cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Remove recently added properly to allow "none" signatures -> just use signature algorithm property instead
Date Mon, 19 Oct 2015 15:13:26 GMT
Remove recently added properly to allow "none" signatures -> just use signature algorithm
property instead


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7a928e8d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7a928e8d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7a928e8d

Branch: refs/heads/master
Commit: 7a928e8dff6a39e1e0b3a646aa50f9b304170f0a
Parents: 7de5fba
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 19 12:27:21 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 19 12:27:21 2015 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/common/JoseConstants.java  |  5 -----
 .../rs/security/jose/common/KeyManagementUtils.java |  9 ++++++---
 .../apache/cxf/rs/security/jose/jws/JwsUtils.java   | 16 ++++++----------
 3 files changed, 12 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7a928e8d/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index a29504c..e0bf28b 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -139,11 +139,6 @@ public final class JoseConstants {
     public static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
     
     /**
-     * Whether a "none" signature is allowed or not. The default is "false".
-     */
-    public static final String RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE = "rs.security.signature.allow.none";
-    
-    /**
      * TODO documentation for these
      */
     public static final String RSSEC_SIGNATURE_REPORT_KEY_PROP = "rs.security.signature.report.public.key";

http://git-wip-us.apache.org/repos/asf/cxf/blob/7a928e8d/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index e54356a..0c32919 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -330,9 +330,12 @@ public final class KeyManagementUtils {
                 }
             }
         }
-        if (props == null && required) { 
-            LOG.warning("Properties resource is not identified");
-            throw new JoseException();
+        if (props == null) {
+            if (required) {
+                LOG.warning("Properties resource is not identified");
+                throw new JoseException();
+            }
+            props = new Properties();
         }
         return props; 
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7a928e8d/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 7142ffc..02a4940 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -204,18 +204,9 @@ public final class JwsUtils {
     }
     public static JwsSignatureVerifier loadSignatureVerifier(JwsHeaders headers, boolean
required) {
         Message m = PhaseInterceptorChain.getCurrentMessage();
-        boolean allowNoneSignature = 
-            MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE,
false);
-        if (allowNoneSignature && SignatureAlgorithm.NONE.getJwaName().equals(headers.getAlgorithm()))
{
-            return new NoneJwsSignatureVerifier();
-        }
-            
         Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
                                                                   JoseConstants.RSSEC_SIGNATURE_IN_PROPS,

                                                                   JoseConstants.RSSEC_SIGNATURE_PROPS);
-        if (props == null) {
-            return null;
-        }
         return loadSignatureVerifier(m, props, headers, false);
     }
     public static List<JwsSignatureProvider> loadSignatureProviders(String propLoc,
Message m) {
@@ -338,9 +329,14 @@ public final class JwsUtils {
             
         } else {
             String signatureAlgo = getSignatureAlgo(m, props, null, null);
-            theVerifier = getPublicKeySignatureVerifier(
+            if (SignatureAlgorithm.getAlgorithm(signatureAlgo) == SignatureAlgorithm.NONE

+                && SignatureAlgorithm.NONE.getJwaName().equals(inHeaders.getAlgorithm()))
{
+                theVerifier = new NoneJwsSignatureVerifier();
+            } else {
+                theVerifier = getPublicKeySignatureVerifier(
                               KeyManagementUtils.loadPublicKey(m, props), 
                               SignatureAlgorithm.getAlgorithm(signatureAlgo));
+            }
         }
         if (theVerifier == null && !ignoreNullVerifier) {
             LOG.warning("Verifier is not available");


Mime
View raw message