cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making it easier to load JWS/JWE properties from the custom code
Date Wed, 11 Nov 2015 12:55:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master a723da9d9 -> 78cb9f4ea


Making it easier to load JWS/JWE properties from the custom code


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/78cb9f4e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/78cb9f4e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/78cb9f4e

Branch: refs/heads/master
Commit: 78cb9f4eac106c97a0ca67e6913af87a7d233498
Parents: a723da9
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Nov 11 12:55:19 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Nov 11 12:55:19 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 64 +++++++++-----
 .../security/jose/jws/JwsCompactProducer.java   | 11 +--
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 92 ++++++++++++++------
 3 files changed, 108 insertions(+), 59 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/78cb9f4e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index a40c619..074dfa5 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -287,13 +287,11 @@ public final class JweUtils {
     }
     @SuppressWarnings("deprecation")
     public static JweEncryptionProvider loadEncryptionProvider(JweHeaders headers, boolean
required) {
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS,

-                                                                  JoseConstants.RSSEC_ENCRYPTION_PROPS);
+        Properties props = loadEncryptionOutProperties(required);
         if (props == null) {
             return null;
         }
+        Message m = PhaseInterceptorChain.getCurrentMessage();
         
         boolean includeCert = 
             headers != null && MessageUtils.getContextualBoolean(
@@ -302,7 +300,7 @@ public final class JweUtils {
                 m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1, false);
         
         KeyEncryptionProvider keyEncryptionProvider = null;
-        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
+        String keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
         KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo); 
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         m.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentEncryptionAlgo);
@@ -313,8 +311,8 @@ public final class JweUtils {
                 contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                 ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo);
             } else {
-                keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), 
-                                                         getDefaultKeyAlgo(jwk));
+                keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, jwk.getAlgorithm(),

+                                                         getDefaultKeyAlgorithm(jwk));
                 keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
                 
                 boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean(
@@ -366,18 +364,15 @@ public final class JweUtils {
         return loadDecryptionProvider(null, required);
     }
     public static JweDecryptionProvider loadDecryptionProvider(JweHeaders inHeaders, boolean
required) {
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  JoseConstants.RSSEC_ENCRYPTION_IN_PROPS,

-                                                                  JoseConstants.RSSEC_ENCRYPTION_PROPS);
+        Properties props = loadEncryptionInProperties(required);
         if (props == null) {
             return null;
         }    
-        
+        Message m = PhaseInterceptorChain.getCurrentMessage();
         KeyDecryptionProvider keyDecryptionProvider = null;
         String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
         SecretKey ctDecryptionKey = null;
-        String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
+        String keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, null, null);
         if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN)
!= null) {
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
@@ -412,8 +407,8 @@ public final class JweUtils {
                     contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm());
                     ctDecryptionKey = getContentDecryptionSecretKey(jwk, contentEncryptionAlgo);
                 } else {
-                    keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
-                                                             getDefaultKeyAlgo(jwk));
+                    keyEncryptionAlgo = getKeyEncryptionAlgorithm(m, props, jwk.getAlgorithm(),
+                                                             getDefaultKeyAlgorithm(jwk));
                     keyDecryptionProvider = getKeyDecryptionProvider(jwk, 
                                                                       KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
                 }
@@ -641,7 +636,7 @@ public final class JweUtils {
         }
     }
     @SuppressWarnings("deprecation")
-    private static String getKeyEncryptionAlgo(Message m, Properties props, 
+    public static String getKeyEncryptionAlgorithm(Message m, Properties props, 
                                                String algo, String defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
@@ -649,7 +644,10 @@ public final class JweUtils {
             }
             
             // Check for deprecated identifier first
-            String encAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM);
+            String encAlgo = null;
+            if (props != null) {
+                encAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM);
+            }
             if (encAlgo == null) {
                 encAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM);
             }
@@ -658,12 +656,19 @@ public final class JweUtils {
             }
             
             // Otherwise check newer identifier
-            return KeyManagementUtils.getKeyAlgorithm(m, props, 
-                                                      JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM,
defaultAlgo);
+            if (props != null) {
+                return getKeyEncryptionAlgorithm(props, defaultAlgo);
+            }
         }
         return algo;
     }
-    private static String getDefaultKeyAlgo(JsonWebKey jwk) {
+    public static String getKeyEncryptionAlgorithm(Properties props, String defaultAlgo)
{
+        return KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),

+                                                  props, 
+                                                  JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM,

+                                                  defaultAlgo);
+    }
+    private static String getDefaultKeyAlgorithm(JsonWebKey jwk) {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
             return AlgorithmUtils.A128GCMKW_ALGO;
@@ -704,12 +709,23 @@ public final class JweUtils {
         return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE,
ct));
     }
     public static void validateJweCertificateChain(List<X509Certificate> certs) {
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, true, 
-                                                                  JoseConstants.RSSEC_ENCRYPTION_IN_PROPS,

-                                                                  JoseConstants.RSSEC_ENCRYPTION_PROPS);
+        Properties props = loadEncryptionInProperties(true);
         KeyManagementUtils.validateCertificateChain(props, certs);
     }
+    public static Properties loadEncryptionInProperties(boolean required) {
+        Message m = PhaseInterceptorChain.getCurrentMessage();
+        return KeyManagementUtils.loadStoreProperties(m, required, 
+                                                      JoseConstants.RSSEC_ENCRYPTION_IN_PROPS,

+                                                      JoseConstants.RSSEC_ENCRYPTION_PROPS);
+        
+    }
+    public static Properties loadEncryptionOutProperties(boolean required) {
+        Message m = PhaseInterceptorChain.getCurrentMessage();
+        return KeyManagementUtils.loadStoreProperties(m, required, 
+                                                      JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS,

+                                                      JoseConstants.RSSEC_ENCRYPTION_PROPS);
+        
+    }
 
     public static void checkEncryptionKeySize(Key key) {
         if (key instanceof RSAKey && ((RSAKey)key).getModulus().bitLength() <
2048) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/78cb9f4e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index 5fba635..ec14b6b 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -26,8 +26,6 @@ import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
@@ -142,7 +140,7 @@ public class JwsCompactProducer {
         if (getAlgorithm() == null) {
             Properties sigProps = getSignatureProperties();
             Message m = PhaseInterceptorChain.getCurrentMessage();
-            String signatureAlgo = JwsUtils.getSignatureAlgo(m, sigProps, null, null);
+            String signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps, null, null);
             if (signatureAlgo != null) {
                 getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgo));
             }
@@ -153,11 +151,8 @@ public class JwsCompactProducer {
         }
     }
     public Properties getSignatureProperties() {
-        if (signatureProperties == null && PhaseInterceptorChain.getCurrentMessage()
!= null) {
-            Message m = PhaseInterceptorChain.getCurrentMessage();
-            signatureProperties = KeyManagementUtils.loadStoreProperties(m, false, 
-                                                                      JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,

-                                                                      JoseConstants.RSSEC_SIGNATURE_PROPS);
+        if (signatureProperties == null) {
+            signatureProperties = JwsUtils.loadSignatureOutProperties(false);
             
         }
         return signatureProperties;

http://git-wip-us.apache.org/repos/asf/cxf/blob/78cb9f4e/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 0bce50e..8792108 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -65,6 +65,9 @@ public final class JwsUtils {
     public static String sign(PrivateKey key, SignatureAlgorithm algo, String content, String
ct) {
         return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
     }
+    public static String sign(String encodedKey, SignatureAlgorithm algo, String content)
{
+        return sign(JoseUtils.decode(encodedKey), algo, content);
+    }
     public static String sign(byte[] key, SignatureAlgorithm algo, String content) {
         return sign(key, algo, content, null);
     }
@@ -75,6 +78,9 @@ public final class JwsUtils {
         JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
         return jws.getDecodedJwsPayload();
     }
+    public static String verify(String encodedKey, SignatureAlgorithm algo, String content)
{
+        return verify(JoseUtils.decode(encodedKey), algo, content);
+    }
     public static String verify(byte[] key, SignatureAlgorithm algo, String content) {
         JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content);
         return jws.getDecodedJwsPayload();
@@ -113,6 +119,9 @@ public final class JwsUtils {
         
         return null;
     }
+    public static JwsSignatureProvider getHmacSignatureProvider(String encodedKey, SignatureAlgorithm
algo) {
+        return getHmacSignatureProvider(JoseUtils.decode(encodedKey), algo);
+    }
     public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, SignatureAlgorithm
algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
@@ -158,6 +167,9 @@ public final class JwsUtils {
         
         return null;
     }
+    public static JwsSignatureVerifier getHmacSignatureVerifier(String encodedKey, SignatureAlgorithm
algo) {
+        return getHmacSignatureVerifier(JoseUtils.decode(encodedKey), algo);    
+    }
     public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm
algo) {
         if (algo == null) {
             LOG.warning("No signature algorithm was defined");
@@ -188,29 +200,38 @@ public final class JwsUtils {
     public static JwsSignatureProvider loadSignatureProvider(boolean required) {
         return loadSignatureProvider(null, required);    
     }
+    
     public static JwsSignatureProvider loadSignatureProvider(JwsHeaders headers, boolean
required) {
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,

-                                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);
+        Properties props = loadSignatureOutProperties(required);
         if (props == null) {
             return null;
         }
-        JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, headers, false);
+        JwsSignatureProvider theSigProvider = loadSignatureProvider(props, headers);
         if (headers != null) {
             headers.setSignatureAlgorithm(theSigProvider.getAlgorithm());
         }
         return theSigProvider;
     }
+    public static Properties loadSignatureOutProperties(boolean required) {
+        Message m = PhaseInterceptorChain.getCurrentMessage();
+        return KeyManagementUtils.loadStoreProperties(m, required, 
+                                                      JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,

+                                                      JoseConstants.RSSEC_SIGNATURE_PROPS);
+        
+    }
+    public static Properties loadSignatureInProperties(boolean required) {
+        Message m = PhaseInterceptorChain.getCurrentMessage();
+        return KeyManagementUtils.loadStoreProperties(m, required, 
+                                                      JoseConstants.RSSEC_SIGNATURE_IN_PROPS,

+                                                      JoseConstants.RSSEC_SIGNATURE_PROPS);
+        
+    }
     public static JwsSignatureVerifier loadSignatureVerifier(boolean required) {
         return loadSignatureVerifier(null, required);
     }
     public static JwsSignatureVerifier loadSignatureVerifier(JwsHeaders headers, boolean
required) {
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, required, 
-                                                                  JoseConstants.RSSEC_SIGNATURE_IN_PROPS,

-                                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);
-        return loadSignatureVerifier(m, props, headers, false);
+        Properties props = loadSignatureInProperties(required);
+        return loadSignatureVerifier(props, headers);
     }
     public static List<JwsSignatureProvider> loadSignatureProviders(String propLoc,
Message m) {
         Properties props = loadJwsProperties(m, propLoc);
@@ -261,10 +282,15 @@ public final class JwsUtils {
         //TODO: validate JWS specific constraints
         return JoseUtils.validateCriticalHeaders(headers);
     }
+    public static JwsSignatureProvider loadSignatureProvider(Properties props,
+                                                             JoseHeaders headers) {
+        return loadSignatureProvider(PhaseInterceptorChain.getCurrentMessage(),
+                                     props, headers, false);
+    }
     public static JwsSignatureProvider loadSignatureProvider(Message m, 
-                                                              Properties props,
-                                                              JoseHeaders headers,
-                                                              boolean ignoreNullProvider)
{
+                                                             Properties props,
+                                                             JoseHeaders headers,
+                                                             boolean ignoreNullProvider)
{
         JwsSignatureProvider theSigProvider = null;
         
         boolean includeCert = headers != null && MessageUtils.getContextualBoolean(
@@ -275,7 +301,7 @@ public final class JwsUtils {
         if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
             if (jwk != null) {
-                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+                String signatureAlgo = getSignatureAlgorithm(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgorithm(jwk));
                 theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
                 
                 boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean(
@@ -300,7 +326,7 @@ public final class JwsUtils {
                 }
             }
         } else {
-            String signatureAlgo = getSignatureAlgo(m, props, null, null);
+            String signatureAlgo = getSignatureAlgorithm(m, props, null, null);
             if (SignatureAlgorithm.getAlgorithm(signatureAlgo) == SignatureAlgorithm.NONE)
{
                 theSigProvider = new NoneJwsSignatureProvider();
             } else {
@@ -324,7 +350,12 @@ public final class JwsUtils {
         }
         return theSigProvider;
     }
-    private static JwsSignatureVerifier loadSignatureVerifier(Message m, 
+    public static JwsSignatureVerifier loadSignatureVerifier(Properties props,
+                                                             JwsHeaders inHeaders) {
+        return loadSignatureVerifier(PhaseInterceptorChain.getCurrentMessage(),
+                                     props, inHeaders, false);
+    }
+    public static JwsSignatureVerifier loadSignatureVerifier(Message m, 
                                                               Properties props,
                                                               JwsHeaders inHeaders, 
                                                               boolean ignoreNullVerifier)
{
@@ -361,12 +392,12 @@ public final class JwsUtils {
         if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE)))
{
             JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid);
             if (jwk != null) {
-                String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+                String signatureAlgo = getSignatureAlgorithm(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgorithm(jwk));
                 theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
             }
             
         } else {
-            String signatureAlgo = getSignatureAlgo(m, props, null, null);
+            String signatureAlgo = getSignatureAlgorithm(m, props, null, null);
             if (SignatureAlgorithm.getAlgorithm(signatureAlgo) == SignatureAlgorithm.NONE

                 && SignatureAlgorithm.NONE.getJwaName().equals(inHeaders.getAlgorithm()))
{
                 theVerifier = new NoneJwsSignatureVerifier();
@@ -392,14 +423,17 @@ public final class JwsUtils {
     }
     
     @SuppressWarnings("deprecation")
-    public static String getSignatureAlgo(Message m, Properties props, String algo, String
defaultAlgo) {
+    public static String getSignatureAlgorithm(Message m, Properties props, String algo,
String defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
                 defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO;
             }
             
             // Check for deprecated identifier first
-            String sigAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM);
+            String sigAlgo = null;
+            if (props != null) {
+                sigAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM);
+            }
             if (sigAlgo == null && m != null) {
                 sigAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM);
             }
@@ -408,12 +442,19 @@ public final class JwsUtils {
             }
             
             // Otherwise check newer identifier
-            return KeyManagementUtils.getKeyAlgorithm(m, props, 
-                                                      JoseConstants.RSSEC_SIGNATURE_ALGORITHM,
defaultAlgo);
+            if (props != null) {
+                return getSignatureAlgorithm(props, defaultAlgo);
+            }
         }
         return algo;
     }
-    private static String getDefaultKeyAlgo(JsonWebKey jwk) {
+    public static String getSignatureAlgorithm(Properties props, String defaultAlgo) {
+        return KeyManagementUtils.getKeyAlgorithm(PhaseInterceptorChain.getCurrentMessage(),
+                                                  props, 
+                                                  JoseConstants.RSSEC_SIGNATURE_ALGORITHM,

+                                                  defaultAlgo);
+    }
+    private static String getDefaultKeyAlgorithm(JsonWebKey jwk) {
         KeyType keyType = jwk.getKeyType();
         if (KeyType.OCTET == keyType) {
             return AlgorithmUtils.HMAC_SHA_256_ALGO;
@@ -441,10 +482,7 @@ public final class JwsUtils {
     }
     public static void validateJwsCertificateChain(List<X509Certificate> certs) {
         
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        Properties props = KeyManagementUtils.loadStoreProperties(m, true, 
-                                                                  JoseConstants.RSSEC_SIGNATURE_IN_PROPS,

-                                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);
+        Properties props = loadSignatureInProperties(true);
         KeyManagementUtils.validateCertificateChain(props, certs);
     }
     public static boolean isPayloadUnencoded(JwsHeaders jwsHeaders) {


Mime
View raw message