xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.dsa.pemcrt</Path>
- </Certificate>
<Key format="PEM">
<Path>/conf/test.dsa.pkcs8.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.dsa.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="DER" password="test123">
<Path>/conf/test.pkcs8.enc.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="PEM" password="test123">
<Path>/conf/test.pkcs8.enc.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="PEM" password="test123">
<Path>/conf/test.pkcs1.enc.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="PEM" password="test123">
<Path>/conf/test.pkcs1.enc.des.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.dsa.pemcrt</Path>
- </Certificate>
<Key format="PEM" password="test123">
<Path>/conf/test.dsa.enc.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.dsa.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.endonly.pemcrt</Path>
- </Certificate>
<Key format="DER">
<Path>/conf/test.pkcs8.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.endonly.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.incompletechain.pemcrt</Path>
- </Certificate>
<Key format="DER">
<Path>/conf/test.pkcs8.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.incompletechain.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Credentials xmlns="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
+
+ <FileResolver Id="test">
+ <Key format="DER">
+ <Path>/conf/test.pkcs8.derkey</Path>
+ </Key>
+ </FileResolver>
+</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="DER">
<Path>/conf/test.pkcs8.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
+ <Key format="DER">
+ <Path>/conf/test.pkcs8.derkey</Path>
+ </Key>
<Certificate format="PEM">
<Path>/conf/test.single.pemcrt</Path>
<CAPath>/conf/test.single.2.pemcrt</CAPath>
<CAPath>/conf/test.single.3.pemcrt</CAPath>
</Certificate>
- <Key format="DER">
- <Path>/conf/test.pkcs8.derkey</Path>
- </Key>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="PEM">
<Path>/conf/test.pkcs8.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="DER">
<Path>/conf/test.pkcs1.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.pemcrt</Path>
- </Certificate>
<Key format="PEM">
<Path>/conf/test.pkcs1.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.dsa.pemcrt</Path>
- </Certificate>
<Key format="DER">
<Path>/conf/test.dsa.derkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.dsa.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
<FileResolver Id="test">
- <Certificate format="PEM">
- <Path>/conf/test.dsa.pemcrt</Path>
- </Certificate>
<Key format="PEM">
<Path>/conf/test.dsa.pemkey</Path>
</Key>
+ <Certificate format="PEM">
+ <Path>/conf/test.dsa.pemcrt</Path>
+ </Certificate>
</FileResolver>
</Credentials>
\ No newline at end of file
}
return null;
}
+
+ public boolean hasX509Certificate() {
+ if (certs == null || certs.length == 0) {
+ return false;
+ }
+ return true;
+ }
public X509Certificate getX509Certificate() {
return certs[0];
log.debug("Key Format: (" + keyFormat + ").");
log.debug("Key Path: (" + keyPath + ").");
- //TODO maybe more info statements
-
PrivateKey key = null;
if (keyFormat.equals("DER")) {
log.error("Failed to load private key.");
throw new CredentialFactoryException("Failed to initialize Credential Resolver.");
}
+ log.info("Successfully loaded private key.");
- String certFormat = getCertFormat(e);
+
+ ArrayList certChain = new ArrayList();
String certPath = getCertPath(e);
+
+ if (certPath == null || certPath.equals("")) {
+ log.info("No certificates specified.");
+ } else {
+
+ String certFormat = getCertFormat(e);
//A placeholder in case we want to make this configurable
String certType = "X.509";
throw new CredentialFactoryException("Failed to initialize Credential Resolver.");
}
- ArrayList certChain = new ArrayList();
+
ArrayList allCerts = new ArrayList();
try {
log.debug("Attempting to construct a certificate chain.");
walkChain((X509Certificate[]) allCerts.toArray(new X509Certificate[0]), certChain);
- log.info("Verifying that each link in the cert chain is signed appropriately");
+ log.debug("Verifying that each link in the cert chain is signed appropriately");
for (int i = 0; i < certChain.size() - 1; i++) {
PublicKey pubKey = ((X509Certificate) certChain.get(i + 1)).getPublicKey();
try {
}
}
log.debug("All signatures verified. Certificate chain creation successful.");
+ log.info("Successfully loaded certificates.");
+
} catch (IOException p) {
log.error("Could not load resource from specified location (" + certPath + "): " + p);
throw new CredentialFactoryException("Unable to load certificates.");
}
-
+ }
return new Credential(((X509Certificate[]) certChain.toArray(new X509Certificate[0])), key);
}
NodeList certificateElements = e.getElementsByTagNameNS(Credentials.credentialsNamespace, "Certificate");
if (certificateElements.getLength() < 1) {
- log.error("Certificate not specified.");
- throw new CredentialFactoryException("File Credential Resolver requires a <Certificate> specification.");
+ log.debug("No <Certificate> element found.");
+ return null;
}
if (certificateElements.getLength() > 1) {
log.error("Multiple Certificate path specifications, using first.");
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by Walter F Hoehn, Jr (Columbia University in the City of New York) -->
-<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:credentials="urn:mace:shibboleth:credentials:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
+<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0" xmlns:credentials="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
<xs:element name="Credentials">
<xs:complexType>
<xs:complexContent>
<xs:extension base="credentials:BaseCredentialFinder">
<xs:sequence>
- <xs:element name="Certificate">
+ <xs:element name="Key">
<xs:complexType>
<xs:sequence>
<xs:element name="Path" type="xs:string"/>
- <xs:element name="CAPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
- <xs:attribute name="format" type="xs:string" use="optional" default="PEM"/>
+ <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
+ <xs:attribute name="password" type="xs:string" use="optional"/>
</xs:complexType>
</xs:element>
- <xs:element name="Key">
+ <xs:element name="Certificate" minOccurs="0">
<xs:complexType>
<xs:sequence>
<xs:element name="Path" type="xs:string"/>
+ <xs:element name="CAPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
- <xs:attribute name="format" type="xs:string" use="optional" default="PEM"/>
- <xs:attribute name="password" type="xs:string" use="optional"/>
+ <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:choice>
</xs:complexType>
</xs:element>
+ <xs:simpleType name="FormatType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="PEM"/>
+ <xs:enumeration value="DER"/>
+ </xs:restriction>
+ </xs:simpleType>
<xs:complexType name="BaseCredentialFinder">
<xs:attribute name="Id" type="xs:string" use="required"/>
</xs:complexType>
BasicConfigurator.resetConfiguration();
BasicConfigurator.configure();
//TODO turn this off later
- Logger.getRootLogger().setLevel(Level.DEBUG);
+ Logger.getRootLogger().setLevel(Level.INFO);
}
public static void main(String[] args) {
junit.textui.TestRunner.run(CredentialsTests.class);
BasicConfigurator.configure();
//TODO turn this off later
- Logger.getRootLogger().setLevel(Level.DEBUG);
+ Logger.getRootLogger().setLevel(Level.INFO);
}
/**
}
}
- public void testKeyStoreX509EndOnly() {
+ public void testFileX509EndOnly() {
try {
InputStream inStream = new FileInputStream("data/credentials16.xml");
}
}
- public void testKeyStoreX509IncompleteChain() {
+ public void testFileX509IncompleteChain() {
try {
InputStream inStream = new FileInputStream("data/credentials17.xml");
fail("Failed to load credentials: " + e);
}
}
+
+ public void testFileX509RSANoCert() {
+
+ try {
+ InputStream inStream = new FileInputStream("data/credentials18.xml");
+ parser.parse(new InputSource(inStream));
+ Credentials credentials = new Credentials(parser.getDocument().getDocumentElement());
+
+ assertTrue("Credential could not be found.", credentials.containsCredential("test"));
+ Credential credential = credentials.getCredential("test");
+
+ assertTrue(
+ "Credential was loaded with an incorrect type.",
+ credential.getCredentialType() == Credential.X509);
+ assertNotNull("Private key was not loaded correctly.", credential.getPrivateKey());
+ assertEquals(
+ "Unexpected X509 certificate found.",
+ credential.hasX509Certificate(),
+ false);
+ assertEquals(
+ "Unexpected certificate chain length.",
+ new Integer(credential.getX509CertificateChain().length),
+ new Integer(0));
+ } catch (Exception e) {
+ fail("Failed to load credentials: " + e);
+ }
+ }
public void testKeyStoreX509AliasDefaulting() {
}
}
- public void testKeyStoreX509_PEM_PKCS8Key() {
+ public void testFileX509_PEM_PKCS8Key() {
try {
InputStream inStream = new FileInputStream("data/credentials5.xml");
}
}
- public void testKeyStoreX509_DER_RSA_Key() {
+ public void testFileX509_DER_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials6.xml");
}
}
- public void testKeyStoreX509_PEM_RSA_Key() {
+ public void testFileX509_PEM_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials7.xml");
}
}
- public void testKeyStoreX509_DER_DSA_Key() {
+ public void testFileX509_DER_DSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials8.xml");
}
}
- public void testKeyStoreX509_PEM_DSA_Key() {
+ public void testFileX509_PEM_DSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials9.xml");
}
}
- public void testKeyStoreX509_PEM_PKCS8_DSA_Key() {
+ public void testFileX509_PEM_PKCS8_DSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials10.xml");
}
}
- public void testKeyStoreX509_DER_PKCS8_Encrypted_RSA_Key() {
+ public void testFileX509_DER_PKCS8_Encrypted_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials11.xml");
}
}
- public void testKeyStoreX509_PEM_PKCS8_Encrypted_RSA_Key() {
+ public void testFileX509_PEM_PKCS8_Encrypted_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials12.xml");
}
}
- public void testKeyStoreX509_PEM_Encrypted_DES_RSA_Key() {
+ public void testFileX509_PEM_Encrypted_DES_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials14.xml");
}
}
- public void testKeyStoreX509_PEM_Encrypted_TripeDES_RSA_Key() {
+ public void testFileX509_PEM_Encrypted_TripeDES_RSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials13.xml");
}
}
- public void testKeyStoreX509_PEM_Encrypted_TripeDES_DSA_Key() {
+ public void testFileX509_PEM_Encrypted_TripeDES_DSA_Key() {
try {
InputStream inStream = new FileInputStream("data/credentials15.xml");