Another change of the "include" properties
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e51a7bd7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e51a7bd7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e51a7bd7 Branch: refs/heads/master Commit: e51a7bd7f3dcc120dbeeebb3e5c306941af64554 Parents: 948fd80 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Oct 26 15:32:51 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Oct 26 16:21:07 2015 +0000 ---------------------------------------------------------------------- .../rs/security/jose/common/JoseConstants.java | 32 +++----------------- .../cxf/rs/security/jose/jwe/JweUtils.java | 20 +++++------- .../cxf/rs/security/jose/jws/JwsUtils.java | 20 +++++------- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 7 +++-- 4 files changed, 24 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 66c86d9..c05b37d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -100,26 +100,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * Include the JWK public key (for signature or encryption) in the "jwk" header. - */ - public static final String RSSEC_INCLUDE_PUBLIC_KEY = "rs.security.include.public.key"; - - /** - * Include the X.509 certificate (for signature or encryption) in the "x5c" header. - */ - public static final String RSSEC_INCLUDE_CERT = "rs.security.include.cert"; - - /** - * Include the JWK key id (for signature or encryption) in the "kid" header. - */ - public static final String RSSEC_INCLUDE_KEY_ID = "rs.security.include.key.id"; - - /** - * Include the X.509 certificate SHA-1 digest (for signature or encryption) in the "x5t" header. - */ - public static final String RSSEC_INCLUDE_CERT_SHA1 = "rs.security.include.cert.sha1"; - - /** * Whether to allow using a JWK received in the header for signature validation. The default * is "false". */ @@ -187,26 +167,22 @@ public final class JoseConstants { public static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties"; /** - * Include the JWK public key for signature in the "jwk" header. If not configured then it - * falls back to RSSEC_INCLUDE_PUBLIC_KEY. + * Include the JWK public key for signature in the "jwk" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key"; /** - * Include the X.509 certificate for signature in the "x5c" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT. + * Include the X.509 certificate for signature in the "x5c" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert"; /** - * Include the JWK key id for signature in the "kid" header. If not configured then it - * falls back to RSSEC_INCLUDE_KEY_ID. + * Include the JWK key id for signature in the "kid" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = "rs.security.signature.include.key.id"; /** - * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT_SHA1. + * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = "rs.security.signature.include.cert.sha1"; http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index ad9b137..4591bc3 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -282,12 +282,10 @@ public final class JweUtils { } boolean includeCert = - headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT, - JoseConstants.RSSEC_INCLUDE_CERT)); - boolean includeCertSha1 = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1, - JoseConstants.RSSEC_INCLUDE_CERT_SHA1)); + headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT, false); + boolean includeCertSha1 = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1, false); KeyEncryptionProvider keyEncryptionProvider = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); @@ -304,12 +302,10 @@ public final class JweUtils { getDefaultKeyAlgo(jwk)); keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo); - boolean includePublicKey = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY, - JoseConstants.RSSEC_INCLUDE_PUBLIC_KEY)); - boolean includeKeyId = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID, - JoseConstants.RSSEC_INCLUDE_KEY_ID)); + boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY, false); + boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID, false); if (includeCert) { JwkUtils.includeCertChain(jwk, headers, keyEncryptionAlgo); http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 747d53b..13badcb 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -267,12 +267,10 @@ public final class JwsUtils { boolean ignoreNullProvider) { JwsSignatureProvider theSigProvider = null; - boolean includeCert = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, - JoseConstants.RSSEC_INCLUDE_CERT)); - boolean includeCertSha1 = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1, - JoseConstants.RSSEC_INCLUDE_CERT_SHA1)); + boolean includeCert = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, false); + boolean includeCertSha1 = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1, false); if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN); @@ -280,12 +278,10 @@ public final class JwsUtils { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo)); - boolean includePublicKey = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY, - JoseConstants.RSSEC_INCLUDE_PUBLIC_KEY)); - boolean includeKeyId = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, - JoseConstants.RSSEC_INCLUDE_KEY_ID)); + boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY, false); + boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean( + m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false); if (includeCert) { JwkUtils.includeCertChain(jwk, headers, signatureAlgo); http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index cfdfa43..8a8bd74 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -218,7 +218,8 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { public void testJweRsaJwsRsaCertInHeaders() throws Exception { String address = "https://localhost:" + PORT + "/jwejwsrsaCertInHeaders"; BookStore bs = createJweJwsBookStore(address, null, null); - WebClient.getConfig(bs).getRequestContext().put("rs.security.include.cert", "true"); + WebClient.getConfig(bs).getRequestContext().put("rs.security.signature.include.cert", "true"); + WebClient.getConfig(bs).getRequestContext().put("rs.security.encryption.include.cert", "true"); String text = bs.echoText("book"); assertEquals("book", text); } @@ -338,10 +339,10 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { bean.getProperties(true).put("rs.security.signature.in.properties", "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); if (includePublicKey) { - bean.getProperties(true).put("rs.security.include.public.key", true); + bean.getProperties(true).put("rs.security.signature.include.public.key", true); } if (includeKeyId) { - bean.getProperties(true).put("rs.security.include.key.id", true); + bean.getProperties(true).put("rs.security.signature.include.key.id", true); } BookStore bs = bean.create(BookStore.class); String text = bs.echoText("book");