cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Initial attempt to minimize a number of properties that may have to be set when JWE and or JWS are used
Date Fri, 11 Jul 2014 13:20:19 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 78664f430 -> e67312c2a


[CXF-5311] Initial attempt to minimize a number of properties that may have to be set when
JWE and or JWS are used


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e67312c2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e67312c2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e67312c2

Branch: refs/heads/master
Commit: e67312c2af732de561a4d8f4f14566f44f813b6e
Parents: 78664f4
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Jul 11 14:19:57 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Jul 11 14:19:57 2014 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/message/MessageUtils.java    |  8 +++++
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  |  2 ++
 .../jwt/jaxrs/AbstractJwsReaderProvider.java    |  4 ++-
 .../jwt/jaxrs/AbstractJwsWriterProvider.java    |  5 +++-
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  |  7 +++--
 .../oauth2/utils/crypto/CryptoUtils.java        | 31 +++++++++++++-------
 6 files changed, 43 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/core/src/main/java/org/apache/cxf/message/MessageUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/message/MessageUtils.java b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
index 9eed341..a6cf993 100644
--- a/core/src/main/java/org/apache/cxf/message/MessageUtils.java
+++ b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
@@ -131,6 +131,14 @@ public final class MessageUtils {
         return defaultValue;
     }
     
+    public static Object getContextualProperty(Message m, String propPreferred, String propDefault)
{
+        Object prop = m.getContextualProperty(propPreferred);
+        if (prop == null && propDefault != null) {
+            prop = (String)m.getContextualProperty(propDefault);
+        }
+        return prop;
+    }
+    
     /**
      * Returns true if the underlying content format is a W3C DOM or a SAAJ message.
      */

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 1ff3d1a..9887c68 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -33,6 +33,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJweDecryptingFilter {
     private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
+    private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
         
     private JweDecryptor decryptor;
     private JweCryptoProperties cryptoProperties;
@@ -57,6 +58,7 @@ public class AbstractJweDecryptingFilter {
         try {
             PrivateKey pk = CryptoUtils.loadPrivateKey(JAXRSUtils.getCurrentMessage(), 
                                                        RSSEC_ENCRYPTION_IN_PROPS, 
+                                                       RSSEC_ENCRYPTION_PROPS,
                                                        CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
             return new WrappedKeyJweDecryptor(pk, cryptoProperties);
         } catch (SecurityException ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index 5dbacf4..a70e185 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -27,7 +27,8 @@ import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJwsReaderProvider {
-    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.in.properties";
+    private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
+    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
     
     private JwsSignatureVerifier sigVerifier;
     private JwsSignatureProperties sigProperties;
@@ -51,6 +52,7 @@ public class AbstractJwsReaderProvider {
         } 
         try {
             PublicKey pk = CryptoUtils.loadPublicKey(JAXRSUtils.getCurrentMessage(), 
+                                                     RSSEC_SIGNATURE_IN_PROPS,
                                                      RSSEC_SIGNATURE_PROPS);
             return new PublicKeyJwsSignatureVerifier(pk);
         } catch (SecurityException ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index a03312c..e8cdd8c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -28,6 +28,7 @@ import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
 import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.jws.PrivateKeyJwsSignatureProvider;
@@ -35,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJwsWriterProvider {
     private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
+    private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
     private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
     
     private JwsSignatureProvider sigProvider;
@@ -48,7 +50,8 @@ public class AbstractJwsWriterProvider {
             return sigProvider;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_OUT_PROPS);
+        String propLoc = 
+            (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index c8097e3..ee6516e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -36,6 +36,7 @@ import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptor;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
 import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryptor;
@@ -44,7 +45,8 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 @Priority(Priorities.JWE_WRITE_PRIORITY)
 public class JweWriterInterceptor implements WriterInterceptor {
-    private static final String JSON_WEB_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
+    private static final String JSON_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
+    private static final String JSON_ENCRYPTION_PROPS = "rs.security.encryption.properties";
     private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
     private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
     private JweEncryptor encryptor;
@@ -85,7 +87,8 @@ public class JweWriterInterceptor implements WriterInterceptor {
             return encryptor;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
-        String propLoc = (String)m.getContextualProperty(JSON_WEB_ENCRYPTION_OUT_PROPS);
+        String propLoc = 
+            (String)MessageUtils.getContextualProperty(m, JSON_ENCRYPTION_OUT_PROPS, JSON_ENCRYPTION_PROPS);
         if (propLoc == null) {
             throw new SecurityException();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index 1030240..23cc8b7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -53,6 +53,7 @@ import org.apache.cxf.common.util.CompressionUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 import org.apache.cxf.security.SecurityContext;
 
@@ -158,18 +159,27 @@ public final class CryptoUtils {
         return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
     }
     public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
-        String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
+        return loadPublicKey(m, keyStoreLocProp, null);
+    }
+    public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String
keyStoreLocPropDefault) {
+        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
         Bus bus = m.getExchange().getBus();
         try {
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
             return CryptoUtils.loadPublicKey(m, props);
         } catch (Exception ex) {
             throw new SecurityException(ex);
         }
     }
+    private static String getMessageProperty(Message m, String keyStoreLocPropPreferred,

+                                             String keyStoreLocPropDefault) {
+        String propLoc = 
+            (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
+        if (propLoc == null) {
+            throw new SecurityException();
+        }
+        return propLoc;
+    }
     public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider
provider) {
         KeyStore keyStore = loadKeyStore(props, bus);
         return loadPrivateKey(keyStore, props, bus, provider);
@@ -206,13 +216,14 @@ public final class CryptoUtils {
         }
     }
     public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp)
{
-        String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
-        if (propLoc == null) {
-            throw new SecurityException();
-        }
+        return loadPrivateKey(m, keyStoreLocProp, null, passwordProviderProp);
+    }
+    public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred,
+                                            String keyStoreLocPropDefault, String passwordProviderProp)
{
+        String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
         Bus bus = m.getExchange().getBus();
         try {
-            Properties props = ResourceUtils.loadProperties(propLoc, bus);
+            Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
             return CryptoUtils.loadPrivateKey(m, props, passwordProviderProp);
         } catch (Exception ex) {
             throw new SecurityException(ex);


Mime
View raw message