in ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java [164:349]
public void loadProperties(
Properties properties,
ClassLoader loader,
PasswordEncryptor passwordEncryptor
) throws WSSecurityException, IOException {
if (properties == null) {
return;
}
this.properties = properties;
this.passwordEncryptor = passwordEncryptor;
String prefix = PREFIX;
for (Object key : properties.keySet()) {
if (key instanceof String) {
String propKey = (String)key;
if (propKey.startsWith(PREFIX)) {
break;
} else if (propKey.startsWith(OLD_PREFIX)) {
prefix = OLD_PREFIX;
break;
}
}
}
//
// Load the provider(s)
//
String keystoreProvider = this.properties.getProperty(prefix + CRYPTO_KEYSTORE_PROVIDER);
if (keystoreProvider != null) {
keystoreProvider = keystoreProvider.trim();
if (keystoreProvider.length() == 0) {
keystoreProvider = null;
}
}
String certProvider = properties.getProperty(prefix + CRYPTO_CERT_PROVIDER);
if (certProvider != null) {
setCryptoProvider(certProvider);
}
String cpNameConstraintsProp =
properties.getProperty(prefix + CRYPTO_CERT_PROVIDER_HANDLES_NAME_CONSTRAINTS);
if (cpNameConstraintsProp != null) {
certProviderHandlesNameConstraints = Boolean.parseBoolean(cpNameConstraintsProp);
}
//
// Load the KeyStore
//
String alias = properties.getProperty(prefix + KEYSTORE_ALIAS);
if (alias != null) {
alias = alias.trim();
setDefaultX509Identifier(alias);
}
String keyStoreLocation = properties.getProperty(prefix + KEYSTORE_FILE);
if (keyStoreLocation == null) {
keyStoreLocation = properties.getProperty(prefix + OLD_KEYSTORE_FILE);
}
if (keyStoreLocation != null) {
keyStoreLocation = keyStoreLocation.trim();
try (InputStream is = loadInputStream(loader, keyStoreLocation)) {
String passwd = properties.getProperty(prefix + KEYSTORE_PASSWORD);
if (passwd != null) {
passwd = passwd.trim();
passwd = decryptPassword(passwd, passwordEncryptor);
}
String type = properties.getProperty(prefix + KEYSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
type = type.trim();
}
keystore = load(is, passwd, keystoreProvider, type);
LOG.debug(
"The KeyStore {} of type {} has been loaded", keyStoreLocation, type
);
String privatePasswd = properties.getProperty(prefix + KEYSTORE_PRIVATE_PASSWORD);
if (privatePasswd != null) {
privatePasswordSet = true;
}
}
String privateKeyCachingProp = properties.getProperty(prefix + KEYSTORE_PRIVATE_KEY_CACHING);
if (privateKeyCachingProp != null) {
enablePrivateKeyCaching = Boolean.parseBoolean(privateKeyCachingProp);
}
} else {
LOG.debug("The KeyStore is not loaded as KEYSTORE_FILE is null");
}
//
// Load the TrustStore
//
String trustProvider = this.properties.getProperty(prefix + TRUSTSTORE_PROVIDER);
if (trustProvider != null) {
trustProvider = trustProvider.trim();
if (trustProvider.length() == 0) {
trustProvider = null;
} else {
setTrustProvider(trustProvider);
}
} else if (keystoreProvider != null) {
// Fallback to keystore provider for compatibility reason
trustProvider = keystoreProvider;
setTrustProvider(trustProvider);
}
String trustStoreLocation = properties.getProperty(prefix + TRUSTSTORE_FILE);
if (trustStoreLocation != null) {
trustStoreLocation = trustStoreLocation.trim();
try (InputStream is = loadInputStream(loader, trustStoreLocation)) {
String passwd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD);
if (passwd != null) {
passwd = passwd.trim();
passwd = decryptPassword(passwd, passwordEncryptor);
}
String type = properties.getProperty(prefix + TRUSTSTORE_TYPE, KeyStore.getDefaultType());
if (type != null) {
type = type.trim();
}
truststore = load(is, passwd, trustProvider, type);
LOG.debug(
"The TrustStore {} of type {} has been loaded", trustStoreLocation, type
);
loadCACerts = false;
}
} else {
String loadCacerts = properties.getProperty(prefix + LOAD_CA_CERTS, "false");
if (loadCacerts != null) {
loadCacerts = loadCacerts.trim();
}
if (Boolean.valueOf(loadCacerts)) {
String cacertsPath = (System.getProperty("java.home") + "/lib/security/cacerts").trim();
try (InputStream is = Files.newInputStream(Paths.get(cacertsPath))) {
String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
cacertsPasswd = cacertsPasswd.trim();
cacertsPasswd = decryptPassword(cacertsPasswd, passwordEncryptor);
}
truststore = load(is, cacertsPasswd, null, KeyStore.getDefaultType());
LOG.debug("CA certs have been loaded");
loadCACerts = true;
}
}
}
//
// Load the CRL file(s)
//
String crlLocations = properties.getProperty(prefix + X509_CRL_FILE);
if (crlLocations != null) {
String[] splittedCrlsLocations = crlLocations.split(COMMA_SEPARATOR);
List<X509CRL> crls = new ArrayList<>(splittedCrlsLocations.length);
for (String crlLocation : splittedCrlsLocations) {
try (InputStream is = loadInputStream(loader, crlLocation.trim())) {
CertificateFactory cf = getCertificateFactory();
X509CRL crl = (X509CRL)cf.generateCRL(is);
crls.add(crl);
} catch (Exception e) {
LOG.debug(e.getMessage(), e);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "ioError00");
}
}
try {
if (keystoreProvider == null || keystoreProvider.length() == 0) {
crlCertStore =
CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(crls)
);
} else {
crlCertStore =
CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(crls),
keystoreProvider
);
}
} catch (Exception e) {
LOG.debug(e.getMessage(), e);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "ioError00");
}
LOG.debug("The CRL files {} have been loaded", crlLocations);
}
}