cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making getting the signature key type more type safe
Date Wed, 11 Nov 2015 13:48:23 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes bdff40635 -> d7a0fb520


Making getting the signature key type more type safe


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d7a0fb52
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d7a0fb52
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d7a0fb52

Branch: refs/heads/3.1.x-fixes
Commit: d7a0fb520c122363592dd437e18b1e90561e0386
Parents: bdff406
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Nov 11 13:43:46 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Nov 11 13:48:05 2015 +0000

----------------------------------------------------------------------
 .../security/jose/jws/JwsCompactProducer.java   |  4 +-
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 54 +++++++++++---------
 2 files changed, 33 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d7a0fb52/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index ec14b6b..5ef150a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -140,9 +140,9 @@ public class JwsCompactProducer {
         if (getAlgorithm() == null) {
             Properties sigProps = getSignatureProperties();
             Message m = PhaseInterceptorChain.getCurrentMessage();
-            String signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps, null, null);
+            SignatureAlgorithm signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps,
null, null);
             if (signatureAlgo != null) {
-                getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgo));
+                getJwsHeaders().setSignatureAlgorithm(signatureAlgo);
             }
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/d7a0fb52/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 8792108..db12142 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -301,8 +301,11 @@ public final class JwsUtils {
         if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
             if (jwk != null) {
-                String signatureAlgo = getSignatureAlgorithm(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgorithm(jwk));
-                theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
+                SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, 
+                                                             props, 
+                                                             SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()),

+                                                             getDefaultKeyAlgorithm(jwk));
+                theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
                 
                 boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean(
                     m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY, false);
@@ -310,7 +313,7 @@ public final class JwsUtils {
                     m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false);
                 
                 if (includeCert) {
-                    JwkUtils.includeCertChain(jwk, headers, signatureAlgo);
+                    JwkUtils.includeCertChain(jwk, headers, signatureAlgo.getJwaName());
                 }
                 if (includeCertSha1) {
                     String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m,
props);
@@ -319,20 +322,19 @@ public final class JwsUtils {
                     }
                 }
                 if (includePublicKey) {
-                    JwkUtils.includePublicKey(jwk, headers, signatureAlgo);
+                    JwkUtils.includePublicKey(jwk, headers, signatureAlgo.getJwaName());
                 }
                 if (includeKeyId && jwk.getKeyId() != null && headers !=
null) {
                     headers.setKeyId(jwk.getKeyId());
                 }
             }
         } else {
-            String signatureAlgo = getSignatureAlgorithm(m, props, null, null);
-            if (SignatureAlgorithm.getAlgorithm(signatureAlgo) == SignatureAlgorithm.NONE)
{
+            SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, null, null);
+            if (signatureAlgo == SignatureAlgorithm.NONE) {
                 theSigProvider = new NoneJwsSignatureProvider();
             } else {
                 PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
-                theSigProvider = getPrivateKeySignatureProvider(pk, 
-                                                                SignatureAlgorithm.getAlgorithm(signatureAlgo));
+                theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
                 if (includeCert) {
                     headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
props));
                 }
@@ -392,19 +394,21 @@ public final class JwsUtils {
         if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid);
             if (jwk != null) {
-                String signatureAlgo = getSignatureAlgorithm(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgorithm(jwk));
-                theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
+                SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, 
+                                                             SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()),

+                                                             getDefaultKeyAlgorithm(jwk));
+                theVerifier = getSignatureVerifier(jwk, signatureAlgo);
             }
             
         } else {
-            String signatureAlgo = getSignatureAlgorithm(m, props, null, null);
-            if (SignatureAlgorithm.getAlgorithm(signatureAlgo) == SignatureAlgorithm.NONE

+            SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, null, null);
+            if (signatureAlgo == SignatureAlgorithm.NONE 
                 && SignatureAlgorithm.NONE.getJwaName().equals(inHeaders.getAlgorithm()))
{
                 theVerifier = new NoneJwsSignatureVerifier();
             } else {
                 theVerifier = getPublicKeySignatureVerifier(
                               KeyManagementUtils.loadPublicKey(m, props), 
-                              SignatureAlgorithm.getAlgorithm(signatureAlgo));
+                              signatureAlgo);
             }
         }
         if (theVerifier == null && !ignoreNullVerifier) {
@@ -423,10 +427,12 @@ public final class JwsUtils {
     }
     
     @SuppressWarnings("deprecation")
-    public static String getSignatureAlgorithm(Message m, Properties props, String algo,
String defaultAlgo) {
+    public static SignatureAlgorithm getSignatureAlgorithm(Message m, Properties props, 
+                                               SignatureAlgorithm algo, 
+                                               SignatureAlgorithm defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
-                defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO;
+                defaultAlgo = SignatureAlgorithm.RS256;
             }
             
             // Check for deprecated identifier first
@@ -438,7 +444,7 @@ public final class JwsUtils {
                 sigAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM);
             }
             if (sigAlgo != null) {
-                return sigAlgo;
+                return SignatureAlgorithm.getAlgorithm(sigAlgo);
             }
             
             // Otherwise check newer identifier
@@ -448,20 +454,22 @@ public final class JwsUtils {
         }
         return algo;
     }
-    public static String getSignatureAlgorithm(Properties props, String defaultAlgo) {
-        return KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),
+    public static SignatureAlgorithm getSignatureAlgorithm(Properties props, 
+                                               SignatureAlgorithm defaultAlgo) {
+        String algo = KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),
                                                   props, 
                                                   JoseConstants.RSSEC_SIGNATURE_ALGORITHM,

-                                                  defaultAlgo);
+                                                  defaultAlgo == null ? null : defaultAlgo.getJwaName());
+        return SignatureAlgorithm.getAlgorithm(algo);
     }
-    private static String getDefaultKeyAlgorithm(JsonWebKey jwk) {
+    private static SignatureAlgorithm getDefaultKeyAlgorithm(JsonWebKey jwk) {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
-            return AlgorithmUtils.HMAC_SHA_256_ALGO;
+            return SignatureAlgorithm.HS256;
         } else if (KeyType.EC == keyType) {
-            return AlgorithmUtils.ES_SHA_256_ALGO;
+            return SignatureAlgorithm.ES256;
         } else {
-            return AlgorithmUtils.RS_SHA_256_ALGO;
+            return SignatureAlgorithm.RS256;
         }
     }
     public static JwsCompactConsumer verify(JwsSignatureVerifier v, String content) {


Mime
View raw message