Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BCADE200B8C for ; Mon, 12 Sep 2016 13:59:05 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BB692160AC8; Mon, 12 Sep 2016 11:59:05 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E5010160AB8 for ; Mon, 12 Sep 2016 13:59:04 +0200 (CEST) Received: (qmail 17197 invoked by uid 500); 12 Sep 2016 11:59:04 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 17188 invoked by uid 99); 12 Sep 2016 11:59:04 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Sep 2016 11:59:04 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 084DBE0158; Mon, 12 Sep 2016 11:59:04 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <9e96d10936a7493fa55743e976997506@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Optional 'kid' reporting for the keys loaded from JKS too Date: Mon, 12 Sep 2016 11:59:04 +0000 (UTC) archived-at: Mon, 12 Sep 2016 11:59:05 -0000 Repository: cxf Updated Branches: refs/heads/master 9e413483e -> f5fabb85a Optional 'kid' reporting for the keys loaded from JKS too Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5fabb85 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5fabb85 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5fabb85 Branch: refs/heads/master Commit: f5fabb85a6c245e6920b1e88bdfdae332be8369b Parents: 9e41348 Author: Sergey Beryozkin Authored: Mon Sep 12 12:58:38 2016 +0100 Committer: Sergey Beryozkin Committed: Mon Sep 12 12:58:38 2016 +0100 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jws/JwsUtils.java | 19 +++++++++++++------ .../cxf/rs/security/jose/jws/JwsUtilsTest.java | 16 ++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f5fabb85/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index c7f5a54..4def701 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -317,9 +317,13 @@ public final class JwsUtils { public static JwsSignatureProvider loadSignatureProvider(Properties props, JwsHeaders headers) { return loadSignatureProvider(PhaseInterceptorChain.getCurrentMessage(), - props, headers, false); + props, headers); + } + public static JwsSignatureProvider loadSignatureProvider(Message m, + Properties props, + JwsHeaders headers) { + return loadSignatureProvider(m, props, headers, false); } - public static JwsSignatureProvider loadSignatureProvider(String propertiesLoc, Bus bus) { Properties props = loadSignatureProperties(propertiesLoc, bus); return loadSignatureProvider(props, null); @@ -335,7 +339,9 @@ public final class JwsUtils { m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, false); boolean includeCertSha1 = headers != null && MessageUtils.getContextualBoolean( m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1, false); - + boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false); + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN); if (jwk != null) { @@ -347,8 +353,6 @@ public final class JwsUtils { boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean( m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY, false); - boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean( - m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false); if (includeCert) { JwkUtils.includeCertChain(jwk, headers, signatureAlgo.getJwaName()); @@ -362,7 +366,7 @@ public final class JwsUtils { if (includePublicKey) { JwkUtils.includePublicKey(jwk, headers, signatureAlgo.getJwaName()); } - if (includeKeyId && jwk.getKeyId() != null && headers != null) { + if (includeKeyId && jwk.getKeyId() != null) { headers.setKeyId(jwk.getKeyId()); } } @@ -382,6 +386,9 @@ public final class JwsUtils { headers.setX509Thumbprint(digest); } } + if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) { + headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS)); + } } } if (theSigProvider == null && !ignoreNullProvider) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f5fabb85/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java index 478331d..9318cff 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java @@ -37,6 +37,21 @@ import org.junit.Test; public class JwsUtilsTest extends Assert { @Test + public void testLoadSignatureProviderFromJKS() throws Exception { + Properties p = new Properties(); + p.put(JoseConstants.RSSEC_KEY_STORE_FILE, + "org/apache/cxf/rs/security/jose/jws/alice.jks"); + p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password"); + p.put(JoseConstants.RSSEC_KEY_PSWD, "password"); + p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice"); + JwsHeaders headers = new JwsHeaders(); + JwsSignatureProvider jws = JwsUtils.loadSignatureProvider(createMessage(), + p, + headers); + assertNotNull(jws); + assertEquals("alice", headers.getKeyId()); + } + @Test public void testLoadVerificationKey() throws Exception { Properties p = new Properties(); p.put(JoseConstants.RSSEC_KEY_STORE_FILE, @@ -83,6 +98,7 @@ public class JwsUtilsTest extends Assert { Exchange e = new ExchangeImpl(); e.put(Bus.class, BusFactory.getThreadDefaultBus()); m.setExchange(e); + m.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, "true"); e.setInMessage(m); return m; }