You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/28 16:28:04 UTC
[1/2] cxf git commit: Preserve signature verification exception
Repository: cxf
Updated Branches:
refs/heads/master 3019c331c -> ac8f8fbc9
Preserve signature verification exception
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92fdbae4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92fdbae4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92fdbae4
Branch: refs/heads/master
Commit: 92fdbae4839004c64852e5ac0f198a811cba8ca9
Parents: 3019c33
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 28 14:55:14 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 28 14:55:14 2015 +0100
----------------------------------------------------------------------
.../cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/92fdbae4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
index 38180f6..d40e66d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
@@ -51,8 +51,8 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())),
signatureSpec);
} catch (Exception ex) {
- LOG.warning("Invalid signature");
- throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
+ LOG.warning("Invalid signature: " + ex.getMessage());
+ throw new JwsException(JwsException.Error.INVALID_SIGNATURE, ex);
}
}
protected String checkAlgorithm(String algo) {
[2/2] cxf git commit: Refactor signature code to allow for the
elliptic curve case when using keystores
Posted by co...@apache.org.
Refactor signature code to allow for the elliptic curve case when using keystores
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ac8f8fbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ac8f8fbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ac8f8fbc
Branch: refs/heads/master
Commit: ac8f8fbc9747b03e7638e16e7c9833c4de775868
Parents: 92fdbae
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 28 15:27:39 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 28 15:27:39 2015 +0100
----------------------------------------------------------------------
.../security/jose/jaxrs/KeyManagementUtils.java | 11 ++-
.../cxf/rs/security/jose/jwe/JweUtils.java | 10 ++-
.../security/jose/jws/JwsCompactConsumer.java | 8 +-
.../security/jose/jws/JwsCompactProducer.java | 6 +-
.../rs/security/jose/jws/JwsJsonConsumer.java | 6 +-
.../rs/security/jose/jws/JwsJsonProducer.java | 6 +-
.../cxf/rs/security/jose/jws/JwsUtils.java | 87 +++++++++++---------
7 files changed, 76 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
index 23557c5..499e4f6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -34,7 +34,6 @@ import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
@@ -195,11 +194,11 @@ public final class KeyManagementUtils {
return cb;
}
- public static RSAPrivateKey loadPrivateKey(Message m, Properties props, String keyOper) {
+ public static PrivateKey loadPrivateKey(Message m, Properties props, String keyOper) {
KeyStore keyStore = loadPersistKeyStore(m, props);
- return (RSAPrivateKey)loadPrivateKey(keyStore, m, props, keyOper, null);
+ return loadPrivateKey(keyStore, m, props, keyOper, null);
}
- private static RSAPrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, String keyOper,
+ private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, String keyOper,
String alias) {
Bus bus = m.getExchange().getBus();
PrivateKeyPasswordProvider cb = loadPasswordProvider(m, props, keyOper);
@@ -212,7 +211,7 @@ public final class KeyManagementUtils {
}
}
}
- return (RSAPrivateKey)loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias);
+ return loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias);
}
public static KeyStore loadPersistKeyStore(Message m, Properties props) {
if (!props.containsKey(RSSEC_KEY_STORE_FILE)) {
@@ -358,7 +357,7 @@ public final class KeyManagementUtils {
}
return props;
}
- public static RSAPrivateKey loadPrivateKey(Message m, Properties props,
+ public static PrivateKey loadPrivateKey(Message m, Properties props,
List<X509Certificate> inCerts, String keyOper) {
KeyStore ks = loadPersistKeyStore(m, props);
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 2980137..119fcb6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -19,6 +19,7 @@
package org.apache.cxf.rs.security.jose.jwe;
import java.nio.ByteBuffer;
+import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
@@ -324,10 +325,15 @@ public final class JweUtils {
// Supporting loading a private key via a certificate for now
List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
KeyManagementUtils.validateCertificateChain(props, chain);
- RSAPrivateKey privateKey =
+ PrivateKey privateKey =
KeyManagementUtils.loadPrivateKey(m, props, chain, JsonWebKey.KEY_OPER_DECRYPT);
+ if (!(privateKey instanceof RSAPrivateKey)) {
+ LOG.warning("Non-RSA private keys are not yet supported for encryption");
+ return null;
+ }
contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm();
- keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(privateKey, inHeaders.getKeyEncryptionAlgorithm());
+ keyDecryptionProvider = getRSAKeyDecryptionAlgorithm((RSAPrivateKey)privateKey,
+ inHeaders.getKeyEncryptionAlgorithm());
} else {
if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_DECRYPT);
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index b86742c..edd2560 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -18,8 +18,8 @@
*/
package org.apache.cxf.rs.security.jose.jws;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.security.interfaces.RSAPublicKey;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
@@ -116,10 +116,10 @@ public class JwsCompactConsumer {
return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
}
public boolean verifySignatureWith(X509Certificate cert, String algo) {
- return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(cert, algo));
+ return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(cert, algo));
}
- public boolean verifySignatureWith(RSAPublicKey key, String algo) {
- return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+ public boolean verifySignatureWith(PublicKey key, String algo) {
+ return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
}
public boolean verifySignatureWith(byte[] key, String algo) {
return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index 70ebe6d..fc13844 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -18,7 +18,7 @@
*/
package org.apache.cxf.rs.security.jose.jws;
-import java.security.interfaces.RSAPrivateKey;
+import java.security.PrivateKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
@@ -77,8 +77,8 @@ public class JwsCompactProducer {
return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm()));
}
- public String signWith(RSAPrivateKey key) {
- return signWith(JwsUtils.getRSAKeySignatureProvider(key, headers.getAlgorithm()));
+ public String signWith(PrivateKey key) {
+ return signWith(JwsUtils.getPrivateKeySignatureProvider(key, headers.getAlgorithm()));
}
public String signWith(byte[] key) {
return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index 2eaf128..a7cb20a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -18,7 +18,7 @@
*/
package org.apache.cxf.rs.security.jose.jws;
-import java.security.interfaces.RSAPublicKey;
+import java.security.PublicKey;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -128,8 +128,8 @@ public class JwsJsonConsumer {
}
return false;
}
- public boolean verifySignatureWith(RSAPublicKey key, String algo) {
- return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+ public boolean verifySignatureWith(PublicKey key, String algo) {
+ return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
}
public boolean verifySignatureWith(byte[] key, String algo) {
return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index 4c4a2a6..9bac5b8 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -18,7 +18,7 @@
*/
package org.apache.cxf.rs.security.jose.jws;
-import java.security.interfaces.RSAPrivateKey;
+import java.security.PrivateKey;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -110,8 +110,8 @@ public class JwsJsonProducer {
public String signWith(JsonWebKey jwk) {
return signWith(JwsUtils.getSignatureProvider(jwk));
}
- public String signWith(RSAPrivateKey key, String algo) {
- return signWith(JwsUtils.getRSAKeySignatureProvider(key, algo));
+ public String signWith(PrivateKey key, String algo) {
+ return signWith(JwsUtils.getPrivateKeySignatureProvider(key, algo));
}
public String signWith(byte[] key, String algo) {
return signWith(JwsUtils.getHmacSignatureProvider(key, algo));
http://git-wip-us.apache.org/repos/asf/cxf/blob/ac8f8fbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index a275a75..b2c634a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -18,7 +18,11 @@
*/
package org.apache.cxf.rs.security.jose.jws;
+import java.security.PrivateKey;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
@@ -54,13 +58,13 @@ public final class JwsUtils {
private JwsUtils() {
}
- public static String sign(RSAPrivateKey key, String algo, String content) {
+ public static String sign(PrivateKey key, String algo, String content) {
return sign(key, algo, content, null);
}
- public static String sign(RSAPrivateKey key, String algo, String content, String ct) {
- return sign(getRSAKeySignatureProvider(key, algo), content, ct);
+ public static String sign(PrivateKey key, String algo, String content, String ct) {
+ return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
}
public static String sign(byte[] key, String algo, String content) {
return sign(key, algo, content, null);
@@ -68,8 +72,8 @@ public final class JwsUtils {
public static String sign(byte[] key, String algo, String content, String ct) {
return sign(getHmacSignatureProvider(key, algo), content, ct);
}
- public static String verify(RSAPublicKey key, String algo, String content) {
- JwsCompactConsumer jws = verify(getRSAKeySignatureVerifier(key, algo), content);
+ public static String verify(PublicKey key, String algo, String content) {
+ JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
return jws.getDecodedJwsPayload();
}
public static String verify(byte[] key, String algo, String content) {
@@ -80,28 +84,34 @@ public final class JwsUtils {
return getSignatureProvider(jwk, null);
}
public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) {
- String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
JwsSignatureProvider theSigProvider = null;
if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
- theSigProvider = getRSAKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
- rsaSignatureAlgo);
+ theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
+ signatureAlgo);
} else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- theSigProvider = getHmacSignatureProvider(key, rsaSignatureAlgo);
+ theSigProvider = getHmacSignatureProvider(key, signatureAlgo);
} else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
- theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
- SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
+ theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
+ signatureAlgo);
}
return theSigProvider;
}
- public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey key, String algo) {
+ public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, String algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
- return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+ if (key instanceof ECPrivateKey) {
+ return new EcDsaJwsSignatureProvider((ECPrivateKey)key, SignatureAlgorithm.getAlgorithm(algo));
+ } else if (key instanceof RSAPrivateKey) {
+ return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+ }
+
+ return null;
}
public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) {
if (algo == null) {
@@ -117,28 +127,34 @@ public final class JwsUtils {
return getSignatureVerifier(jwk, null);
}
public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) {
- String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
JwsSignatureVerifier theVerifier = null;
if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
- theVerifier = getRSAKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), rsaSignatureAlgo);
+ theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), signatureAlgo);
} else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) {
byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- theVerifier = getHmacSignatureVerifier(key, rsaSignatureAlgo);
+ theVerifier = getHmacSignatureVerifier(key, signatureAlgo);
} else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
- theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk),
- SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo));
+ theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo);
}
return theVerifier;
}
- public static JwsSignatureVerifier getRSAKeySignatureVerifier(X509Certificate cert, String algo) {
- return getRSAKeySignatureVerifier((RSAPublicKey)cert.getPublicKey(), algo);
+ public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, String algo) {
+ return getPublicKeySignatureVerifier(cert.getPublicKey(), algo);
}
- public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey key, String algo) {
+ public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, String algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
- return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+
+ if (key instanceof RSAPublicKey) {
+ return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+ } else if (key instanceof ECPublicKey) {
+ return new EcDsaJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+ }
+
+ return null;
}
public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) {
if (algo == null) {
@@ -241,7 +257,6 @@ public final class JwsUtils {
JoseHeaders headers,
boolean ignoreNullProvider) {
JwsSignatureProvider theSigProvider = null;
- String rsaSignatureAlgo = null;
boolean reportPublicKey =
headers != null && MessageUtils.isTrue(
MessageUtils.getContextualProperty(m, JSON_WEB_SIGNATURE_REPORT_KEY_PROP,
@@ -249,17 +264,16 @@ public final class JwsUtils {
if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
if (jwk != null) {
- rsaSignatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
- theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
+ String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+ theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
if (reportPublicKey) {
- JwkUtils.setPublicKeyInfo(jwk, headers, rsaSignatureAlgo);
+ JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo);
}
}
} else {
- rsaSignatureAlgo = getSignatureAlgo(m, props, null, null);
- RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,
- JsonWebKey.KEY_OPER_SIGN);
- theSigProvider = getRSAKeySignatureProvider(pk, rsaSignatureAlgo);
+ String signatureAlgo = getSignatureAlgo(m, props, null, null);
+ PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, JsonWebKey.KEY_OPER_SIGN);
+ theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
if (reportPublicKey) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
@@ -284,22 +298,21 @@ public final class JwsUtils {
} else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
KeyManagementUtils.validateCertificateChain(props, chain);
- return getRSAKeySignatureVerifier((RSAPublicKey)chain.get(0).getPublicKey(), inHeaders.getAlgorithm());
+ return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), inHeaders.getAlgorithm());
}
}
- String rsaSignatureAlgo = null;
if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
if (jwk != null) {
- rsaSignatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
- theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
+ String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
+ theVerifier = JwsUtils.getSignatureVerifier(jwk, signatureAlgo);
}
} else {
- rsaSignatureAlgo = getSignatureAlgo(m, props, null, null);
- theVerifier = getRSAKeySignatureVerifier(
- (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), rsaSignatureAlgo);
+ String signatureAlgo = getSignatureAlgo(m, props, null, null);
+ theVerifier = getPublicKeySignatureVerifier(
+ KeyManagementUtils.loadPublicKey(m, props), signatureAlgo);
}
if (theVerifier == null && !ignoreNullVerifier) {
LOG.warning("Verifier is not available");