cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Keeping refactoring and experimenting with property names
Date Tue, 17 Jun 2014 16:07:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 71320263c -> 335148d95


[CXF-5311] Keeping refactoring and experimenting with property names


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/335148d9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/335148d9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/335148d9

Branch: refs/heads/master
Commit: 335148d95dc0263ae191960554330d09a8baa982
Parents: 7132026
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jun 17 17:06:57 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jun 17 17:06:57 2014 +0100

----------------------------------------------------------------------
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  |  31 +---
 .../jwt/jaxrs/AbstractJwsReaderProvider.java    |  24 +--
 .../jwt/jaxrs/AbstractJwsWriterProvider.java    |  19 +--
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  |  22 ++-
 .../oauth2/utils/crypto/CryptoUtils.java        | 158 +++++++++----------
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |   5 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |   3 +-
 .../systest/jaxrs/security/alice.rs.properties  |   8 +-
 .../systest/jaxrs/security/bob.rs.properties    |   8 +-
 9 files changed, 108 insertions(+), 170 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 50bbeab..1ff3d1a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -20,26 +20,20 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.security.KeyStore;
 import java.security.PrivateKey;
-import java.util.Properties;
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptor;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
 import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryptor;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
 
 public class AbstractJweDecryptingFilter {
     private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
-    
+        
     private JweDecryptor decryptor;
     private JweCryptoProperties cryptoProperties;
     private String defaultMediaType;
@@ -60,27 +54,10 @@ public class AbstractJweDecryptingFilter {
         if (decryptor != null) {
             return decryptor;    
         } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m == null) {
-            throw new SecurityException();
-        }
-        String propLoc = (String)m.getContextualProperty(RSSEC_ENCRYPTION_IN_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
         try {
-            Bus bus = m.getExchange().getBus();
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            PrivateKey pk = null;
-            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
-            if (keyStore == null) {
-                keyStore = CryptoUtils.loadKeyStore(props, bus);
-                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE),
keyStore);
-            }
-            PrivateKeyPasswordProvider cb = 
-                (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
-            pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
-            
+            PrivateKey pk = CryptoUtils.loadPrivateKey(JAXRSUtils.getCurrentMessage(), 
+                                                       RSSEC_ENCRYPTION_IN_PROPS, 
+                                                       CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
             return new WrappedKeyJweDecryptor(pk, cryptoProperties);
         } catch (SecurityException ex) {
             throw ex;

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index 0889f18..d463b40 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -18,14 +18,9 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 
-import java.security.KeyStore;
 import java.security.PublicKey;
-import java.util.Properties;
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProperties;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
@@ -54,24 +49,9 @@ public class AbstractJwsReaderProvider {
         if (sigVerifier != null) {
             return sigVerifier;    
         } 
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m == null) {
-            throw new SecurityException();
-        }
-        String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_PROPS);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
-        Bus bus = m.getExchange().getBus();
         try {
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            PublicKey pk = null;
-            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
-            if (keyStore == null) {
-                keyStore = CryptoUtils.loadKeyStore(props, bus);
-                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE),
keyStore);
-            }
-            pk = CryptoUtils.loadPublicKey(keyStore, props);
+            PublicKey pk = CryptoUtils.loadPublicKey(JAXRSUtils.getCurrentMessage(), 
+                                                     RSSEC_SIGNATURE_PROPS);
             return new PublicKeyJwsSignatureVerifier(pk);
         } catch (SecurityException ex) {
             throw ex;

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index be6f8ae..25a5599 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -21,11 +21,9 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.util.Properties;
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
@@ -34,7 +32,6 @@ import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.jws.PrivateKeyJwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
 
 public class AbstractJwsWriterProvider {
     private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
@@ -52,25 +49,13 @@ public class AbstractJwsWriterProvider {
             return sigProvider;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
-        if (m == null) {
-            throw new SecurityException();
-        }
         String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_OUT_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
         }
         try {
-            Bus bus = m.getExchange().getBus();
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            PrivateKey pk = null;
-            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
-            if (keyStore == null) {
-                keyStore = CryptoUtils.loadKeyStore(props, bus);
-                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE),
keyStore);
-            }
-            PrivateKeyPasswordProvider cb = 
-                (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
-            pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+            Properties props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
+            PrivateKey pk = CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
             PrivateKeyJwsSignatureProvider provider = new PrivateKeyJwsSignatureProvider(pk);
             provider.setDefaultJwtAlgorithm(props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP));
             return provider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 1bb79b6..65dbb5f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.security.KeyStore;
 import java.security.PublicKey;
 import java.util.Properties;
 
@@ -47,6 +46,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 public class JweWriterInterceptor implements WriterInterceptor {
     private static final String JSON_WEB_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
     private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
+    private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
     private JweEncryptor encryptor;
     private boolean contentTypeRequired = true;
     
@@ -75,9 +75,6 @@ public class JweWriterInterceptor implements WriterInterceptor {
             return encryptor;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
-        if (m == null) {
-            throw new SecurityException();
-        }
         String propLoc = (String)m.getContextualProperty(JSON_WEB_ENCRYPTION_OUT_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
@@ -85,16 +82,15 @@ public class JweWriterInterceptor implements WriterInterceptor {
         Bus bus = m.getExchange().getBus();
         try {
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
-            PublicKey pk = null;
-            KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
-            if (keyStore == null) {
-                keyStore = CryptoUtils.loadKeyStore(props, bus);
-                m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE),
keyStore);
+            PublicKey pk = CryptoUtils.loadPublicKey(m, props);
+            JweHeaders headers = new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+                                                props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP));
+            String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
+            if (compression != null) {
+                headers.setZipAlgorithm(compression);
             }
-            pk = CryptoUtils.loadPublicKey(keyStore, props);
-            return new WrappedKeyJweEncryptor(new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
-                                                             props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP)),

-                                              pk);
+            
+            return new WrappedKeyJweEncryptor(headers, pk);
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index ca17056..2c75038 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -51,6 +51,7 @@ import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.CompressionUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 
 
@@ -58,12 +59,13 @@ import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
  * Encryption helpers
  */
 public final class CryptoUtils {
-    public static final String RSSEC_KEY_STORE_TYPE = "rs.security.crypto.keystore.type";
-    public static final String RSSEC_KEY_STORE_PSWD = "rs.security.crypto.keystore.password";
-    public static final String RSSEC_KEY_PSWD = "rs.security.crypto.key.password";
-    public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.crypto.keystore.alias";
-    public static final String RSSEC_KEY_STORE_FILE = "rs.security.crypto.keystore.file";
-    public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.crypto.key.password.provider";
+    public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type";
+    public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password";
+    public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
+    public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
+    public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
+    public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
+    public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
         
     private static final Logger LOG = LogUtils.getL7dLogger(CryptoUtils.class);
     
@@ -131,12 +133,8 @@ public final class CryptoUtils {
     
     public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword,
String alias,
                                               String storeType) {
-        try {
-            KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
-            return loadCertificate(keyStore, alias);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
+        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+        return loadCertificate(keyStore, alias);
     }
     public static Certificate loadCertificate(KeyStore keyStore, String alias) {
         try {
@@ -145,86 +143,52 @@ public final class CryptoUtils {
             throw new SecurityException(ex);
         }
     }
-    public static Certificate loadCertificate(KeyStore keyStore, Properties props) {
-        try {
-            return loadCertificate(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
-    }
-    public static Certificate loadCertificate(Properties props, Bus bus) {
-        try {
-            KeyStore keyStore = loadKeyStore(props, bus);
-            String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-            return loadCertificate(keyStore, alias);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
-    }
     public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword,
String alias,
                                           String storeType) {
-        try {
-            return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
+        return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
     }
     public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
-        try {
-            return loadCertificate(keyStore, alias).getPublicKey();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
+        return loadCertificate(keyStore, alias).getPublicKey();
     }
-    public static PublicKey loadPublicKey(KeyStore keyStore, Properties props) {
-        try {
-            return loadCertificate(keyStore, props).getPublicKey();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
+    public static PublicKey loadPublicKey(Message m, Properties props) {
+        KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props);
+        return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
     }
-    public static PublicKey loadPublicKey(Properties props, Bus bus) {
+    public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
+        String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
+        if (propLoc == null) {
+            throw new SecurityException();
+        }
+        Bus bus = m.getExchange().getBus();
         try {
-            return loadCertificate(props, bus).getPublicKey();
-        } catch (Exception ex) { 
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            return CryptoUtils.loadPublicKey(m, props);
+        } catch (Exception ex) {
             throw new SecurityException(ex);
-        }    
+        }
     }
     public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider
provider) {
-        try {
-            KeyStore keyStore = loadKeyStore(props, bus);
-            return loadPrivateKey(keyStore, props, bus, provider);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
+        KeyStore keyStore = loadKeyStore(props, bus);
+        return loadPrivateKey(keyStore, props, bus, provider);
     }
     public static PrivateKey loadPrivateKey(KeyStore keyStore, 
                                             Properties props, 
                                             Bus bus, 
                                             PrivateKeyPasswordProvider provider) {
-        try {
-            String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
-            String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
-            char[] keyPswdChars = provider != null ? provider.getPassword(props) 
-                : keyPswd != null ? keyPswd.toCharArray() : null;    
-            return loadPrivateKey(keyStore, keyPswdChars, alias);
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }    
+        
+        String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
+        String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
+        char[] keyPswdChars = provider != null ? provider.getPassword(props) 
+            : keyPswd != null ? keyPswd.toCharArray() : null;    
+        return loadPrivateKey(keyStore, keyPswdChars, alias);
     }
     public static PrivateKey loadPrivateKey(InputStream storeLocation, 
                                             char[] storePassword, 
                                             char[] keyPassword, 
                                             String alias,
                                             String storeType) {
-        try {
-            KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
-            KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
-                keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
-            return pkEntry.getPrivateKey();
-        } catch (Exception ex) { 
-            throw new SecurityException(ex);
-        }
+        KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+        return loadPrivateKey(keyStore, keyPassword, alias);
     }
     
     public static PrivateKey loadPrivateKey(KeyStore keyStore,
@@ -238,20 +202,54 @@ public final class CryptoUtils {
             throw new SecurityException(ex);
         }
     }
-    
-    public static KeyStore loadKeyStore(Properties props, Bus bus) throws Exception {
+    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp)
{
+        String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
+        if (propLoc == null) {
+            throw new SecurityException();
+        }
+        Bus bus = m.getExchange().getBus();
+        try {
+            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            return CryptoUtils.loadPrivateKey(m, props, passwordProviderProp);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+    public static PrivateKey loadPrivateKey(Message m, Properties props, String passwordProviderProp)
{
+        Bus bus = m.getExchange().getBus();
+        KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props);
+        PrivateKeyPasswordProvider cb = 
+            (PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp);
+        return CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+    }
+    public static KeyStore loadPersistKeyStore(Message m, Properties props) {
+        KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+        if (keyStore == null) {
+            keyStore = CryptoUtils.loadKeyStore(props, m.getExchange().getBus());
+            m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+        }
+        return keyStore;
+    }
+    public static KeyStore loadKeyStore(Properties props, Bus bus) {
         String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
         String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
         String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
-        InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
-        return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+        try {
+            InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
+            return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
     }
     
-    public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword,
String type) 
-        throws Exception {
-        KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
-        ks.load(storeLocation, storePassword);
-        return ks;
+    public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword,
String type) {
+        try {
+            KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() :
type);
+            ks.load(storeLocation, storePassword);
+            return ks;
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
     }
     
     public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 616c8f4..a86a3b2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -91,8 +91,9 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
         bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
         bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
-        bean.getProperties(true).put("rs.security.crypto.key.password.provider", 
-                                     new PrivateKeyPasswordProviderImpl());
+        PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
+        bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
+        bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
         BookStore bs = bean.create(BookStore.class);
         String text = bs.echoText("book");
         assertEquals("book", text);

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 8633bad..37bcec7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -66,7 +66,8 @@ under the License.
             <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
             <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
             <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
-            <entry key="rs.security.crypto.key.password.provider" value-ref="keyPasswordProvider"/>
+            <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+            <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
         </jaxrs:properties>
     </jaxrs:server>
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
index cbcd33f..1b42f7e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
@@ -14,9 +14,9 @@
 #    KIND, either express or implied. See the License for the
 #    specific language governing permissions and limitations
 #    under the License.
-rs.security.crypto.keystore.type=jks
-rs.security.crypto.keystore.password=password
-rs.security.crypto.keystore.alias=alice
-rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
+rs.security.keystore.type=jks
+rs.security.keystore.password=password
+rs.security.keystore.alias=alice
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
 rs.security.jwe.content.encryption.algorithm=A128GCM
 rs.security.jws.content.signature.algorithm=RS256

http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
index bbc12fb..1cc2de3 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
@@ -16,9 +16,9 @@
 #    specific language governing permissions and limitations
 #    under the License.
 #
-rs.security.crypto.keystore.type=jks
-rs.security.crypto.keystore.password=password
-rs.security.crypto.keystore.alias=bob
-rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks
+rs.security.keystore.type=jks
+rs.security.keystore.password=password
+rs.security.keystore.alias=bob
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks
 rs.security.jwe.content.encryption.algorithm=A128GCM
 rs.security.jws.content.signature.algorithm=RS256


Mime
View raw message