cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Refactor signature code to allow for the elliptic curve case when using keystores
Date Tue, 28 Apr 2015 14:28:05 GMT
Refactor signature code to allow for the elliptic curve case when using keystores


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac8f8fbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac8f8fbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac8f8fbc

Branch: refs/heads/master
Commit: ac8f8fbc9747b03e7638e16e7c9833c4de775868
Parents: 92fdbae
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 28 15:27:39 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 28 15:27:39 2015 +0100

----------------------------------------------------------------------
 .../security/jose/jaxrs/KeyManagementUtils.java | 11 ++-
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 10 ++-
 .../security/jose/jws/JwsCompactConsumer.java   |  8 +-
 .../security/jose/jws/JwsCompactProducer.java   |  6 +-
 .../rs/security/jose/jws/JwsJsonConsumer.java   |  6 +-
 .../rs/security/jose/jws/JwsJsonProducer.java   |  6 +-
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 87 +++++++++++---------
 7 files changed, 76 insertions(+), 58 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 23557c5..499e4f6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -34,7 +34,6 @@ import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.PKIXBuilderParameters;
 import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Enumeration;
@@ -195,11 +194,11 @@ public final class KeyManagementUtils {
         return cb;
     }
     
-    public static RSAPrivateKey loadPrivateKey(Message m, Properties props, String keyOper)
{
+    public static PrivateKey loadPrivateKey(Message m, Properties props, String keyOper)
{
         KeyStore keyStore = loadPersistKeyStore(m, props);
-        return (RSAPrivateKey)loadPrivateKey(keyStore, m, props, keyOper, null);
+        return loadPrivateKey(keyStore, m, props, keyOper, null);
     }
-    private static RSAPrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties
props, String keyOper, 
+    private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props,
String keyOper, 
                                                 String alias) {
         Bus bus = m.getExchange().getBus();
         PrivateKeyPasswordProvider cb = loadPasswordProvider(m, props, keyOper);
@@ -212,7 +211,7 @@ public final class KeyManagementUtils {
                 }
             }
         }
-        return (RSAPrivateKey)loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias);
+        return loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias);
     }
     public static KeyStore loadPersistKeyStore(Message m, Properties props) {
         if (!props.containsKey(RSSEC_KEY_STORE_FILE)) {
@@ -358,7 +357,7 @@ public final class KeyManagementUtils {
         }
         return props; 
     }
-    public static RSAPrivateKey loadPrivateKey(Message m, Properties props, 
+    public static PrivateKey loadPrivateKey(Message m, Properties props, 
                                                List<X509Certificate> inCerts, String
keyOper) {
         KeyStore ks = loadPersistKeyStore(m, props);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 2980137..119fcb6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.jose.jwe;
 
 import java.nio.ByteBuffer;
+import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
@@ -324,10 +325,15 @@ public final class JweUtils {
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
             KeyManagementUtils.validateCertificateChain(props, chain);
-            RSAPrivateKey privateKey = 
+            PrivateKey privateKey = 
                 KeyManagementUtils.loadPrivateKey(m, props, chain, JsonWebKey.KEY_OPER_DECRYPT);
+            if (!(privateKey instanceof RSAPrivateKey)) {
+                LOG.warning("Non-RSA private keys are not yet supported for encryption");
+                return null;
+            }
             contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm();
-            keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(privateKey, inHeaders.getKeyEncryptionAlgorithm());
+            keyDecryptionProvider = getRSAKeyDecryptionAlgorithm((RSAPrivateKey)privateKey,

+                                                                 inHeaders.getKeyEncryptionAlgorithm());
         } else {
             if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_DECRYPT);

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index b86742c..edd2560 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -18,8 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPublicKey;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
@@ -116,10 +116,10 @@ public class JwsCompactConsumer {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
     }
     public boolean verifySignatureWith(X509Certificate cert, String algo) {
-        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(cert, algo));
+        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(cert, algo));
     }
-    public boolean verifySignatureWith(RSAPublicKey key, String algo) {
-        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+    public boolean verifySignatureWith(PublicKey key, String algo) {
+        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
     }
     public boolean verifySignatureWith(byte[] key, String algo) {
         return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index 70ebe6d..fc13844 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
-import java.security.interfaces.RSAPrivateKey;
+import java.security.PrivateKey;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
@@ -77,8 +77,8 @@ public class JwsCompactProducer {
         return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm()));
     }
     
-    public String signWith(RSAPrivateKey key) {
-        return signWith(JwsUtils.getRSAKeySignatureProvider(key, headers.getAlgorithm()));
+    public String signWith(PrivateKey key) {
+        return signWith(JwsUtils.getPrivateKeySignatureProvider(key, headers.getAlgorithm()));
     }
     public String signWith(byte[] key) {
         return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index 2eaf128..a7cb20a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
-import java.security.interfaces.RSAPublicKey;
+import java.security.PublicKey;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
@@ -128,8 +128,8 @@ public class JwsJsonConsumer {
         }
         return false;
     }
-    public boolean verifySignatureWith(RSAPublicKey key, String algo) {
-        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+    public boolean verifySignatureWith(PublicKey key, String algo) {
+        return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
     }
     public boolean verifySignatureWith(byte[] key, String algo) {
         return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index 4c4a2a6..9bac5b8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
-import java.security.interfaces.RSAPrivateKey;
+import java.security.PrivateKey;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
@@ -110,8 +110,8 @@ public class JwsJsonProducer {
     public String signWith(JsonWebKey jwk) {
         return signWith(JwsUtils.getSignatureProvider(jwk));
     }
-    public String signWith(RSAPrivateKey key, String algo) {
-        return signWith(JwsUtils.getRSAKeySignatureProvider(key, algo));
+    public String signWith(PrivateKey key, String algo) {
+        return signWith(JwsUtils.getPrivateKeySignatureProvider(key, algo));
     }
     public String signWith(byte[] key, String algo) {
         return signWith(JwsUtils.getHmacSignatureProvider(key, algo));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index a275a75..b2c634a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -18,7 +18,11 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.ArrayList;
@@ -54,13 +58,13 @@ public final class JwsUtils {
     private JwsUtils() {
         
     }
-    public static String sign(RSAPrivateKey key, String algo, String content) {
+    public static String sign(PrivateKey key, String algo, String content) {
         return sign(key, algo, content, null);
     }
     
     
-    public static String sign(RSAPrivateKey key, String algo, String content, String ct)
{
-        return sign(getRSAKeySignatureProvider(key, algo), content, ct);
+    public static String sign(PrivateKey key, String algo, String content, String ct) {
+        return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
     }
     public static String sign(byte[] key, String algo, String content) {
         return sign(key, algo, content, null);
@@ -68,8 +72,8 @@ public final class JwsUtils {
     public static String sign(byte[] key, String algo, String content, String ct) {
         return sign(getHmacSignatureProvider(key, algo), content, ct);
     }
-    public static String verify(RSAPublicKey key, String algo, String content) {
-        JwsCompactConsumer jws = verify(getRSAKeySignatureVerifier(key, algo), content);
+    public static String verify(PublicKey key, String algo, String content) {
+        JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
         return jws.getDecodedJwsPayload();
     }
     public static String verify(byte[] key, String algo, String content) {
@@ -80,28 +84,34 @@ public final class JwsUtils {
         return getSignatureProvider(jwk, null);
     }
     public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm)
{
-        String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+        String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         JwsSignatureProvider theSigProvider = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            theSigProvider = getRSAKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
-                                                        rsaSignatureAlgo);
+            theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
+                                                            signatureAlgo);
             
             
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { 
             byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theSigProvider = getHmacSignatureProvider(key, rsaSignatureAlgo);
+            theSigProvider = getHmacSignatureProvider(key, signatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-            theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
-                                                           SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
+            theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
+                                                            signatureAlgo);
         }
         return theSigProvider;
     }
-    public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey key, String
algo) {
+    public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, String
algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
-        return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+        if (key instanceof ECPrivateKey) {
+            return new EcDsaJwsSignatureProvider((ECPrivateKey)key, SignatureAlgorithm.getAlgorithm(algo));
+        } else if (key instanceof RSAPrivateKey) {
+            return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+        }
+        
+        return null;
     }
     public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo)
{
         if (algo == null) {
@@ -117,28 +127,34 @@ public final class JwsUtils {
         return getSignatureVerifier(jwk, null);
     }
     public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm)
{
-        String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+        String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
         JwsSignatureVerifier theVerifier = null;
         if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
-            theVerifier = getRSAKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true),
rsaSignatureAlgo);
+            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true),
signatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { 
             byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
-            theVerifier = getHmacSignatureVerifier(key, rsaSignatureAlgo);
+            theVerifier = getHmacSignatureVerifier(key, signatureAlgo);
         } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
-            theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), 
-                                                        SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
+            theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo);
         }
         return theVerifier;
     }
-    public static JwsSignatureVerifier getRSAKeySignatureVerifier(X509Certificate cert, String
algo) {
-        return getRSAKeySignatureVerifier((RSAPublicKey)cert.getPublicKey(), algo);
+    public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert,
String algo) {
+        return getPublicKeySignatureVerifier(cert.getPublicKey(), algo);
     }
-    public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey key, String
algo) {
+    public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, String
algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
             throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
         }
-        return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+        
+        if (key instanceof RSAPublicKey) {
+            return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+        } else if (key instanceof ECPublicKey) {
+            return new EcDsaJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+        }
+        
+        return null;
     }
     public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo)
{
         if (algo == null) {
@@ -241,7 +257,6 @@ public final class JwsUtils {
                                                               JoseHeaders headers,
                                                               boolean ignoreNullProvider)
{
         JwsSignatureProvider theSigProvider = null; 
-        String rsaSignatureAlgo = null;
         boolean reportPublicKey = 
             headers != null && MessageUtils.isTrue(
                 MessageUtils.getContextualProperty(m, JSON_WEB_SIGNATURE_REPORT_KEY_PROP,
@@ -249,17 +264,16 @@ public final class JwsUtils {
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
             if (jwk != null) {
-                rsaSignatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
+                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+                theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
                 if (reportPublicKey) {
-                    JwkUtils.setPublicKeyInfo(jwk, headers, rsaSignatureAlgo);
+                    JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo);
                 }
             }
         } else {
-            rsaSignatureAlgo = getSignatureAlgo(m, props, null, null);
-            RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,

-                JsonWebKey.KEY_OPER_SIGN);
-            theSigProvider = getRSAKeySignatureProvider(pk, rsaSignatureAlgo);
+            String signatureAlgo = getSignatureAlgo(m, props, null, null);
+            PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, JsonWebKey.KEY_OPER_SIGN);
+            theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
             if (reportPublicKey) {
                 headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
props));
             }
@@ -284,22 +298,21 @@ public final class JwsUtils {
             } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
                 List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
                 KeyManagementUtils.validateCertificateChain(props, chain);
-                return getRSAKeySignatureVerifier((RSAPublicKey)chain.get(0).getPublicKey(),
inHeaders.getAlgorithm());
+                return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), inHeaders.getAlgorithm());
             }
         }
         
-        String rsaSignatureAlgo = null;
         if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
             if (jwk != null) {
-                rsaSignatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
-                theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
+                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+                theVerifier = JwsUtils.getSignatureVerifier(jwk, signatureAlgo);
             }
             
         } else {
-            rsaSignatureAlgo = getSignatureAlgo(m, props, null, null);
-            theVerifier = getRSAKeySignatureVerifier(
-                              (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), rsaSignatureAlgo);
+            String signatureAlgo = getSignatureAlgo(m, props, null, null);
+            theVerifier = getPublicKeySignatureVerifier(
+                              KeyManagementUtils.loadPublicKey(m, props), signatureAlgo);
         }
         if (theVerifier == null && !ignoreNullVerifier) {
             LOG.warning("Verifier is not available");


Mime
View raw message