You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/06/17 18:07:13 UTC
git commit: [CXF-5311] Keeping refactoring and experimenting with
property names
Repository: cxf
Updated Branches:
refs/heads/master 71320263c -> 335148d95
[CXF-5311] Keeping refactoring and experimenting with property names
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/335148d9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/335148d9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/335148d9
Branch: refs/heads/master
Commit: 335148d95dc0263ae191960554330d09a8baa982
Parents: 7132026
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Jun 17 17:06:57 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Jun 17 17:06:57 2014 +0100
----------------------------------------------------------------------
.../jwt/jaxrs/AbstractJweDecryptingFilter.java | 31 +---
.../jwt/jaxrs/AbstractJwsReaderProvider.java | 24 +--
.../jwt/jaxrs/AbstractJwsWriterProvider.java | 19 +--
.../oauth2/jwt/jaxrs/JweWriterInterceptor.java | 22 ++-
.../oauth2/utils/crypto/CryptoUtils.java | 158 +++++++++----------
.../jaxrs/security/jwt/JAXRSJweJwsTest.java | 5 +-
.../cxf/systest/jaxrs/security/jwt/server.xml | 3 +-
.../systest/jaxrs/security/alice.rs.properties | 8 +-
.../systest/jaxrs/security/bob.rs.properties | 8 +-
9 files changed, 108 insertions(+), 170 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 50bbeab..1ff3d1a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -20,26 +20,20 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
import java.io.IOException;
import java.io.InputStream;
-import java.security.KeyStore;
import java.security.PrivateKey;
-import java.util.Properties;
-import org.apache.cxf.Bus;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptor;
import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryptor;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
public class AbstractJweDecryptingFilter {
private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
-
+
private JweDecryptor decryptor;
private JweCryptoProperties cryptoProperties;
private String defaultMediaType;
@@ -60,27 +54,10 @@ public class AbstractJweDecryptingFilter {
if (decryptor != null) {
return decryptor;
}
- Message m = JAXRSUtils.getCurrentMessage();
- if (m == null) {
- throw new SecurityException();
- }
- String propLoc = (String)m.getContextualProperty(RSSEC_ENCRYPTION_IN_PROPS);
- if (propLoc == null) {
- throw new SecurityException();
- }
try {
- Bus bus = m.getExchange().getBus();
- Properties props = ResourceUtils.loadProperties(propLoc, bus);
- PrivateKey pk = null;
- KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
- if (keyStore == null) {
- keyStore = CryptoUtils.loadKeyStore(props, bus);
- m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
- }
- PrivateKeyPasswordProvider cb =
- (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
- pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
-
+ PrivateKey pk = CryptoUtils.loadPrivateKey(JAXRSUtils.getCurrentMessage(),
+ RSSEC_ENCRYPTION_IN_PROPS,
+ CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
return new WrappedKeyJweDecryptor(pk, cryptoProperties);
} catch (SecurityException ex) {
throw ex;
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
index 0889f18..d463b40 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsReaderProvider.java
@@ -18,14 +18,9 @@
*/
package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
-import java.security.KeyStore;
import java.security.PublicKey;
-import java.util.Properties;
-import org.apache.cxf.Bus;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.jaxrs.utils.ResourceUtils;
-import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProperties;
import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.oauth2.jws.PublicKeyJwsSignatureVerifier;
@@ -54,24 +49,9 @@ public class AbstractJwsReaderProvider {
if (sigVerifier != null) {
return sigVerifier;
}
- Message m = JAXRSUtils.getCurrentMessage();
- if (m == null) {
- throw new SecurityException();
- }
- String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_PROPS);
- if (propLoc == null) {
- throw new SecurityException();
- }
- Bus bus = m.getExchange().getBus();
try {
- Properties props = ResourceUtils.loadProperties(propLoc, bus);
- PublicKey pk = null;
- KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
- if (keyStore == null) {
- keyStore = CryptoUtils.loadKeyStore(props, bus);
- m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
- }
- pk = CryptoUtils.loadPublicKey(keyStore, props);
+ PublicKey pk = CryptoUtils.loadPublicKey(JAXRSUtils.getCurrentMessage(),
+ RSSEC_SIGNATURE_PROPS);
return new PublicKeyJwsSignatureVerifier(pk);
} catch (SecurityException ex) {
throw ex;
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
index be6f8ae..25a5599 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJwsWriterProvider.java
@@ -21,11 +21,9 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
-import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.Properties;
-import org.apache.cxf.Bus;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
@@ -34,7 +32,6 @@ import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
import org.apache.cxf.rs.security.oauth2.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.oauth2.jws.PrivateKeyJwsSignatureProvider;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
public class AbstractJwsWriterProvider {
private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
@@ -52,25 +49,13 @@ public class AbstractJwsWriterProvider {
return sigProvider;
}
Message m = JAXRSUtils.getCurrentMessage();
- if (m == null) {
- throw new SecurityException();
- }
String propLoc = (String)m.getContextualProperty(RSSEC_SIGNATURE_OUT_PROPS);
if (propLoc == null) {
throw new SecurityException();
}
try {
- Bus bus = m.getExchange().getBus();
- Properties props = ResourceUtils.loadProperties(propLoc, bus);
- PrivateKey pk = null;
- KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
- if (keyStore == null) {
- keyStore = CryptoUtils.loadKeyStore(props, bus);
- m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
- }
- PrivateKeyPasswordProvider cb =
- (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
- pk = CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+ Properties props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
+ PrivateKey pk = CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
PrivateKeyJwsSignatureProvider provider = new PrivateKeyJwsSignatureProvider(pk);
provider.setDefaultJwtAlgorithm(props.getProperty(JSON_WEB_SIGNATURE_ALGO_PROP));
return provider;
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index 1bb79b6..65dbb5f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.oauth2.jwt.jaxrs;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
-import java.security.KeyStore;
import java.security.PublicKey;
import java.util.Properties;
@@ -47,6 +46,7 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class JweWriterInterceptor implements WriterInterceptor {
private static final String JSON_WEB_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties";
private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
+ private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
private JweEncryptor encryptor;
private boolean contentTypeRequired = true;
@@ -75,9 +75,6 @@ public class JweWriterInterceptor implements WriterInterceptor {
return encryptor;
}
Message m = JAXRSUtils.getCurrentMessage();
- if (m == null) {
- throw new SecurityException();
- }
String propLoc = (String)m.getContextualProperty(JSON_WEB_ENCRYPTION_OUT_PROPS);
if (propLoc == null) {
throw new SecurityException();
@@ -85,16 +82,15 @@ public class JweWriterInterceptor implements WriterInterceptor {
Bus bus = m.getExchange().getBus();
try {
Properties props = ResourceUtils.loadProperties(propLoc, bus);
- PublicKey pk = null;
- KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
- if (keyStore == null) {
- keyStore = CryptoUtils.loadKeyStore(props, bus);
- m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+ PublicKey pk = CryptoUtils.loadPublicKey(m, props);
+ JweHeaders headers = new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+ props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP));
+ String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP);
+ if (compression != null) {
+ headers.setZipAlgorithm(compression);
}
- pk = CryptoUtils.loadPublicKey(keyStore, props);
- return new WrappedKeyJweEncryptor(new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
- props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP)),
- pk);
+
+ return new WrappedKeyJweEncryptor(headers, pk);
} catch (SecurityException ex) {
throw ex;
} catch (Exception ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index ca17056..2c75038 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -51,6 +51,7 @@ import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.CompressionUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
+import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
@@ -58,12 +59,13 @@ import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
* Encryption helpers
*/
public final class CryptoUtils {
- public static final String RSSEC_KEY_STORE_TYPE = "rs.security.crypto.keystore.type";
- public static final String RSSEC_KEY_STORE_PSWD = "rs.security.crypto.keystore.password";
- public static final String RSSEC_KEY_PSWD = "rs.security.crypto.key.password";
- public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.crypto.keystore.alias";
- public static final String RSSEC_KEY_STORE_FILE = "rs.security.crypto.keystore.file";
- public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.crypto.key.password.provider";
+ public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type";
+ public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password";
+ public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
+ public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
+ public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
+ public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
+ public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
private static final Logger LOG = LogUtils.getL7dLogger(CryptoUtils.class);
@@ -131,12 +133,8 @@ public final class CryptoUtils {
public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
String storeType) {
- try {
- KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
- return loadCertificate(keyStore, alias);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadCertificate(keyStore, alias);
}
public static Certificate loadCertificate(KeyStore keyStore, String alias) {
try {
@@ -145,86 +143,52 @@ public final class CryptoUtils {
throw new SecurityException(ex);
}
}
- public static Certificate loadCertificate(KeyStore keyStore, Properties props) {
- try {
- return loadCertificate(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- public static Certificate loadCertificate(Properties props, Bus bus) {
- try {
- KeyStore keyStore = loadKeyStore(props, bus);
- String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
- return loadCertificate(keyStore, alias);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
String storeType) {
- try {
- return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
}
public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
- try {
- return loadCertificate(keyStore, alias).getPublicKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ return loadCertificate(keyStore, alias).getPublicKey();
}
- public static PublicKey loadPublicKey(KeyStore keyStore, Properties props) {
- try {
- return loadCertificate(keyStore, props).getPublicKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ public static PublicKey loadPublicKey(Message m, Properties props) {
+ KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props);
+ return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
}
- public static PublicKey loadPublicKey(Properties props, Bus bus) {
+ public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
+ String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
+ if (propLoc == null) {
+ throw new SecurityException();
+ }
+ Bus bus = m.getExchange().getBus();
try {
- return loadCertificate(props, bus).getPublicKey();
- } catch (Exception ex) {
+ Properties props = ResourceUtils.loadProperties(propLoc, bus);
+ return CryptoUtils.loadPublicKey(m, props);
+ } catch (Exception ex) {
throw new SecurityException(ex);
- }
+ }
}
public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) {
- try {
- KeyStore keyStore = loadKeyStore(props, bus);
- return loadPrivateKey(keyStore, props, bus, provider);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ KeyStore keyStore = loadKeyStore(props, bus);
+ return loadPrivateKey(keyStore, props, bus, provider);
}
public static PrivateKey loadPrivateKey(KeyStore keyStore,
Properties props,
Bus bus,
PrivateKeyPasswordProvider provider) {
- try {
- String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
- String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
- char[] keyPswdChars = provider != null ? provider.getPassword(props)
- : keyPswd != null ? keyPswd.toCharArray() : null;
- return loadPrivateKey(keyStore, keyPswdChars, alias);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+
+ String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
+ String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
+ char[] keyPswdChars = provider != null ? provider.getPassword(props)
+ : keyPswd != null ? keyPswd.toCharArray() : null;
+ return loadPrivateKey(keyStore, keyPswdChars, alias);
}
public static PrivateKey loadPrivateKey(InputStream storeLocation,
char[] storePassword,
char[] keyPassword,
String alias,
String storeType) {
- try {
- KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
- KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
- keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
- return pkEntry.getPrivateKey();
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadPrivateKey(keyStore, keyPassword, alias);
}
public static PrivateKey loadPrivateKey(KeyStore keyStore,
@@ -238,20 +202,54 @@ public final class CryptoUtils {
throw new SecurityException(ex);
}
}
-
- public static KeyStore loadKeyStore(Properties props, Bus bus) throws Exception {
+ public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp) {
+ String propLoc = (String)m.getContextualProperty(keyStoreLocProp);
+ if (propLoc == null) {
+ throw new SecurityException();
+ }
+ Bus bus = m.getExchange().getBus();
+ try {
+ Properties props = ResourceUtils.loadProperties(propLoc, bus);
+ return CryptoUtils.loadPrivateKey(m, props, passwordProviderProp);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PrivateKey loadPrivateKey(Message m, Properties props, String passwordProviderProp) {
+ Bus bus = m.getExchange().getBus();
+ KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props);
+ PrivateKeyPasswordProvider cb =
+ (PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp);
+ return CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
+ }
+ public static KeyStore loadPersistKeyStore(Message m, Properties props) {
+ KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+ if (keyStore == null) {
+ keyStore = CryptoUtils.loadKeyStore(props, m.getExchange().getBus());
+ m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore);
+ }
+ return keyStore;
+ }
+ public static KeyStore loadKeyStore(Properties props, Bus bus) {
String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
- InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
- return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+ try {
+ InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
+ return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
}
- public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type)
- throws Exception {
- KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
- ks.load(storeLocation, storePassword);
- return ks;
+ public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
+ try {
+ KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
+ ks.load(storeLocation, storePassword);
+ return ks;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
}
public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index 616c8f4..a86a3b2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -91,8 +91,9 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES);
bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES);
bean.getProperties(true).put("rs.security.signature.in.properties", SERVER_JWEJWS_PROPERTIES);
- bean.getProperties(true).put("rs.security.crypto.key.password.provider",
- new PrivateKeyPasswordProviderImpl());
+ PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl();
+ bean.getProperties(true).put("rs.security.signature.key.password.provider", provider);
+ bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider);
BookStore bs = bean.create(BookStore.class);
String text = bs.echoText("book");
assertEquals("book", text);
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 8633bad..37bcec7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -66,7 +66,8 @@ under the License.
<entry key="rs.security.signature.in.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
<entry key="rs.security.encryption.out.properties" value="org/apache/cxf/systest/jaxrs/security/bob.rs.properties"/>
<entry key="rs.security.signature.out.properties" value="org/apache/cxf/systest/jaxrs/security/alice.rs.properties"/>
- <entry key="rs.security.crypto.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ <entry key="rs.security.decryption.key.password.provider" value-ref="keyPasswordProvider"/>
</jaxrs:properties>
</jaxrs:server>
</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
index cbcd33f..1b42f7e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties
@@ -14,9 +14,9 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
-rs.security.crypto.keystore.type=jks
-rs.security.crypto.keystore.password=password
-rs.security.crypto.keystore.alias=alice
-rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
+rs.security.keystore.type=jks
+rs.security.keystore.password=password
+rs.security.keystore.alias=alice
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks
rs.security.jwe.content.encryption.algorithm=A128GCM
rs.security.jws.content.signature.algorithm=RS256
http://git-wip-us.apache.org/repos/asf/cxf/blob/335148d9/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
index bbc12fb..1cc2de3 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties
@@ -16,9 +16,9 @@
# specific language governing permissions and limitations
# under the License.
#
-rs.security.crypto.keystore.type=jks
-rs.security.crypto.keystore.password=password
-rs.security.crypto.keystore.alias=bob
-rs.security.crypto.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks
+rs.security.keystore.type=jks
+rs.security.keystore.password=password
+rs.security.keystore.alias=bob
+rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks
rs.security.jwe.content.encryption.algorithm=A128GCM
rs.security.jws.content.signature.algorithm=RS256