Implemented Scott's suggestions for the credential loader:
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 11 Dec 2003 20:18:08 +0000 (20:18 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 11 Dec 2003 20:18:08 +0000 (20:18 +0000)
1. Changed "format" to an enum.
2. Moved Key above Certificate.
3. Made Certificate optional.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@818 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

20 files changed:
data/credentials10.xml
data/credentials11.xml
data/credentials12.xml
data/credentials13.xml
data/credentials14.xml
data/credentials15.xml
data/credentials16.xml
data/credentials17.xml
data/credentials18.xml [new file with mode: 0644]
data/credentials2.xml
data/credentials4.xml
data/credentials5.xml
data/credentials6.xml
data/credentials7.xml
data/credentials8.xml
data/credentials9.xml
src/edu/internet2/middleware/shibboleth/common/Credential.java
src/edu/internet2/middleware/shibboleth/common/Credentials.java
src/schemas/credentials.xsd
tests/edu/internet2/middleware/shibboleth/common/CredentialsTests.java

index 576a358..6698658 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.dsa.pemcrt</Path>
-               </Certificate>
                <Key format="PEM">
                        <Path>/conf/test.dsa.pkcs8.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.dsa.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 56b2204..c768b07 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="DER" password="test123">
                        <Path>/conf/test.pkcs8.enc.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 60fdb2a..2295a11 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="PEM" password="test123">
                        <Path>/conf/test.pkcs8.enc.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 5af500d..0b6d0a7 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="PEM" password="test123">
                        <Path>/conf/test.pkcs1.enc.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index b3240e8..4eb99f0 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="PEM" password="test123">
                        <Path>/conf/test.pkcs1.enc.des.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 45f5b92..e86b033 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.dsa.pemcrt</Path>
-               </Certificate>
                <Key format="PEM" password="test123">
                        <Path>/conf/test.dsa.enc.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.dsa.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 683fb1d..d2b7c11 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.endonly.pemcrt</Path>
-               </Certificate>
                <Key format="DER">
                        <Path>/conf/test.pkcs8.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.endonly.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 2617112..b60e629 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.incompletechain.pemcrt</Path>
-               </Certificate>
                <Key format="DER">
                        <Path>/conf/test.pkcs8.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.incompletechain.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
diff --git a/data/credentials18.xml b/data/credentials18.xml
new file mode 100644 (file)
index 0000000..a379157
--- /dev/null
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Credentials xmlns="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
+       
+       <FileResolver Id="test">
+               <Key format="DER">
+                       <Path>/conf/test.pkcs8.derkey</Path>
+               </Key>
+       </FileResolver>
+</Credentials>
\ No newline at end of file
index 9e4c5cb..7991f42 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="DER">
                        <Path>/conf/test.pkcs8.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 36b693f..588da27 100644 (file)
@@ -4,13 +4,13 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
+               <Key format="DER">
+                       <Path>/conf/test.pkcs8.derkey</Path>
+               </Key>
                <Certificate format="PEM">
                        <Path>/conf/test.single.pemcrt</Path>
                        <CAPath>/conf/test.single.2.pemcrt</CAPath>
                        <CAPath>/conf/test.single.3.pemcrt</CAPath>
                </Certificate>
-               <Key format="DER">
-                       <Path>/conf/test.pkcs8.derkey</Path>
-               </Key>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 945dd8a..c51b88f 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="PEM">
                        <Path>/conf/test.pkcs8.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index ee3543b..8e46063 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="DER">
                        <Path>/conf/test.pkcs1.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 6a981e4..068be78 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.pemcrt</Path>
-               </Certificate>
                <Key format="PEM">
                        <Path>/conf/test.pkcs1.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 151a310..183aec1 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.dsa.pemcrt</Path>
-               </Certificate>
                <Key format="DER">
                        <Path>/conf/test.dsa.derkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.dsa.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index 8b1f48b..98d608d 100644 (file)
@@ -4,11 +4,11 @@
        xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
        
        <FileResolver Id="test">
-               <Certificate format="PEM">
-                       <Path>/conf/test.dsa.pemcrt</Path>
-               </Certificate>
                <Key format="PEM">
                        <Path>/conf/test.dsa.pemkey</Path>
                </Key>
+               <Certificate format="PEM">
+                       <Path>/conf/test.dsa.pemcrt</Path>
+               </Certificate>
        </FileResolver>
 </Credentials>
\ No newline at end of file
index b5bdc06..9d504c3 100644 (file)
@@ -73,6 +73,13 @@ public class Credential {
                }
                return null;
        }
+       
+       public boolean hasX509Certificate() {
+               if (certs == null || certs.length == 0) {
+                       return false;
+               }
+               return true;
+       }
 
        public X509Certificate getX509Certificate() {
                return certs[0];
index 4877a92..3d9e16e 100644 (file)
@@ -208,8 +208,6 @@ class FileCredentialResolver implements CredentialResolver {
                log.debug("Key Format: (" + keyFormat + ").");
                log.debug("Key Path: (" + keyPath + ").");
 
-               //TODO maybe more info statements
-
                PrivateKey key = null;
 
                if (keyFormat.equals("DER")) {
@@ -235,9 +233,17 @@ class FileCredentialResolver implements CredentialResolver {
                        log.error("Failed to load private key.");
                        throw new CredentialFactoryException("Failed to initialize Credential Resolver.");
                }
+               log.info("Successfully loaded private key.");
 
-               String certFormat = getCertFormat(e);
+               
+               ArrayList certChain = new ArrayList();
                String certPath = getCertPath(e);
+               
+               if (certPath == null || certPath.equals("")) {
+                       log.info("No certificates specified.");
+               } else {
+
+               String certFormat = getCertFormat(e);
                //A placeholder in case we want to make this configurable
                String certType = "X.509";
 
@@ -252,7 +258,7 @@ class FileCredentialResolver implements CredentialResolver {
                        throw new CredentialFactoryException("Failed to initialize Credential Resolver.");
                }
 
-               ArrayList certChain = new ArrayList();
+
                ArrayList allCerts = new ArrayList();
 
                try {
@@ -317,7 +323,7 @@ class FileCredentialResolver implements CredentialResolver {
                        log.debug("Attempting to construct a certificate chain.");
                        walkChain((X509Certificate[]) allCerts.toArray(new X509Certificate[0]), certChain);
 
-                       log.info("Verifying that each link in the cert chain is signed appropriately");
+                       log.debug("Verifying that each link in the cert chain is signed appropriately");
                        for (int i = 0; i < certChain.size() - 1; i++) {
                                PublicKey pubKey = ((X509Certificate) certChain.get(i + 1)).getPublicKey();
                                try {
@@ -328,12 +334,14 @@ class FileCredentialResolver implements CredentialResolver {
                                }
                        }
                        log.debug("All signatures verified. Certificate chain creation successful.");
+                       log.info("Successfully loaded certificates.");
+               
 
                } catch (IOException p) {
                        log.error("Could not load resource from specified location (" + certPath + "): " + p);
                        throw new CredentialFactoryException("Unable to load certificates.");
                }
-
+               }
                return new Credential(((X509Certificate[]) certChain.toArray(new X509Certificate[0])), key);
        }
 
@@ -1031,8 +1039,8 @@ class FileCredentialResolver implements CredentialResolver {
 
                NodeList certificateElements = e.getElementsByTagNameNS(Credentials.credentialsNamespace, "Certificate");
                if (certificateElements.getLength() < 1) {
-                       log.error("Certificate not specified.");
-                       throw new CredentialFactoryException("File Credential Resolver requires a <Certificate> specification.");
+                       log.debug("No <Certificate> element found.");
+                       return null;
                }
                if (certificateElements.getLength() > 1) {
                        log.error("Multiple Certificate path specifications, using first.");
index f7b1219..e198955 100644 (file)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- edited with XMLSPY v2004 rel. 2 U (http://www.xmlspy.com) by Walter F Hoehn, Jr (Columbia University in the City of New York) -->
-<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:credentials="urn:mace:shibboleth:credentials:1.0" elementFormDefault="qualified" attributeFormDefault="unqualified">
+<xs:schema targetNamespace="urn:mace:shibboleth:credentials:1.0" xmlns:credentials="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
        <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
        <xs:element name="Credentials">
                <xs:complexType>
                                                <xs:complexContent>
                                                        <xs:extension base="credentials:BaseCredentialFinder">
                                                                <xs:sequence>
-                                                                       <xs:element name="Certificate">
+                                                                       <xs:element name="Key">
                                                                                <xs:complexType>
                                                                                        <xs:sequence>
                                                                                                <xs:element name="Path" type="xs:string"/>
-                                                                                               <xs:element name="CAPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
                                                                                        </xs:sequence>
-                                                                                       <xs:attribute name="format" type="xs:string" use="optional" default="PEM"/>
+                                                                                       <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
+                                                                                       <xs:attribute name="password" type="xs:string" use="optional"/>
                                                                                </xs:complexType>
                                                                        </xs:element>
-                                                                       <xs:element name="Key">
+                                                                       <xs:element name="Certificate" minOccurs="0">
                                                                                <xs:complexType>
                                                                                        <xs:sequence>
                                                                                                <xs:element name="Path" type="xs:string"/>
+                                                                                               <xs:element name="CAPath" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
                                                                                        </xs:sequence>
-                                                                                       <xs:attribute name="format" type="xs:string" use="optional" default="PEM"/>
-                                                                                       <xs:attribute name="password" type="xs:string" use="optional"/>
+                                                                                       <xs:attribute name="format" type="credentials:FormatType" use="optional" default="PEM"/>
                                                                                </xs:complexType>
                                                                        </xs:element>
                                                                </xs:sequence>
                        </xs:choice>
                </xs:complexType>
        </xs:element>
+       <xs:simpleType name="FormatType">
+               <xs:restriction base="xs:string">
+                       <xs:enumeration value="PEM"/>
+                       <xs:enumeration value="DER"/>
+               </xs:restriction>
+       </xs:simpleType>
        <xs:complexType name="BaseCredentialFinder">
                <xs:attribute name="Id" type="xs:string" use="required"/>
        </xs:complexType>
index 4faebf6..fb41181 100644 (file)
@@ -68,14 +68,14 @@ public class CredentialsTests extends TestCase {
                BasicConfigurator.resetConfiguration();
                BasicConfigurator.configure();
                //TODO turn this off later
-               Logger.getRootLogger().setLevel(Level.DEBUG);
+               Logger.getRootLogger().setLevel(Level.INFO);
        }
 
        public static void main(String[] args) {
                junit.textui.TestRunner.run(CredentialsTests.class);
                BasicConfigurator.configure();
                //TODO turn this off later
-               Logger.getRootLogger().setLevel(Level.DEBUG);
+               Logger.getRootLogger().setLevel(Level.INFO);
        }
 
        /**
@@ -169,7 +169,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509EndOnly() {
+       public void testFileX509EndOnly() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials16.xml");
@@ -196,7 +196,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509IncompleteChain() {
+       public void testFileX509IncompleteChain() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials17.xml");
@@ -226,6 +226,33 @@ public class CredentialsTests extends TestCase {
                        fail("Failed to load credentials: " + e);
                }
        }
+       
+       public void testFileX509RSANoCert() {
+
+               try {
+                       InputStream inStream = new FileInputStream("data/credentials18.xml");
+                       parser.parse(new InputSource(inStream));
+                       Credentials credentials = new Credentials(parser.getDocument().getDocumentElement());
+
+                       assertTrue("Credential could not be found.", credentials.containsCredential("test"));
+                       Credential credential = credentials.getCredential("test");
+
+                       assertTrue(
+                               "Credential was loaded with an incorrect type.",
+                               credential.getCredentialType() == Credential.X509);
+                       assertNotNull("Private key was not loaded correctly.", credential.getPrivateKey());
+                       assertEquals(
+                               "Unexpected X509 certificate found.",
+                               credential.hasX509Certificate(),
+                               false);
+                       assertEquals(
+                               "Unexpected certificate chain length.",
+                               new Integer(credential.getX509CertificateChain().length),
+                               new Integer(0));
+               } catch (Exception e) {
+                       fail("Failed to load credentials: " + e);
+               }
+       }
 
        public void testKeyStoreX509AliasDefaulting() {
 
@@ -320,7 +347,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_PKCS8Key() {
+       public void testFileX509_PEM_PKCS8Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials5.xml");
@@ -351,7 +378,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_DER_RSA_Key() {
+       public void testFileX509_DER_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials6.xml");
@@ -382,7 +409,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_RSA_Key() {
+       public void testFileX509_PEM_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials7.xml");
@@ -413,7 +440,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_DER_DSA_Key() {
+       public void testFileX509_DER_DSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials8.xml");
@@ -440,7 +467,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_DSA_Key() {
+       public void testFileX509_PEM_DSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials9.xml");
@@ -467,7 +494,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_PKCS8_DSA_Key() {
+       public void testFileX509_PEM_PKCS8_DSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials10.xml");
@@ -494,7 +521,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_DER_PKCS8_Encrypted_RSA_Key() {
+       public void testFileX509_DER_PKCS8_Encrypted_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials11.xml");
@@ -525,7 +552,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_PKCS8_Encrypted_RSA_Key() {
+       public void testFileX509_PEM_PKCS8_Encrypted_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials12.xml");
@@ -556,7 +583,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_Encrypted_DES_RSA_Key() {
+       public void testFileX509_PEM_Encrypted_DES_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials14.xml");
@@ -587,7 +614,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_Encrypted_TripeDES_RSA_Key() {
+       public void testFileX509_PEM_Encrypted_TripeDES_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials13.xml");
@@ -618,7 +645,7 @@ public class CredentialsTests extends TestCase {
                }
        }
 
-       public void testKeyStoreX509_PEM_Encrypted_TripeDES_DSA_Key() {
+       public void testFileX509_PEM_Encrypted_TripeDES_DSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials15.xml");