cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to JwsUtils
Date Thu, 06 Nov 2014 18:22:44 GMT
Repository: cxf
Updated Branches:
  refs/heads/master a4ed944b9 -> ddcb197fc


Minor updates to JwsUtils


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ddcb197f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ddcb197f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ddcb197f

Branch: refs/heads/master
Commit: ddcb197fc73ae4a18547f53fc57f99415fb45fbc
Parents: a4ed944
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Nov 6 18:22:22 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Nov 6 18:22:22 2014 +0000

----------------------------------------------------------------------
 .../security/jose/jws/JwsCompactProducer.java   |   1 -
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 153 ++++++++++++-------
 2 files changed, 96 insertions(+), 58 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ddcb197f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index 1f4c39a..f1413a1 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -32,7 +32,6 @@ public class JwsCompactProducer {
     private String plainJwsPayload;
     private String signature;
     private String plainRep;
-    
     public JwsCompactProducer(String plainJwsPayload) {
         this(null, null, plainJwsPayload);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ddcb197f/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 7f880cb..8a5a151 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -42,9 +42,15 @@ public final class JwsUtils {
     private JwsUtils() {
         
     }
-    public static boolean validateCriticalHeaders(JoseHeaders headers) {
-        //TODO: validate JWS specific constraints
-        return JoseUtils.validateCriticalHeaders(headers);
+    public static String sign(RSAPrivateKey key, String algo, String content) {
+        return sign(getRSAKeySignatureProvider(key, algo), content);
+    }
+    public static String sign(byte[] key, String algo, String content) {
+        return sign(getHmacSignatureProvider(key, algo), content);
+    }
+    public static String verifyAndGetContent(byte[] key, String algo, String content) {
+        JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content);
+        return jws.getDecodedJwsPayload();
     }
     public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) {
         return getSignatureProvider(jwk, null);
@@ -53,19 +59,26 @@ public final class JwsUtils {
         String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         JwsSignatureProvider theSigProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
-                                                                rsaSignatureAlgo);
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
-            && Algorithm.isHmacSign(rsaSignatureAlgo)) {
-            theSigProvider = 
-                new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
-                                             rsaSignatureAlgo);
+            theSigProvider = getRSAKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
+                                                        rsaSignatureAlgo);
+        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { 
+            byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+            theSigProvider = getHmacSignatureProvider(key, rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
             theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
                                                            rsaSignatureAlgo);
         }
         return theSigProvider;
     }
+    public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey key, String
algo) {
+        return new PrivateKeyJwsSignatureProvider(key, algo);
+    }
+    public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo)
{
+        if (Algorithm.isHmacSign(algo)) {
+            return new HmacJwsSignatureProvider(key, algo);
+        }
+        return null;
+    }
     public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) {
         return getSignatureVerifier(jwk, null);
     }
@@ -73,16 +86,24 @@ public final class JwsUtils {
         String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         JwsSignatureVerifier theVerifier = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toRSAPublicKey(jwk),
rsaSignatureAlgo);
-        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) 
-            && Algorithm.isHmacSign(rsaSignatureAlgo)) {
-            theVerifier = 
-                new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
rsaSignatureAlgo);
+            theVerifier = getRSAKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk), rsaSignatureAlgo);
+        } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { 
+            byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
+            theVerifier = getHmacSignatureVerifier(key, rsaSignatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
             theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), rsaSignatureAlgo);
         }
         return theVerifier;
     }
+    public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey key, String
algo) {
+        return new PublicKeyJwsSignatureVerifier(key, algo);
+    }
+    public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo)
{
+        if (Algorithm.isHmacSign(algo)) {
+            return new HmacJwsSignatureVerifier(key, algo);
+        }
+        return null;
+    }
     public static MultivaluedMap<String, JwsJsonSignatureEntry> getJwsJsonSignatureMap(
         List<JwsJsonSignatureEntry> signatures) {
         MultivaluedMap<String, JwsJsonSignatureEntry> map = new MetadataMap<String,
JwsJsonSignatureEntry>();
@@ -94,27 +115,7 @@ public final class JwsUtils {
     public static JwsSignatureProvider loadSignatureProvider(String propLoc, Message m) {
         return loadSignatureProvider(propLoc, m, false);
     }
-    private static JwsSignatureProvider loadSignatureProvider(String propLoc, Message m,
boolean ignoreNullProvider) {
-        Properties props = loadProperties(m, propLoc);
-        JwsSignatureProvider theSigProvider = null; 
-        String rsaSignatureAlgo = null;
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
-            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
-            if (jwk != null) {
-                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
-            }
-        } else {
-            rsaSignatureAlgo = getSignatureAlgo(props, null);
-            RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,

-                KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
-            theSigProvider = new PrivateKeyJwsSignatureProvider(pk, rsaSignatureAlgo);
-        }
-        if (theSigProvider == null && !ignoreNullProvider) {
-            throw new SecurityException();
-        }
-        return theSigProvider;
-    }
+    
     public static List<JwsSignatureProvider> loadSignatureProviders(String propLoc,
Message m) {
         Properties props = loadProperties(m, propLoc);
         JwsSignatureProvider theSigProvider = loadSignatureProvider(propLoc, m, true);
@@ -139,27 +140,7 @@ public final class JwsUtils {
     public static JwsSignatureVerifier loadSignatureVerifier(String propLoc, Message m) {
         return loadSignatureVerifier(propLoc, m, false);
     }
-    public static JwsSignatureVerifier loadSignatureVerifier(String propLoc, Message m, boolean
ignoreNullVerifier) {
-        Properties props = loadProperties(m, propLoc);
-        JwsSignatureVerifier theVerifier = null;
-        String rsaSignatureAlgo = null;
-        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
-            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
-            if (jwk != null) {
-                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
-                theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
-            }
-            
-        } else {
-            rsaSignatureAlgo = getSignatureAlgo(props, null);
-            theVerifier = new PublicKeyJwsSignatureVerifier(
-                              (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), rsaSignatureAlgo);
-        }
-        if (theVerifier == null && !ignoreNullVerifier) {
-            throw new SecurityException();
-        }
-        return theVerifier;
-    }
+    
     public static List<JwsSignatureVerifier> loadSignatureVerifiers(String propLoc,
Message m) {
         Properties props = loadProperties(m, propLoc);
         JwsSignatureVerifier theVerifier = loadSignatureVerifier(propLoc, m, true);
@@ -181,6 +162,52 @@ public final class JwsUtils {
         }
         return theVerifiers;
     }
+    public static boolean validateCriticalHeaders(JoseHeaders headers) {
+        //TODO: validate JWS specific constraints
+        return JoseUtils.validateCriticalHeaders(headers);
+    }
+    private static JwsSignatureProvider loadSignatureProvider(String propLoc, Message m,
boolean ignoreNullProvider) {
+        Properties props = loadProperties(m, propLoc);
+        JwsSignatureProvider theSigProvider = null; 
+        String rsaSignatureAlgo = null;
+        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
+            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
+            if (jwk != null) {
+                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
+                theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
+            }
+        } else {
+            rsaSignatureAlgo = getSignatureAlgo(props, null);
+            RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,

+                KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
+            theSigProvider = getRSAKeySignatureProvider(pk, rsaSignatureAlgo);
+        }
+        if (theSigProvider == null && !ignoreNullProvider) {
+            throw new SecurityException();
+        }
+        return theSigProvider;
+    }
+    private static JwsSignatureVerifier loadSignatureVerifier(String propLoc, Message m,
boolean ignoreNullVerifier) {
+        Properties props = loadProperties(m, propLoc);
+        JwsSignatureVerifier theVerifier = null;
+        String rsaSignatureAlgo = null;
+        if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
+            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
+            if (jwk != null) {
+                rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
+                theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
+            }
+            
+        } else {
+            rsaSignatureAlgo = getSignatureAlgo(props, null);
+            theVerifier = getRSAKeySignatureVerifier(
+                              (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), rsaSignatureAlgo);
+        }
+        if (theVerifier == null && !ignoreNullVerifier) {
+            throw new SecurityException();
+        }
+        return theVerifier;
+    }
     private static Properties loadProperties(Message m, String propLoc) {
         try {
             return ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
@@ -191,4 +218,16 @@ public final class JwsUtils {
     private static String getSignatureAlgo(Properties props, String algo) {
         return algo == null ? props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP) : algo;
     }
+    private static JwsCompactConsumer verify(JwsSignatureVerifier v, String content) {
+        JwsCompactConsumer jws = new JwsCompactConsumer(content);
+        if (!jws.verifySignatureWith(v)) {
+            throw new SecurityException();
+        }
+        return jws;
+    }
+    private static String sign(JwsSignatureProvider jwsSig, String content) {
+        JwsCompactProducer jws = new JwsCompactProducer(content);
+        jws.signWith(jwsSig);
+        return jws.getSignedEncodedJws();
+    }
 }


Mime
View raw message