Skip to content
Permalink
Browse files
JUDDI-862 added and documented
  • Loading branch information
spyhunter99 committed Jan 19, 2015
1 parent 75f1a2b commit 6e03b82446f162a3cb3b6ac4c27acdf847afefd9
Showing 16 changed files with 732 additions and 233 deletions.
@@ -143,6 +143,15 @@ RMI Proxy properties that can be referenced in the _juddiv3.xml_ file and is onl
|===========================================================================================
|Property Name |Description |Required |Default Value or [Example Value]
|_juddi/validation/enforceReferentialIntegrity_|As of 3.1.5 This setting will force referential integrity for all tModels (except keyGenerators), category bags, bindingTemplate/AccessPoint/hostingRedirector (referencing another host), tModelInstanceParms and anything else that references a KeyName default value is true. Set to false for backwards compatibility or for a more lax registry.|N|[_true_]
|_juddi/validation/rejectInvalidSignatures/enable | Enables or Disables the validation of signatures when a publisher attempts to save an entity | N | false
|_juddi/validation/rejectInvalidSignatures/enable/trustStorePath | Path to the trust store. Can be overridden via system properties. If not specified, the Windows trust store will be used, else the default JRE trust store will be used. | N | [truststore.jks]
|_juddi/validation/rejectInvalidSignatures/trustStoreType | The type of store to use | N | JKS
|_juddi/validation/rejectInvalidSignatures/trustStorePassword | The clear text or encrypted password to the trust store | N |
|_juddi/validation/rejectInvalidSignatures/trustStorePassword@isPasswordEncrypted | True/False | N | false
|_juddi/validation/rejectInvalidSignatures/trustStorePassword@cryptoProvider | A cryptographic provider, representing the one that was used to encrypt |
|_juddi/validation/rejectInvalidSignatures/checkTimestamps | If true, certificates are checked against the time validity | N | false
|_juddi/validation/rejectInvalidSignatures/checkTrust | If true, the certificates trust chain is validated against the trust store | N | false
|_juddi/validation/rejectInvalidSignatures/checkRevocationCRL | If true, the certificate will attempted to be validated using online certificate revocation protocols | N | false
|===========================================================================================


@@ -17,6 +17,7 @@

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
@@ -149,8 +150,38 @@ public void clear() {
public final static String SIGNATURE_KEYSTORE_FILE_PASSWORD = "filePassword";
public final static String SIGNATURE_KEYSTORE_KEY_PASSWORD = "keyPassword";
public final static String SIGNATURE_KEYSTORE_KEY_ALIAS = "keyAlias";
/**
*
* trust loaded as follows
* system property via file
* programmatically specified map via file
* programmatically specified map thread classloader lookup
* programmatically specified map this class's classloader lookup
* windows trust store
* JDK provided trust store
*/
public final static String TRUSTSTORE_FILE = "trustStorePath";
/**
*
* trust loaded as follows
* system property via file
* programmatically specified map via file
* programmatically specified map thread classloader lookup
* programmatically specified map this class's classloader lookup
* windows trust store
* JDK provided trust store
*/
public final static String TRUSTSTORE_FILETYPE = "trustStoreType";
/**
*
* trust loaded as follows
* system property via file
* programmatically specified map via file
* programmatically specified map thread classloader lookup
* programmatically specified map this class's classloader lookup
* windows trust store
* JDK provided trust store
*/
public final static String TRUSTSTORE_FILE_PASSWORD = "trustStorePassword";
/**
* default is CanonicalizationMethod.EXCLUSIVE
@@ -618,6 +649,17 @@ public boolean verifySignedUddiEntity(Object obj, AtomicReference<String> OutErr
}
}

/**
* trust loaded as follows
* system property via file
* programmatically specified map via file
* programmatically specified map thread classloader lookup
* programmatically specified map this class's classloader lookup
* windows trust store
* JDK provided trust store
* @return
* @throws Exception
*/
private KeyStore GetTrustStore() throws Exception {
String type = map.getProperty(TRUSTSTORE_FILETYPE);
if (type == null) {
@@ -626,17 +668,61 @@ private KeyStore GetTrustStore() throws Exception {
KeyStore ks = KeyStore.getInstance(type);
boolean ksLoaded = false;

//try windows trust store first
try {
if (map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
ks.load(null, null);
if (!ksLoaded) {
String truststore = System.getProperty("javax.net.ssl.keyStore");
try {

String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
if (truststore != null && pwd != null) {
ks.load(new File(truststore).toURI().toURL().openStream(), pwd.toCharArray());
ksLoaded = true;
logger.info("trust store loaded from sysprop " + truststore);
}
} catch (Exception ex) {
logger.warn("unable to load truststore from sysprop " + truststore + " " + ex.getMessage());
logger.debug("unable to load truststore from sysprop " + ex.getMessage(),ex);
}
}

File f=new File(map.getProperty(TRUSTSTORE_FILE));
//load as a file
if (!ksLoaded) {
try {
if (f.exists()){
URL url = f.toURI().toURL();
ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
ksLoaded = true;
logger.info("trust store loaded from windows");
logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
}
} catch (Exception x) {
logger.warn("unable to load truststore from file "+map.getProperty(TRUSTSTORE_FILE)+" "+ x.getMessage());
logger.debug("unable to load truststore from file "+ x.getMessage(), x);

}
}

if (!ksLoaded) {
try {
//File f = new File(map.getProperty(TRUSTSTORE_FILE));
if (f.exists())
{
FileInputStream fis = new FileInputStream(f);
ks.load(fis, (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
fis.close();
ksLoaded = true;
logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
}
} catch (Exception x) {
logger.warn("unable to load truststore from file "+map.getProperty(TRUSTSTORE_FILE)+" "+ x.getMessage());
logger.debug("unable to load truststore from file "+ x.getMessage(), x);

}
} catch (Exception ex) {
logger.debug("unable to load truststore from windows", ex);
}





//load from thread classloader
if (!ksLoaded) {
try {
@@ -645,6 +731,7 @@ private KeyStore GetTrustStore() throws Exception {
ksLoaded = true;
logger.info("trust store loaded from classpath(1) " + map.getProperty(TRUSTSTORE_FILE));
} catch (Exception x) {
logger.warn("unable to load truststore from classpath" + map.getProperty(TRUSTSTORE_FILE) + " " +x.getMessage());
logger.debug("unable to load truststore from classpath", x);
}
}
@@ -657,36 +744,11 @@ private KeyStore GetTrustStore() throws Exception {
ksLoaded = true;
logger.info("trust store loaded from classpath(2) " + map.getProperty(TRUSTSTORE_FILE));
} catch (Exception x) {
logger.warn("unable to load truststore from classpath "+ map.getProperty(TRUSTSTORE_FILE) + " " +x.getMessage());
logger.debug("unable to load truststore from classpath", x);
}
}
//load as a file
if (!ksLoaded) {
try {
URL url = new File(map.getProperty(TRUSTSTORE_FILE)).toURI().toURL();
ks.load(url.openStream(), (map.getProperty(TRUSTSTORE_FILE_PASSWORD)).toCharArray());
ksLoaded = true;
logger.info("trust store loaded from file " + map.getProperty(TRUSTSTORE_FILE));
} catch (Exception x) {
logger.debug("unable to load truststore from file", x);
}
}

// logger.error("Unable to load user specified trust store! attempting to load the default", ex);
//load from system property
if (!ksLoaded) {
try {
String truststore = System.getProperty("javax.net.ssl.keyStore");
String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
if (truststore != null && pwd != null) {
ks.load(new File(truststore).toURI().toURL().openStream(), pwd.toCharArray());
ksLoaded = true;
logger.info("trust store loaded from sysprop " + truststore);
}
} catch (Exception ex) {
logger.debug("unable to load truststore from sysprop", ex);
}
}


if (!ksLoaded) {
try {
@@ -695,16 +757,31 @@ private KeyStore GetTrustStore() throws Exception {
logger.info("trust store loaded from JRE " + cacerts.toExternalForm());
ksLoaded = true;
} catch (Exception c) {
logger.debug("unable to load default JDK truststore", c);
logger.warn("unable to load default JDK truststore "+ c.getMessage());
logger.debug("unable to load default JDK truststore",c);
}
}

//try windows trust store first
try {
if (map.getProperty(TRUSTSTORE_FILETYPE).equalsIgnoreCase("WINDOWS-ROOT")) {
ks.load(null, null);
ksLoaded = true;
logger.info("trust store loaded from windows");
}
} catch (Exception ex) {
logger.warn("unable to load truststore from windows " +ex.getMessage());
logger.debug("unable to load truststore from windows", ex);
}

if (!ksLoaded) {
try {
URL cacerts = new File(System.getenv("JAVA_HOME") + File.separator + "jre" + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts").toURI().toURL();
ks.load(cacerts.openStream(), "changeit".toCharArray());
logger.info("trust store loaded from JRE " + cacerts.toExternalForm());
ksLoaded = true;
} catch (Exception c) {
logger.warn("unable to load default jdk/jre truststore " +c.getMessage());
logger.debug("unable to load default jdk/jre truststore", c);
}
}

0 comments on commit 6e03b82

Please sign in to comment.