cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Support for jose store context properties
Date Thu, 04 Dec 2014 22:02:21 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 893c21759 -> 81d49bf2b


Support for jose store context properties


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/81d49bf2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/81d49bf2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/81d49bf2

Branch: refs/heads/3.0.x-fixes
Commit: 81d49bf2b5863cbd34238f56eb56591c469a0e6c
Parents: 893c217
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Dec 4 21:59:57 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Dec 4 22:02:02 2014 +0000

----------------------------------------------------------------------
 .../security/jose/jaxrs/KeyManagementUtils.java | 35 +++++++++
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 81 +++++++++-----------
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 57 ++++++--------
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |  6 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  3 +-
 .../jaxrs/security/public.jwk.properties        | 20 -----
 6 files changed, 95 insertions(+), 107 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 6e256ed..58869d8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -217,4 +217,39 @@ public final class KeyManagementUtils {
         }
         return algo;
     }
+
+    public static Properties loadStoreProperties(Message m, boolean required, 
+                                                 String storeProp1, String storeProp2) {
+        if (m == null) {
+            if (required) {
+                throw new SecurityException();
+            }
+            return null;
+        }
+        Properties props = null;
+        String propLoc = 
+            (String)MessageUtils.getContextualProperty(m, storeProp1, storeProp2);
+        if (propLoc != null) {
+            try {
+                props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
+            } catch (Exception ex) {
+                throw new SecurityException(ex);
+            }
+        } else {
+            String keyFile = (String)m.getContextualProperty(RSSEC_KEY_STORE_FILE);
+            if (keyFile != null) {
+                props = new Properties();
+                props.setProperty(KeyManagementUtils.RSSEC_KEY_STORE_FILE, keyFile);
+                String type = (String)m.getContextualProperty(RSSEC_KEY_STORE_TYPE);
+                if (type == null) {
+                    type = "jwk";
+                }
+                props.setProperty(RSSEC_KEY_STORE_TYPE, type);
+            }
+        }
+        if (props == null && required) { 
+            throw new SecurityException();
+        }
+        return props; 
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 956e143..ad05e0f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -26,9 +26,7 @@ import java.util.Properties;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
@@ -216,33 +214,24 @@ public final class JweUtils {
                                           getContentDecryptionAlgorithm(key.getAlgorithm()));
     }
     public static JweEncryptionProvider loadEncryptionProvider(boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m != null) {
-            String propLoc = 
-                (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS,
RSSEC_ENCRYPTION_PROPS);
-            if (propLoc != null) {
-                return loadEncryptionProvider(propLoc, m);
-            }
-        }
-        if (required) {
-            throw new SecurityException();
-        }
-        return null;
+        return loadEncryptionProvider(JAXRSUtils.getCurrentMessage(), required);
     }
-    public static JweEncryptionProvider loadEncryptionProvider(String propLoc, Message m)
{
-        KeyEncryptionAlgorithm keyEncryptionProvider = null;
-        Properties props = null;
-        try {
-            props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
+    public static JweEncryptionProvider loadEncryptionProvider(Message m, boolean required)
{
+        
+        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
+                                                                  RSSEC_ENCRYPTION_OUT_PROPS,
RSSEC_ENCRYPTION_PROPS);
+        if (props == null) {
+            return null;
         }
-        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null);
+        
+        KeyEncryptionAlgorithm keyEncryptionProvider = null;
+        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         ContentEncryptionAlgorithm ctEncryptionProvider = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
-            keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm());
+            keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
+                                                     getDefaultKeyAlgo(jwk));
             if ("direct".equals(keyEncryptionAlgo)) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                 ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
@@ -260,33 +249,22 @@ public final class JweUtils {
                                     props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP));
     }
     public static JweDecryptionProvider loadDecryptionProvider(boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m != null) {
-            String propLoc = 
-                (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS,
RSSEC_ENCRYPTION_PROPS);
-            if (propLoc != null) {
-                return loadDecryptionProvider(propLoc, m);
-            }
-        }
-        if (required) {
-            throw new SecurityException();
-        }
-        return null;
+        return loadDecryptionProvider(JAXRSUtils.getCurrentMessage(), required);
     }
-    public static JweDecryptionProvider loadDecryptionProvider(String propLoc, Message m)
{
-        KeyDecryptionAlgorithm keyDecryptionProvider = null;
-        Properties props = null;
-        try {
-            props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
+    public static JweDecryptionProvider loadDecryptionProvider(Message m, boolean required)
{
+        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
+                                                                  RSSEC_ENCRYPTION_IN_PROPS,
RSSEC_ENCRYPTION_PROPS);
+        if (props == null) {
+            return null;
         }    
+        KeyDecryptionAlgorithm keyDecryptionProvider = null;
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         SecretKey ctDecryptionKey = null;
-        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null);
+        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_DECRYPT);
-            keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm());
+            keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
+                                                     getDefaultKeyAlgo(jwk));
             if ("direct".equals(keyEncryptionAlgo)) {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, contentEncryptionAlgo);
                 ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
@@ -422,13 +400,24 @@ public final class JweUtils {
             return getDirectKeyJweDecryption(ctDecryptionKey, contentDecryptionAlgo);
         }
     }
-    private static String getKeyEncryptionAlgo(Message m, Properties props, String algo)
{
+    private static String getKeyEncryptionAlgo(Message m, Properties props, 
+                                               String algo, String defaultAlgo) {
         if (algo == null) {
+            if (defaultAlgo == null) {
+                defaultAlgo = JoseConstants.RSA_OAEP_ALGO;
+            }
             return KeyManagementUtils.getKeyAlgorithm(m, props, 
-                JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, JoseConstants.RSA_OAEP_ALGO);
+                JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, defaultAlgo);
         }
         return algo;
     }
+    private static String getDefaultKeyAlgo(JsonWebKey jwk) {
+        if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
+            return JoseConstants.A128GCMKW_ALGO;
+        } else {
+            return JoseConstants.RSA_OAEP_ALGO;
+        }
+    }
     private static String getContentEncryptionAlgo(Message m, Properties props, String algo)
{
         if (algo == null) {
             return KeyManagementUtils.getKeyAlgorithm(m, props, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 66be06c..aef782a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -31,7 +31,6 @@ import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
@@ -133,39 +132,22 @@ public final class JwsUtils {
         return map;
     }
     public static JwsSignatureProvider loadSignatureProvider(boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m != null) {
-            String propLoc = 
-                (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS,
RSSEC_SIGNATURE_PROPS);
-            if (propLoc != null) {
-                return loadSignatureProvider(propLoc, m);
-            }
-        }
-        if (required) {
-            throw new SecurityException();
-        }
-        return null;
+        return loadSignatureProvider(JAXRSUtils.getCurrentMessage(), required);
     }
-    public static JwsSignatureProvider loadSignatureProvider(String propLoc, Message m) {
-        return loadSignatureProvider(propLoc, m, false);
+    public static JwsSignatureProvider loadSignatureProvider(Message m, boolean required)
{
+        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
+                                                                  RSSEC_SIGNATURE_OUT_PROPS,
RSSEC_SIGNATURE_PROPS);
+        if (props == null) {
+            return null;
+        }
+        return loadSignatureProvider(m, props, false);
     }
     public static JwsSignatureVerifier loadSignatureVerifier(boolean required) {
-        Message m = JAXRSUtils.getCurrentMessage();
-        if (m != null) {
-            String propLoc = 
-                (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS);
-            if (propLoc != null) {
-                return loadSignatureVerifier(propLoc, m);
-            }
-        }
-        if (required) {
-            throw new SecurityException();
-        }
-        return null;
+        return loadSignatureVerifier(JAXRSUtils.getCurrentMessage(), required);
     }
     public static List<JwsSignatureProvider> loadSignatureProviders(String propLoc,
Message m) {
         Properties props = loadProperties(m, propLoc);
-        JwsSignatureProvider theSigProvider = loadSignatureProvider(propLoc, m, true);
+        JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, true);
         if (theSigProvider != null) {
             return Collections.singletonList(theSigProvider);
         }
@@ -184,13 +166,18 @@ public final class JwsUtils {
         }
         return theSigProviders;
     }
-    public static JwsSignatureVerifier loadSignatureVerifier(String propLoc, Message m) {
-        return loadSignatureVerifier(propLoc, m, false);
+    public static JwsSignatureVerifier loadSignatureVerifier(Message m, boolean required)
{
+        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
+                                                                  RSSEC_SIGNATURE_IN_PROPS,
RSSEC_SIGNATURE_PROPS);
+        if (props == null) {
+            return null;
+        }
+        return loadSignatureVerifier(m, props, false);
     }
     
     public static List<JwsSignatureVerifier> loadSignatureVerifiers(String propLoc,
Message m) {
         Properties props = loadProperties(m, propLoc);
-        JwsSignatureVerifier theVerifier = loadSignatureVerifier(propLoc, m, true);
+        JwsSignatureVerifier theVerifier = loadSignatureVerifier(m, props, true);
         if (theVerifier != null) {
             return Collections.singletonList(theVerifier);
         }
@@ -213,8 +200,8 @@ public final class JwsUtils {
         //TODO: validate JWS specific constraints
         return JoseUtils.validateCriticalHeaders(headers);
     }
-    private static JwsSignatureProvider loadSignatureProvider(String propLoc, Message m,
boolean ignoreNullProvider) {
-        Properties props = loadProperties(m, propLoc);
+    private static JwsSignatureProvider loadSignatureProvider(Message m, Properties props,

+                                                              boolean ignoreNullProvider)
{
         JwsSignatureProvider theSigProvider = null; 
         String rsaSignatureAlgo = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
@@ -234,8 +221,8 @@ public final class JwsUtils {
         }
         return theSigProvider;
     }
-    private static JwsSignatureVerifier loadSignatureVerifier(String propLoc, Message m,
boolean ignoreNullVerifier) {
-        Properties props = loadProperties(m, propLoc);
+    private static JwsSignatureVerifier loadSignatureVerifier(Message m, Properties props,

+                                                              boolean ignoreNullVerifier)
{
         JwsSignatureVerifier theVerifier = null;
         String rsaSignatureAlgo = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{

http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 6520caa..cd113ae 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -60,8 +60,6 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         "org/apache/cxf/systest/jaxrs/security/bob.rs.properties";
     private static final String SERVER_JWEJWS_PROPERTIES =
         "org/apache/cxf/systest/jaxrs/security/alice.rs.properties";
-    private static final String PUBLIC_JWEJWS_PROPERTIES =
-        "org/apache/cxf/systest/jaxrs/security/public.jwk.properties";
     private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75"
         + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow";
     @BeforeClass
@@ -206,10 +204,10 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase
{
         providers.add(new JwsClientResponseFilter());
         
         bean.setProviders(providers);
-        bean.getProperties(true).put("rs.security.encryption.out.properties", PUBLIC_JWEJWS_PROPERTIES);
+        bean.getProperties(true).put("rs.security.keystore.file", 
+                                     "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
         bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
         bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
-        bean.getProperties(true).put("rs.security.signature.in.properties", PUBLIC_JWEJWS_PROPERTIES);
         PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
         bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
         bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);

http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index a7c9323..7b072e6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -111,9 +111,8 @@ under the License.
         </jaxrs:providers>
         <jaxrs:properties>
             <entry key="rs.security.encryption.in.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
-            <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/public.jwk.properties"/>
-            <entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/public.jwk.properties"/>
             <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
+            <entry key="rs.security.keystore.file" value="org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"/>
             <entry key="rs.security.keystore.alias.jwe.out" value="BobCert"/>
             <entry key="rs.security.keystore.alias.jws.in" value="BobCert"/>
             <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/81d49bf2/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/public.jwk.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/public.jwk.properties
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/public.jwk.properties
deleted file mode 100644
index a5f89b7..0000000
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/public.jwk.properties
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-#    Licensed to the Apache Software Foundation (ASF) under one
-#    or more contributor license agreements. See the NOTICE file
-#    distributed with this work for additional information
-#    regarding copyright ownership. The ASF licenses this file
-#    to you under the Apache License, Version 2.0 (the
-#    "License"); you may not use this file except in compliance
-#    with the License. You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing,
-#    software distributed under the License is distributed on an
-#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#    KIND, either express or implied. See the License for the
-#    specific language governing permissions and limitations
-#    under the License.
-#
-rs.security.keystore.type=jwk
-rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt


Mime
View raw message