cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf git commit: Give priority to the signature/decryption provider over the generic one, rather than the one way around
Date Thu, 15 Oct 2015 13:53:18 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 779acfaa4 -> 7a02829e6


Give priority to the signature/decryption provider over the generic one, rather than the one
way around


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e898a0a4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e898a0a4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e898a0a4

Branch: refs/heads/3.0.x-fixes
Commit: e898a0a4f6ef29922f0f286af8a670bcfaab9df9
Parents: 779acfa
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Oct 15 11:58:13 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Oct 15 14:49:29 2015 +0100

----------------------------------------------------------------------
 .../rs/security/jose/common/JoseConstants.java  | 26 ++++++++++----------
 .../jose/common/KeyManagementUtils.java         | 12 +++++----
 2 files changed, 20 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e898a0a4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
index b85d1ce..89dd079 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java
@@ -53,7 +53,7 @@ public final class JoseConstants {
     //
     
     // 
-    // Keys/keystore configuration
+    // Shared Keys/keystore configuration
     //
     
     /**
@@ -92,18 +92,6 @@ public final class JoseConstants {
     public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider";
     
     /**
-     * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to
access keys
-     * for signature.
-     */
-    public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
-    
-    /**
-     * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to
access keys
-     * for decryption.
-     */
-    public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
-    
-    /**
      * TODO documentation for these
      */
     public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms";
@@ -118,6 +106,12 @@ public final class JoseConstants {
     //
     
     /**
+     * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to
access keys
+     * for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER.
+     */
+    public static final String RSSEC_SIGNATURE_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
+    
+    /**
      * The signature algorithm to use. For example 'RS256'.
      */
     public static final String RSSEC_SIGNATURE_ALGORITHM = "rs.security.signature.algorithm";
@@ -159,6 +153,12 @@ public final class JoseConstants {
     //
     
     /**
+     * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to
access keys
+     * for decryption. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER.
+     */
+    public static final String RSSEC_DECRYPTION_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
+    
+    /**
      * The encryption content algorithm to use.
      */
     public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm";

http://git-wip-us.apache.org/repos/asf/cxf/blob/e898a0a4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 917c856..23370ef 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -166,16 +166,18 @@ public final class KeyManagementUtils {
         return kid;
     }
     public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props,
KeyOperation keyOper) {
-        PrivateKeyPasswordProvider cb = 
-            (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER);
-        if (cb == null && keyOper != null) {
-            String propName = keyOper == KeyOperation.SIGN ? JoseConstants.RSSEC_SIG_KEY_PSWD_PROVIDER
+        PrivateKeyPasswordProvider cb = null;
+        if (keyOper != null) {
+            String propName = keyOper == KeyOperation.SIGN ? JoseConstants.RSSEC_SIGNATURE_KEY_PSWD_PROVIDER
                 : keyOper == KeyOperation.DECRYPT 
-                ? JoseConstants.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
+                ? JoseConstants.RSSEC_DECRYPTION_KEY_PSWD_PROVIDER : null;
             if (propName != null) {
                 cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
             }
         }
+        if (cb == null) {
+            cb = (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER);
+        }
         return cb;
     }
     


Mime
View raw message