Repository: cxf Updated Branches: refs/heads/master befeb0484 -> 3316694fd
Keeping a single source of signing properties in JwsCompact as discussed with Colm Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3316694f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3316694f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3316694f Branch: refs/heads/master Commit: 3316694fdd67a9483a1e962265e754e1f6002efc Parents: befeb04 Author: Sergey Beryozkin <[email protected]> Authored: Tue Nov 24 11:26:09 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Nov 24 11:26:09 2015 +0000 ---------------------------------------------------------------------- .../security/jose/jws/JwsCompactProducer.java | 14 ++------- .../cxf/rs/security/jose/jws/JwsHeaders.java | 9 +++++- .../cxf/rs/security/jose/jws/JwsUtils.java | 7 ++--- .../token/provider/jwt/JWTTokenProvider.java | 30 +++++++------------- 4 files changed, 24 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/3316694f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index 5ef150a..53c1b0f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -35,7 +35,6 @@ public class JwsCompactProducer { private String plainJwsPayload; private String signature; private boolean detached; - private Properties signatureProperties; public JwsCompactProducer(String plainJwsPayload) { this(plainJwsPayload, false); } @@ -138,7 +137,7 @@ public class JwsCompactProducer { } private void checkAlgorithm() { if (getAlgorithm() == null) { - Properties sigProps = getSignatureProperties(); + Properties sigProps = JwsUtils.loadSignatureOutProperties(false); Message m = PhaseInterceptorChain.getCurrentMessage(); SignatureAlgorithm signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps, null, null); if (signatureAlgo != null) { @@ -150,14 +149,5 @@ public class JwsCompactProducer { throw new JwsException(JwsException.Error.INVALID_ALGORITHM); } } - public Properties getSignatureProperties() { - if (signatureProperties == null) { - signatureProperties = JwsUtils.loadSignatureOutProperties(false); - - } - return signatureProperties; - } - public void setSignatureProperties(Properties signatureProperties) { - this.signatureProperties = signatureProperties; - } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/3316694f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java index a2d0e88..ec75872 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java @@ -19,6 +19,7 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.Map; +import java.util.Properties; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.common.JoseHeaders; @@ -31,7 +32,7 @@ public class JwsHeaders extends JoseHeaders { public JwsHeaders(JoseType type) { super(type); } - public JwsHeaders(JoseHeaders headers) { + public JwsHeaders(JwsHeaders headers) { super(headers.asMap()); } @@ -41,6 +42,9 @@ public class JwsHeaders extends JoseHeaders { public JwsHeaders(SignatureAlgorithm sigAlgo) { init(sigAlgo); } + public JwsHeaders(Properties sigProps) { + init(getSignatureAlgorithm(sigProps)); + } public JwsHeaders(JoseType type, SignatureAlgorithm sigAlgo) { super(type); init(sigAlgo); @@ -63,4 +67,7 @@ public class JwsHeaders extends JoseHeaders { public Boolean getPayloadEncodingStatus() { return super.getBooleanProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER); } + private static SignatureAlgorithm getSignatureAlgorithm(Properties sigProps) { + return JwsUtils.getSignatureAlgorithm(sigProps, null); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/3316694f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index db12142..e20388f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -40,7 +40,6 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.jose.common.JoseConstants; -import org.apache.cxf.rs.security.jose.common.JoseHeaders; import org.apache.cxf.rs.security.jose.common.JoseUtils; import org.apache.cxf.rs.security.jose.common.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; @@ -278,18 +277,18 @@ public final class JwsUtils { } return theVerifiers; } - public static boolean validateCriticalHeaders(JoseHeaders headers) { + public static boolean validateCriticalHeaders(JwsHeaders headers) { //TODO: validate JWS specific constraints return JoseUtils.validateCriticalHeaders(headers); } public static JwsSignatureProvider loadSignatureProvider(Properties props, - JoseHeaders headers) { + JwsHeaders headers) { return loadSignatureProvider(PhaseInterceptorChain.getCurrentMessage(), props, headers, false); } public static JwsSignatureProvider loadSignatureProvider(Message m, Properties props, - JoseHeaders headers, + JwsHeaders headers, boolean ignoreNullProvider) { JwsSignatureProvider theSigProvider = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/3316694f/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java index 54a4c4e..1a73d6c 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java @@ -32,8 +32,6 @@ import javax.security.auth.callback.CallbackHandler; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.message.Message; -import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; @@ -41,11 +39,11 @@ import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.sts.STSPropertiesMBean; import org.apache.cxf.sts.SignatureProperties; import org.apache.cxf.sts.cache.CacheUtils; @@ -119,11 +117,9 @@ public class JWTTokenProvider implements TokenProvider { JwtClaims claims = jwtClaimsProvider.getJwtClaims(jwtClaimsProviderParameters); try { - JwtToken token = new JwtToken(claims); - - String tokenData = signToken(token, jwtRealm, tokenParameters.getStsProperties()); + String tokenData = signToken(claims, jwtRealm, tokenParameters.getStsProperties()); if (tokenParameters.isEncryptToken()) { - tokenData = encryptToken(tokenData, token.getJweHeaders(), + tokenData = encryptToken(tokenData, new JweHeaders(), tokenParameters.getStsProperties(), tokenParameters.getEncryptionProperties(), tokenParameters.getKeyRequirements()); @@ -205,13 +201,11 @@ public class JWTTokenProvider implements TokenProvider { } private String signToken( - JwtToken token, + JwtClaims claims, RealmProperties jwtRealm, STSPropertiesMBean stsProperties ) throws Exception { - Properties signingProperties = new Properties(); - if (signToken) { // Initialise signature objects with defaults of STSPropertiesMBean Crypto signatureCrypto = stsProperties.getSignatureCrypto(); @@ -255,6 +249,8 @@ public class JWTTokenProvider implements TokenProvider { callbackHandler.handle(cb); String password = cb[0].getPassword(); + Properties signingProperties = new Properties(); + signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, signatureAlgorithm); if (alias != null) { signingProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, alias); @@ -271,20 +267,16 @@ public class JWTTokenProvider implements TokenProvider { KeyStore keystore = ((Merlin)signatureCrypto).getKeyStore(); signingProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); - JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); - jws.setSignatureProperties(signingProperties); + JwsHeaders jwsHeaders = new JwsHeaders(signingProperties); + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims); - Message m = PhaseInterceptorChain.getCurrentMessage(); JwsSignatureProvider sigProvider = - JwsUtils.loadSignatureProvider(m, signingProperties, token.getJwsHeaders(), false); - token.getJwsHeaders().setSignatureAlgorithm(sigProvider.getAlgorithm()); + JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders); return jws.signWith(sigProvider); } else { - signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, "none"); - - JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); - jws.setSignatureProperties(signingProperties); + JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE); + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims); return jws.getSignedEncodedJws(); }
