Moving Jose constants into a single class + documenting them
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5778d255 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5778d255 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5778d255 Branch: refs/heads/master Commit: 5778d255da1f5d9d58bac6cefd56ade115e48304 Parents: 979dc1f Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Oct 14 12:45:19 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Oct 14 12:45:19 2015 +0100 ---------------------------------------------------------------------- .../rs/security/jose/common/JoseConstants.java | 165 +++++++++++++++++++ .../jose/common/KeyManagementUtils.java | 74 +++------ .../cxf/rs/security/jose/jwe/JweUtils.java | 65 +++++--- .../cxf/rs/security/jose/jwk/JwkUtils.java | 21 +-- .../cxf/rs/security/jose/jws/JwsUtils.java | 52 +++--- .../systest/jaxrs/security/alice.jwk.properties | 6 +- .../systest/jaxrs/security/alice.rs.properties | 6 +- .../systest/jaxrs/security/bob.jwk.properties | 6 +- .../systest/jaxrs/security/bob.rs.properties | 6 +- .../jaxrs/security/jws.ec.private.properties | 2 +- .../jaxrs/security/jws.ec.public.properties | 2 +- .../secret.aescbchmac.inlinejwk.properties | 2 +- .../secret.aescbchmac.inlineset.properties | 2 +- .../jaxrs/security/secret.aescbchmac.properties | 2 +- .../jaxrs/security/secret.jwk.properties | 2 +- 15 files changed, 292 insertions(+), 121 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index d312300..b85d1ce 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -48,6 +48,171 @@ public final class JoseConstants { public static final String JOSE_CONTEXT_PROPERTY = "org.apache.cxf.jose.context"; + // + // JOSE Configuration constants + // + + // + // Keys/keystore configuration + // + + /** + * The keystore type. Suitable values are "jks" or "jwk". + */ + public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type"; + + /** + * The password required to access the keystore. + */ + public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password"; + + /** + * The password required to access the private key (in the keystore). + */ + public static final String RSSEC_KEY_PSWD = "rs.security.key.password"; + + /** + * The keystore alias corresponding to the key to use + */ + public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias"; + + /** + * The keystore aliases corresponding to the keys to use, when using the JSON serialization form. + */ + public static final String RSSEC_KEY_STORE_ALIASES = "rs.security.keystore.aliases"; + + /** + * The path to the keystore file. + */ + public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file"; + + /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys. + */ + public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; + + /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for signature. + */ + public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; + + /** + * A reference to a PrivateKeyPasswordProvider instance used to retrieve passwords to access keys + * for decryption. + */ + public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; + + /** + * TODO documentation for these + */ + public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; + public static final String RSSEC_REPORT_KEY_PROP = "rs.security.report.public.key"; + public static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.report.public.key.id"; + public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties"; + public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset"; + public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey"; + + // + // JWS specific Configuration + // + + /** + * The signature algorithm to use. For example 'RS256'. + */ + public static final String RSSEC_SIGNATURE_ALGORITHM = "rs.security.signature.algorithm"; + + /** + * The OLD signature algorithm identifier. Use RSSEC_SIGNATURE_ALGORITHM instead. + */ + @Deprecated + public static final String DEPR_RSSEC_SIGNATURE_ALGORITHM = "rs.security.jws.content.signature.algorithm"; + + /** + * The signature properties file for signature creation. + */ + public static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties"; + + /** + * The signature properties file for signature verification. + */ + public static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties"; + + /** + * The signature properties file for signature creation/verification. + */ + public static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties"; + + /** + * Whether a "none" signature is allowed or not. The default is "false". + */ + public static final String RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE = "rs.security.signature.allow.none"; + + /** + * TODO documentation for these + */ + public static final String RSSEC_SIGNATURE_REPORT_KEY_PROP = "rs.security.signature.report.public.key"; + public static final String RSSEC_SIGNATURE_REPORT_KEY_ID_PROP = "rs.security.signature.report.public.key.id"; + + // + // JWE specific Configuration + // + + /** + * The encryption content algorithm to use. + */ + public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm"; + + /** + * The OLD encryption content algorithm to use. Use RSSEC_ENCRYPTION_CONTENT_ALGORITHM instead. + */ + @Deprecated + public static final String DEPR_RSSEC_ENCRYPTION_CONTENT_ALGORITHM = + "rs.security.jwe.content.encryption.algorithm"; + + /** + * The encryption key algorithm to use. + */ + public static final String RSSEC_ENCRYPTION_KEY_ALGORITHM = "rs.security.encryption.key.algorithm"; + + /** + * The OLD encryption key algorithm to use. Use RSSEC_ENCRYPTION_KEY_ALGORITHM instead. + */ + @Deprecated + public static final String DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM = "rs.security.jwe.key.encryption.algorithm"; + + /** + * The encryption zip algorithm to use. + */ + public static final String RSSEC_ENCRYPTION_ZIP_ALGORITHM = "rs.security.encryption.zip.algorithm"; + + /** + * The OLD encryption zip algorithm to use. Use RSSEC_ENCRYPTION_ZIP_ALGORITHM instead. + */ + @Deprecated + public static final String DEPR_RSSEC_ENCRYPTION_ZIP_ALGORITHM = "rs.security.jwe.zip.algorithm"; + + /** + * The encryption properties file + */ + public static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties"; + + /** + * The decryption properties file + */ + public static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties"; + + /** + * The encryption/decryption properties file + */ + public static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties"; + + /** + * TODO documentation for these + */ + public static final String RSSEC_ENCRYPTION_REPORT_KEY_PROP = "rs.security.encryption.report.public.key"; + public static final String RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP = "rs.security.encryption.report.public.key.id"; + private JoseConstants() { } http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 4fe3a7e..917c856 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.jose.common; import java.io.InputStream; import java.security.KeyStore; -import java.security.Principal; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.CertPath; @@ -49,27 +48,11 @@ import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.jose.jwk.KeyOperation; import org.apache.cxf.rt.security.crypto.CryptoUtils; -import org.apache.cxf.security.SecurityContext; - /** * Encryption helpers */ public final class KeyManagementUtils { - public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type"; - public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password"; - public static final String RSSEC_KEY_PSWD = "rs.security.key.password"; - public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias"; - public static final String RSSEC_KEY_STORE_ALIASES = "rs.security.keystore.aliases"; - public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file"; - public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name"; - public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; - public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; - public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; - public static final String RSSEC_DEFAULT_ALGORITHMS = "rs.security.default.algorithms"; - public static final String RSSEC_REPORT_KEY_PROP = "rs.security.report.public.key"; - public static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.report.public.key.id"; - public static final String RSSEC_ACCEPT_PUBLIC_KEY_PROP = "rs.security.accept.public.key.properties"; private static final Logger LOG = LogUtils.getL7dLogger(KeyManagementUtils.class); private KeyManagementUtils() { @@ -80,7 +63,7 @@ public final class KeyManagementUtils { } public static X509Certificate[] loadX509CertificateOrChain(Message m, Properties props) { KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props); - String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS); + String alias = props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS); return loadX509CertificateOrChain(keyStore, alias); } private static X509Certificate[] loadX509CertificateOrChain(KeyStore keyStore, String alias) { @@ -99,7 +82,7 @@ public final class KeyManagementUtils { public static PublicKey loadPublicKey(Message m, Properties props) { KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props); - return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS)); + return CryptoUtils.loadPublicKey(keyStore, props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS)); } public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) { return loadPublicKey(m, keyStoreLocProp, null); @@ -133,8 +116,8 @@ public final class KeyManagementUtils { KeyOperation keyOper, String alias) { - String keyPswd = props.getProperty(RSSEC_KEY_PSWD); - String theAlias = alias != null ? alias : getKeyId(m, props, RSSEC_KEY_STORE_ALIAS, keyOper); + String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD); + String theAlias = alias != null ? alias : getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); char[] keyPswdChars = provider != null ? provider.getPassword(props) : keyPswd != null ? keyPswd.toCharArray() : null; return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias); @@ -184,11 +167,11 @@ public final class KeyManagementUtils { } public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) { PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(RSSEC_KEY_PSWD_PROVIDER); + (PrivateKeyPasswordProvider)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD_PROVIDER); if (cb == null && keyOper != null) { - String propName = keyOper == KeyOperation.SIGN ? RSSEC_SIG_KEY_PSWD_PROVIDER + String propName = keyOper == KeyOperation.SIGN ? JoseConstants.RSSEC_SIG_KEY_PSWD_PROVIDER : keyOper == KeyOperation.DECRYPT - ? RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null; + ? JoseConstants.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null; if (propName != null) { cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName); } @@ -204,33 +187,24 @@ public final class KeyManagementUtils { String alias) { Bus bus = m.getExchange().getBus(); PrivateKeyPasswordProvider cb = loadPasswordProvider(m, props, keyOper); - if (cb != null && m.getExchange().getInMessage() != null) { - SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class); - if (sc != null) { - Principal p = sc.getUserPrincipal(); - if (p != null) { - props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName()); - } - } - } return loadPrivateKey(keyStore, m, props, bus, cb, keyOper, alias); } public static KeyStore loadPersistKeyStore(Message m, Properties props) { - if (!props.containsKey(RSSEC_KEY_STORE_FILE)) { + if (!props.containsKey(JoseConstants.RSSEC_KEY_STORE_FILE)) { LOG.warning("No keystore file has been configured"); throw new JoseException("No keystore file has been configured"); } - KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(RSSEC_KEY_STORE_FILE)); + KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(JoseConstants.RSSEC_KEY_STORE_FILE)); if (keyStore == null) { keyStore = loadKeyStore(props, m.getExchange().getBus()); - m.getExchange().put((String)props.get(RSSEC_KEY_STORE_FILE), keyStore); + m.getExchange().put((String)props.get(JoseConstants.RSSEC_KEY_STORE_FILE), keyStore); } return keyStore; } public static KeyStore loadKeyStore(Properties props, Bus bus) { - String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE); - String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE); - String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD); + String keyStoreType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE); + String keyStoreLoc = props.getProperty(JoseConstants.RSSEC_KEY_STORE_FILE); + String keyStorePswd = props.getProperty(JoseConstants.RSSEC_KEY_STORE_PSWD); if (keyStorePswd == null) { throw new JoseException("No keystore password was defined"); @@ -307,7 +281,7 @@ public final class KeyManagementUtils { if (algo == null) { algo = (String)m.getContextualProperty(propName); } - if (algo == null && PropertyUtils.isTrue(m.getContextualProperty(RSSEC_DEFAULT_ALGORITHMS))) { + if (algo == null && PropertyUtils.isTrue(m.getContextualProperty(JoseConstants.RSSEC_DEFAULT_ALGORITHMS))) { algo = defaultAlg; } return algo; @@ -332,26 +306,26 @@ public final class KeyManagementUtils { throw new JoseException(ex); } } else { - String keyFile = (String)m.getContextualProperty(RSSEC_KEY_STORE_FILE); + String keyFile = (String)m.getContextualProperty(JoseConstants.RSSEC_KEY_STORE_FILE); if (keyFile != null) { props = new Properties(); - props.setProperty(RSSEC_KEY_STORE_FILE, keyFile); - String type = (String)m.getContextualProperty(RSSEC_KEY_STORE_TYPE); + props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, keyFile); + String type = (String)m.getContextualProperty(JoseConstants.RSSEC_KEY_STORE_TYPE); if (type == null) { type = "jwk"; } - props.setProperty(RSSEC_KEY_STORE_TYPE, type); - String alias = (String)m.getContextualProperty(RSSEC_KEY_STORE_ALIAS); + props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, type); + String alias = (String)m.getContextualProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS); if (alias != null) { - props.setProperty(RSSEC_KEY_STORE_ALIAS, alias); + props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, alias); } - String keystorePassword = (String)m.getContextualProperty(RSSEC_KEY_STORE_PSWD); + String keystorePassword = (String)m.getContextualProperty(JoseConstants.RSSEC_KEY_STORE_PSWD); if (keystorePassword != null) { - props.setProperty(RSSEC_KEY_STORE_PSWD, keystorePassword); + props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, keystorePassword); } - String keyPassword = (String)m.getContextualProperty(RSSEC_KEY_PSWD); + String keyPassword = (String)m.getContextualProperty(JoseConstants.RSSEC_KEY_PSWD); if (keyPassword != null) { - props.setProperty(RSSEC_KEY_PSWD, keyPassword); + props.setProperty(JoseConstants.RSSEC_KEY_PSWD, keyPassword); } } } http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 773bac5..379efaf 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -55,14 +55,6 @@ import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class JweUtils { private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class); - private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm"; - private static final String JSON_WEB_ENCRYPTION_KEY_ALGO_PROP = "rs.security.jwe.key.encryption.algorithm"; - private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm"; - private static final String RSSEC_ENCRYPTION_OUT_PROPS = "rs.security.encryption.out.properties"; - private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties"; - private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties"; - private static final String RSSEC_ENCRYPTION_REPORT_KEY_PROP = "rs.security.jwe.report.public.key"; - private static final String RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP = "rs.security.jwe.report.public.key.id"; private JweUtils() { @@ -273,29 +265,31 @@ public final class JweUtils { public static JweEncryptionProvider loadEncryptionProvider(boolean required) { return loadEncryptionProvider(null, required); } + @SuppressWarnings("deprecation") public static JweEncryptionProvider loadEncryptionProvider(JweHeaders headers, boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, required, - RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS); + JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS, + JoseConstants.RSSEC_ENCRYPTION_PROPS); if (props == null) { return null; } boolean reportPublicKey = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_PROP, - KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); + MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_REPORT_KEY_PROP, + JoseConstants.RSSEC_REPORT_KEY_PROP)); boolean reportPublicKeyId = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP, - KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP)); + MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_REPORT_KEY_ID_PROP, + JoseConstants.RSSEC_REPORT_KEY_ID_PROP)); KeyEncryptionProvider keyEncryptionProvider = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo); String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null); ContentEncryptionProvider ctEncryptionProvider = null; - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT); if ("direct".equals(keyEncryptionAlgo)) { contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm()); @@ -318,10 +312,15 @@ public final class JweUtils { } } + + String compression = props.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM); + if (compression == null) { + compression = props.getProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_ZIP_ALGORITHM); + } return createJweEncryptionProvider(keyEncryptionProvider, ctEncryptionProvider, contentEncryptionAlgo, - props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP)); + compression); } public static JweDecryptionProvider loadDecryptionProvider(boolean required) { return loadDecryptionProvider(null, required); @@ -329,7 +328,8 @@ public final class JweUtils { public static JweDecryptionProvider loadDecryptionProvider(JweHeaders inHeaders, boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, required, - RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS); + JoseConstants.RSSEC_ENCRYPTION_IN_PROPS, + JoseConstants.RSSEC_ENCRYPTION_PROPS); if (props == null) { return null; } @@ -350,7 +350,7 @@ public final class JweUtils { keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, inHeaders.getKeyEncryptionAlgorithm()); } else { - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT); if ("direct".equals(keyEncryptionAlgo)) { contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm()); @@ -584,14 +584,26 @@ public final class JweUtils { return getDirectKeyJweDecryption(ctDecryptionKey, contentDecryptionAlgo); } } + @SuppressWarnings("deprecation") private static String getKeyEncryptionAlgo(Message m, Properties props, String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { defaultAlgo = AlgorithmUtils.RSA_OAEP_ALGO; } + + // Check for deprecated identifier first + String encAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM); + if (encAlgo == null) { + encAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_KEY_ALGORITHM); + } + if (encAlgo != null) { + return encAlgo; + } + + // Otherwise check newer identifier return KeyManagementUtils.getKeyAlgorithm(m, props, - JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, defaultAlgo); + JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, defaultAlgo); } return algo; } @@ -603,10 +615,22 @@ public final class JweUtils { return AlgorithmUtils.RSA_OAEP_ALGO; } } + @SuppressWarnings("deprecation") private static String getContentEncryptionAlgo(Message m, Properties props, String algo) { if (algo == null) { + // Check for deprecated identifier first + String encAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_CONTENT_ALGORITHM); + if (encAlgo == null) { + encAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_ENCRYPTION_CONTENT_ALGORITHM); + } + if (encAlgo != null) { + return encAlgo; + } + + // Otherwise check newer identifier return KeyManagementUtils.getKeyAlgorithm(m, props, - JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, AlgorithmUtils.A128GCM_ALGO); + JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, + AlgorithmUtils.A128GCM_ALGO); } return algo; } @@ -626,7 +650,8 @@ public final class JweUtils { public static void validateJweCertificateChain(List<X509Certificate> certs) { Message m = PhaseInterceptorChain.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, true, - RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS); + JoseConstants.RSSEC_ENCRYPTION_IN_PROPS, + JoseConstants.RSSEC_ENCRYPTION_PROPS); KeyManagementUtils.validateCertificateChain(props, certs); } http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 4c67d4c..44f7733 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -70,9 +70,6 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class JwkUtils { - public static final String JWK_KEY_STORE_TYPE = "jwk"; - public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset"; - public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey"; private static final Map<KeyType, List<String>> JWK_REQUIRED_FIELDS_MAP; static { JWK_REQUIRED_FIELDS_MAP = new HashMap<KeyType, List<String>>(); @@ -251,7 +248,7 @@ public final class JwkUtils { } public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb, JwkReaderWriter reader) { - String key = (String)props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE); + String key = (String)props.get(JoseConstants.RSSEC_KEY_STORE_FILE); JsonWebKeys jwkSet = key != null ? (JsonWebKeys)m.getExchange().get(key) : null; if (jwkSet == null) { jwkSet = loadJwkSet(props, m.getExchange().getBus(), cb, reader); @@ -272,7 +269,7 @@ public final class JwkUtils { } public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) { String keyContent = null; - String keyStoreLoc = props.getProperty(KeyManagementUtils.RSSEC_KEY_STORE_FILE); + String keyStoreLoc = props.getProperty(JoseConstants.RSSEC_KEY_STORE_FILE); if (keyStoreLoc != null) { try { InputStream is = JoseUtils.getResourceStream(keyStoreLoc, bus); @@ -284,15 +281,15 @@ public final class JwkUtils { throw new JwkException(ex); } } else { - keyContent = props.getProperty(RSSEC_KEY_STORE_JWKSET); + keyContent = props.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKSET); if (keyContent == null) { - keyContent = props.getProperty(RSSEC_KEY_STORE_JWKKEY); + keyContent = props.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY); } } if (jwe != null) { keyContent = jwe.decrypt(keyContent).getContentText(); } - if (props.getProperty(RSSEC_KEY_STORE_JWKKEY) == null) { + if (props.getProperty(JoseConstants.RSSEC_KEY_STORE_JWKKEY) == null) { return reader.jsonToJwkSet(keyContent); } else { JsonWebKey key = reader.jsonToJwk(keyContent); @@ -313,10 +310,10 @@ public final class JwkUtils { JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); String kid = null; if (inHeaderKid != null - && MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { + && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { kid = inHeaderKid; } else { - kid = KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS, keyOper); + kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); } if (kid != null) { return jwkSet.getKey(kid); @@ -337,11 +334,11 @@ public final class JwkUtils { JwkReaderWriter reader) { PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper); JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); - String kid = KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIAS, keyOper); + String kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); if (kid != null) { return Collections.singletonList(jwkSet.getKey(kid)); } - String kids = KeyManagementUtils.getKeyId(m, props, KeyManagementUtils.RSSEC_KEY_STORE_ALIASES, keyOper); + String kids = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIASES, keyOper); if (kids != null) { String[] values = kids.split(","); List<JsonWebKey> keys = new ArrayList<JsonWebKey>(values.length); http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 8acc6b2..914f315 100644 --- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -50,13 +50,6 @@ import org.apache.cxf.rs.security.jose.jwk.KeyType; public final class JwsUtils { private static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class); - private static final String JSON_WEB_SIGNATURE_ALGO_PROP = "rs.security.jws.content.signature.algorithm"; - private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties"; - private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties"; - private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties"; - private static final String RSSEC_REPORT_KEY_PROP = "rs.security.jws.report.public.key"; - private static final String RSSEC_REPORT_KEY_ID_PROP = "rs.security.jws.report.public.key.id"; - private static final String RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE = "rs.security.jws.allow.none.signature"; private JwsUtils() { @@ -195,7 +188,8 @@ public final class JwsUtils { public static JwsSignatureProvider loadSignatureProvider(JwsHeaders headers, boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, required, - RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS); + JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, + JoseConstants.RSSEC_SIGNATURE_PROPS); if (props == null) { return null; } @@ -211,13 +205,14 @@ public final class JwsUtils { public static JwsSignatureVerifier loadSignatureVerifier(JwsHeaders headers, boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); boolean allowNoneSignature = - MessageUtils.getContextualBoolean(m, RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE, false); + MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_SIGNATURE_ALLOW_NONE_SIGNATURE, false); if (allowNoneSignature && SignatureAlgorithm.NONE.getJwaName().equals(headers.getAlgorithm())) { return new NoneJwsSignatureVerifier(); } Properties props = KeyManagementUtils.loadStoreProperties(m, required, - RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS); + JoseConstants.RSSEC_SIGNATURE_IN_PROPS, + JoseConstants.RSSEC_SIGNATURE_PROPS); if (props == null) { return null; } @@ -230,7 +225,7 @@ public final class JwsUtils { return Collections.singletonList(theSigProvider); } List<JwsSignatureProvider> theSigProviders = null; - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN); if (jwks != null) { theSigProviders = new ArrayList<JwsSignatureProvider>(jwks.size()); @@ -253,7 +248,7 @@ public final class JwsUtils { return Collections.singletonList(theVerifier); } List<JwsSignatureVerifier> theVerifiers = null; - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.VERIFY); if (jwks != null) { theVerifiers = new ArrayList<JwsSignatureVerifier>(jwks.size()); @@ -279,13 +274,13 @@ public final class JwsUtils { JwsSignatureProvider theSigProvider = null; boolean reportPublicKey = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_PROP, - KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); + MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_REPORT_KEY_PROP, + JoseConstants.RSSEC_REPORT_KEY_PROP)); boolean reportPublicKeyId = headers != null && MessageUtils.isTrue( - MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_ID_PROP, - KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP)); - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_REPORT_KEY_ID_PROP, + JoseConstants.RSSEC_REPORT_KEY_ID_PROP)); + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); @@ -321,7 +316,7 @@ public final class JwsUtils { if (inHeaders.getHeader(JoseConstants.HEADER_JSON_WEB_KEY) != null) { JsonWebKey publicJwk = inHeaders.getJsonWebKey(); if (inHeaderKid != null && !inHeaderKid.equals(publicJwk.getKeyId()) - || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { + || !MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { throw new JwsException(JwsException.Error.INVALID_KEY); } return getSignatureVerifier(publicJwk, @@ -334,7 +329,7 @@ public final class JwsUtils { } } - if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { + if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); @@ -361,12 +356,26 @@ public final class JwsUtils { throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES); } } + + @SuppressWarnings("deprecation") private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO; } - return KeyManagementUtils.getKeyAlgorithm(m, props, JSON_WEB_SIGNATURE_ALGO_PROP, defaultAlgo); + + // Check for deprecated identifier first + String sigAlgo = props.getProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM); + if (sigAlgo == null) { + sigAlgo = (String)m.getContextualProperty(JoseConstants.DEPR_RSSEC_SIGNATURE_ALGORITHM); + } + if (sigAlgo != null) { + return sigAlgo; + } + + // Otherwise check newer identifier + return KeyManagementUtils.getKeyAlgorithm(m, props, + JoseConstants.RSSEC_SIGNATURE_ALGORITHM, defaultAlgo); } return algo; } @@ -400,7 +409,8 @@ public final class JwsUtils { Message m = PhaseInterceptorChain.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, true, - RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS); + JoseConstants.RSSEC_SIGNATURE_IN_PROPS, + JoseConstants.RSSEC_SIGNATURE_PROPS); KeyManagementUtils.validateCertificateChain(props, certs); } public static boolean isPayloadUnencoded(JwsHeaders jwsHeaders) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties index e36c3f3..d8a002f 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk.properties @@ -17,6 +17,6 @@ rs.security.keystore.type=jwk rs.security.keystore.alias=2011-04-29 rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt -rs.security.jwe.content.encryption.algorithm=A128GCM -rs.security.jwe.key.encryption.algorithm=RSA-OAEP -rs.security.jws.content.signature.algorithm=RS256 +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties index bb85d61..7922a19 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs.properties @@ -18,6 +18,6 @@ rs.security.keystore.type=jks rs.security.keystore.password=password rs.security.keystore.alias=alice rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/alice.jks -rs.security.jwe.content.encryption.algorithm=A128GCM -rs.security.jwe.key.encryption.algorithm=RSA-OAEP -rs.security.jws.content.signature.algorithm=RS256 +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties index b57af21..808772a 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk.properties @@ -19,6 +19,6 @@ rs.security.keystore.type=jwk rs.security.keystore.alias=2011-04-29 rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt -rs.security.jwe.content.encryption.algorithm=A128GCM -rs.security.jwe.key.encryption.algorithm=RSA-OAEP -rs.security.jws.content.signature.algorithm=RS256 +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties index 73ee40e..293556b 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs.properties @@ -20,6 +20,6 @@ rs.security.keystore.type=jks rs.security.keystore.password=password rs.security.keystore.alias=bob rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/bob.jks -rs.security.jwe.content.encryption.algorithm=A128GCM -rs.security.jwe.key.encryption.algorithm=RSA-OAEP -rs.security.jws.content.signature.algorithm=RS256 +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=RSA-OAEP +rs.security.signature.algorithm=RS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties index a389312..b5b7dd2 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties @@ -17,4 +17,4 @@ rs.security.keystore.type=jwk rs.security.keystore.alias=ECKey rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt -rs.security.jws.content.signature.algorithm=ES256 \ No newline at end of file +rs.security.signature.algorithm=ES256 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties index 5178e85..32f0a5a 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties @@ -17,4 +17,4 @@ rs.security.keystore.type=jwk rs.security.keystore.alias=ECKey rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt -rs.security.jws.content.signature.algorithm=ES256 \ No newline at end of file +rs.security.signature.algorithm=ES256 \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties index 2455204..06d481d 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties @@ -17,4 +17,4 @@ rs.security.keystore.type=jwk rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiaXVHOExqSkNrN3FtcnVGRUdyMHVuUSIsInAyYyI6NDA5Nn0.TuUE2NnCsl3ZWJY7sl0uqEWxFV2ZHw5tw-0ri8Qyst5Gn6YzuPGKJw.aaesJ4e-rLFYIdxA6gMdMw.lnncuqaZ2o3lPRX9bfFh4huW5llDWXC0Gg5987pNSte0SyY7gJcg4EFPHrPdO1YSAZJmPC3hEEmcwqh42w8g2rWiyUqcJ8Z4PqEj7HkNUdE.NccysFtj5AoMMSEk2Sa6oQ rs.security.keystore.alias.jwe=AesWrapKey -rs.security.jwe.content.encryption.algorithm=A128CBC-HS256 +rs.security.encryption.content.algorithm=A128CBC-HS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties index e00378f..dcbd14b 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties @@ -17,4 +17,4 @@ rs.security.keystore.type=jwk rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzd Ohg2RBPHhpiH5lbldTHRuP3PtQKtM6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg rs.security.keystore.alias.jwe=AesWrapKey -rs.security.jwe.content.encryption.algorithm=A128CBC-HS256 +rs.security.encryption.content.algorithm=A128CBC-HS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties index 56faf68..efa2db2 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.properties @@ -17,4 +17,4 @@ rs.security.keystore.type=jwk rs.security.keystore.alias.jwe=AesWrapKey rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt -rs.security.jwe.content.encryption.algorithm=A128CBC-HS256 +rs.security.encryption.content.algorithm=A128CBC-HS256 http://git-wip-us.apache.org/repos/asf/cxf/blob/5778d255/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties index b616a55..7787faf 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.properties @@ -18,4 +18,4 @@ rs.security.keystore.type=jwk rs.security.keystore.alias.jwe=AesWrapKey rs.security.keystore.alias.jws=HMACKey rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt -rs.security.jwe.content.encryption.algorithm=A128GCM +rs.security.encryption.content.algorithm=A128GCM
