Repository: cxf Updated Branches: refs/heads/master c17f40d5a -> 6d6302720
Give priority to the signature/decryption provider over the generic one, rather than the one way around Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1c16f520 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1c16f520 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1c16f520 Branch: refs/heads/master Commit: 1c16f5205d2ba22dba1897db14f051bcd0d0e23a Parents: c17f40d Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Oct 15 11:58:13 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Oct 15 11:58:13 2015 +0100 ---------------------------------------------------------------------- .../rs/security/jose/common/JoseConstants.java | 26 ++++++++++---------- .../jose/common/KeyManagementUtils.java | 12 +++++---- 2 files changed, 20 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1c16f520/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index b85d1ce..89dd079 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -53,7 +53,7 @@ public final class JoseConstants { // // - // Keys/keystore configuration + // Shared Keys/keystore configuration // /** @@ -92,18 +92,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for signature. - */ - public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; - - /** - * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys - * for decryption. - */ - public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; - - /** * TODO documentation for these */ public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; @@ -118,6 +106,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for signature. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ + public static final String RSSEC_SIGNATURE_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; + + /** * The signature algorithm to use. For example 'RS256'. */ public static final String RSSEC_SIGNATURE_ALGORITHM = "rs.security.signature.algorithm"; @@ -159,6 +153,12 @@ public final class JoseConstants { // /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for decryption. If this is not specified it falls back to use the RSSEC_KEY_PSWD_PROVIDER. + */ + public static final String RSSEC_DECRYPTION_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; + + /** * The encryption content algorithm to use. */ public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm"; http://git-wip-us.apache.org/repos/asf/cxf/blob/1c16f520/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 917c856..23370ef 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -166,16 +166,18 @@ public final class KeyManagementUtils { return kid; } public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) { - PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER); - if (cb == null && keyOper != null) { - String propName = keyOper == KeyOperation.SIGN ? JoseConstants.RSSEC_SIG_KEY_PSWD_PROVIDER + PrivateKeyPasswordProvider cb = null; + if (keyOper != null) { + String propName = keyOper == KeyOperation.SIGN ? JoseConstants.RSSEC_SIGNATURE_KEY_PSWD_PROVIDER : keyOper == KeyOperation.DECRYPT - ? JoseConstants.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null; + ? JoseConstants.RSSEC_DECRYPTION_KEY_PSWD_PROVIDER : null; if (propName != null) { cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName); } } + if (cb == null) { + cb = (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER); + } return cb; }