You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/09/12 11:59:04 UTC
cxf git commit: Optional 'kid' reporting for the keys loaded from JKS
too
Repository: cxf
Updated Branches:
refs/heads/master 9e413483e -> f5fabb85a
Optional 'kid' reporting for the keys loaded from JKS too
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5fabb85
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5fabb85
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5fabb85
Branch: refs/heads/master
Commit: f5fabb85a6c245e6920b1e88bdfdae332be8369b
Parents: 9e41348
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Sep 12 12:58:38 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Sep 12 12:58:38 2016 +0100
----------------------------------------------------------------------
.../cxf/rs/security/jose/jws/JwsUtils.java | 19 +++++++++++++------
.../cxf/rs/security/jose/jws/JwsUtilsTest.java | 16 ++++++++++++++++
2 files changed, 29 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5fabb85/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index c7f5a54..4def701 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -317,9 +317,13 @@ public final class JwsUtils {
public static JwsSignatureProvider loadSignatureProvider(Properties props,
JwsHeaders headers) {
return loadSignatureProvider(PhaseInterceptorChain.getCurrentMessage(),
- props, headers, false);
+ props, headers);
+ }
+ public static JwsSignatureProvider loadSignatureProvider(Message m,
+ Properties props,
+ JwsHeaders headers) {
+ return loadSignatureProvider(m, props, headers, false);
}
-
public static JwsSignatureProvider loadSignatureProvider(String propertiesLoc, Bus bus) {
Properties props = loadSignatureProperties(propertiesLoc, bus);
return loadSignatureProvider(props, null);
@@ -335,7 +339,9 @@ public final class JwsUtils {
m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, false);
boolean includeCertSha1 = headers != null && MessageUtils.getContextualBoolean(
m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT_SHA1, false);
-
+ boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean(
+ m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false);
+
if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
if (jwk != null) {
@@ -347,8 +353,6 @@ public final class JwsUtils {
boolean includePublicKey = headers != null && MessageUtils.getContextualBoolean(
m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY, false);
- boolean includeKeyId = headers != null && MessageUtils.getContextualBoolean(
- m, JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, false);
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, signatureAlgo.getJwaName());
@@ -362,7 +366,7 @@ public final class JwsUtils {
if (includePublicKey) {
JwkUtils.includePublicKey(jwk, headers, signatureAlgo.getJwaName());
}
- if (includeKeyId && jwk.getKeyId() != null && headers != null) {
+ if (includeKeyId && jwk.getKeyId() != null) {
headers.setKeyId(jwk.getKeyId());
}
}
@@ -382,6 +386,9 @@ public final class JwsUtils {
headers.setX509Thumbprint(digest);
}
}
+ if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
+ headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
+ }
}
}
if (theSigProvider == null && !ignoreNullProvider) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5fabb85/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index 478331d..9318cff 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -37,6 +37,21 @@ import org.junit.Test;
public class JwsUtilsTest extends Assert {
@Test
+ public void testLoadSignatureProviderFromJKS() throws Exception {
+ Properties p = new Properties();
+ p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
+ "org/apache/cxf/rs/security/jose/jws/alice.jks");
+ p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+ p.put(JoseConstants.RSSEC_KEY_PSWD, "password");
+ p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+ JwsHeaders headers = new JwsHeaders();
+ JwsSignatureProvider jws = JwsUtils.loadSignatureProvider(createMessage(),
+ p,
+ headers);
+ assertNotNull(jws);
+ assertEquals("alice", headers.getKeyId());
+ }
+ @Test
public void testLoadVerificationKey() throws Exception {
Properties p = new Properties();
p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
@@ -83,6 +98,7 @@ public class JwsUtilsTest extends Assert {
Exchange e = new ExchangeImpl();
e.put(Bus.class, BusFactory.getThreadDefaultBus());
m.setExchange(e);
+ m.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, "true");
e.setInMessage(m);
return m;
}