Fixing problem with retrieving private keys
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5f277db3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5f277db3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5f277db3 Branch: refs/heads/3.0.x-fixes Commit: 5f277db3541b51b1e718a7e9c22bae03ec7befe2 Parents: 65c9136 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Oct 26 15:08:50 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Oct 26 17:08:44 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/jose/common/KeyManagementUtils.java | 10 ---------- .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 1 - .../org/apache/cxf/rt/security/crypto/CryptoUtils.java | 4 ++++ 3 files changed, 4 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index c491712..9207e65 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -375,16 +375,6 @@ public final class KeyManagementUtils { try { String alias = ks.getCertificateAlias(inCerts.get(0)); - if (alias != null) { - for (Enumeration<String> e = ks.aliases(); e.hasMoreElements();) { - String currentAlias = e.nextElement(); - X509Certificate[] currentCertArray = loadX509CertificateOrChain(ks, currentAlias); - if (currentCertArray != null) { - alias = currentAlias; - break; - } - } - } return loadPrivateKey(ks, m, props, keyOper, alias); } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 0d2e50d..ad9b137 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -368,7 +368,6 @@ public final class JweUtils { SecretKey ctDecryptionKey = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { - //TODO: validate incoming public keys or certificates //TODO: optionally validate inHeaders.getAlgorithm against a property in props // Supporting loading a private key via a certificate for now List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java index 4ff2476..7495fee 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java @@ -726,6 +726,10 @@ public final class CryptoUtils { if (!keyStore.containsAlias(alias)) { throw new SecurityException("No alias exists in the keystore for: " + alias); } + if (!keyStore.isKeyEntry(alias)) { + throw new SecurityException("The given alias " + alias + + " is not a private key in the keystore."); + } KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); return pkEntry.getPrivateKey();