[2/6] cxf git commit: Fixing problem with retrieving private keys

Mon, 26 Oct 2015 10:10:09 -0700 

Fixing problem with retrieving private keys


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5f277db3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5f277db3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5f277db3

Branch: refs/heads/3.0.x-fixes
Commit: 5f277db3541b51b1e718a7e9c22bae03ec7befe2
Parents: 65c9136
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Mon Oct 26 15:08:50 2015 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Mon Oct 26 17:08:44 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/common/KeyManagementUtils.java   | 10 ----------
 .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java     |  1 -
 .../org/apache/cxf/rt/security/crypto/CryptoUtils.java    |  4 ++++
 3 files changed, 4 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index c491712..9207e65 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -375,16 +375,6 @@ public final class KeyManagementUtils {
         
         try {
             String alias = ks.getCertificateAlias(inCerts.get(0));
-            if (alias != null) {
-                for (Enumeration<String> e = ks.aliases(); 
e.hasMoreElements();) {
-                    String currentAlias = e.nextElement();
-                    X509Certificate[] currentCertArray = 
loadX509CertificateOrChain(ks, currentAlias);
-                    if (currentCertArray != null) {
-                        alias = currentAlias;
-                        break;
-                    }
-                }
-            }
             return loadPrivateKey(ks, m, props, keyOper, alias);
             
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 0d2e50d..ad9b137 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -368,7 +368,6 @@ public final class JweUtils {
         SecretKey ctDecryptionKey = null;
         String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
         if (inHeaders != null && 
inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
-            //TODO: validate incoming public keys or certificates  
             //TODO: optionally validate inHeaders.getAlgorithm against a 
property in props
             // Supporting loading a private key via a certificate for now
             List<X509Certificate> chain = 
KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
index 4ff2476..7495fee 100644
--- 
a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
+++ 
b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java
@@ -726,6 +726,10 @@ public final class CryptoUtils {
             if (!keyStore.containsAlias(alias)) {
                 throw new SecurityException("No alias exists in the keystore 
for: " + alias);
             }
+            if (!keyStore.isKeyEntry(alias)) {
+                throw new SecurityException("The given alias " + alias 
+                                            + " is not a private key in the 
keystore.");
+            }
             KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
                 keyStore.getEntry(alias, new 
KeyStore.PasswordProtection(keyPassword));
             return pkEntry.getPrivateKey();

Reply via email to