You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/06/17 23:05:09 UTC
git commit: [CXF-5311] Passing principal name to password providers
when possible
Repository: cxf
Updated Branches:
refs/heads/master e4704fb09 -> c55f816a0
[CXF-5311] Passing principal name to password providers when possible
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c55f816a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c55f816a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c55f816a
Branch: refs/heads/master
Commit: c55f816a01cf510ce13966d504050b7f8a859b66
Parents: e4704fb
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Jun 17 22:04:52 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Jun 17 22:04:52 2014 +0100
----------------------------------------------------------------------
.../apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java | 8 ++++++++
.../cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java | 8 ++++++++
.../rs/security/oauth2/utils/crypto/CryptoUtils.java | 12 ++++++++++++
3 files changed, 28 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c55f816a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
index c6ffedd..7ca0ba5 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtHeaders.java
@@ -104,6 +104,14 @@ public class JwtHeaders extends AbstractJwtObject {
return (String)getHeader(JwtConstants.HEADER_X509_THUMBPRINT);
}
+ public void setX509ThumbprintSHA256(String x509Thumbprint) {
+ super.setValue(JwtConstants.HEADER_X509_THUMBPRINT_SHA256, x509Thumbprint);
+ }
+
+ public String getX509ThumbprintSHA256() {
+ return (String)super.getValue(JwtConstants.HEADER_X509_THUMBPRINT_SHA256);
+ }
+
public void setCritical(List<String> crit) {
setHeader(JwtConstants.HEADER_CRITICAL, crit);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c55f816a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java
index d1573c4..7445251 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jwk/JsonWebKey.java
@@ -122,6 +122,14 @@ public class JsonWebKey extends AbstractJwtObject {
return (String)super.getValue(X509_THUMBPRINT);
}
+ public void setX509ThumbprintSHA256(String x509Thumbprint) {
+ super.setValue(X509_THUMBPRINT_SHA256, x509Thumbprint);
+ }
+
+ public String getX509ThumbprintSHA256() {
+ return (String)super.getValue(X509_THUMBPRINT_SHA256);
+ }
+
public JsonWebKey setProperty(String name, Object value) {
super.setValue(name, value);
return this;
http://git-wip-us.apache.org/repos/asf/cxf/blob/c55f816a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index 2c75038..e46409c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -26,6 +26,7 @@ import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
+import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
@@ -53,6 +54,7 @@ import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.security.SecurityContext;
/**
@@ -64,6 +66,7 @@ public final class CryptoUtils {
public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
+ public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name";
public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
@@ -220,6 +223,15 @@ public final class CryptoUtils {
KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props);
PrivateKeyPasswordProvider cb =
(PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp);
+ if (cb != null && m.getExchange().getInMessage() != null) {
+ SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class);
+ if (sc != null) {
+ Principal p = sc.getUserPrincipal();
+ if (p != null) {
+ props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName());
+ }
+ }
+ }
return CryptoUtils.loadPrivateKey(keyStore, props, bus, cb);
}
public static KeyStore loadPersistKeyStore(Message m, Properties props) {