in ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java [56:195]
public void loadProperties(Properties properties, ClassLoader loader, PasswordEncryptor passwordEncryptor)
throws WSSecurityException, IOException {
if (properties == null) {
return;
}
this.properties = properties;
this.passwordEncryptor = passwordEncryptor;
String prefix = PREFIX;
for (Object key : properties.keySet()) {
if (key instanceof String) {
String propKey = (String)key;
if (propKey.startsWith(PREFIX)) {
break;
} else if (propKey.startsWith(OLD_PREFIX)) {
prefix = OLD_PREFIX;
break;
}
}
}
//
// Load the provider(s)
//
String provider = properties.getProperty(prefix + CRYPTO_KEYSTORE_PROVIDER);
if (provider != null) {
provider = provider.trim();
}
String certProvider = properties.getProperty(prefix + CRYPTO_CERT_PROVIDER);
if (certProvider != null) {
setCryptoProvider(certProvider);
}
//
// Load the KeyStore
//
String alias = properties.getProperty(prefix + KEYSTORE_ALIAS);
if (alias != null) {
alias = alias.trim();
setDefaultX509Identifier(alias);
}
String keyStoreLocation = properties.getProperty(prefix + KEYSTORE_FILE);
if (keyStoreLocation == null) {
keyStoreLocation = properties.getProperty(prefix + OLD_KEYSTORE_FILE);
}
String keyStorePassword = properties.getProperty(prefix + KEYSTORE_PASSWORD);
if (keyStorePassword != null) {
keyStorePassword = keyStorePassword.trim();
keyStorePassword = decryptPassword(keyStorePassword, passwordEncryptor);
}
String keyStoreType = properties.getProperty(prefix + KEYSTORE_TYPE, KeyStore.getDefaultType());
if (keyStoreType != null) {
keyStoreType = keyStoreType.trim();
}
if (keyStoreLocation != null) {
keyStoreLocation = keyStoreLocation.trim();
try (InputStream is = loadInputStream(loader, keyStoreLocation)) {
keystore = load(is, keyStorePassword, provider, keyStoreType);
LOG.debug(
"The KeyStore {} of type {} has been loaded", keyStoreLocation, keyStoreType
);
}
} else {
keystore = load(null, keyStorePassword, provider, keyStoreType);
}
//
// Load the TrustStore
//
String trustStorePassword = properties.getProperty(prefix + TRUSTSTORE_PASSWORD);
if (trustStorePassword != null) {
trustStorePassword = trustStorePassword.trim();
trustStorePassword = decryptPassword(trustStorePassword, passwordEncryptor);
}
String trustStoreType = properties.getProperty(prefix + TRUSTSTORE_TYPE, KeyStore.getDefaultType());
if (trustStoreType != null) {
trustStoreType = trustStoreType.trim();
}
String loadCacerts = properties.getProperty(prefix + LOAD_CA_CERTS, "false");
if (loadCacerts != null) {
loadCacerts = loadCacerts.trim();
}
String trustStoreLocation = properties.getProperty(prefix + TRUSTSTORE_FILE);
if (trustStoreLocation != null) {
trustStoreLocation = trustStoreLocation.trim();
try (InputStream is = loadInputStream(loader, trustStoreLocation)) {
truststore = load(is, trustStorePassword, provider, trustStoreType);
LOG.debug(
"The TrustStore {} of type {} has been loaded", trustStoreLocation, trustStoreType
);
loadCACerts = false;
}
} else if (Boolean.valueOf(loadCacerts)) {
String cacertsPath = (System.getProperty("java.home") + "/lib/security/cacerts").trim();
try (InputStream is = Files.newInputStream(Paths.get(cacertsPath))) {
String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
cacertsPasswd = cacertsPasswd.trim();
cacertsPasswd = decryptPassword(cacertsPasswd, passwordEncryptor);
}
truststore = load(is, cacertsPasswd, null, KeyStore.getDefaultType());
LOG.debug("CA certs have been loaded");
loadCACerts = true;
}
} else {
truststore = load(null, trustStorePassword, provider, trustStoreType);
}
//
// Load the CRL file
//
String crlLocation = properties.getProperty(prefix + X509_CRL_FILE);
if (crlLocation != null) {
crlLocation = crlLocation.trim();
try (InputStream is = loadInputStream(loader, crlLocation)) {
CertificateFactory cf = getCertificateFactory();
X509CRL crl = (X509CRL)cf.generateCRL(is);
if (provider == null || provider.length() == 0) {
crlCertStore =
CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(Collections.singletonList(crl))
);
} else {
crlCertStore =
CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(Collections.singletonList(crl)),
provider
);
}
LOG.debug("The CRL {} has been loaded", crlLocation);
} catch (Exception e) {
LOG.debug(e.getMessage(), e);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "failedCredentialLoad");
}
}
}