Return-Path: <commits-return-42428-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 9BB9A200B44
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 30 Jun 2016 00:44:03 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 9A9DE160A73; Wed, 29 Jun 2016 22:44:03 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 365B8160A76
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 30 Jun 2016 00:44:02 +0200 (CEST)
Received: (qmail 26239 invoked by uid 500); 29 Jun 2016 22:44:00 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 24926 invoked by uid 99); 29 Jun 2016 22:43:59 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jun 2016 22:43:59 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 4E0AAED317; Wed, 29 Jun 2016 22:43:59 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: reta@apache.org
To: commits@cxf.apache.org
Date: Wed, 29 Jun 2016 22:44:14 -0000
Message-Id: <26e7e012de354a9094d61f7fa1133694@git.apache.org>
In-Reply-To: <4bcfaade3ee3407db49b6439dc67ac16@git.apache.org>
References: <4bcfaade3ee3407db49b6439dc67ac16@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [16/48] cxf git commit: Updating JwsUtils to optionally set an X509
 chain property on verification JWKs
archived-at: Wed, 29 Jun 2016 22:44:03 -0000

Updating JwsUtils to optionally set an X509 chain property on verification JWKs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f32d8048
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f32d8048
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f32d8048

Branch: refs/heads/master-jaxrs-2.1
Commit: f32d80488b19052cb2a3e40b1007d8d5db97e8fa
Parents: f4c5052
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Jun 20 12:38:44 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Jun 20 12:38:44 2016 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jws/JwsUtils.java      | 12 ++++++++--
 .../cxf/rs/security/jose/jws/JwsUtilsTest.java  | 25 +++++++++++++++++++-
 2 files changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f32d8048/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index da4641a..090c396 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -36,6 +36,7 @@ import java.util.Properties;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.PropertyUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptorChain;
@@ -529,10 +530,17 @@ public final class JwsUtils {
         if ("jwk".equals(storeType)) {
             return JwkUtils.loadPublicJwkSet(m, props);
         } else {
-            //TODO: consider loading all the public keys in the store
-            PublicKey key = KeyManagementUtils.loadPublicKey(m, props);
+            X509Certificate[] certs = null;
+            if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
+                certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
+            }
+            PublicKey key = certs != null && certs.length > 0 
+                ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); 
             JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
             jwk.setPublicKeyUse(PublicKeyUse.SIGN);
+            if (certs != null) {
+                jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
+            }
             return new JsonWebKeys(jwk);
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f32d8048/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index 78d827b..478331d 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -37,7 +37,7 @@ import org.junit.Test;
 
 public class JwsUtilsTest extends Assert {
     @Test
-    public void testLoadVerificationKeys() throws Exception {
+    public void testLoadVerificationKey() throws Exception {
         Properties p = new Properties();
         p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
             "org/apache/cxf/rs/security/jose/jws/alice.jks");
@@ -53,6 +53,29 @@ public class JwsUtilsTest extends Assert {
         assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
         assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
         assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+        assertNull(key.getX509Chain());
+    }
+    @Test
+    public void testLoadVerificationKeyWithCert() throws Exception {
+        Properties p = new Properties();
+        p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
+            "org/apache/cxf/rs/security/jose/jws/alice.jks");
+        p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+        p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+        p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true);
+        JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p);
+        assertEquals(1, keySet.asMap().size());
+        List<JsonWebKey> keys = keySet.getRsaKeys();
+        assertEquals(1, keys.size());
+        JsonWebKey key = keys.get(0);
+        assertEquals(KeyType.RSA, key.getKeyType());
+        assertEquals("alice", key.getKeyId());
+        assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
+        assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
+        assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+        List<String> chain = key.getX509Chain();
+        assertNotNull(chain);
+        assertEquals(2, chain.size());
     }
     
     private Message createMessage() {