Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A1C8510506 for ; Tue, 13 Jan 2015 22:28:51 +0000 (UTC) Received: (qmail 46586 invoked by uid 500); 13 Jan 2015 22:28:53 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 46526 invoked by uid 500); 13 Jan 2015 22:28:53 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 46517 invoked by uid 99); 13 Jan 2015 22:28:53 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jan 2015 22:28:53 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 10A18A10899; Tue, 13 Jan 2015 22:28:53 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <00bff7eaa4b045d1af2ab20adc94573d@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Minor updates to Jose code to support detached payloads Date: Tue, 13 Jan 2015 22:28:53 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 881b630dc -> e35507b02 Minor updates to Jose code to support detached payloads Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e35507b0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e35507b0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e35507b0 Branch: refs/heads/master Commit: e35507b02d15003d0ec80c970f0f27bfa47871d3 Parents: 881b630 Author: Sergey Beryozkin Authored: Tue Jan 13 22:28:31 2015 +0000 Committer: Sergey Beryozkin Committed: Tue Jan 13 22:28:31 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jwk/JsonWebKey.java | 2 +- .../security/jose/jws/JwsCompactConsumer.java | 21 ++++++++++++++------ .../security/jose/jws/JwsCompactProducer.java | 12 +++++++---- 3 files changed, 24 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e35507b0/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java index 8566dea..e723ef3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java @@ -55,7 +55,7 @@ public class JsonWebKey extends JsonMapObject { public static final String EC_CURVE = "crv"; public static final String EC_CURVE_P256 = "P-256"; public static final String EC_CURVE_P384 = "P-384"; - public static final String EC_CURVE_P512 = "P-512"; + public static final String EC_CURVE_P521 = "P-521"; public static final String EC_X_COORDINATE = "x"; public static final String EC_Y_COORDINATE = "y"; public static final String EC_PRIVATE_KEY = "d"; http://git-wip-us.apache.org/repos/asf/cxf/blob/e35507b0/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index 105d895..3ab2841 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -32,11 +32,14 @@ public class JwsCompactConsumer { private String encodedSequence; private String encodedSignature; private String headersJson; - private String jwsPayload; + private String decodedJwsPayload; public JwsCompactConsumer(String encodedJws) { this(encodedJws, null); } public JwsCompactConsumer(String encodedJws, JoseHeadersReader r) { + this(encodedJws, null, r); + } + public JwsCompactConsumer(String encodedJws, String encodedDetachedPayload, JoseHeadersReader r) { if (r != null) { this.reader = r; } @@ -53,10 +56,16 @@ public class JwsCompactConsumer { } else { encodedSignature = parts[2]; } + String encodedJwsPayload = parts[1]; + if (encodedDetachedPayload != null) { + if (StringUtils.isEmpty(encodedJwsPayload)) { + throw new SecurityException("Invalid JWS Compact sequence"); + } + encodedJwsPayload = encodedDetachedPayload; + } + encodedSequence = parts[0] + "." + encodedJwsPayload; headersJson = JoseUtils.decodeToString(parts[0]); - jwsPayload = JoseUtils.decodeToString(parts[1]); - encodedSequence = parts[0] + "." + parts[1]; - + decodedJwsPayload = JoseUtils.decodeToString(encodedJwsPayload); } public String getUnsignedEncodedSequence() { return encodedSequence; @@ -68,10 +77,10 @@ public class JwsCompactConsumer { return headersJson; } public String getDecodedJwsPayload() { - return jwsPayload; + return decodedJwsPayload; } public byte[] getDecodedJwsPayloadBytes() { - return StringUtils.toBytesUTF8(jwsPayload); + return StringUtils.toBytesUTF8(decodedJwsPayload); } public byte[] getDecodedSignature() { return encodedSignature.isEmpty() ? new byte[]{} : JoseUtils.decode(encodedSignature); http://git-wip-us.apache.org/repos/asf/cxf/blob/e35507b0/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b8aee4a..53fdf7a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -54,24 +54,28 @@ public class JwsCompactProducer { return headers; } public String getUnsignedEncodedJws() { + return getUnsignedEncodedJws(false); + } + private String getUnsignedEncodedJws(boolean detached) { checkAlgorithm(); if (plainRep == null) { plainRep = Base64UrlUtility.encode(writer.headersToJson(getJoseHeaders())) + "." - + Base64UrlUtility.encode(plainJwsPayload); + + (detached ? "" : Base64UrlUtility.encode(plainJwsPayload)); } return plainRep; } - public String getSignedEncodedJws() { + return getSignedEncodedJws(false); + } + public String getSignedEncodedJws(boolean detached) { checkAlgorithm(); boolean noSignature = StringUtils.isEmpty(signature); if (noSignature && !isPlainText()) { throw new IllegalStateException("Signature is not available"); } - return getUnsignedEncodedJws() + "." + (noSignature ? "" : signature); + return getUnsignedEncodedJws(detached) + "." + (noSignature ? "" : signature); } - public String signWith(JsonWebKey jwk) { return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm())); }