cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Modification to the accept public key configuration tag
Date Fri, 23 Oct 2015 16:27:00 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 6a778890e -> c60357527


Modification to the accept public key configuration tag


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c6035752
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c6035752
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c6035752

Branch: refs/heads/master
Commit: c60357527dd1614734c2c80ea86879ab1e4acc4d
Parents: 7b4a828
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 23 17:25:43 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 23 17:26:10 2015 +0100

----------------------------------------------------------------------
 .../apache/cxf/rs/security/jose/common/JoseConstants.java   | 9 +++++++--
 .../java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java  | 2 +-
 .../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java  | 2 +-
 .../org/apache/cxf/systest/jaxrs/security/jwt/server.xml    | 1 +
 4 files changed, 10 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c6035752/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index 604155f..b05fdd6 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -120,9 +120,14 @@ public final class JoseConstants {
     public static final String RSSEC_INCLUDE_CERT_SHA1 = "rs.security.include.cert.sha1";
     
     /**
+     * Whether to allow using a JWK received in the header for signature validation. The
default
+     * is "false".
+     */
+    public static final String RSSEC_ACCEPT_PUBLIC_KEY = "rs.security.accept.public.key";
+    
+    /**
      * TODO documentation for these
      */
-    public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties";
     public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset";
     public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey";
     
@@ -187,7 +192,7 @@ public final class JoseConstants {
     public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key";
     
     /**
-     * Include the X.509 certificate for signaturein the "x5c" header.
+     * Include the X.509 certificate for signature in the "x5c" header.
      */
     public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert";
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/c6035752/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 5ab72e0..60d3c83 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -312,7 +312,7 @@ public final class JwkUtils {
         JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader);
         String kid = null;
         if (inHeaderKid != null 
-            && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY_PROP,
true)) {
+            && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY,
false)) {
             kid = inHeaderKid;
         } else {
             kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS,
keyOper);

http://git-wip-us.apache.org/repos/asf/cxf/blob/c6035752/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index c36002f..747d53b 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -336,7 +336,7 @@ public final class JwsUtils {
             if (inHeaders.getHeader(JoseConstants.HEADER_JSON_WEB_KEY) != null) {
                 JsonWebKey publicJwk = inHeaders.getJsonWebKey();
                 if (inHeaderKid != null && !inHeaderKid.equals(publicJwk.getKeyId())
-                    || !MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY_PROP,
true)) {
+                    || !MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY,
false)) {
                     throw new JwsException(JwsException.Error.INVALID_KEY);
                 }
                 return getSignatureVerifier(publicJwk, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/c6035752/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 5c1786d2..9923948 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -231,6 +231,7 @@ under the License.
         <jaxrs:properties>
             <entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"/>
             <entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"/>
+            <entry key="rs.security.accept.public.key" value="true"/>
         </jaxrs:properties>
     </jaxrs:server>
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-jwt}/jweaescbchmac">


Mime
View raw message