cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making it easier to plugin jose4j/etc into CXF JOSE filters
Date Mon, 24 Nov 2014 17:39:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes a2ab2aec8 -> 1e4a285f0


Making it easier to plugin jose4j/etc into CXF JOSE filters


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1e4a285f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1e4a285f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1e4a285f

Branch: refs/heads/3.0.x-fixes
Commit: 1e4a285f03eb40c5b2941012120e65ed698e99c7
Parents: a2ab2ae
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Nov 24 17:38:12 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Nov 24 17:39:04 2014 +0000

----------------------------------------------------------------------
 .../jose/jaxrs/AbstractJweDecryptingFilter.java |  5 ++++
 .../jose/jaxrs/AbstractJwsReaderProvider.java   |  5 ++++
 .../jose/jaxrs/AbstractJwsWriterProvider.java   |  5 ++++
 .../jose/jaxrs/JweWriterInterceptor.java        |  5 ++++
 .../jose/jwe/JweEncryptionProvider.java         |  3 +++
 .../cxf/rs/security/jose/jwe/JweFactory.java    | 25 ++++++++++++++++++++
 .../jose/jws/AbstractJwsSignatureProvider.java  |  6 +++++
 .../security/jose/jws/JwsCompactProducer.java   |  8 +++----
 .../cxf/rs/security/jose/jws/JwsFactory.java    | 25 ++++++++++++++++++++
 .../rs/security/jose/jws/JwsJsonProducer.java   |  6 ++---
 .../security/jose/jws/JwsSignatureProvider.java |  4 ++++
 .../utils/crypto/JwtAccessTokenUtils.java       |  6 +++++
 12 files changed, 95 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
index 83e00e1..f46d523 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
@@ -27,6 +27,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweFactory;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 
@@ -53,6 +54,10 @@ public class AbstractJweDecryptingFilter {
             return decryption;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
+        Object factory = m.getContextualProperty(JweFactory.class.getName());
+        if (factory != null) {
+            return ((JweFactory)factory).getJweDecryptionProvider();
+        }
         String propLoc = 
             (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS);
         if (propLoc == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
index 6027e60..eb6b300 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsFactory;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
@@ -41,6 +42,10 @@ public class AbstractJwsReaderProvider {
         } 
         
         Message m = JAXRSUtils.getCurrentMessage();
+        Object factory = m.getContextualProperty(JwsFactory.class.getName());
+        if (factory != null) {
+            return ((JwsFactory)factory).getJwsSignatureVerifier();
+        }
         String propLoc = 
             (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
         if (propLoc == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
index 139f20f..fbc7b79 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
@@ -29,6 +29,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsFactory;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
@@ -47,6 +48,10 @@ public class AbstractJwsWriterProvider {
             return sigProvider;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
+        Object factory = m.getContextualProperty(JwsFactory.class.getName());
+        if (factory != null) {
+            return ((JwsFactory)factory).getJwsSignatureProvider();
+        }
         String propLoc = 
             (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
         if (propLoc == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
index a80ac67..e98c56f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -42,6 +42,7 @@ import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
 import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState;
+import org.apache.cxf.rs.security.jose.jwe.JweFactory;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
@@ -119,6 +120,10 @@ public class JweWriterInterceptor implements WriterInterceptor {
             return encryptionProvider;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
+        Object factory = m.getContextualProperty(JweFactory.class.getName());
+        if (factory != null) {
+            return ((JweFactory)factory).getJweEncryptionProvider();
+        }
         String propLoc = 
             (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS);
         if (propLoc == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
index b685a29..addc7b6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
@@ -22,5 +22,8 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 public interface JweEncryptionProvider extends JweKeyProperties {
     String encrypt(byte[] jweContent, JweHeaders jweHeaders);
+    /**
+     * Prepare JWE state (optional operation)
+     */
     JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java
new file mode 100644
index 0000000..16100ef
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+
+public interface JweFactory {
+    JweEncryptionProvider getJweEncryptionProvider();
+    JweDecryptionProvider getJweDecryptionProvider();
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
index 4bbc22a..e2ebda5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java
@@ -46,6 +46,12 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid
         return algorithm;    
     }
     @Override
+    public byte[] sign(JoseHeaders headers, byte[] content) {
+        JwsSignature sig = createJwsSignature(headers);
+        sig.update(content, 0, content.length);
+        return sig.sign();
+    }
+    @Override
     public JwsSignature createJwsSignature(JoseHeaders headers) {
         return doCreateJwsSignature(prepareHeaders(headers));
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index b033afd..b8aee4a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -83,12 +83,10 @@ public class JwsCompactProducer {
         return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));
     }
     
-    public String signWith(JwsSignatureProvider signer) { 
-        JwsSignature worker = signer.createJwsSignature(getJoseHeaders());
-        
+    public String signWith(JwsSignatureProvider signer) {
         byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws());
-        worker.update(bytes, 0, bytes.length);
-        return setSignatureBytes(worker.sign());
+        byte[] sig = signer.sign(getJoseHeaders(), bytes);
+        return setSignatureBytes(sig);
     }
     
     public String setSignatureText(String signatureText) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java
new file mode 100644
index 0000000..f810660
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+
+public interface JwsFactory {
+    JwsSignatureProvider getJwsSignatureProvider();
+    JwsSignatureVerifier getJwsSignatureVerifier();
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index 5aaee71..c9c2387 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -106,12 +106,12 @@ public class JwsJsonProducer {
         if (unionHeaders.getAlgorithm() == null) {
             throw new SecurityException("Algorithm header is not set");
         }
-        JwsSignature worker = signer.createJwsSignature(unionHeaders);
         String sequenceToBeSigned = protectedHeader.getEncodedHeaderEntries() 
             + "." + getUnsignedEncodedPayload();
         byte[] bytesToBeSigned = StringUtils.toBytesUTF8(sequenceToBeSigned);
-        worker.update(bytesToBeSigned, 0, bytesToBeSigned.length);
-        byte[] signatureBytes = worker.sign();
+        
+        byte[] signatureBytes = signer.sign(unionHeaders, bytesToBeSigned);
+        
         String encodedSignatureBytes = Base64UrlUtility.encode(signatureBytes);
         JwsJsonSignatureEntry signature = 
             new JwsJsonSignatureEntry(encodedPayload, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
index 7dd9a0a..c6f60b9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
@@ -23,5 +23,9 @@ import org.apache.cxf.rs.security.jose.JoseHeaders;
 
 public interface JwsSignatureProvider {
     String getAlgorithm();
+    byte[] sign(JoseHeaders headers, byte[] content);
+    /**
+     * Create a signature handler capable of updating the signature input (optional operation)
+     */
     JwsSignature createJwsSignature(JoseHeaders headers);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1e4a285f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java
index 84be13a..d31e9f2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java
@@ -126,6 +126,12 @@ public final class JwtAccessTokenUtils {
         public JwsSignature createJwsSignature(JoseHeaders headers) {
             return new NoneJwsSignature();
         }
+
+        @Override
+        public byte[] sign(JoseHeaders headers, byte[] content) {
+            // TODO Auto-generated method stub
+            return null;
+        }
         
     }
     private static class NoneJwsSignature implements JwsSignature {


Mime
View raw message