cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [5/6] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header
Date Mon, 26 Oct 2015 17:09:14 GMT
Add support for selecting a key for decryption using the sha-1 hash in the header


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/179db4aa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/179db4aa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/179db4aa

Branch: refs/heads/3.0.x-fixes
Commit: 179db4aa4090eb244d1aad54e2073f0ade0a6beb
Parents: 049a8bd
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 26 16:06:58 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 26 17:08:47 2015 +0000

----------------------------------------------------------------------
 .../rs/security/jose/common/KeyManagementUtils.java  |  4 ++--
 .../apache/cxf/rs/security/jose/jwe/JweUtils.java    | 15 ++++++++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 57929c2..3eb4637 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -369,12 +369,12 @@ public final class KeyManagementUtils {
         return props; 
     }
     public static PrivateKey loadPrivateKey(Message m, Properties props, 
-                                            List<X509Certificate> inCerts, 
+                                            X509Certificate inCert, 
                                             KeyOperation keyOper) {
         KeyStore ks = loadPersistKeyStore(m, props);
         
         try {
-            String alias = ks.getCertificateAlias(inCerts.get(0));
+            String alias = ks.getCertificateAlias(inCert);
             return loadPrivateKey(ks, m, props, keyOper, alias);
             
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 4591bc3..e23f605 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,11 +368,24 @@ public final class JweUtils {
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
             KeyManagementUtils.validateCertificateChain(props, chain);
+            X509Certificate cert = chain == null ? null : chain.get(0);
             PrivateKey privateKey = 
-                KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT);
+                KeyManagementUtils.loadPrivateKey(m, props, cert, KeyOperation.DECRYPT);
             contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName();
             keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, 
                                                                  inHeaders.getKeyEncryptionAlgorithm());
+        } else if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT)
!= null) {
+            X509Certificate foundCert = 
+                KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(),

+                                                                MessageDigestUtils.ALGO_SHA_1,
+                                                                m, props);
+            if (foundCert != null) {
+                PrivateKey privateKey = 
+                    KeyManagementUtils.loadPrivateKey(m, props, foundCert, KeyOperation.DECRYPT);
+                contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName();
+                keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, 
+                                                                     inHeaders.getKeyEncryptionAlgorithm());
+            }
         } else {
             if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
                 JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT);


Mime
View raw message