You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/11/04 15:45:24 UTC
[1/5] cxf git commit: Minor change
Repository: cxf
Updated Branches:
refs/heads/master 33b3e3cd5 -> cb686be9d
Minor change
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55f11ca2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55f11ca2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55f11ca2
Branch: refs/heads/master
Commit: 55f11ca29cfaecb9fd3fb8892f05bcea8f36576e
Parents: 33b3e3c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 11:44:48 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 11:44:48 2015 +0000
----------------------------------------------------------------------
.../java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 4 ++--
.../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index af7dd22..a40c619 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -325,7 +325,7 @@ public final class JweUtils {
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, keyEncryptionAlgo);
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
@@ -345,7 +345,7 @@ public final class JweUtils {
if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 1c33ea0..3a9a91e 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -286,7 +286,7 @@ public final class JwsUtils {
if (includeCert) {
JwkUtils.includeCertChain(jwk, headers, signatureAlgo);
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
@@ -304,10 +304,10 @@ public final class JwsUtils {
PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
theSigProvider = getPrivateKeySignatureProvider(pk,
SignatureAlgorithm.getAlgorithm(signatureAlgo));
- if (includeCert && headers != null) {
+ if (includeCert) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
- if (includeCertSha1 && headers != null) {
+ if (includeCertSha1) {
String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
if (digest != null) {
headers.setX509Thumbprint(digest);
[4/5] cxf git commit: Update BouncyCastle
Posted by co...@apache.org.
Update BouncyCastle
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d356ec69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d356ec69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d356ec69
Branch: refs/heads/master
Commit: d356ec692ca58de0b6dd4922d7067cb3d69918a8
Parents: fdb631f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:37:15 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 12:37:15 2015 +0000
----------------------------------------------------------------------
parent/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/d356ec69/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 4ca1488..751f730 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -72,7 +72,7 @@
<cxf.atmosphere.version>2.3.5</cxf.atmosphere.version>
<cxf.atmosphere.version.range>[2.0,3.0)</cxf.atmosphere.version.range>
<cxf.axiom.version>1.2.14</cxf.axiom.version>
- <cxf.bcprov.version>1.52</cxf.bcprov.version>
+ <cxf.bcprov.version>1.53</cxf.bcprov.version>
<cxf.cglib.bundle.version>2.2_2</cxf.cglib.bundle.version>
<cxf.cglib.osgi.version>[2.1.3,3.0.0)</cxf.cglib.osgi.version>
<cxf.commons-codec.version>1.10</cxf.commons-codec.version>
[3/5] cxf git commit: Use the JWS/JWE headers properly for JWT tokens.
Posted by co...@apache.org.
Use the JWS/JWE headers properly for JWT tokens.
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fdb631fa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fdb631fa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fdb631fa
Branch: refs/heads/master
Commit: fdb631faedde41ffb308d9aded3eb47d9e9742bd
Parents: b889593
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:36:46 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 12:36:46 2015 +0000
----------------------------------------------------------------------
.../jose/common/AbstractJoseConsumer.java | 60 --------------------
.../jose/common/AbstractJoseProducer.java | 51 -----------------
.../jose/jwe/JweJwtCompactConsumer.java | 4 ++
.../jose/jwt/AbstractJoseJwtConsumer.java | 57 ++++++++++++++-----
.../jose/jwt/AbstractJoseJwtProducer.java | 35 ++++++++++--
5 files changed, 78 insertions(+), 129 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdb631fa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
deleted file mode 100644
index ddf1d4f..0000000
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseConsumer.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.common;
-
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-
-public abstract class AbstractJoseConsumer {
- private JweDecryptionProvider jweDecryptor;
- private JwsSignatureVerifier jwsVerifier;
-
- public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
- this.jweDecryptor = jweDecryptor;
- }
-
- public JweDecryptionProvider getJweDecryptor() {
- return jweDecryptor;
- }
-
- public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
- this.jwsVerifier = theJwsVerifier;
- }
-
- public JwsSignatureVerifier getJwsVerifier() {
- return jwsVerifier;
- }
-
- protected JweDecryptionProvider getInitializedDecryptionProvider() {
- if (jweDecryptor != null) {
- return jweDecryptor;
- }
- return JweUtils.loadDecryptionProvider(false);
- }
- protected JwsSignatureVerifier getInitializedSignatureVerifier() {
- if (jwsVerifier != null) {
- return jwsVerifier;
- }
-
- return JwsUtils.loadSignatureVerifier(false);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdb631fa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
deleted file mode 100644
index fe9832f..0000000
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/AbstractJoseProducer.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.common;
-
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-
-public abstract class AbstractJoseProducer {
- private JwsSignatureProvider sigProvider;
- private JweEncryptionProvider encryptionProvider;
-
- protected JwsSignatureProvider getInitializedSignatureProvider() {
- if (sigProvider != null) {
- return sigProvider;
- }
-
- return JwsUtils.loadSignatureProvider(false);
- }
- protected JweEncryptionProvider getInitializedEncryptionProvider() {
- if (encryptionProvider != null) {
- return encryptionProvider;
- }
- return JweUtils.loadEncryptionProvider(false);
- }
-
- public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
- this.encryptionProvider = encryptionProvider;
- }
-
- public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
- this.sigProvider = signatureProvider;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdb631fa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
index d7a76b9..247f84b 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
@@ -53,6 +53,10 @@ public class JweJwtCompactConsumer {
JwtClaims claims = new JwtTokenReaderWriter().fromJsonClaims(toString(bytes));
return new JwtToken(headers, claims);
}
+
+ public JweHeaders getHeaders() {
+ return headers;
+ }
private static String toString(byte[] bytes) {
try {
return new String(bytes, "UTF-8");
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdb631fa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index df482b8..0eb4a8e 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -18,25 +18,27 @@
*/
package org.apache.cxf.rs.security.jose.jwt;
-import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
+public abstract class AbstractJoseJwtConsumer {
+ private JweDecryptionProvider jweDecryptor;
+ private JwsSignatureVerifier jwsVerifier;
private boolean jwsRequired = true;
private boolean jweRequired;
-
protected JwtToken getJwtToken(String wrappedJwtToken) {
return getJwtToken(wrappedJwtToken, null, null);
}
protected JwtToken getJwtToken(String wrappedJwtToken,
- JweDecryptionProvider jweDecryptor,
+ JweDecryptionProvider theDecryptor,
JwsSignatureVerifier theSigVerifier) {
if (!isJwsRequired() && !isJweRequired()) {
throw new JwtException("Unable to process JWT");
@@ -44,17 +46,20 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
- if (jweDecryptor == null) {
- jweDecryptor = getInitializedDecryptionProvider();
+ JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
+
+ if (theDecryptor == null) {
+ theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
}
- if (jweDecryptor == null) {
+ if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
- return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);
+ return jwtConsumer.decryptWith(theDecryptor);
}
- JweDecryptionOutput decOutput = jweDecryptor.decrypt(wrappedJwtToken);
+
+ JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
wrappedJwtToken = decOutput.getContentText();
jweHeaders = decOutput.getHeaders();
}
@@ -66,7 +71,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
if (isJwsRequired()) {
if (theSigVerifier == null) {
- theSigVerifier = getInitializedSignatureVerifier(jwt);
+ theSigVerifier = getInitializedSignatureVerifier(jwt.getJwsHeaders());
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
@@ -80,13 +85,21 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
validateToken(jwt);
return jwt;
}
- protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
- if (super.getJwsVerifier() != null) {
- return super.getJwsVerifier();
+ protected JwsSignatureVerifier getInitializedSignatureVerifier(JwsHeaders jwsHeaders) {
+ if (jwsVerifier != null) {
+ return jwsVerifier;
}
- return JwsUtils.loadSignatureVerifier(jwt.getJwsHeaders(), false);
+ return JwsUtils.loadSignatureVerifier(jwsHeaders, false);
}
+
+ protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
+ if (jweDecryptor != null) {
+ return jweDecryptor;
+ }
+ return JweUtils.loadDecryptionProvider(jweHeaders, false);
+ }
+
protected void validateToken(JwtToken jwt) {
}
public boolean isJwsRequired() {
@@ -105,4 +118,20 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
this.jweRequired = jweRequired;
}
+ public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
+ this.jweDecryptor = jweDecryptor;
+ }
+
+ public JweDecryptionProvider getJweDecryptor() {
+ return jweDecryptor;
+ }
+
+ public void setJwsVerifier(JwsSignatureVerifier theJwsVerifier) {
+ this.jwsVerifier = theJwsVerifier;
+ }
+
+ public JwsSignatureVerifier getJwsVerifier() {
+ return jwsVerifier;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/fdb631fa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
index a5f5c37..0f72bbe 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtProducer.java
@@ -19,13 +19,18 @@
package org.apache.cxf.rs.security.jose.jwt;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.common.AbstractJoseProducer;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
+public abstract class AbstractJoseJwtProducer {
+ private JwsSignatureProvider sigProvider;
+ private JweEncryptionProvider encryptionProvider;
private boolean jwsRequired = true;
private boolean jweRequired;
@@ -41,7 +46,7 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
String data = null;
if (isJweRequired() && theEncProvider == null) {
- theEncProvider = getInitializedEncryptionProvider();
+ theEncProvider = getInitializedEncryptionProvider(jwt.getJweHeaders());
if (theEncProvider == null) {
throw new JwtException("Unable to encrypt JWT");
}
@@ -53,7 +58,7 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
data = jws.getSignedEncodedJws();
} else {
if (theSigProvider == null) {
- theSigProvider = getInitializedSignatureProvider();
+ theSigProvider = getInitializedSignatureProvider(jwt.getJwsHeaders());
}
if (theSigProvider == null) {
@@ -71,6 +76,20 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
}
return data;
}
+
+ protected JwsSignatureProvider getInitializedSignatureProvider(JwsHeaders jwsHeaders) {
+ if (sigProvider != null) {
+ return sigProvider;
+ }
+
+ return JwsUtils.loadSignatureProvider(jwsHeaders, false);
+ }
+ protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
+ if (encryptionProvider != null) {
+ return encryptionProvider;
+ }
+ return JweUtils.loadEncryptionProvider(jweHeaders, false);
+ }
public boolean isJwsRequired() {
return jwsRequired;
@@ -87,4 +106,12 @@ public abstract class AbstractJoseJwtProducer extends AbstractJoseProducer {
public void setJweRequired(boolean jweRequired) {
this.jweRequired = jweRequired;
}
+
+ public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
+ this.encryptionProvider = encryptionProvider;
+ }
+
+ public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+ this.sigProvider = signatureProvider;
+ }
}
Re: [1/5] cxf git commit: Minor change
Posted by Sergey Beryozkin <sb...@gmail.com>.
That is fair enough - I had it there to keep it simpler for users to do
the custom JWS/JWE sign/encrypt set ups... If you OK then indeed please
restore
Thanks, Sergey
On 04/11/15 14:58, Colm O hEigeartaigh wrote:
> I removed them because no other code in CXF apart from the JWT classes was
> using them. I will restore them though.
>
> Colm.
>
> On Wed, Nov 4, 2015 at 2:53 PM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi Colm,
>>
>> Why did you remove AbstractJoseConsumer/Producer ?
>>
>> Not only JWT tokens can be signed/encrypted
>>
>> Can you please restore those ?
>>
>> Thanks, Sergey
>>
>>
>>
>>
>>
>> On 04/11/15 14:45, coheigea@apache.org wrote:
>>
>>> Repository: cxf
>>> Updated Branches:
>>> refs/heads/master 33b3e3cd5 -> cb686be9d
>>>
>>>
>>> Minor change
>>>
>>>
>>> Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
>>> Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55f11ca2
>>> Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55f11ca2
>>> Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55f11ca2
>>>
>>> Branch: refs/heads/master
>>> Commit: 55f11ca29cfaecb9fd3fb8892f05bcea8f36576e
>>> Parents: 33b3e3c
>>> Author: Colm O hEigeartaigh <co...@apache.org>
>>> Authored: Wed Nov 4 11:44:48 2015 +0000
>>> Committer: Colm O hEigeartaigh <co...@apache.org>
>>> Committed: Wed Nov 4 11:44:48 2015 +0000
>>>
>>> ----------------------------------------------------------------------
>>> .../java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 4 ++--
>>> .../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java | 6
>>> +++---
>>> 2 files changed, 5 insertions(+), 5 deletions(-)
>>> ----------------------------------------------------------------------
>>>
>>>
>>>
>>> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>>> ----------------------------------------------------------------------
>>> diff --git
>>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>>> index af7dd22..a40c619 100644
>>> ---
>>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>>> +++
>>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>>> @@ -325,7 +325,7 @@ public final class JweUtils {
>>> if (includeCert) {
>>> JwkUtils.includeCertChain(jwk, headers,
>>> keyEncryptionAlgo);
>>> }
>>> - if (includeCertSha1 && headers != null) {
>>> + if (includeCertSha1) {
>>> String digest =
>>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>>> if (digest != null) {
>>> headers.setX509Thumbprint(digest);
>>> @@ -345,7 +345,7 @@ public final class JweUtils {
>>> if (includeCert) {
>>>
>>> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
>>> props));
>>> }
>>> - if (includeCertSha1 && headers != null) {
>>> + if (includeCertSha1) {
>>> String digest =
>>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>>> if (digest != null) {
>>> headers.setX509Thumbprint(digest);
>>>
>>>
>>> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>>> ----------------------------------------------------------------------
>>> diff --git
>>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>>> index 1c33ea0..3a9a91e 100644
>>> ---
>>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>>> +++
>>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>>> @@ -286,7 +286,7 @@ public final class JwsUtils {
>>> if (includeCert) {
>>> JwkUtils.includeCertChain(jwk, headers,
>>> signatureAlgo);
>>> }
>>> - if (includeCertSha1 && headers != null) {
>>> + if (includeCertSha1) {
>>> String digest =
>>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>>> if (digest != null) {
>>> headers.setX509Thumbprint(digest);
>>> @@ -304,10 +304,10 @@ public final class JwsUtils {
>>> PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props,
>>> KeyOperation.SIGN);
>>> theSigProvider = getPrivateKeySignatureProvider(pk,
>>>
>>> SignatureAlgorithm.getAlgorithm(signatureAlgo));
>>> - if (includeCert && headers != null) {
>>> + if (includeCert) {
>>>
>>> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
>>> props));
>>> }
>>> - if (includeCertSha1 && headers != null) {
>>> + if (includeCertSha1) {
>>> String digest =
>>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>>> if (digest != null) {
>>> headers.setX509Thumbprint(digest);
>>>
>>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> http://coders.talend.com/
>>
>
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: [1/5] cxf git commit: Minor change
Posted by Colm O hEigeartaigh <co...@apache.org>.
I removed them because no other code in CXF apart from the JWT classes was
using them. I will restore them though.
Colm.
On Wed, Nov 4, 2015 at 2:53 PM, Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi Colm,
>
> Why did you remove AbstractJoseConsumer/Producer ?
>
> Not only JWT tokens can be signed/encrypted
>
> Can you please restore those ?
>
> Thanks, Sergey
>
>
>
>
>
> On 04/11/15 14:45, coheigea@apache.org wrote:
>
>> Repository: cxf
>> Updated Branches:
>> refs/heads/master 33b3e3cd5 -> cb686be9d
>>
>>
>> Minor change
>>
>>
>> Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55f11ca2
>> Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55f11ca2
>> Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55f11ca2
>>
>> Branch: refs/heads/master
>> Commit: 55f11ca29cfaecb9fd3fb8892f05bcea8f36576e
>> Parents: 33b3e3c
>> Author: Colm O hEigeartaigh <co...@apache.org>
>> Authored: Wed Nov 4 11:44:48 2015 +0000
>> Committer: Colm O hEigeartaigh <co...@apache.org>
>> Committed: Wed Nov 4 11:44:48 2015 +0000
>>
>> ----------------------------------------------------------------------
>> .../java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 4 ++--
>> .../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java | 6
>> +++---
>> 2 files changed, 5 insertions(+), 5 deletions(-)
>> ----------------------------------------------------------------------
>>
>>
>>
>> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>> ----------------------------------------------------------------------
>> diff --git
>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>> index af7dd22..a40c619 100644
>> ---
>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>> +++
>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
>> @@ -325,7 +325,7 @@ public final class JweUtils {
>> if (includeCert) {
>> JwkUtils.includeCertChain(jwk, headers,
>> keyEncryptionAlgo);
>> }
>> - if (includeCertSha1 && headers != null) {
>> + if (includeCertSha1) {
>> String digest =
>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>> if (digest != null) {
>> headers.setX509Thumbprint(digest);
>> @@ -345,7 +345,7 @@ public final class JweUtils {
>> if (includeCert) {
>>
>> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
>> props));
>> }
>> - if (includeCertSha1 && headers != null) {
>> + if (includeCertSha1) {
>> String digest =
>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>> if (digest != null) {
>> headers.setX509Thumbprint(digest);
>>
>>
>> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>> ----------------------------------------------------------------------
>> diff --git
>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>> index 1c33ea0..3a9a91e 100644
>> ---
>> a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>> +++
>> b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
>> @@ -286,7 +286,7 @@ public final class JwsUtils {
>> if (includeCert) {
>> JwkUtils.includeCertChain(jwk, headers,
>> signatureAlgo);
>> }
>> - if (includeCertSha1 && headers != null) {
>> + if (includeCertSha1) {
>> String digest =
>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>> if (digest != null) {
>> headers.setX509Thumbprint(digest);
>> @@ -304,10 +304,10 @@ public final class JwsUtils {
>> PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props,
>> KeyOperation.SIGN);
>> theSigProvider = getPrivateKeySignatureProvider(pk,
>>
>> SignatureAlgorithm.getAlgorithm(signatureAlgo));
>> - if (includeCert && headers != null) {
>> + if (includeCert) {
>>
>> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m,
>> props));
>> }
>> - if (includeCertSha1 && headers != null) {
>> + if (includeCertSha1) {
>> String digest =
>> KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
>> if (digest != null) {
>> headers.setX509Thumbprint(digest);
>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [1/5] cxf git commit: Minor change
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Colm,
Why did you remove AbstractJoseConsumer/Producer ?
Not only JWT tokens can be signed/encrypted
Can you please restore those ?
Thanks, Sergey
On 04/11/15 14:45, coheigea@apache.org wrote:
> Repository: cxf
> Updated Branches:
> refs/heads/master 33b3e3cd5 -> cb686be9d
>
>
> Minor change
>
>
> Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
> Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55f11ca2
> Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55f11ca2
> Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55f11ca2
>
> Branch: refs/heads/master
> Commit: 55f11ca29cfaecb9fd3fb8892f05bcea8f36576e
> Parents: 33b3e3c
> Author: Colm O hEigeartaigh <co...@apache.org>
> Authored: Wed Nov 4 11:44:48 2015 +0000
> Committer: Colm O hEigeartaigh <co...@apache.org>
> Committed: Wed Nov 4 11:44:48 2015 +0000
>
> ----------------------------------------------------------------------
> .../java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 4 ++--
> .../java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java | 6 +++---
> 2 files changed, 5 insertions(+), 5 deletions(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
> ----------------------------------------------------------------------
> diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
> index af7dd22..a40c619 100644
> --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
> +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
> @@ -325,7 +325,7 @@ public final class JweUtils {
> if (includeCert) {
> JwkUtils.includeCertChain(jwk, headers, keyEncryptionAlgo);
> }
> - if (includeCertSha1 && headers != null) {
> + if (includeCertSha1) {
> String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
> if (digest != null) {
> headers.setX509Thumbprint(digest);
> @@ -345,7 +345,7 @@ public final class JweUtils {
> if (includeCert) {
> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
> }
> - if (includeCertSha1 && headers != null) {
> + if (includeCertSha1) {
> String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
> if (digest != null) {
> headers.setX509Thumbprint(digest);
>
> http://git-wip-us.apache.org/repos/asf/cxf/blob/55f11ca2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
> ----------------------------------------------------------------------
> diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
> index 1c33ea0..3a9a91e 100644
> --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
> +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
> @@ -286,7 +286,7 @@ public final class JwsUtils {
> if (includeCert) {
> JwkUtils.includeCertChain(jwk, headers, signatureAlgo);
> }
> - if (includeCertSha1 && headers != null) {
> + if (includeCertSha1) {
> String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
> if (digest != null) {
> headers.setX509Thumbprint(digest);
> @@ -304,10 +304,10 @@ public final class JwsUtils {
> PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
> theSigProvider = getPrivateKeySignatureProvider(pk,
> SignatureAlgorithm.getAlgorithm(signatureAlgo));
> - if (includeCert && headers != null) {
> + if (includeCert) {
> headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
> }
> - if (includeCertSha1 && headers != null) {
> + if (includeCertSha1) {
> String digest = KeyManagementUtils.loadDigestAndEncodeX509Certificate(m, props);
> if (digest != null) {
> headers.setX509Thumbprint(digest);
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
[5/5] cxf git commit: Fixing build
Posted by co...@apache.org.
Fixing build
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cb686be9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cb686be9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cb686be9
Branch: refs/heads/master
Commit: cb686be9d128ed219b40b340141ffad3b9ad44cf
Parents: d356ec6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 14:29:29 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 14:29:29 2015 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/cb686be9/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 3ff74e9..c88130c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -97,7 +97,6 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
this.jwkSetClient = jwkSetClient;
}
- @Override
protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
JsonWebKey key = null;
if (supportSelfIssuedProvider && SELF_ISSUED_ISSUER.equals(jwt.getClaim("issuer"))) {
@@ -129,7 +128,7 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
if (key != null) {
theJwsVerifier = JwsUtils.getSignatureVerifier(key);
} else {
- theJwsVerifier = super.getInitializedSignatureVerifier(jwt);
+ theJwsVerifier = super.getInitializedSignatureVerifier(jwt.getJwsHeaders());
}
if (theJwsVerifier == null) {
throw new SecurityException("JWS Verifier is not available");
[2/5] cxf git commit: Split JWT headers into signature and encryption
headers
Posted by co...@apache.org.
Split JWT headers into signature and encryption headers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b8895931
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b8895931
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b8895931
Branch: refs/heads/master
Commit: b8895931ae59c9baa1b44a3eb4d86904afffa405
Parents: 55f11ca
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Nov 4 12:19:35 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Nov 4 12:19:35 2015 +0000
----------------------------------------------------------------------
.../jaxrs/JwtAuthenticationClientFilter.java | 3 --
.../jose/jaxrs/JwtAuthenticationFilter.java | 4 +-
.../jose/jwe/JweJwtCompactProducer.java | 2 +-
.../jose/jws/JwsJwtCompactProducer.java | 3 +-
.../jose/jwt/AbstractJoseJwtConsumer.java | 18 +++++----
.../cxf/rs/security/jose/jwt/JwtToken.java | 39 ++++++++++++++------
.../jose/jws/JwsCompactReaderWriterTest.java | 15 ++++----
.../grants/jwt/JwtBearerGrantHandler.java | 2 +-
.../oidc/rp/AbstractTokenValidator.java | 2 +-
.../cxf/rs/security/oidc/utils/OidcUtils.java | 4 +-
10 files changed, 53 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 8fd87ab..0319e8b 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -32,7 +32,6 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
@@ -63,8 +62,6 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
if (jwt == null) {
throw new JoseException("JWT token is not available");
}
- JoseUtils.setJoseMessageContextProperty(jwt.getHeaders(),
- getContextPropertyValue());
String data = super.processJwt(jwt);
requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION,
authScheme + " " + data);
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 355bfb3..e52897c 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -34,7 +34,6 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -60,7 +59,6 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
throw new JoseException(expectedAuthScheme + " scheme is expected");
}
JwtToken token = super.getJwtToken(parts[1]);
- JoseUtils.setMessageContextProperty(token.getHeaders());
SecurityContext securityContext = configureSecurityContext(token);
if (securityContext != null) {
@@ -83,7 +81,7 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
private boolean isVerifiedWithAPublicKey(JwtToken jwt) {
if (isJwsRequired()) {
- String alg = (String)jwt.getHeader(JoseConstants.HEADER_ALGORITHM);
+ String alg = (String)jwt.getJwsHeader(JoseConstants.HEADER_ALGORITHM);
SignatureAlgorithm sigAlg = SignatureAlgorithm.getAlgorithm(alg);
return SignatureAlgorithm.isPublicKeyAlgorithm(sigAlg);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
index f52f9e2..d35cd0a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
@@ -32,7 +32,7 @@ public class JweJwtCompactProducer {
private JweHeaders headers;
private String claimsJson;
public JweJwtCompactProducer(JwtToken token) {
- this(new JweHeaders(token.getHeaders()), token.getClaims());
+ this(new JweHeaders(token.getJweHeaders()), token.getClaims());
}
public JweJwtCompactProducer(JwtClaims claims) {
this(new JweHeaders(), claims);
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
index 3ac6021..8b73b02 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
@@ -17,6 +17,7 @@
* under the License.
*/
package org.apache.cxf.rs.security.jose.jws;
+
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
@@ -35,7 +36,7 @@ public class JwsJwtCompactProducer extends JwsCompactProducer {
this(new JwtToken(headers, claims), null);
}
protected JwsJwtCompactProducer(JwtToken token, JwtTokenReaderWriter w) {
- super(new JwsHeaders(token.getHeaders()), w,
+ super(new JwsHeaders(token.getJwsHeaders()), w,
JwtUtils.claimsToJson(token.getClaims(), w));
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index daea97b..df482b8 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -19,9 +19,10 @@
package org.apache.cxf.rs.security.jose.jwt;
import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
@@ -41,6 +42,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
throw new JwtException("Unable to process JWT");
}
+ JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
if (jweDecryptor == null) {
jweDecryptor = getInitializedDecryptionProvider();
@@ -52,12 +54,16 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
if (!isJwsRequired()) {
return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);
}
- wrappedJwtToken = jweDecryptor.decrypt(wrappedJwtToken).getContentText();
+ JweDecryptionOutput decOutput = jweDecryptor.decrypt(wrappedJwtToken);
+ wrappedJwtToken = decOutput.getContentText();
+ jweHeaders = decOutput.getHeaders();
}
-
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
+ // Store the encryption headers as well
+ jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
+
if (isJwsRequired()) {
if (theSigVerifier == null) {
theSigVerifier = getInitializedSignatureVerifier(jwt);
@@ -79,11 +85,7 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer {
return super.getJwsVerifier();
}
- if (jwt.getHeaders() instanceof JwsHeaders) {
- return JwsUtils.loadSignatureVerifier((JwsHeaders)jwt.getHeaders(), false);
- }
-
- return super.getInitializedSignatureVerifier();
+ return JwsUtils.loadSignatureVerifier(jwt.getJwsHeaders(), false);
}
protected void validateToken(JwtToken jwt) {
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
index 069b8f2..6780e78 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
@@ -18,39 +18,56 @@
*/
package org.apache.cxf.rs.security.jose.jwt;
-import org.apache.cxf.rs.security.jose.common.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
public class JwtToken {
- private JoseHeaders headers;
+ private JwsHeaders jwsHeaders;
+ private JweHeaders jweHeaders;
private JwtClaims claims;
+
public JwtToken(JwtClaims claims) {
- this(new JoseHeaders() { }, claims);
+ this(new JwsHeaders() { }, new JweHeaders() { }, claims);
+ }
+ public JwtToken(JwsHeaders jwsHeaders, JwtClaims claims) {
+ this(jwsHeaders, new JweHeaders() { }, claims);
+ }
+ public JwtToken(JweHeaders jweHeaders, JwtClaims claims) {
+ this(new JwsHeaders() { }, jweHeaders, claims);
}
- public JwtToken(JoseHeaders headers, JwtClaims claims) {
- this.headers = headers;
+ public JwtToken(JwsHeaders jwsHeaders, JweHeaders jweHeaders, JwtClaims claims) {
+ this.jwsHeaders = jwsHeaders;
+ this.jweHeaders = jweHeaders;
this.claims = claims;
}
- public JoseHeaders getHeaders() {
- return headers;
+ public JwsHeaders getJwsHeaders() {
+ return jwsHeaders;
+ }
+ public JweHeaders getJweHeaders() {
+ return jweHeaders;
}
public JwtClaims getClaims() {
return claims;
}
- public Object getHeader(String name) {
- return headers.getHeader(name);
+ public Object getJwsHeader(String name) {
+ return jwsHeaders.getHeader(name);
+ }
+ public Object getJweHeader(String name) {
+ return jweHeaders.getHeader(name);
}
public Object getClaim(String name) {
return claims.getClaim(name);
}
public int hashCode() {
- return headers.hashCode() + 37 * claims.hashCode();
+ return jwsHeaders.hashCode() + 37 * claims.hashCode() + 37 * jweHeaders.hashCode();
}
public boolean equals(Object obj) {
return obj instanceof JwtToken
- && ((JwtToken)obj).headers.equals(this.headers)
+ && ((JwtToken)obj).jwsHeaders.equals(this.jwsHeaders)
+ && ((JwtToken)obj).jweHeaders.equals(this.jweHeaders)
&& ((JwtToken)obj).claims.equals(this.claims);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index ed10a10..9554dde 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -29,7 +29,6 @@ import java.util.List;
import java.util.Map;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
-import org.apache.cxf.rs.security.jose.common.JoseHeaders;
import org.apache.cxf.rs.security.jose.common.JoseType;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
@@ -164,7 +163,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(JoseType.JWT, headers.getType());
assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
@@ -212,7 +211,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(JoseType.JWT, headers.getType());
assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm());
@@ -257,7 +256,7 @@ public class JwsCompactReaderWriterTest extends Assert {
RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders inHeaders = new JwsHeaders(token.getHeaders());
+ JwsHeaders inHeaders = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.PS256,
inHeaders.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
@@ -283,7 +282,7 @@ public class JwsCompactReaderWriterTest extends Assert {
assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey,
SignatureAlgorithm.ES256)));
JwtToken token = jwsConsumer.getJwtToken();
- JwsHeaders headersReceived = new JwsHeaders(token.getHeaders());
+ JwsHeaders headersReceived = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.ES256, headersReceived.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
}
@@ -294,19 +293,19 @@ public class JwsCompactReaderWriterTest extends Assert {
RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256)));
JwtToken token = jws.getJwtToken();
- JwsHeaders headers = new JwsHeaders(token.getHeaders());
+ JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.RS256, headers.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
}
- private JwsCompactProducer initSpecJwtTokenWriter(JoseHeaders headers) throws Exception {
+ private JwsCompactProducer initSpecJwtTokenWriter(JwsHeaders jwsHeaders) throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
- JwtToken token = new JwtToken(headers, claims);
+ JwtToken token = new JwtToken(jwsHeaders, claims);
return new JwsJwtCompactProducer(token, getWriter());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
index a5935b0..5bef103 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/JwtBearerGrantHandler.java
@@ -58,7 +58,7 @@ public class JwtBearerGrantHandler extends AbstractJwtHandler {
try {
JwsJwtCompactConsumer jwsReader = getJwsReader(assertion);
JwtToken jwtToken = jwsReader.getJwtToken();
- validateSignature(new JwsHeaders(jwtToken.getHeaders()),
+ validateSignature(new JwsHeaders(jwtToken.getJwsHeaders()),
jwsReader.getUnsignedEncodedSequence(),
jwsReader.getDecodedSignature());
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 40e1c80..3ff74e9 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -113,7 +113,7 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
throw new SecurityException("Self-issued JWK key is invalid or not available");
}
} else {
- String keyId = jwt.getHeaders().getKeyId();
+ String keyId = jwt.getJwsHeaders().getKeyId();
key = keyId != null ? keyMap.get(keyId) : null;
if (key == null && jwkSetClient != null) {
JsonWebKeys keys = jwkSetClient.get(JsonWebKeys.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/b8895931/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index ccad6d7..7ced717 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -95,7 +95,7 @@ public final class OidcUtils {
if (required) {
validateHash(at.getTokenKey(),
(String)jwt.getClaims().getClaim("at_hash"),
- jwt.getHeaders().getAlgorithm());
+ jwt.getJwsHeaders().getAlgorithm());
}
}
public static void validateCodeHash(String code, JwtToken jwt) {
@@ -105,7 +105,7 @@ public final class OidcUtils {
if (required) {
validateHash(code,
(String)jwt.getClaims().getClaim("c_hash"),
- jwt.getHeaders().getAlgorithm());
+ jwt.getJwsHeaders().getAlgorithm());
}
}
private static void validateHash(String value, String theHash, String joseAlgo) {