cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Keeping a single source of signing properties in JwsCompact as discussed with Colm
Date Tue, 24 Nov 2015 11:27:52 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4e19e6e11 -> 6cb698081


Keeping a single source of signing properties in JwsCompact as discussed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cb69808
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cb69808
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cb69808

Branch: refs/heads/3.1.x-fixes
Commit: 6cb69808178c00e9c935372cd5cf107af8e480e1
Parents: 4e19e6e
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Nov 24 11:26:09 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Nov 24 11:27:31 2015 +0000

----------------------------------------------------------------------
 .../security/jose/jws/JwsCompactProducer.java   | 14 ++-------
 .../cxf/rs/security/jose/jws/JwsHeaders.java    |  9 +++++-
 .../cxf/rs/security/jose/jws/JwsUtils.java      |  7 ++---
 .../token/provider/jwt/JWTTokenProvider.java    | 30 +++++++-------------
 4 files changed, 24 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6cb69808/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index 5ef150a..53c1b0f 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -35,7 +35,6 @@ public class JwsCompactProducer {
     private String plainJwsPayload;
     private String signature;
     private boolean detached;
-    private Properties signatureProperties;
     public JwsCompactProducer(String plainJwsPayload) {
         this(plainJwsPayload, false);
     }
@@ -138,7 +137,7 @@ public class JwsCompactProducer {
     }
     private void checkAlgorithm() {
         if (getAlgorithm() == null) {
-            Properties sigProps = getSignatureProperties();
+            Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
             Message m = PhaseInterceptorChain.getCurrentMessage();
             SignatureAlgorithm signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps,
null, null);
             if (signatureAlgo != null) {
@@ -150,14 +149,5 @@ public class JwsCompactProducer {
             throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
         }
     }
-    public Properties getSignatureProperties() {
-        if (signatureProperties == null) {
-            signatureProperties = JwsUtils.loadSignatureOutProperties(false);
-            
-        }
-        return signatureProperties;
-    }
-    public void setSignatureProperties(Properties signatureProperties) {
-        this.signatureProperties = signatureProperties;
-    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cb69808/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
index a2d0e88..ec75872 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import java.util.Map;
+import java.util.Properties;
 
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.common.JoseHeaders;
@@ -31,7 +32,7 @@ public class JwsHeaders extends JoseHeaders {
     public JwsHeaders(JoseType type) {
         super(type);
     }
-    public JwsHeaders(JoseHeaders headers) {
+    public JwsHeaders(JwsHeaders headers) {
         super(headers.asMap());
     }
     
@@ -41,6 +42,9 @@ public class JwsHeaders extends JoseHeaders {
     public JwsHeaders(SignatureAlgorithm sigAlgo) {
         init(sigAlgo);
     }
+    public JwsHeaders(Properties sigProps) {
+        init(getSignatureAlgorithm(sigProps));
+    }
     public JwsHeaders(JoseType type, SignatureAlgorithm sigAlgo) {
         super(type);
         init(sigAlgo);
@@ -63,4 +67,7 @@ public class JwsHeaders extends JoseHeaders {
     public Boolean getPayloadEncodingStatus() {
         return super.getBooleanProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
     }
+    private static SignatureAlgorithm getSignatureAlgorithm(Properties sigProps) {
+        return JwsUtils.getSignatureAlgorithm(sigProps, null);
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cb69808/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index db12142..e20388f 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -40,7 +40,6 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.common.JoseHeaders;
 import org.apache.cxf.rs.security.jose.common.JoseUtils;
 import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
@@ -278,18 +277,18 @@ public final class JwsUtils {
         }
         return theVerifiers;
     }
-    public static boolean validateCriticalHeaders(JoseHeaders headers) {
+    public static boolean validateCriticalHeaders(JwsHeaders headers) {
         //TODO: validate JWS specific constraints
         return JoseUtils.validateCriticalHeaders(headers);
     }
     public static JwsSignatureProvider loadSignatureProvider(Properties props,
-                                                             JoseHeaders headers) {
+                                                             JwsHeaders headers) {
         return loadSignatureProvider(PhaseInterceptorChain.getCurrentMessage(),
                                      props, headers, false);
     }
     public static JwsSignatureProvider loadSignatureProvider(Message m, 
                                                              Properties props,
-                                                             JoseHeaders headers,
+                                                             JwsHeaders headers,
                                                              boolean ignoreNullProvider)
{
         JwsSignatureProvider theSigProvider = null;
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cb69808/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
index 54a4c4e..1a73d6c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
@@ -32,8 +32,6 @@ import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
@@ -41,11 +39,11 @@ import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.cache.CacheUtils;
@@ -119,11 +117,9 @@ public class JWTTokenProvider implements TokenProvider {
         JwtClaims claims = jwtClaimsProvider.getJwtClaims(jwtClaimsProviderParameters);
         
         try {
-            JwtToken token = new JwtToken(claims);
-            
-            String tokenData = signToken(token, jwtRealm, tokenParameters.getStsProperties());
+            String tokenData = signToken(claims, jwtRealm, tokenParameters.getStsProperties());
             if (tokenParameters.isEncryptToken()) {
-                tokenData = encryptToken(tokenData, token.getJweHeaders(), 
+                tokenData = encryptToken(tokenData, new JweHeaders(), 
                                          tokenParameters.getStsProperties(),
                                          tokenParameters.getEncryptionProperties(),
                                          tokenParameters.getKeyRequirements());
@@ -205,13 +201,11 @@ public class JWTTokenProvider implements TokenProvider {
     }
     
     private String signToken(
-        JwtToken token, 
+        JwtClaims claims, 
         RealmProperties jwtRealm,
         STSPropertiesMBean stsProperties
     ) throws Exception {
         
-        Properties signingProperties = new Properties();
-        
         if (signToken) {
             // Initialise signature objects with defaults of STSPropertiesMBean
             Crypto signatureCrypto = stsProperties.getSignatureCrypto();
@@ -255,6 +249,8 @@ public class JWTTokenProvider implements TokenProvider {
             callbackHandler.handle(cb);
             String password = cb[0].getPassword();
 
+            Properties signingProperties = new Properties();
+            
             signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, signatureAlgorithm);
             if (alias != null) {
                 signingProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, alias);
@@ -271,20 +267,16 @@ public class JWTTokenProvider implements TokenProvider {
             KeyStore keystore = ((Merlin)signatureCrypto).getKeyStore();
             signingProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
             
-            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
-            jws.setSignatureProperties(signingProperties);
+            JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
             
-            Message m = PhaseInterceptorChain.getCurrentMessage();
             JwsSignatureProvider sigProvider = 
-                JwsUtils.loadSignatureProvider(m, signingProperties, token.getJwsHeaders(),
false);
-            token.getJwsHeaders().setSignatureAlgorithm(sigProvider.getAlgorithm());
+                JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
             
             return jws.signWith(sigProvider);
         } else {
-            signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, "none");
-            
-            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
-            jws.setSignatureProperties(signingProperties);
+            JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
             return jws.getSignedEncodedJws();
         }
         


Mime
View raw message