cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6085] Updating JweJsonConsumer to select the entries based on the extra properties
Date Tue, 01 Mar 2016 17:42:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4a667d9af -> e67788e8a


[CXF-6085] Updating JweJsonConsumer to select the entries based on the extra properties


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e67788e8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e67788e8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e67788e8

Branch: refs/heads/3.1.x-fixes
Commit: e67788e8a69e71a97116b477e7b5828576c3f4d2
Parents: 4a667d9
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Mar 1 17:41:22 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Mar 1 17:42:40 2016 +0000

----------------------------------------------------------------------
 .../jaxrs/AbstractJweJsonDecryptingFilter.java  | 14 ++++++++++---
 .../jaxrs/JweJsonContainerRequestFilter.java    | 21 +++++++++++++-------
 .../rs/security/jose/jwe/JweJsonConsumer.java   | 11 ++++++++--
 3 files changed, 34 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e67788e8/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
index 5dc52d9..8bfc807 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweJsonDecryptingFilter.java
@@ -21,11 +21,13 @@ package org.apache.cxf.rs.security.jose.jaxrs;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.util.Map;
 
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweException;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer;
 import org.apache.cxf.rs.security.jose.jwe.JweJsonEncryptionEntry;
@@ -34,13 +36,15 @@ import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 public class AbstractJweJsonDecryptingFilter {
     private JweDecryptionProvider decryption;
     private String defaultMediaType;
+    private Map<String, Object> recipientProperties;
     protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
         JweJsonConsumer c = new JweJsonConsumer(new String(IOUtils.readBytesFromStream(is),

                                                                    StandardCharsets.UTF_8));
         JweDecryptionProvider theProvider = getInitializedDecryptionProvider(c.getProtectedHeader());
-        //TODO: support the extra properties that can be matched against per-recipient headers
-        // which will be needed if we have multiple entries with the same key encryption
algorithm
-        JweJsonEncryptionEntry entry = c.getJweDecryptionEntry(theProvider);
+        JweJsonEncryptionEntry entry = c.getJweDecryptionEntry(theProvider, recipientProperties);
+        if (entry == null) {
+            throw new JweException(JweException.Error.INVALID_JSON_JWE);
+        }
         JweDecryptionOutput out = c.decryptWith(theProvider, entry);
         
         JAXRSUtils.getCurrentMessage().put(JweJsonConsumer.class, c);
@@ -66,6 +70,10 @@ public class AbstractJweJsonDecryptingFilter {
 
     public void setDefaultMediaType(String defaultMediaType) {
         this.defaultMediaType = defaultMediaType;
+    }
+
+    public void setRecipientProperties(Map<String, Object> recipientProperties) {
+        this.recipientProperties = recipientProperties;
     } 
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67788e8/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
index 1b6ab90..d0bb31f 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweJsonContainerRequestFilter.java
@@ -27,8 +27,10 @@ import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
 
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.jose.common.JoseUtils;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweException;
 
 @PreMatching
 @Priority(Priorities.JWE_SERVER_READ_PRIORITY)
@@ -38,13 +40,18 @@ public class JweJsonContainerRequestFilter extends AbstractJweJsonDecryptingFilt
         if (HttpMethod.GET.equals(context.getMethod())) {
             return;
         }
-        JweDecryptionOutput out = decrypt(context.getEntityStream());
-        byte[] bytes = out.getContent();
-        context.setEntityStream(new ByteArrayInputStream(bytes));
-        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
-        String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
-        if (ct != null) {
-            context.getHeaders().putSingle("Content-Type", ct);
+        try {
+            JweDecryptionOutput out = decrypt(context.getEntityStream());
+            byte[] bytes = out.getContent();
+            context.setEntityStream(new ByteArrayInputStream(bytes));
+            context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+            String ct = JoseUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
+            if (ct != null) {
+                context.getHeaders().putSingle("Content-Type", ct);
+            }
+        } catch (JweException ex) {
+            context.abortWith(JAXRSUtils.toResponse(400));
+            return;
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e67788e8/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
index 0d98455..0c8aecd 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java
@@ -82,12 +82,19 @@ public class JweJsonConsumer {
     }
 
     public JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jwe) {
-        //TODO: support a similar method that will check per-recipient unprotected headers
-        // which will be needed if we have multiple entries with the same key encryption
algorithm
+        return getJweDecryptionEntry(jwe, null);
+    }
+    
+    public JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jwe,
+                                                        Map<String, Object> recipientProps)
{
         for (Map.Entry<JweJsonEncryptionEntry, JweHeaders> entry : recipientsMap.entrySet())
{
             KeyAlgorithm keyAlgo = entry.getValue().getKeyEncryptionAlgorithm();
             if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm())
                 || keyAlgo == null && jwe.getKeyAlgorithm() == null) {
+                if (recipientProps != null 
+                    && !entry.getValue().asMap().entrySet().containsAll(recipientProps.entrySet()))
{
+                    continue;
+                }
                 return entry.getKey();        
             }    
         }


Mime
View raw message