cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5954] Allowing for reusing the same property file between JWE and JWS
Date Wed, 10 Sep 2014 21:09:15 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b22f204d1 -> 2024437e2


[CXF-5954] Allowing for reusing the same property file between JWE and JWS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2024437e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2024437e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2024437e

Branch: refs/heads/master
Commit: 2024437e209e5ef27362297bfa6f1abf65c4ef32
Parents: b22f204
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Sep 10 22:08:51 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Sep 10 22:08:51 2014 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/jwk/JwkUtils.java    | 41 +++++++++++---------
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  |  2 +-
 .../jwt/jaxrs/AbstractJwsReaderProvider.java    |  2 +-
 .../jwt/jaxrs/AbstractJwsWriterProvider.java    |  2 +-
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  |  2 +-
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |  2 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  2 +-
 .../jaxrs/security/secret.jwk.properties        |  3 +-
 .../jaxrs/security/secret.jws.properties        | 19 ---------
 9 files changed, 31 insertions(+), 44 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JwkUtils.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JwkUtils.java
index 7beee80..da7c70e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JwkUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwk/JwkUtils.java
@@ -19,8 +19,6 @@
 package org.apache.cxf.rs.security.oauth2.jwk;
 
 import java.io.InputStream;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
 import java.util.List;
 import java.util.Properties;
 
@@ -58,27 +56,34 @@ public final class JwkUtils {
             throw new SecurityException(ex);
         }
     }
-    public static RSAPublicKey loadPublicKey(Message m, Properties props) {
-        JsonWebKey jwkKey = loadJsonWebKey(m, props);
-        return jwkKey != null ? jwkKey.toRSAPublicKey() : null;
-    }
-    public static RSAPrivateKey loadPrivateKey(Message m, Properties props) {
-        JsonWebKey jwkKey = loadJsonWebKey(m, props);
-        return jwkKey != null ? jwkKey.toRSAPrivateKey() : null;
-    }
     public static JsonWebKey loadJsonWebKey(Message m, Properties props) {
+        return loadJsonWebKey(m, props, null);
+    }
+    public static JsonWebKey loadJsonWebKey(Message m, Properties props,
+                                            String keyOper) {
         JsonWebKeys jwkSet = loadPersistJwkSet(m, props);
-        JsonWebKey jwkKey = null;
         String kid = props.getProperty(CryptoUtils.RSSEC_KEY_STORE_ALIAS);
-        if (kid == null) {
-            List<JsonWebKey> keys = jwkSet.getRsaKeys();
+        if (kid == null && keyOper != null) {
+            String keyIdProp = null;
+            if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) {
+                keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jwe";
+            } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN)
+                       || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) {
+                keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jws";
+            }
+            if (keyIdProp != null) {
+                kid = props.getProperty(keyIdProp);
+            }
+        }
+        if (kid != null) {
+            return jwkSet.getKey(kid);
+        } else if (keyOper != null) {
+            List<JsonWebKey> keys = jwkSet.getKeyUseMap().get(keyOper);
             if (keys != null && keys.size() == 1) {
-                jwkKey = keys.get(0);
+                return keys.get(0);
             }
-        } else {
-            jwkKey = jwkSet.getKey(kid);
         }
-        
-        return jwkKey;
+        return null;
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 4c67927..6a484ba 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -81,7 +81,7 @@ public class AbstractJweDecryptingFilter {
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
                 //TODO: Private JWK sets can be JWE encrypted
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
+                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
                 if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
                     keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(jwk.toRSAPrivateKey());
                 } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index 95ae1cc..4d4ea71 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -71,7 +71,7 @@ public class AbstractJwsReaderProvider {
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
             JwsSignatureVerifier theVerifier = null;
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
+                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
                 if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
                     theVerifier = new PublicKeyJwsSignatureVerifier(jwk.toRSAPublicKey());
                 } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index c6c330b..c3afe70 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -66,7 +66,7 @@ public class AbstractJwsWriterProvider {
             String rsaSignatureAlgo = null;
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
                 //TODO: Private JWK sets can be JWE encrypted
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
+                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
                 rsaSignatureAlgo = jwk.getAlgorithm();
                 if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
                     theSigProvider = new PrivateKeyJwsSignatureProvider(jwk.toRSAPrivateKey());

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 2c1f6e0..46f0de4 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -131,7 +131,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
             String keyEncryptionAlgo = null;
             Properties props = ResourceUtils.loadProperties(propLoc, bus);
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE)))
{
-                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props);
+                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
                 keyEncryptionAlgo = jwk.getAlgorithm();
                 // TODO: Put it into some factory code
                 if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index b7eb813..8f6518b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -153,7 +153,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         providers.add(new JwsClientResponseFilter());
         bean.setProviders(providers);
         bean.getProperties(true).put("rs.security.signature.properties", 
-                                     "org/apache/cxf/systest/jaxrs/security/secret.jws.properties");
+                                     "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties");
         BookStore bs = bean.create(BookStore.class);
         String text = bs.echoText("book");
         assertEquals("book", text);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 57cad2d..0befa8a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -153,7 +153,7 @@ under the License.
             <ref bean="jwsOutFilter"/>
         </jaxrs:providers>
         <jaxrs:properties>
-            <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jws.properties"/>
+            <entry key="rs.security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"/>
         </jaxrs:properties>
     </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
index 2016b2d..c512d60 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties
@@ -15,7 +15,8 @@
 #    specific language governing permissions and limitations
 #    under the License.
 rs.security.keystore.type=jwk
-rs.security.keystore.alias=AesWrapKey
+rs.security.keystore.alias.jwe=AesWrapKey
+rs.security.keystore.alias.jws=HMACKey
 rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt
 rs.security.jwe.content.encryption.algorithm=A128GCM
 rs.security.jwe.key.encryption.algorithm=A128KW

http://git-wip-us.apache.org/repos/asf/cxf/blob/2024437e/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jws.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jws.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jws.properties
deleted file mode 100644
index d050b71..0000000
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jws.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-#    Licensed to the Apache Software Foundation (ASF) under one
-#    or more contributor license agreements. See the NOTICE file
-#    distributed with this work for additional information
-#    regarding copyright ownership. The ASF licenses this file
-#    to you under the Apache License, Version 2.0 (the
-#    "License"); you may not use this file except in compliance
-#    with the License. You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing,
-#    software distributed under the License is distributed on an
-#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#    KIND, either express or implied. See the License for the
-#    specific language governing permissions and limitations
-#    under the License.
-rs.security.keystore.type=jwk
-rs.security.keystore.alias=HMACKey
-rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt


Mime
View raw message