Repository: cxf Updated Branches: refs/heads/master f4c505212 -> f32d80488
Updating JwsUtils to optionally set an X509 chain property on verification JWKs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f32d8048 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f32d8048 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f32d8048 Branch: refs/heads/master Commit: f32d80488b19052cb2a3e40b1007d8d5db97e8fa Parents: f4c5052 Author: Sergey Beryozkin <[email protected]> Authored: Mon Jun 20 12:38:44 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Mon Jun 20 12:38:44 2016 +0100 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jws/JwsUtils.java | 12 ++++++++-- .../cxf/rs/security/jose/jws/JwsUtilsTest.java | 25 +++++++++++++++++++- 2 files changed, 34 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f32d8048/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index da4641a..090c396 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -36,6 +36,7 @@ import java.util.Properties; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.common.util.PropertyUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; @@ -529,10 +530,17 @@ public final class JwsUtils { if ("jwk".equals(storeType)) { return JwkUtils.loadPublicJwkSet(m, props); } else { - //TODO: consider loading all the public keys in the store - PublicKey key = KeyManagementUtils.loadPublicKey(m, props); + X509Certificate[] certs = null; + if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) { + certs = KeyManagementUtils.loadX509CertificateOrChain(m, props); + } + PublicKey key = certs != null && certs.length > 0 + ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM); jwk.setPublicKeyUse(PublicKeyUse.SIGN); + if (certs != null) { + jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs)); + } return new JsonWebKeys(jwk); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f32d8048/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java index 78d827b..478331d 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java @@ -37,7 +37,7 @@ import org.junit.Test; public class JwsUtilsTest extends Assert { @Test - public void testLoadVerificationKeys() throws Exception { + public void testLoadVerificationKey() throws Exception { Properties p = new Properties(); p.put(JoseConstants.RSSEC_KEY_STORE_FILE, "org/apache/cxf/rs/security/jose/jws/alice.jks"); @@ -53,6 +53,29 @@ public class JwsUtilsTest extends Assert { assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS)); assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP)); + assertNull(key.getX509Chain()); + } + @Test + public void testLoadVerificationKeyWithCert() throws Exception { + Properties p = new Properties(); + p.put(JoseConstants.RSSEC_KEY_STORE_FILE, + "org/apache/cxf/rs/security/jose/jws/alice.jks"); + p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password"); + p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice"); + p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true); + JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p); + assertEquals(1, keySet.asMap().size()); + List<JsonWebKey> keys = keySet.getRsaKeys(); + assertEquals(1, keys.size()); + JsonWebKey key = keys.get(0); + assertEquals(KeyType.RSA, key.getKeyType()); + assertEquals("alice", key.getKeyId()); + assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP)); + assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS)); + assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP)); + List<String> chain = key.getX509Chain(); + assertNotNull(chain); + assertEquals(2, chain.size()); } private Message createMessage() {
