTP_HOST_PORT);
smtpAuthUser = prop.get(PROPERTY_MAIL_SMTP_AUTH_USER);
smtpAuthPass = prop.get(PROPERTY_MAIL_SMTP_AUTH_PASS);
***************
*** 508,511 ****
--- 511,517 ----
final Properties properties = new Properties();
properties.put(PROPERTY_JAVA_MAIL_SMTP_HOST, smtpHost);
+ if (smtpPort != null) {
+ properties.put(PROPERTY_JAVA_MAIL_SMTP_HOST_PORT, smtpPort);
+ }
Session session;
|
|
From: <bob...@us...> - 2003-11-04 06:55:03
|
Update of /cvsroot/ebxmlms/ebxmlms/conf
In directory sc8-pr-cvs1:/tmp/cvs-serv2111/conf
Modified Files:
Tag: b0931
msh.properties.xml
Log Message:
Make smpt port configurable on msh.properties.xml
Index: msh.properties.xml
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/conf/msh.properties.xml,v
retrieving revision 1.20.2.4
retrieving revision 1.20.2.5
diff -C2 -d -r1.20.2.4 -r1.20.2.5
*** msh.properties.xml 5 May 2003 08:55:36 -0000 1.20.2.4
--- msh.properties.xml 4 Nov 2003 06:54:59 -0000 1.20.2.5
***************
*** 66,69 ****
--- 66,70 ----
<!-- Mail server for sending messages -->
<Host>host.domain</Host>
+ <Port>25</Port>
<User>user</User>
<Password>password</Password>
|
|
From: <bob...@us...> - 2003-09-22 08:35:42
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv24013/src/hk/hku/cecid/phoenix/pki
Modified Files:
AlwaysTrueHostnameVerifier.java
Log Message:
fix a little bug on loading CertiResolver.
add some logging message on AlwayTrueHostnameVerifier and Http
Index: AlwaysTrueHostnameVerifier.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/AlwaysTrueHostnameVerifier.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** AlwaysTrueHostnameVerifier.java 10 Sep 2003 04:47:02 -0000 1.1
--- AlwaysTrueHostnameVerifier.java 22 Sep 2003 08:04:43 -0000 1.2
***************
*** 71,74 ****
--- 71,75 ----
//import javax.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HostnameVerifier;
+ import org.apache.log4j.Logger;
/**
The Hostname Verifier which always return true for all cases.
***************
*** 78,81 ****
--- 79,84 ----
*/
public class AlwaysTrueHostnameVerifier implements HostnameVerifier {
+ protected static Logger logger = Logger.getLogger(
+ AlwaysTrueHostnameVerifier.class);
/*
For 1.4 only. so it is commented.
***************
*** 85,88 ****
--- 88,95 ----
*/
public boolean verify(String urlHostname, String certHostname) {
+ if (!urlHostname.equals(certHostname)) {
+ logger.warn("AlwaysTrueHostnameVerifier: hostname not equals");
+ logger.warn("url hostname : " + urlHostname + " and cert hostname : " + certHostname);
+ }
return true;
}
|
|
From: <bob...@us...> - 2003-09-22 08:10:56
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv24013/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
MessageServiceHandler.java
Log Message:
fix a little bug on loading CertiResolver.
add some logging message on AlwayTrueHostnameVerifier and Http
Index: MessageServiceHandler.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/MessageServiceHandler.java,v
retrieving revision 1.174
retrieving revision 1.175
diff -C2 -d -r1.174 -r1.175
*** MessageServiceHandler.java 15 Aug 2003 07:34:01 -0000 1.174
--- MessageServiceHandler.java 22 Sep 2003 08:04:41 -0000 1.175
***************
*** 865,869 ****
catch (Exception e) {
String err = ErrorMessages.getMessage
! (ErrorMessages.ERR_HERMES_INIT_ERROR, e.getMessage());
logger.error(err, e);
throw new InitializationException(err);
--- 865,869 ----
catch (Exception e) {
String err = ErrorMessages.getMessage
! (ErrorMessages.ERR_HERMES_INIT_ERROR, e);
logger.error(err, e);
throw new InitializationException(err);
|
|
From: <bob...@us...> - 2003-09-22 08:10:56
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv24013/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
fix a little bug on loading CertiResolver.
add some logging message on AlwayTrueHostnameVerifier and Http
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** Http.java 19 Sep 2003 06:54:45 -0000 1.8
--- Http.java 22 Sep 2003 08:04:42 -0000 1.9
***************
*** 392,396 ****
HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
! if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
logger.info("Configuration to a HTTPS connection");
HttpsURLConnection httpsConnection
--- 392,399 ----
HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
! logger.debug("Connection class : " + connection.getClass());
! logger.debug("Instance of HttpsURLConnection : "
! + (connection instanceof HttpsURLConnection));
! if (connection instanceof HttpsURLConnection) {
logger.info("Configuration to a HTTPS connection");
HttpsURLConnection httpsConnection
|
|
From: <bob...@us...> - 2003-09-19 19:57:27
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv28903/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
Fix a bug on PKISignatureImpl.sign, which ignore the signing algo previously.
Make Http to support the default SSL client authentication settings.
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** Http.java 11 Sep 2003 08:58:09 -0000 1.7
--- Http.java 19 Sep 2003 06:54:45 -0000 1.8
***************
*** 148,151 ****
--- 148,152 ----
private static TrustManager[] trustManagers = null;
private static Map keyManagerMap = null;
+ private static KeyManager defaultKeyStoreKeyManager = null;
//private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
***************
*** 256,266 ****
realKeyStoreFile = null;
}
! try {
! url = new URL(urlString);
! } catch (java.net.MalformedURLException e) {
! logger.warn("Malformed url for SSL Client auth '" + urlString
! + "' : " + e.getMessage());
}
! if (realKeyStoreFile != null && url != null) {
KeyManager keyManager = null;
try {
--- 257,270 ----
realKeyStoreFile = null;
}
! if (urlString != null ) {
! try {
! url = new URL(urlString);
! } catch (java.net.MalformedURLException e) {
! logger.warn("Malformed url for SSL Client auth '"
! + urlString + "' : " + e.getMessage());
! }
}
! if (realKeyStoreFile != null
! && (urlString == null || url != null)) {
KeyManager keyManager = null;
try {
***************
*** 275,281 ****
}
if (keyManager != null) {
! logger.info("Add SSL Client Authentication entry : "
! + url + " " + realKeyStoreFile);
! result.put(url, keyManager);
}
} else {
--- 279,292 ----
}
if (keyManager != null) {
! if (url != null) {
! logger.info("Add SSL Client Authentication entry : "
! + url + " " + realKeyStoreFile);
! result.put(url, keyManager);
! } else {
! logger.info("Add default SSL Client "
! + "Authentication entry : "
! + realKeyStoreFile);
! defaultKeyStoreKeyManager = keyManager;
! }
}
} else {
***************
*** 394,397 ****
--- 405,412 ----
logger.debug("use key manager for url : " + url);
keyManagers = new KeyManager[]{keyManager};
+ } else if (defaultKeyStoreKeyManager != null) {
+ logger.debug("use default key manager");
+ keyManagers
+ = new KeyManager[]{defaultKeyStoreKeyManager};
}
}
|
|
From: <bob...@us...> - 2003-09-19 19:46:08
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging
In directory sc8-pr-cvs1:/tmp/cvs-serv28903/hk/hku/cecid/phoenix/message/packaging
Modified Files:
PKISignatureImpl.java
Log Message:
Fix a bug on PKISignatureImpl.sign, which ignore the signing algo previously.
Make Http to support the default SSL client authentication settings.
Index: PKISignatureImpl.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging/PKISignatureImpl.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** PKISignatureImpl.java 20 Aug 2003 08:02:09 -0000 1.10
--- PKISignatureImpl.java 19 Sep 2003 06:54:45 -0000 1.11
***************
*** 130,134 ****
void sign(String alias, char[] password, String keyStoreLocation,
String algo) throws SignatureException {
! sign(alias, password, keyStoreLocation, null, null, false);
}
--- 130,134 ----
void sign(String alias, char[] password, String keyStoreLocation,
String algo) throws SignatureException {
! sign(alias, password, keyStoreLocation, algo, null, false);
}
|
|
From: <bob...@us...> - 2003-09-11 08:58:19
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/src/hk/hku/cecid/phoenix/pki
Added Files:
KeyStoreKeyManager.java
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.
--- NEW FILE: KeyStoreKeyManager.java ---
/*
* Copyright(c) 2002 Center for E-Commerce Infrastructure Development, The
* University of Hong Kong (HKU). All Rights Reserved.
*
* This software is licensed under the Academic Free License Version 1.0
*
* Academic Free License
* Version 1.0
*
* This Academic Free License applies to any software and associated
* documentation (the "Software") whose owner (the "Licensor") has placed the
* statement "Licensed under the Academic Free License Version 1.0" immediately
* after the copyright notice that applies to the Software.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of the Software (1) to use, copy, modify, merge, publish, perform,
* distribute, sublicense, and/or sell copies of the Software, and to permit
* persons to whom the Software is furnished to do so, and (2) under patent
* claims owned or controlled by the Licensor that are embodied in the Software
* as furnished by the Licensor, to make, use, sell and offer for sale the
* Software and derivative works thereof, subject to the following conditions:
*
* - Redistributions of the Software in source code form must retain all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers.
* - Redistributions of the Software in executable form must reproduce all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers in the documentation and/or
* other materials provided with the distribution.
* - Neither the names of Licensor, nor the names of any contributors to the
* Software, nor any of their trademarks or service marks, may be used to
* endorse or promote products derived from this Software without express
* prior written permission of the Licensor.
*
* DISCLAIMERS: LICENSOR WARRANTS THAT THE COPYRIGHT IN AND TO THE SOFTWARE IS
* OWNED BY THE LICENSOR OR THAT THE SOFTWARE IS DISTRIBUTED BY LICENSOR UNDER
* A VALID CURRENT LICENSE. EXCEPT AS EXPRESSLY STATED IN THE IMMEDIATELY
* PRECEDING SENTENCE, THE SOFTWARE IS PROVIDED BY THE LICENSOR, CONTRIBUTORS
* AND COPYRIGHT OWNERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
* LICENSOR, CONTRIBUTORS OR COPYRIGHT OWNERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE.
*
* This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
* Permission is hereby granted to copy and distribute this license without
* modification. This license may not be modified without the express written
* permission of its copyright owner.
*/
/* =====
*
* $Header: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/KeyStoreKeyManager.java,v 1.1 2003/09/11 08:58:09 bobpykoon Exp $
*
* Code authored by:
*
* Bob Koon [2003-09-010]
*
* Code reviewed by:
*
* username [YYYY-MM-DD]
*
* Remarks:
*
* =====
*/
package hk.hku.cecid.phoenix.pki;
import java.io.IOException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.File;
import java.net.Socket;
import java.util.Enumeration;
//import javax.net.ssl.X509KeyManager;
import com.sun.net.ssl.X509KeyManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.Principal;
import java.security.PrivateKey;
import org.apache.log4j.Logger;
/**
* This class implements the com.sun.net.ssl.X509KeyManager, which Trust the
* Certificate Chain if any of the certificate in the certificate chain is
* stored in the KeyStore.
*
* @author bobpykoon
* @version $Revision: 1.1 $
*/
public class KeyStoreKeyManager implements X509KeyManager {
/**
* Logger
*/
protected static Logger logger = Logger.getLogger(
KeyStoreTrustManager.class);
private KeyStore keyStore;
private char[] password;
private String alias;
/**
construct the KeyManger using the KeyStore provided. The Keystore must
be loaded before passed as parameter.
*/
public KeyStoreKeyManager(File keystoreFile, String alias, char[] password)
throws KeyStoreException {
keyStore = KeyStore.getInstance("JKS");
InputStream istream = null;
try {
istream = new FileInputStream(keystoreFile);
keyStore.load(istream, password);
} catch (Exception e) {
throw new KeyStoreException("Cannot load keystore : "
+ e.getMessage());
} finally {
if (istream != null) {
try {
istream.close();
} catch (Exception e) {
}
}
}
this.password = password;
this.alias = alias;
logger.debug("Initial KeyStore Trust Manager with keyStore having "
+ keyStore.size() + " entries.");
}
/**
implement com.sun.net.ssl.X509KeyManager. Return the alias if principal
match
*/
public String chooseClientAlias(String keyType, Principal[] issuers) {
return getAlias(issuers);
}
/**
implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
Return the alias if principal match
*/
public String[] getClientAliases(String keyType, Principal[] issuers) {
return new String[]{getAlias(issuers)};
}
/**
implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
Return the alias if principal match
*/
public String[] getServerAliases(String keyType, Principal[] issuers) {
return new String[]{getAlias(issuers)};
}
/**
implement com.sun.net.ssl.X509KeyManager. Return the alias if principal
match
*/
public String chooseServerAlias(String keyType, Principal[] issuers) {
return getAlias(issuers);
}
private String getAlias(Principal[] issuers) {
if (trustPrincipal(issuers)) {
return alias;
}
return null;
}
private boolean trustPrincipal(Principal[] issuers) {
X509Certificate[] certs = getCertificateChain(alias);
for (int i = 0; i < certs.length; i++) {
if (trustPrincipal(certs[i], issuers)) {
return true;
}
}
return false;
}
private boolean trustPrincipal(X509Certificate certificate,
Principal[] issuers) {
for (int i = 0; i < issuers.length; i++) {
if (trustPrincipal(certificate, issuers[i])) {
return true;
}
}
return false;
}
private boolean trustPrincipal(X509Certificate certificate,
Principal issuer) {
/*
logger.debug("Input issuer principal: " + issuer);
logger.debug("Input issuer principal name: " + issuer.getName());
logger.debug("Certificate subject principal: " + certificate.getSubjectDN());
logger.debug("Certificate subject principal name: " + certificate.getSubjectDN().getName());
logger.debug("Equal : " + issuer.getName().equals(certificate.getSubjectDN().getName()));
return issuer.getName().equals(certificate.getSubjectDN().getName());
*/
/*
don't know how to check yet.
*/
return true;
}
/**
implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
*/
public X509Certificate[] getCertificateChain(String alias) {
try {
Certificate[] certs = keyStore.getCertificateChain(alias);
X509Certificate[] resultCerts = new X509Certificate[certs.length];
for (int i = 0; i < resultCerts.length; i++) {
resultCerts[i] = (X509Certificate) certs[i];
}
return resultCerts;
} catch (KeyStoreException e) {
throw new Error("Unexpected Error");
}
}
/**
implement com.sun.net.ssl.X509KeyManager and javax.net.ssl.X509KeyManager.
*/
public PrivateKey getPrivateKey(String alias) {
try {
return (PrivateKey) keyStore.getKey(alias, password);
} catch (Exception e) {
throw new Error("Unexpected Error");
}
}
/**
implement javax.net.ssl.X509KeyManager. Return the alias if principal
match
*/
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
for (int i = 0; i < keyType.length; i++) {
String alias = chooseClientAlias(keyType[i], issuers);
if (alias != null) {
return alias;
}
}
return null;
}
/**
implement javax.net.ssl.X509KeyManager. Return the alias if principal
match
*/
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
return chooseServerAlias(keyType, issuers);
}
}
|
|
From: <bob...@us...> - 2003-09-11 08:58:19
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
Constants.java
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.
Index: Constants.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/Constants.java,v
retrieving revision 1.31
retrieving revision 1.32
diff -C2 -d -r1.31 -r1.32
*** Constants.java 9 Sep 2003 04:06:18 -0000 1.31
--- Constants.java 11 Sep 2003 08:58:08 -0000 1.32
***************
*** 321,324 ****
--- 321,354 ----
"MSH/SSL/TrustedAnchor/KeyStore/Password";
+ /**
+ Path to access the ssl client authentication info.
+ */
+ public static final String PROPERTY_SSL_CLIENT_AUTH = "MSH/SSL/ClientAuth";
+
+ /**
+ Path to access the URL inside ssl client authentication info.
+ */
+ public static final String PROPERTY_URL = "URL";
+
+ /**
+ Path to access the Keystore path inside ssl client authentication info.
+ */
+ public static final String PROPERTY_KEY_STORE_PATH = "KeyStore/Path";
+
+ /**
+ Path to access the Keystore file inside ssl client authentication info.
+ */
+ public static final String PROPERTY_KEY_STORE_FILE = "KeyStore/File";
+
+ /**
+ Path to access the Keystore alias inside ssl client authentication info.
+ */
+ public static final String PROPERTY_KEY_STORE_ALIAS = "KeyStore/Alias";
+
+ /**
+ Path to access the Keystore password inside ssl client authentication info.
+ */
+ public static final String PROPERTY_KEY_STORE_PASSWORD
+ = "KeyStore/Password";
// Settings for Repositories
|
|
From: <bob...@us...> - 2003-09-11 08:58:19
|
Update of /cvsroot/ebxmlms/ebxmlms/conf
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/conf
Modified Files:
msh.properties.xml
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.
Index: msh.properties.xml
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/conf/msh.properties.xml,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -d -r1.26 -r1.27
*** msh.properties.xml 10 Sep 2003 04:47:02 -0000 1.26
--- msh.properties.xml 11 Sep 2003 08:58:08 -0000 1.27
***************
*** 143,146 ****
--- 143,155 ----
</KeyStore>
</TrustedAnchor>
+ <ClientAuth>
+ <URL>https://147.8.178.159:8443/msh/</URL>
+ <KeyStore>
+ <Path></Path>
+ <File>my_keystore</File>
+ <Alias>ackkey</Alias>
+ <Password>changeit</Password>
+ </KeyStore>
+ </ClientAuth>
</SSL>
<Persistent>
|
|
From: <bob...@us...> - 2003-09-11 08:58:19
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv2330/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
Implement SSL Client Authentication.
set SSL client cert map with URL.
however, currently don't know how to choose suitable client cert
upon certificate request from server.
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** Http.java 10 Sep 2003 04:47:02 -0000 1.6
--- Http.java 11 Sep 2003 08:58:09 -0000 1.7
***************
*** 76,79 ****
--- 76,80 ----
import hk.hku.cecid.phoenix.message.packaging.EbxmlMessage;
import hk.hku.cecid.phoenix.pki.KeyStoreTrustManager;
+ import hk.hku.cecid.phoenix.pki.KeyStoreKeyManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
***************
*** 85,93 ****
--- 86,97 ----
import java.net.HttpURLConnection;
import java.net.URL;
+ import java.net.MalformedURLException;
import java.security.Provider;
import java.security.Security;
import java.security.KeyStore;
+ import java.security.KeyStoreException;
import java.util.Iterator;
import java.util.Map;
+ import java.util.HashMap;
// import java.util.Map.Entry;
import java.util.StringTokenizer;
***************
*** 141,146 ****
Constants.DEFAULT_CONTENT_TRANSFER_ENCODING;
! private static HostnameVerifier hostnameVerifier;
! private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
String s = prop.get(Constants.PROPERTY_CONTENT_TRANSFER_ENCODING);
--- 145,152 ----
Constants.DEFAULT_CONTENT_TRANSFER_ENCODING;
! private static HostnameVerifier hostnameVerifier = null;
! private static TrustManager[] trustManagers = null;
! private static Map keyManagerMap = null;
! //private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
String s = prop.get(Constants.PROPERTY_CONTENT_TRANSFER_ENCODING);
***************
*** 188,193 ****
Constants.PROPERTY_USER_HOME);
}
- String realTrustedStorePath = trustedStorePath + File.separator
- + trustedStoreFile;
File realTrustStoreFile = new File(trustedStorePath + File.separator
+ trustedStoreFile);
--- 194,197 ----
***************
*** 223,241 ****
}
}
! if (trustManagers != null || keyManagers != null) {
! configureHTTPS(keyManagers, trustManagers);
}
}
! private static void configureHTTPS(KeyManager[] keyManagers,
! TrustManager[] trustManagers) throws InitializationException {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, trustManagers, null);
! /*
! HttpsURLConnection.setDefaultSSLSocketFactory(
! context.getSocketFactory());
! */
! sslSocketFactory = context.getSocketFactory();
} catch (Exception e) {
String err = ErrorMessages.getMessage
--- 227,297 ----
}
}
! keyManagerMap = makeKeyManagerMap(prop);
! }
!
! private static Map makeKeyManagerMap(Property prop)
! throws InitializationException {
! Map result = new HashMap();
! String[] values = prop.getMultiple(Constants.PROPERTY_SSL_CLIENT_AUTH);
! if (values != null) {
! for (int i = 0; i < values.length; i++) {
! String prefix = Constants.PROPERTY_SSL_CLIENT_AUTH + "[" + i + "]";
! String urlString = prop.get(prefix + "/" + Constants.PROPERTY_URL);
! String keystorePath = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_PATH, "");
! String keystoreFile = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_FILE, "");
! String keystoreAlias = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_ALIAS, "");
! String keystorePassword = prop.get(
! prefix + "/" + Constants.PROPERTY_KEY_STORE_PASSWORD,
! "");
! File realKeyStoreFile = new File(keystorePath + File.separator
! + keystoreFile);
! URL url = null;
! if (!(realKeyStoreFile.exists()
! && realKeyStoreFile.isFile())) {
! logger.warn("KeyStoreFile not exist or is not a file : "
! + realKeyStoreFile.toString());
! realKeyStoreFile = null;
! }
! try {
! url = new URL(urlString);
! } catch (java.net.MalformedURLException e) {
! logger.warn("Malformed url for SSL Client auth '" + urlString
! + "' : " + e.getMessage());
! }
! if (realKeyStoreFile != null && url != null) {
! KeyManager keyManager = null;
! try {
! keyManager = new KeyStoreKeyManager(
! realKeyStoreFile, keystoreAlias,
! keystorePassword.toCharArray());
! } catch (KeyStoreException e) {
! String err = "Cannot load the keystore on SSL "
! + "client authentication : " + e.getMessage();
! logger.error(err);
! throw new InitializationException(err);
! }
! if (keyManager != null) {
! logger.info("Add SSL Client Authentication entry : "
! + url + " " + realKeyStoreFile);
! result.put(url, keyManager);
! }
! } else {
! logger.warn("Ignore this SSL Client Authenication setting");
! }
! }
}
+ return result;
}
! private static SSLSocketFactory makeSSLSocketFactory(
! KeyManager[] keyManagers, TrustManager[] trustManagers)
! throws InitializationException {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagers, trustManagers, null);
! return context.getSocketFactory();
} catch (Exception e) {
String err = ErrorMessages.getMessage
***************
*** 326,334 ****
url.openConnection();
if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
! logger.info("Connect to a HTTPS connection");
HttpsURLConnection httpsConnection
= (HttpsURLConnection) connection;
! httpsConnection.setHostnameVerifier(hostnameVerifier);
! httpsConnection.setSSLSocketFactory(sslSocketFactory);
}
connection.setRequestMethod(HTTP_METHOD);
--- 382,404 ----
url.openConnection();
if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
! logger.info("Configuration to a HTTPS connection");
HttpsURLConnection httpsConnection
= (HttpsURLConnection) connection;
! if (hostnameVerifier != null) {
! httpsConnection.setHostnameVerifier(hostnameVerifier);
! }
! KeyManager[] keyManagers = null;
! if (keyManagerMap != null) {
! KeyManager keyManager = (KeyManager) keyManagerMap.get(url);
! if (keyManager != null) {
! logger.debug("use key manager for url : " + url);
! keyManagers = new KeyManager[]{keyManager};
! }
! }
! if (trustManagers != null || keyManagers != null) {
! SSLSocketFactory sslSocketFactory = makeSSLSocketFactory(
! keyManagers, trustManagers);
! httpsConnection.setSSLSocketFactory(sslSocketFactory);
! }
}
connection.setRequestMethod(HTTP_METHOD);
|
|
From: <bob...@us...> - 2003-09-10 04:47:15
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv3802/src/hk/hku/cecid/phoenix/pki
Modified Files:
KeyStoreTrustManager.java
Added Files:
AlwaysTrueHostnameVerifier.java
Log Message:
Change KeyStoreTrustManager to make it 1.3 compilance
add AlwaysTrueHostnameVerifier to easy debugging.
change Http.java to support SSL Server authentication
Note that in order to support JSDK 1.3, it use some deprecated functions.
Also note that the settings to support SSL maybe dependent to the
app. server.
--- NEW FILE: AlwaysTrueHostnameVerifier.java ---
/*
* Copyright(c) 2002 Center for E-Commerce Infrastructure Development, The
* University of Hong Kong (HKU). All Rights Reserved.
*
* This software is licensed under the Academic Free License Version 1.0
*
* Academic Free License
* Version 1.0
*
* This Academic Free License applies to any software and associated
* documentation (the "Software") whose owner (the "Licensor") has placed the
* statement "Licensed under the Academic Free License Version 1.0" immediately
* after the copyright notice that applies to the Software.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of the Software (1) to use, copy, modify, merge, publish, perform,
* distribute, sublicense, and/or sell copies of the Software, and to permit
* persons to whom the Software is furnished to do so, and (2) under patent
* claims owned or controlled by the Licensor that are embodied in the Software
* as furnished by the Licensor, to make, use, sell and offer for sale the
* Software and derivative works thereof, subject to the following conditions:
*
* - Redistributions of the Software in source code form must retain all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers.
* - Redistributions of the Software in executable form must reproduce all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers in the documentation and/or
* other materials provided with the distribution.
* - Neither the names of Licensor, nor the names of any contributors to the
* Software, nor any of their trademarks or service marks, may be used to
* endorse or promote products derived from this Software without express
* prior written permission of the Licensor.
*
* DISCLAIMERS: LICENSOR WARRANTS THAT THE COPYRIGHT IN AND TO THE SOFTWARE IS
* OWNED BY THE LICENSOR OR THAT THE SOFTWARE IS DISTRIBUTED BY LICENSOR UNDER
* A VALID CURRENT LICENSE. EXCEPT AS EXPRESSLY STATED IN THE IMMEDIATELY
* PRECEDING SENTENCE, THE SOFTWARE IS PROVIDED BY THE LICENSOR, CONTRIBUTORS
* AND COPYRIGHT OWNERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
* LICENSOR, CONTRIBUTORS OR COPYRIGHT OWNERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE.
*
* This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
* Permission is hereby granted to copy and distribute this license without
* modification. This license may not be modified without the express written
* permission of its copyright owner.
*/
/* =====
*
* $Header: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/AlwaysTrueHostnameVerifier.java,v 1.1 2003/09/10 04:47:02 bobpykoon Exp $
*
* Code authored by:
*
* Bob Koon [2003-09-09]
*
* Code reviewed by:
*
* username [YYYY-MM-DD]
*
* Remarks:
*
* =====
*/
package hk.hku.cecid.phoenix.pki;
//import javax.net.ssl.SSLSession;
//import javax.net.ssl.HostnameVerifier;
import com.sun.net.ssl.HostnameVerifier;
/**
The Hostname Verifier which always return true for all cases.
This class is useful for simple testing on SSL connection.
@author Bob Koon
@version $Revision: 1.1 $
*/
public class AlwaysTrueHostnameVerifier implements HostnameVerifier {
/*
For 1.4 only. so it is commented.
public boolean verify(String hostname, SSLSession session) {
return true;
}
*/
public boolean verify(String urlHostname, String certHostname) {
return true;
}
}
Index: KeyStoreTrustManager.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/KeyStoreTrustManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** KeyStoreTrustManager.java 9 Sep 2003 06:52:59 -0000 1.1
--- KeyStoreTrustManager.java 10 Sep 2003 04:47:02 -0000 1.2
***************
*** 69,73 ****
package hk.hku.cecid.phoenix.pki;
import java.util.Enumeration;
! import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
--- 69,74 ----
package hk.hku.cecid.phoenix.pki;
import java.util.Enumeration;
! //import javax.net.ssl.X509TrustManager;
! import com.sun.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
***************
*** 76,84 ****
import org.apache.log4j.Logger;
/**
! * This class implements the javax.net.ssl.X509TrustManager, which Trust the
* Certificate Chain if any of the certificate in the certificate chain is
* stored in the KeyStore.
*
! * @author pykoon
* @version $Revision$
*/
--- 77,85 ----
import org.apache.log4j.Logger;
/**
! * This class implements the com.sun.net.ssl.X509TrustManager, which Trust the
* Certificate Chain if any of the certificate in the certificate chain is
* stored in the KeyStore.
*
! * @author bobpykoon
* @version $Revision$
*/
***************
*** 168,172 ****
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
! contains one of the certificate in the chain.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
--- 169,174 ----
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
! contains one of the certificate in the chain. This function Implement 1.4
! X509TrustManager, but 1.4 is not used yet.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
***************
*** 177,185 ****
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
! contains one of the certificate in the chain.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
checkTrusted(chain);
}
}
--- 179,216 ----
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
! contains one of the certificate in the chain. This function Implement 1.4
! X509TrustManager, but 1.4 is not used yet.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
checkTrusted(chain);
+ }
+
+ /**
+ Implemented the TrustManager(1.3) function.
+ It trust the chain if the KeyStore contains one of
+ the certificate in the chain.
+ */
+ public boolean isClientTrusted(X509Certificate[] chain) {
+ try {
+ checkTrusted(chain);
+ return true;
+ } catch (CertificateException e) {
+ return false;
+ }
+ }
+
+ /**
+ Implemented the TrustManager(1.3) function.
+ It trust the chain if the KeyStore contains one of
+ the certificate in the chain.
+ */
+ public boolean isServerTrusted(X509Certificate[] chain) {
+ try {
+ checkTrusted(chain);
+ return true;
+ } catch (CertificateException e) {
+ return false;
+ }
}
}
|
|
From: <bob...@us...> - 2003-09-10 04:47:15
|
Update of /cvsroot/ebxmlms/ebxmlms/conf
In directory sc8-pr-cvs1:/tmp/cvs-serv3802/conf
Modified Files:
msh.properties.xml
Log Message:
Change KeyStoreTrustManager to make it 1.3 compilance
add AlwaysTrueHostnameVerifier to easy debugging.
change Http.java to support SSL Server authentication
Note that in order to support JSDK 1.3, it use some deprecated functions.
Also note that the settings to support SSL maybe dependent to the
app. server.
Index: msh.properties.xml
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/conf/msh.properties.xml,v
retrieving revision 1.25
retrieving revision 1.26
diff -C2 -d -r1.25 -r1.26
*** msh.properties.xml 9 Sep 2003 04:06:18 -0000 1.25
--- msh.properties.xml 10 Sep 2003 04:47:02 -0000 1.26
***************
*** 131,136 ****
<SSL>
<!-- Optional property specifying the implementation class name of
! javax.net.ssl.HostnameVerifier which handle the case when
! the URL's hostname and the server's identification hostname
mismatch-->
<!--<HostnameVerifier></HostnameVerifier>-->
--- 131,136 ----
<SSL>
<!-- Optional property specifying the implementation class name of
! com.sun.net.ssl.HostnameVerifier from JSSE 1.0 which handle the case
! when the URL's hostname and the server's identification hostname
mismatch-->
<!--<HostnameVerifier></HostnameVerifier>-->
|
|
From: <bob...@us...> - 2003-09-10 04:47:13
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv3802/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
Change KeyStoreTrustManager to make it 1.3 compilance
add AlwaysTrueHostnameVerifier to easy debugging.
change Http.java to support SSL Server authentication
Note that in order to support JSDK 1.3, it use some deprecated functions.
Also note that the settings to support SSL maybe dependent to the
app. server.
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** Http.java 9 Sep 2003 04:06:18 -0000 1.5
--- Http.java 10 Sep 2003 04:47:02 -0000 1.6
***************
*** 75,82 ****
--- 75,84 ----
// import hk.hku.cecid.phoenix.message.handler.Utility;
import hk.hku.cecid.phoenix.message.packaging.EbxmlMessage;
+ import hk.hku.cecid.phoenix.pki.KeyStoreTrustManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+ import java.io.FileInputStream;
import java.io.File;
import java.io.OutputStream;
***************
*** 85,96 ****
--- 87,109 ----
import java.security.Provider;
import java.security.Security;
+ import java.security.KeyStore;
import java.util.Iterator;
import java.util.Map;
// import java.util.Map.Entry;
import java.util.StringTokenizer;
+ /*
import javax.net.ssl.KeyManager;
+ import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
+ */
+ import com.sun.net.ssl.KeyManager;
+ import com.sun.net.ssl.SSLContext;
+ import com.sun.net.ssl.TrustManager;
+ import com.sun.net.ssl.HostnameVerifier;
+ import com.sun.net.ssl.HttpsURLConnection;
+
+ import javax.net.ssl.SSLSocketFactory;
import javax.xml.soap.MessageFactory;
// import javax.xml.soap.MimeHeader;
***************
*** 128,131 ****
--- 141,146 ----
Constants.DEFAULT_CONTENT_TRANSFER_ENCODING;
+ private static HostnameVerifier hostnameVerifier;
+ private static SSLSocketFactory sslSocketFactory;
public static void configure(Property prop) throws InitializationException {
String s = prop.get(Constants.PROPERTY_CONTENT_TRANSFER_ENCODING);
***************
*** 148,152 ****
logger.debug("Use custom Hostname Verifier on SSL : "
+ hostnameVerifierClassname);
! HostnameVerifier hostnameVerifier = null;
try {
hostnameVerifier = (HostnameVerifier)
--- 163,167 ----
logger.debug("Use custom Hostname Verifier on SSL : "
+ hostnameVerifierClassname);
! //HostnameVerifier hostnameVerifier = null;
try {
hostnameVerifier = (HostnameVerifier)
***************
*** 158,162 ****
throw new InitializationException(err);
}
! HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
--- 173,177 ----
throw new InitializationException(err);
}
! //HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
***************
*** 170,175 ****
(Constants.PROPERTY_SSL_TRUST_KEY_STORE_PASSWORD, "");
if (trustedStorePath.equals("")) {
! trustedStorePath = System.getProperty
! (Constants.PROPERTY_USER_HOME);
}
String realTrustedStorePath = trustedStorePath + File.separator
--- 185,190 ----
(Constants.PROPERTY_SSL_TRUST_KEY_STORE_PASSWORD, "");
if (trustedStorePath.equals("")) {
! trustedStorePath = System.getProperty(
! Constants.PROPERTY_USER_HOME);
}
String realTrustedStorePath = trustedStorePath + File.separator
***************
*** 177,182 ****
--- 192,228 ----
File realTrustStoreFile = new File(trustedStorePath + File.separator
+ trustedStoreFile);
+ TrustManager[] trustManagers = null;
+ KeyManager[] keyManagers = null;
if (realTrustStoreFile.exists() && realTrustStoreFile.isFile()) {
logger.debug("Use SSL trusted keystore : " + realTrustStoreFile);
+ KeyStore keystore = null;
+ InputStream istream = null;
+ /*
+ load the trust certificate keystore.
+ */
+ try {
+ keystore = KeyStore.getInstance("JKS");
+ istream = new FileInputStream(realTrustStoreFile);
+ keystore.load(istream, trustedStorePassword.toCharArray());
+ /*
+ init the trust manager using trust certificate keystore.
+ */
+ trustManagers = new TrustManager[]{
+ new KeyStoreTrustManager(keystore)};
+ } catch (Exception e) {
+ logger.warn("Cannot load SSL Trust Keystore : "
+ + e.getMessage());
+ logger.warn("Use Default SSL Trust Keystore settings");
+ } finally {
+ try {
+ if (istream != null) {
+ istream.close();
+ }
+ } catch (IOException e) {
+ }
+ }
+ }
+ if (trustManagers != null || keyManagers != null) {
+ configureHTTPS(keyManagers, trustManagers);
}
}
***************
*** 184,188 ****
private static void configureHTTPS(KeyManager[] keyManagers,
TrustManager[] trustManagers) throws InitializationException {
!
}
--- 230,247 ----
private static void configureHTTPS(KeyManager[] keyManagers,
TrustManager[] trustManagers) throws InitializationException {
! try {
! SSLContext context = SSLContext.getInstance("SSL");
! context.init(keyManagers, trustManagers, null);
! /*
! HttpsURLConnection.setDefaultSSLSocketFactory(
! context.getSocketFactory());
! */
! sslSocketFactory = context.getSocketFactory();
! } catch (Exception e) {
! String err = ErrorMessages.getMessage
! (ErrorMessages.ERR_HERMES_INIT_ERROR, e.getMessage());
! logger.error(err, e);
! throw new InitializationException(err);
! }
}
***************
*** 262,271 ****
SSL_WWW_PROTOCOL + "|" + pkgs);
System.setProperty(PROTOCOL_HANDLER_PKGS, pkgs);
- Security.addProvider((Provider) Class.forName
- (SSL_SSL_PROVIDER).newInstance());
}
}
HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
connection.setRequestMethod(HTTP_METHOD);
connection.setDoInput(true);
--- 321,335 ----
SSL_WWW_PROTOCOL + "|" + pkgs);
System.setProperty(PROTOCOL_HANDLER_PKGS, pkgs);
}
}
HttpURLConnection connection = (HttpURLConnection)
url.openConnection();
+ if (connection instanceof com.sun.net.ssl.HttpsURLConnection) {
+ logger.info("Connect to a HTTPS connection");
+ HttpsURLConnection httpsConnection
+ = (HttpsURLConnection) connection;
+ httpsConnection.setHostnameVerifier(hostnameVerifier);
+ httpsConnection.setSSLSocketFactory(sslSocketFactory);
+ }
connection.setRequestMethod(HTTP_METHOD);
connection.setDoInput(true);
|
|
From: <bob...@us...> - 2003-09-09 06:53:04
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv2295
Added Files:
KeyStoreTrustManager.java
Log Message:
add the KeyStoreTrustManger, which is the class for SSL Authentication
such that it trust the certificate chain if any of the certificate in the chain
is stored in a specify keystore.
--- NEW FILE: KeyStoreTrustManager.java ---
/*
* Copyright(c) 2002 Center for E-Commerce Infrastructure Development, The
* University of Hong Kong (HKU). All Rights Reserved.
*
* This software is licensed under the Academic Free License Version 1.0
*
* Academic Free License
* Version 1.0
*
* This Academic Free License applies to any software and associated
* documentation (the "Software") whose owner (the "Licensor") has placed the
* statement "Licensed under the Academic Free License Version 1.0" immediately
* after the copyright notice that applies to the Software.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of the Software (1) to use, copy, modify, merge, publish, perform,
* distribute, sublicense, and/or sell copies of the Software, and to permit
* persons to whom the Software is furnished to do so, and (2) under patent
* claims owned or controlled by the Licensor that are embodied in the Software
* as furnished by the Licensor, to make, use, sell and offer for sale the
* Software and derivative works thereof, subject to the following conditions:
*
* - Redistributions of the Software in source code form must retain all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers.
* - Redistributions of the Software in executable form must reproduce all
* copyright notices in the Software as furnished by the Licensor, this list
* of conditions, and the following disclaimers in the documentation and/or
* other materials provided with the distribution.
* - Neither the names of Licensor, nor the names of any contributors to the
* Software, nor any of their trademarks or service marks, may be used to
* endorse or promote products derived from this Software without express
* prior written permission of the Licensor.
*
* DISCLAIMERS: LICENSOR WARRANTS THAT THE COPYRIGHT IN AND TO THE SOFTWARE IS
* OWNED BY THE LICENSOR OR THAT THE SOFTWARE IS DISTRIBUTED BY LICENSOR UNDER
* A VALID CURRENT LICENSE. EXCEPT AS EXPRESSLY STATED IN THE IMMEDIATELY
* PRECEDING SENTENCE, THE SOFTWARE IS PROVIDED BY THE LICENSOR, CONTRIBUTORS
* AND COPYRIGHT OWNERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
* LICENSOR, CONTRIBUTORS OR COPYRIGHT OWNERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE.
*
* This license is Copyright (C) 2002 Lawrence E. Rosen. All rights reserved.
* Permission is hereby granted to copy and distribute this license without
* modification. This license may not be modified without the express written
* permission of its copyright owner.
*/
/* =====
*
* $Header: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/KeyStoreTrustManager.java,v 1.1 2003/09/09 06:52:59 bobpykoon Exp $
*
* Code authored by:
*
* Bob Koon [2003-09-09]
*
* Code reviewed by:
*
* username [YYYY-MM-DD]
*
* Remarks:
*
* =====
*/
package hk.hku.cecid.phoenix.pki;
import java.util.Enumeration;
import javax.net.ssl.X509TrustManager;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import org.apache.log4j.Logger;
/**
* This class implements the javax.net.ssl.X509TrustManager, which Trust the
* Certificate Chain if any of the certificate in the certificate chain is
* stored in the KeyStore.
*
* @author pykoon
* @version $Revision: 1.1 $
*/
public class KeyStoreTrustManager implements X509TrustManager {
/**
* Logger
*/
protected static Logger logger = Logger.getLogger(
KeyStoreTrustManager.class);
private KeyStore keyStore;
/**
construct the TrustManger using the KeyStore provided. The Keystore must
be loaded before passed as parameter.
*/
public KeyStoreTrustManager(KeyStore keyStore) throws KeyStoreException {
this.keyStore = keyStore;
logger.debug("Initial KeyStore Trust Manager with keyStore having "
+ keyStore.size() + " entries.");
}
/**
getAcceptedIssuers retrieves all of the certificates in the keyStore
and returns them in an X509Certificate array.
*/
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] certs = null;
try {
// See how many certificates are in the keystore.
int numberOfEntry = keyStore.size();
// If there are any certificates in the keystore.
if(numberOfEntry > 0) {
// Create an array of X509Certificates
certs = new X509Certificate[numberOfEntry];
// Get all of the certificate alias out of the keystore.
Enumeration aliases = keyStore.aliases();
// Retrieve all of the certificates out of the keystore
// via the alias name.
int i = 0;
while (aliases.hasMoreElements()) {
certs[i] = (X509Certificate) keyStore.getCertificate(
(String) aliases.nextElement());
i++;
}
}
} catch(KeyStoreException e) {
certs = null;
}
return certs;
}
/**
isChainTrusted searches the keyStore for any certificate in the
certificate chain.
*/
private boolean isChainTrusted(X509Certificate[] chain) {
boolean trusted = false;
try {
for (int i = chain.length - 1; i >= 0; i-- ) {
if (keyStore.getCertificateAlias(chain[i]) != null) {
return true;
}
}
} catch(KeyStoreException e) {
String err = "Unexpected error on loading KeyStore.";
logger.error(err, e);
throw new Error(err, e);
}
return false;
}
private void checkTrusted(X509Certificate[] chain)
throws CertificateException {
if (chain == null || chain.length == 0) {
String err = "Null or zero length chain";
logger.error("error in call KeyStoreTrustManager.checkTrusted : "
+ err);
throw new IllegalArgumentException(err);
}
if (!isChainTrusted(chain)) {
throw new CertificateException("Certificate chain is not trusted");
}
}
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
contains one of the certificate in the chain.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
checkTrusted(chain);
}
/**
Implemented the TrustManager function. It trust the chain if the KeyStore
contains one of the certificate in the chain.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
checkTrusted(chain);
}
}
|
|
From: <bob...@us...> - 2003-09-09 04:06:28
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv13696/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
Constants.java
Log Message:
add settings for SSL Server authentication.
However, the SSL Server authentication is not implemented yet.
Index: Constants.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/Constants.java,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** Constants.java 31 Jul 2003 05:58:54 -0000 1.30
--- Constants.java 9 Sep 2003 04:06:18 -0000 1.31
***************
*** 181,185 ****
! // Settings for keystore
/**
--- 181,185 ----
! // Settings for keystore on Digital Signature
/**
***************
*** 289,292 ****
--- 289,323 ----
public static final String PROPERTY_DATABASE_MAXIMUM_IDLE =
"MSH/Persistent/Database/MaximumIdle";
+
+
+ // Settings for SSL
+
+ /**
+ Path to access the classname of customized Hostname verifier for
+ the SSL connection
+ */
+ public static final String PROPERTY_SSL_HOSTNAME_VERIFIER =
+ "MSH/SSL/HostnameVerifier";
+
+ /**
+ Path to access the path of the keystore for the trust certificates on
+ SSL Server Authentication
+ */
+ public static final String PROPERTY_SSL_TRUST_KEY_STORE_PATH =
+ "MSH/SSL/TrustedAnchor/KeyStore/Path";
+
+ /**
+ Path to access the file of the keystore for the trust certificates on
+ SSL Server Authentication.
+ */
+ public static final String PROPERTY_SSL_TRUST_KEY_STORE_FILE =
+ "MSH/SSL/TrustedAnchor/KeyStore/File";
+
+ /**
+ Path to access the password of the keystore for the trust certificates on
+ SSL Server Authentication.
+ */
+ public static final String PROPERTY_SSL_TRUST_KEY_STORE_PASSWORD =
+ "MSH/SSL/TrustedAnchor/KeyStore/Password";
|
|
From: <bob...@us...> - 2003-09-09 04:06:28
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport
In directory sc8-pr-cvs1:/tmp/cvs-serv13696/src/hk/hku/cecid/phoenix/message/transport
Modified Files:
Http.java
Log Message:
add settings for SSL Server authentication.
However, the SSL Server authentication is not implemented yet.
Index: Http.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/transport/Http.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** Http.java 21 Jun 2003 03:08:25 -0000 1.4
--- Http.java 9 Sep 2003 04:06:18 -0000 1.5
***************
*** 79,82 ****
--- 79,83 ----
import java.io.IOException;
import java.io.InputStream;
+ import java.io.File;
import java.io.OutputStream;
import java.net.HttpURLConnection;
***************
*** 88,91 ****
--- 89,96 ----
// import java.util.Map.Entry;
import java.util.StringTokenizer;
+ import javax.net.ssl.KeyManager;
+ import javax.net.ssl.TrustManager;
+ import javax.net.ssl.HostnameVerifier;
+ import javax.net.ssl.HttpsURLConnection;
import javax.xml.soap.MessageFactory;
// import javax.xml.soap.MimeHeader;
***************
*** 128,131 ****
--- 133,188 ----
encoding = s;
}
+ /*
+ HTTPS Connection settings
+ */
+ /*
+ Set the custom HostnameVerifier if it is set on the properties.
+ The HostnameVerifier is used for the case that the URL's hostname
+ and the server's identification hostname mismatch
+ */
+ logger.debug("Configure HTTPS");
+ String hostnameVerifierClassname = prop.get(
+ Constants.PROPERTY_SSL_HOSTNAME_VERIFIER);
+ if (hostnameVerifierClassname != null
+ && !hostnameVerifierClassname.equals("")) {
+ logger.debug("Use custom Hostname Verifier on SSL : "
+ + hostnameVerifierClassname);
+ HostnameVerifier hostnameVerifier = null;
+ try {
+ hostnameVerifier = (HostnameVerifier)
+ Class.forName(hostnameVerifierClassname).newInstance();
+ } catch (Exception e) {
+ String err = ErrorMessages.getMessage
+ (ErrorMessages.ERR_HERMES_INIT_ERROR, e.getMessage());
+ logger.error(err, e);
+ throw new InitializationException(err);
+ }
+ HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
+ }
+ /*
+ Get the trust certificates on SSL if it is set on the properties.
+ */
+ String trustedStorePath = prop.get
+ (Constants.PROPERTY_SSL_TRUST_KEY_STORE_PATH, "");
+ String trustedStoreFile = prop.get
+ (Constants.PROPERTY_SSL_TRUST_KEY_STORE_FILE);
+ String trustedStorePassword = prop.get
+ (Constants.PROPERTY_SSL_TRUST_KEY_STORE_PASSWORD, "");
+ if (trustedStorePath.equals("")) {
+ trustedStorePath = System.getProperty
+ (Constants.PROPERTY_USER_HOME);
+ }
+ String realTrustedStorePath = trustedStorePath + File.separator
+ + trustedStoreFile;
+ File realTrustStoreFile = new File(trustedStorePath + File.separator
+ + trustedStoreFile);
+ if (realTrustStoreFile.exists() && realTrustStoreFile.isFile()) {
+ logger.debug("Use SSL trusted keystore : " + realTrustStoreFile);
+ }
+ }
+
+ private static void configureHTTPS(KeyManager[] keyManagers,
+ TrustManager[] trustManagers) throws InitializationException {
+
}
|
|
From: <bob...@us...> - 2003-09-09 04:06:28
|
Update of /cvsroot/ebxmlms/ebxmlms/conf
In directory sc8-pr-cvs1:/tmp/cvs-serv13696/conf
Modified Files:
msh.properties.xml
Log Message:
add settings for SSL Server authentication.
However, the SSL Server authentication is not implemented yet.
Index: msh.properties.xml
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/conf/msh.properties.xml,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -d -r1.24 -r1.25
*** msh.properties.xml 27 May 2003 03:03:08 -0000 1.24
--- msh.properties.xml 9 Sep 2003 04:06:18 -0000 1.25
***************
*** 129,132 ****
--- 129,147 ----
</DigitalSignature>
+ <SSL>
+ <!-- Optional property specifying the implementation class name of
+ javax.net.ssl.HostnameVerifier which handle the case when
+ the URL's hostname and the server's identification hostname
+ mismatch-->
+ <!--<HostnameVerifier></HostnameVerifier>-->
+ <TrustedAnchor>
+ <!-- Trust keystore for SSL Server Authentication -->
+ <KeyStore>
+ <Path>/hermes</Path>
+ <File>.keystore</File>
+ <Password>changeit</Password>
+ </KeyStore>
+ </TrustedAnchor>
+ </SSL>
<Persistent>
<Database>
|
|
From: <bob...@us...> - 2003-08-20 11:02:54
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki
In directory sc8-pr-cvs1:/tmp/cvs-serv16393/hk/hku/cecid/phoenix/pki
Modified Files:
ApacheXMLDSigner.java
Log Message:
add sign(tring username, char[] password, String keyStoreLocation,
String algorithm, String digestAlgorithm,
boolean signEnvelopeOnly)
on EbxmlMessage, which allow the user to sign the envelope only,
and specify the digest algorithm.
Index: ApacheXMLDSigner.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/pki/ApacheXMLDSigner.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** ApacheXMLDSigner.java 16 Jul 2003 09:00:15 -0000 1.10
--- ApacheXMLDSigner.java 20 Aug 2003 08:02:10 -0000 1.11
***************
*** 213,216 ****
--- 213,217 ----
private Object obj;
+ private String digestAlgo;
/**
* Default constructor to initialize the internal variables.
***************
*** 223,226 ****
--- 224,228 ----
certResolver = null;
obj = null;
+ digestAlgo = null;
}
***************
*** 235,238 ****
--- 237,261 ----
* two values are tested: <code>dsa-sha1</code> and
* <code>rsa-sha1</code>.
+ * @param digestAlgo the algorithm used for making digest value. Currently,
+ * one value is supported: <code>sha1</code>
+ * @throws SignException internal exception when doing initialization
+ * on Apache XML Security library
+ */
+ public void setEnvelope(Document doc, String algo, String digestAlgo)
+ throws SignException {
+ setEnvelope(doc, algo);
+ this.digestAlgo = digestAlgo;
+ }
+
+ /**
+ * Set the envelope to host the Signature element. That is the
+ * XML document where the Signature element to be added. The
+ * digital signature here will always be an enveloped signature.
+ * The envelope will be included in the process of signing.
+ *
+ * @param doc the XML document to host the Signature element
+ * @param algo the algorithm used for digital signature. Currently, only
+ * two values are tested: <code>dsa-sha1</code> and
+ * <code>rsa-sha1</code>.
* @throws SignException internal exception when doing initialization
* on Apache XML Security library
***************
*** 338,342 ****
try {
! signature.addDocument("", transforms, DIGEST_METHOD);
}
catch (XMLSignatureException e) {
--- 361,370 ----
try {
! if (digestAlgo == null) {
! signature.addDocument("", transforms, DIGEST_METHOD);
! } else {
! signature.addDocument("", transforms,
! NAMESPACE_URI_DS + digestAlgo);
! }
}
catch (XMLSignatureException e) {
|
|
From: <bob...@us...> - 2003-08-20 09:09:34
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging
In directory sc8-pr-cvs1:/tmp/cvs-serv16393/hk/hku/cecid/phoenix/message/packaging
Modified Files:
EbxmlMessage.java PKISignatureImpl.java Signature.java
Log Message:
add sign(tring username, char[] password, String keyStoreLocation,
String algorithm, String digestAlgorithm,
boolean signEnvelopeOnly)
on EbxmlMessage, which allow the user to sign the envelope only,
and specify the digest algorithm.
Index: EbxmlMessage.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging/EbxmlMessage.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -C2 -d -r1.35 -r1.36
*** EbxmlMessage.java 31 Jul 2003 06:55:59 -0000 1.35
--- EbxmlMessage.java 20 Aug 2003 08:02:09 -0000 1.36
***************
*** 941,944 ****
--- 941,977 ----
}
+ /**
+ * Sign this <code>EbxmlMessage</code> with XML signature
+ *
+ * @param username User name used to open the keystore
+ * @param password Password used to open the keystore
+ * @param keyStoreLocation File location of the keystore
+ * @param algorithm Specifies the algorithm used to generate
+ * the digital signature. Refer to <a href=
+ * "http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-AlgID">
+ * XML-Signature Syntax and Processing: Algorithm Identifiers and
+ * Implementation Requirements</a> for details.
+ * @param digestAlgo Specifies the algorithm used to make the digest.
+ * Refer to <a href=
+ * "http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-AlgID">
+ * XML-Signature Syntax and Processing: Algorithm Identifiers and
+ * Implementation Requirements</a> for details.
+ * @param signEnvelopeOnly whether it should sign the envelope only,
+ * without signing the payload.
+ *
+ * @throws SOAPException
+ * @throws SignatureException
+ */
+ public void sign(String username, char[] password, String keyStoreLocation,
+ String algorithm, String digestAlgorithm,
+ boolean signEnvelopeOnly)
+ throws SOAPException, SignatureException {
+ final Signature signature = Signature.newInstance(this);
+ signature.sign(username, password, keyStoreLocation, algorithm,
+ digestAlgorithm, signEnvelopeOnly);
+ headerContainer.addExtensionElement(signature);
+ saveChanges();
+ }
+
/**
* Verify the message using trusted keystore.
Index: PKISignatureImpl.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging/PKISignatureImpl.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** PKISignatureImpl.java 16 Jul 2003 08:54:10 -0000 1.9
--- PKISignatureImpl.java 20 Aug 2003 08:02:09 -0000 1.10
***************
*** 130,133 ****
--- 130,139 ----
void sign(String alias, char[] password, String keyStoreLocation,
String algo) throws SignatureException {
+ sign(alias, password, keyStoreLocation, null, null, false);
+ }
+
+ void sign(String alias, char[] password, String keyStoreLocation,
+ String algo, String digestAlgo, boolean signEnvelopeOnly)
+ throws SignatureException {
try {
final SOAPPart soapPart = ebxmlMessage.getSOAPMessage().
***************
*** 159,163 ****
// use user-defined algorithm, only support dsa-sha1 and
// rsa-sha1
! signature.setEnvelope(soapPartDocument, algo);
}
--- 165,173 ----
// use user-defined algorithm, only support dsa-sha1 and
// rsa-sha1
! if (digestAlgo == null) {
! signature.setEnvelope(soapPartDocument, algo);
! } else {
! signature.setEnvelope(soapPartDocument, algo, digestAlgo);
! }
}
***************
*** 165,173 ****
soapHeader.appendChild(signature.getElement());
! Iterator i = ebxmlMessage.getPayloadContainers();
! while (i.hasNext()) {
! PayloadContainer pc = (PayloadContainer) i.next();
! signature.addDocument(pc.getHref(),
! pc.getDataHandler().getInputStream(), pc.getContentType());
}
--- 175,186 ----
soapHeader.appendChild(signature.getElement());
! if (!signEnvelopeOnly) {
! Iterator i = ebxmlMessage.getPayloadContainers();
! while (i.hasNext()) {
! PayloadContainer pc = (PayloadContainer) i.next();
! signature.addDocument(pc.getHref(),
! pc.getDataHandler().getInputStream(),
! pc.getContentType());
! }
}
Index: Signature.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/packaging/Signature.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** Signature.java 16 Jul 2003 08:54:10 -0000 1.8
--- Signature.java 20 Aug 2003 08:02:09 -0000 1.9
***************
*** 407,410 ****
--- 407,429 ----
* @param password Password required to open the private key.
* @param keyStoreLocation File location of the keystore.
+ * @param algorithm Name of the algorithm used to sign the
+ * message.
+ * @param digestAlgo Name of the algorithm used to make the
+ * digest.
+ * @param signEnvelopeOnly whether sign the envelope only.,
+ * @throws SignatureException
+ */
+ abstract void sign(String username, char[] password,
+ String keyStoreLocation, String algorithm,
+ String digestAlgo, boolean signEnvelopeOnly)
+ throws SignatureException;
+
+ /**
+ * Sign the <code>EbxmlMessage</code> with the <code>username<code> and
+ * <code>password</code> used to retrieve private key from the keystore
+ *
+ * @param username User name required to open the private key.
+ * @param password Password required to open the private key.
+ * @param keyStoreLocation File location of the keystore.
* @throws SignatureException
*/
|
|
From: <bob...@us...> - 2003-08-15 08:09:25
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv30692/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
Tag: b0931
MessageServiceHandler.java
Log Message:
Fix the ping - pong bug that the pong message doesn't send to
the Request which send Ping message.
This situation occur when the Request use a self-Impl. MessageListener.
also store the pong message to the message server when it is generated.
Index: MessageServiceHandler.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/MessageServiceHandler.java,v
retrieving revision 1.148.2.18
retrieving revision 1.148.2.19
diff -C2 -d -r1.148.2.18 -r1.148.2.19
*** MessageServiceHandler.java 14 Aug 2003 03:50:27 -0000 1.148.2.18
--- MessageServiceHandler.java 15 Aug 2003 08:09:22 -0000 1.148.2.19
***************
*** 4848,4851 ****
--- 4848,4853 ----
logger.debug("Ping message is received");
response = generatePongMessage(ebxmlMessage);
+ messageServer.store(response, appContext,
+ MessageServer.STATE_SENT, true, tx);
logger.debug("Pong message is sent back");
}
***************
*** 4857,4860 ****
--- 4859,4864 ----
mshConnection = (MessageServiceHandlerConnection)
mshConnectionTable.get(appContext);
+ messageServer.store(ebxmlMessage, appContext,
+ MessageServer.STATE_RECEIVED, false, tx);
Delivery delivery = new Delivery(this, appContext,
mshConnection.getMessageServiceHandlerConfig().
|
|
From: <bob...@us...> - 2003-08-15 07:36:19
|
Update of /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler
In directory sc8-pr-cvs1:/tmp/cvs-serv23758/src/hk/hku/cecid/phoenix/message/handler
Modified Files:
MessageServiceHandler.java
Log Message:
Fix the ping - pong bug that the pong message doesn't send to
the Request which send Ping message.
This situation occur when the Request use a self-Impl. MessageListener.
also store the pong message to the message server when it is generated.
Index: MessageServiceHandler.java
===================================================================
RCS file: /cvsroot/ebxmlms/ebxmlms/src/hk/hku/cecid/phoenix/message/handler/MessageServiceHandler.java,v
retrieving revision 1.173
retrieving revision 1.174
diff -C2 -d -r1.173 -r1.174
*** MessageServiceHandler.java 11 Jul 2003 03:48:59 -0000 1.173
--- MessageServiceHandler.java 15 Aug 2003 07:34:01 -0000 1.174
***************
*** 1507,1511 ****
URL clientUrl = listener.getClientUrl();
final MessageServiceHandlerConfig config;
-
// Not client message listener and it's not using trusted repository
if (clientUrl.getProtocol().equals(MessageListener.PROTOCOL_FILE)) {
--- 1507,1510 ----
***************
*** 4910,4913 ****
--- 4909,4914 ----
logger.debug("Ping message is received");
response = generatePongMessage(ebxmlMessage);
+ messageServer.store(response, appContext,
+ MessageServer.STATE_SENT, true, tx);
logger.debug("Pong message is sent back");
}
***************
*** 4919,4922 ****
--- 4920,4925 ----
mshConnection = (MessageServiceHandlerConnection)
mshConnectionTable.get(appContext);
+ messageServer.store(ebxmlMessage, appContext,
+ MessageServer.STATE_RECEIVED, false, tx);
Delivery delivery = new Delivery(this, appContext,
mshConnection.getMessageServiceHandlerConfig().
|
4 messages has been excluded from this view by a project administrator.
