cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating JwsUtils to optionally set an X509 chain property on verification JWKs
Date Mon, 20 Jun 2016 11:42:17 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0ea13a8e1 -> f44f6d7d1


Updating JwsUtils to optionally set an X509 chain property on verification JWKs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f44f6d7d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f44f6d7d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f44f6d7d

Branch: refs/heads/3.1.x-fixes
Commit: f44f6d7d1e869f6f814ffd940299cc77f1e23d07
Parents: 0ea13a8
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Jun 20 12:38:44 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Jun 20 12:41:33 2016 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 12 ++++++++--
 .../cxf/rs/security/jose/jws/JwsUtilsTest.java  | 25 +++++++++++++++++++-
 2 files changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f44f6d7d/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index da4641a..090c396 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -36,6 +36,7 @@ import java.util.Properties;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.PropertyUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptorChain;
@@ -529,10 +530,17 @@ public final class JwsUtils {
         if ("jwk".equals(storeType)) {
             return JwkUtils.loadPublicJwkSet(m, props);
         } else {
-            //TODO: consider loading all the public keys in the store
-            PublicKey key = KeyManagementUtils.loadPublicKey(m, props);
+            X509Certificate[] certs = null;
+            if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT)))
{
+                certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
+            }
+            PublicKey key = certs != null && certs.length > 0 
+                ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); 
             JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
             jwk.setPublicKeyUse(PublicKeyUse.SIGN);
+            if (certs != null) {
+                jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
+            }
             return new JsonWebKeys(jwk);
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f44f6d7d/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index 78d827b..478331d 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -37,7 +37,7 @@ import org.junit.Test;
 
 public class JwsUtilsTest extends Assert {
     @Test
-    public void testLoadVerificationKeys() throws Exception {
+    public void testLoadVerificationKey() throws Exception {
         Properties p = new Properties();
         p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
             "org/apache/cxf/rs/security/jose/jws/alice.jks");
@@ -53,6 +53,29 @@ public class JwsUtilsTest extends Assert {
         assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
         assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
         assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+        assertNull(key.getX509Chain());
+    }
+    @Test
+    public void testLoadVerificationKeyWithCert() throws Exception {
+        Properties p = new Properties();
+        p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
+            "org/apache/cxf/rs/security/jose/jws/alice.jks");
+        p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+        p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+        p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true);
+        JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p);
+        assertEquals(1, keySet.asMap().size());
+        List<JsonWebKey> keys = keySet.getRsaKeys();
+        assertEquals(1, keys.size());
+        JsonWebKey key = keys.get(0);
+        assertEquals(KeyType.RSA, key.getKeyType());
+        assertEquals("alice", key.getKeyId());
+        assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
+        assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
+        assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+        List<String> chain = key.getX509Chain();
+        assertNotNull(chain);
+        assertEquals(2, chain.size());
     }
     
     private Message createMessage() {


Mime
View raw message