You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/07/11 15:20:19 UTC
git commit: [CXF-5311] Initial attempt to minimize a number of
properties that may have to be set when JWE and or JWS are used
Repository: cxf
Updated Branches:
refs/heads/master 78664f430 -> e67312c2a
[CXF-5311] Initial attempt to minimize a number of properties that may have to be set when JWE and or JWS are used
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e67312c2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e67312c2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e67312c2
Branch: refs/heads/master
Commit: e67312c2af732de561a4d8f4f14566f44f813b6e
Parents: 78664f4
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Fri Jul 11 14:19:57 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Fri Jul 11 14:19:57 2014 +0100
----------------------------------------------------------------------
.../org/apache/cxf/message/MessageUtils.java | 8 +++++
.../jwt/jaxrs/AbstractJweDecryptingFilter.java | 2 ++
.../jwt/jaxrs/AbstractJwsReaderProvider.java | 4 ++-
.../jwt/jaxrs/AbstractJwsWriterProvider.java | 5 +++-
.../oauth2/jwt/jaxrs/JweWriterInterceptor.java | 7 +++--
.../oauth2/utils/crypto/CryptoUtils.java | 31 +++++++++++++-------
6 files changed, 43 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/core/src/main/java/org/apache/cxf/message/MessageUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/message/MessageUtils.java b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
index 9eed341..a6cf993 100644
--- a/core/src/main/java/org/apache/cxf/message/MessageUtils.java
+++ b/core/src/main/java/org/apache/cxf/message/MessageUtils.java
@@ -131,6 +131,14 @@ public final class MessageUtils {
return defaultValue;
}
+ public static Object getContextualProperty(Message m, String propPreferred, String propDefault) {
+ Object prop = m.getContextualProperty(propPreferred);
+ if (prop == null && propDefault != null) {
+ prop = (String)m.getContextualProperty(propDefault);
+ }
+ return prop;
+ }
+
/**
* Returns true if the underlying content format is a W3C DOM or a SAAJ message.
*/
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 1ff3d1a..9887c68 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -33,6 +33,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJweDecryptingFilter {
private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
+ private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
private JweDecryptor decryptor;
private JweCryptoProperties cryptoProperties;
@@ -57,6 +58,7 @@ public class AbstractJweDecryptingFilter {
try {
PrivateKey pk = CryptoUtils.loadPrivateKey(JAXRSUtils.getCurrentMessage(),
RSSEC_ENCRYPTION_IN_PROPS,
+ RSSEC_ENCRYPTION_PROPS,
CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
return new WrappedKeyJweDecryptor(pk, cryptoProperties);
} catch (SecurityException ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index 5dbacf4..a70e185 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -27,7 +27,8 @@ import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJwsReaderProvider {
- private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.in.properties";
+ private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
+ private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
private JwsSignatureVerifier sigVerifier;
private JwsSignatureProperties sigProperties;
@@ -51,6 +52,7 @@ public class AbstractJwsReaderProvider {
}
try {
PublicKey pk = CryptoUtils.loadPublicKey(JAXRSUtils.getCurrentMessage(),
+ RSSEC_SIGNATURE_IN_PROPS,
RSSEC_SIGNATURE_PROPS);
return new PublicKeyJwsSignatureVerifier(pk);
} catch (SecurityException ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index a03312c..e8cdd8c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -28,6 +28,7 @@ import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.oauth2.jws.PrivateKeyJwsSignatureProvider;
@@ -35,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJwsWriterProvider {
private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
+ private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm";
private JwsSignatureProvider sigProvider;
@@ -48,7 +50,8 @@ public class AbstractJwsWriterProvider {
return sigProvider;
}
Message m = JAXRSUtils.getCurrentMessage();
- String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_OUT_PROPS);
+ String propLoc =
+ (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS);
if (propLoc == null) {
throw new SecurityException();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index c8097e3..ee6516e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -36,6 +36,7 @@ import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptor;
import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryptor;
@@ -44,7 +45,8 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
@Priority(Priorities.JWE_WRITE_PRIORITY)
public class JweWriterInterceptor implements WriterInterceptor {
- private static final String JSON_WEB_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
+ private static final String JSON_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
+ private static final String JSON_ENCRYPTION_PROPS = "rs.security.encryption.properties";
private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
private JweEncryptor encryptor;
@@ -85,7 +87,8 @@ public class JweWriterInterceptor implements WriterInterceptor {
return encryptor;
}
Message m = JAXRSUtils.getCurrentMessage();
- String propLoc = (String)m.getContextualProperty(JSON_WEB_ENCRYPTION_OUT_PROPS);
+ String propLoc =
+ (String)MessageUtils.getContextualProperty(m, JSON_ENCRYPTION_OUT_PROPS, JSON_ENCRYPTION_PROPS);
if (propLoc == null) {
throw new SecurityException();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e67312c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index 1030240..23cc8b7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -53,6 +53,7 @@ import org.apache.cxf.common.util.CompressionUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
import org.apache.cxf.security.SecurityContext;
@@ -158,18 +159,27 @@ public final class CryptoUtils {
return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
}
public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
- String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
- if (propLoc == null) {
- throw new SecurityException();
- }
+ return loadPublicKey(m, keyStoreLocProp, null);
+ }
+ public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String keyStoreLocPropDefault) {
+ String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
Bus bus = m.getExchange().getBus();
try {
- Properties props = ResourceUtils.loadProperties(propLoc, bus);
+ Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
return CryptoUtils.loadPublicKey(m, props);
} catch (Exception ex) {
throw new SecurityException(ex);
}
}
+ private static String getMessageProperty(Message m, String keyStoreLocPropPreferred,
+ String keyStoreLocPropDefault) {
+ String propLoc =
+ (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
+ if (propLoc == null) {
+ throw new SecurityException();
+ }
+ return propLoc;
+ }
public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) {
KeyStore keyStore = loadKeyStore(props, bus);
return loadPrivateKey(keyStore, props, bus, provider);
@@ -206,13 +216,14 @@ public final class CryptoUtils {
}
}
public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp) {
- String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
- if (propLoc == null) {
- throw new SecurityException();
- }
+ return loadPrivateKey(m, keyStoreLocProp, null, passwordProviderProp);
+ }
+ public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred,
+ String keyStoreLocPropDefault, String passwordProviderProp) {
+ String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
Bus bus = m.getExchange().getBus();
try {
- Properties props = ResourceUtils.loadProperties(propLoc, bus);
+ Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
return CryptoUtils.loadPrivateKey(m, props, passwordProviderProp);
} catch (Exception ex) {
throw new SecurityException(ex);