cxf git commit: Revert to 1.6 java target
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 58ceaafe4 -> f181f1e75 Revert to 1.6 java target Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f181f1e7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f181f1e7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f181f1e7 Branch: refs/heads/3.0.x-fixes Commit: f181f1e75353ea9ed2b02e6edde284b1a2888d32 Parents: 58ceaaf Author: Alessio SoldanoAuthored: Mon Oct 26 21:26:20 2015 +0100 Committer: Alessio Soldano Committed: Mon Oct 26 21:26:20 2015 +0100 -- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f181f1e7/pom.xml -- diff --git a/pom.xml b/pom.xml index 9a0ea76..6f4be1a 100644 --- a/pom.xml +++ b/pom.xml @@ -509,8 +509,8 @@ maven-compiler-plugin 3.3 -1.7 -1.7 +1.6 +1.6 256M ${cxf.compiler.fork} UTF-8
[1/2] cxf git commit: [CXF-6552] Fixed chained imports of schema; added/fixed a bunch of tests
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes df052fbb3 -> 7fe047444 [CXF-6552] Fixed chained imports of schema; added/fixed a bunch of tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f465cc5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f465cc5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f465cc5 Branch: refs/heads/2.7.x-fixes Commit: 9f465cc524d56bbc3963801d1f379d2e28bf946e Parents: df052fb Author: Alessio SoldanoAuthored: Fri Aug 21 11:37:20 2015 +0200 Committer: Alessio Soldano Committed: Mon Oct 26 22:24:34 2015 +0100 -- .../apache/cxf/common/util/URIParserUtil.java | 74 + .../org/apache/cxf/frontend/WSDLGetUtils.java | 105 +++ .../cxf/systest/jaxws/OASISCatalogTest.java | 2 +- .../cxf/systest/schemaimport/SayHiImpl2.java| 64 +++ .../systest/schemaimport/SchemaImportTest.java | 33 +- .../apache/cxf/systest/schemaimport/Server.java | 3 + .../test/resources/wsdl_systest/e/sayHi.wsdl| 63 +++ .../others/hello_world_bindings_catalog.wsdl| 15 +-- .../others/hello_world_services_catalog.wsdl| 16 +-- .../others/hello_world_wsdl_import_catalog.wsdl | 15 +-- .../cxf/tools/util/URIParserUtilTest.java | 25 + 11 files changed, 349 insertions(+), 66 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9f465cc5/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java -- diff --git a/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java b/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java index d03bdf9..158765c 100644 --- a/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java +++ b/api/src/main/java/org/apache/cxf/common/util/URIParserUtil.java @@ -300,4 +300,78 @@ public final class URIParserUtil { return normalize(arg); } } + +public static String relativize(String base, String toBeRelativized) throws URISyntaxException { +if (base == null || toBeRelativized == null) { +return null; +} +return relativize(new URI(base), new URI(toBeRelativized)); +} + +/** + * This is a custom implementation for doing what URI.relativize(URI uri) should be + * doing but is not actually doing when URI roots do not fully match. + * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081 + * + * @param baseURI The base URI + * @param toBeRelativizedURI The URI to be realivized + * @return The string value of the URI you'd expect to get as result + * of calling baseURI.relativize(toBeRelativizedURI). + * null is returned if the parameters are null or are not + * both absolute or not absolute. + * @throws URISyntaxException + */ +public static String relativize(URI baseURI, URI toBeRelativizedURI) throws URISyntaxException { +if (baseURI == null || toBeRelativizedURI == null) { +return null; +} +if (baseURI.isAbsolute() ^ toBeRelativizedURI.isAbsolute()) { +return null; +} +final String base = baseURI.getSchemeSpecificPart(); +final String toBeRelativized = toBeRelativizedURI.getSchemeSpecificPart(); +final int l1 = base.length(); +final int l2 = toBeRelativized.length(); +if (l1 == 0) { +return toBeRelativized; +} +int slashes = 0; +StringBuilder sb = new StringBuilder(); +boolean differenceFound = false; +for (int i = 0; i < l1; i++) { +char c = base.charAt(i); +if (i < l2) { +if (!differenceFound && c == toBeRelativized.charAt(i)) { +sb.append(c); +} else { +differenceFound = true; +if (c == '/') { +slashes++; +} +} +} else { +if (c == '/') { +slashes++; +} +} +} +String rResolved = new URI(getRoot(sb.toString())).relativize(new URI(toBeRelativized)).toString(); +StringBuilder relativizedPath = new StringBuilder(); +for (int i = 0; i < slashes; i++) { +relativizedPath.append("../"); +} +relativizedPath.append(rResolved); +return relativizedPath.toString(); +} + +private static String getRoot(String uri) { +int idx = uri.lastIndexOf('/'); +if (idx == uri.length() - 1) { +return uri; +
[2/2] cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL
[CXF-6621] Schema imports are not handled correctly in generated WSDL ...and XSD files when using catalog rewrites Fixes these issues: - import of nested XSDs that lies in different directory tree from WSDL files example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/xsd/"/> WSDL structure: /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd; /xsd/schema.xsd ``` - import and access of nested XSDs with equal relative paths when XSDs are outside of WSDL directory (previously this was working only when XSDs were inside WSDL directory) example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/xsd/"/> WSDL structure: /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd; /xsd/schema.xsd - imports "d/included.xsd" /xsd/d/included.xsd - imports "d/included.xsd" /xsd/d/d/included.xsd ``` - accessing nested XSD and WSDL under URIs affected by rewrite rules which aren't directly used by WSDLs/XSDs example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/wsdl/"/> WSDL structure: /wsdl/service.wsdl - imports "./included.wsdl" /wsdl/included.wsdl request for: http://example.org/uri/included.wsdl ``` - in some cases imports weren't working when catalog rule rewritePrefix was "/path" instead of "classpath:/path" - catalog resolves those two into different values Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7fe04744 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7fe04744 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7fe04744 Branch: refs/heads/2.7.x-fixes Commit: 7fe0474442d1f2394bff3606126030004ba1a6d3 Parents: 9f465cc Author: Tomas HofmanAuthored: Thu Oct 1 15:43:37 2015 +0200 Committer: Alessio Soldano Committed: Mon Oct 26 22:24:35 2015 +0100 -- .../org/apache/cxf/frontend/WSDLGetUtils.java | 214 +++ .../cxf/systest/jaxws/OASISCatalogTest.java | 131 .../main/resources/META-INF/jax-ws-catalog.xml | 2 + .../others/hello_world_messages_catalog.wsdl| 10 + .../resources/wsdl/schemas/another-schema.xsd | 29 +++ .../wsdl/schemas/d/another-included.xsd | 29 +++ .../wsdl/schemas/d/d/another-included.xsd | 27 +++ .../resources/wsdl/schemas/d/d/included.xsd | 27 +++ .../main/resources/wsdl/schemas/d/included.xsd | 29 +++ .../src/main/resources/wsdl/schemas/schema.xsd | 29 +++ 10 files changed, 344 insertions(+), 183 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7fe04744/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java -- diff --git a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java index b99949f..3202bab 100644 --- a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java +++ b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java @@ -60,6 +60,7 @@ import org.apache.cxf.catalog.OASISCatalogManagerHelper; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.URIParserUtil; +import org.apache.cxf.common.util.UrlUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.message.Message; @@ -357,7 +358,8 @@ public class WSDLGetUtils { Map done, Map doneSchemas, String base, -String docBase) { +String docBase, +String parentResolvedLocation) { OASISCatalogManager catalogs = OASISCatalogManager.getCatalogManager(bus); Collection imports = CastUtils.cast((Collection)def.getImports().values()); @@ -365,7 +367,7 @@ public class WSDLGetUtils { List impLst = CastUtils.cast(lst); for (Import imp : impLst) { String start = imp.getLocationURI(); -String decodedStart = null; +String decodedStart; // Always use the URL decoded version to ensure that we have a // canonical representation of the import URL for lookup. @@ -392,13 +394,20 @@ public class WSDLGetUtils { //ignore } if (done.put(decodedStart, imp.getDefinition()) == null) { -
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 7fe047444 -> 6951f4391 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6951f439 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6951f439 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6951f439 Branch: refs/heads/2.7.x-fixes Commit: 6951f439193bd638412f9fa1e88b167e7198 Parents: 7fe0474 Author: Alessio SoldanoAuthored: Mon Oct 26 23:07:02 2015 +0100 Committer: Alessio Soldano Committed: Mon Oct 26 23:07:02 2015 +0100 -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6951f439/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 4cb39af..beea0dd 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -728,6 +728,7 @@ B 47a0908a8a90a00029e859a21feb9fd4b9512563 B 47b248a25e4de8f876119fff2c0a3f0dce3bc8de B 47b80b935f2fa1f70af71ba58baef4e2d9b226a5 B 47d9548557c352b7ddf0468c322678b901d20ab9 +B 47fe9b86df867010af31023e7d528cf8859a B 48084ffd0625178e758c52ffcf2b695206ef8015 B 48144f06a9779320b7d8537899b2f3b9ecacdb43 B 4843806921c665a3a2fecb5826ae2d20ec563ab2 @@ -2263,6 +2264,7 @@ B ed66e7d56758e60c96091b208c81c2f2b26bb61f B ed8ac50116f225ad4a71b888b7e4f44c1f81991a B edb79aaae7672449bb0a1e3e9c48caa4791694c6 B edbadd5a9e980694106979e85221714e600f8b7c +B edcfc3b8f44e0ec495e2477e4c566b6c78765ef3 B eec9d19c2bd836b28d60ec826f3ed0bd9e67e977 B eecaebb4b0ea89fc2aa94acb6464f0e913b8b223 B ef319d587510c92c693abe5d4c7f565ff84a1490 @@ -2282,6 +2284,7 @@ B f1309316e090eae58a2f51e60fd7549e1d002ba0 B f15115757f1f203c5962b652f3f7e893a71d95e8 B f1614ea6d66bee3989b3218a3b8559b776357191 B f16d1694f39d4cc82c874a90c783e49652539f7d +B f181f1e75353ea9ed2b02e6edde284b1a2888d32 B f18207332e756d013797ff65a5d8d094d20e51e0 B f18544e2d66b5e2cd337d0f8091a5dfaa4ff8ec8 B f18780cf52189338fee6681374f2622856f09330
cxf git commit: Updating WSS4J
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 81cf207d1 -> beaf69154 Updating WSS4J Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/beaf6915 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/beaf6915 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/beaf6915 Branch: refs/heads/2.7.x-fixes Commit: beaf691548d2224e1eabebe3877200d701a6db8c Parents: 81cf207 Author: Colm O hEigeartaighAuthored: Mon Oct 26 12:34:39 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 12:34:39 2015 + -- parent/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/beaf6915/parent/pom.xml -- diff --git a/parent/pom.xml b/parent/pom.xml index 1ddb63a..d71fec2 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -158,7 +158,7 @@ 4.4.1 3.1.4 1.6.3 -1.6.18 +1.6.19 2.11.0 2.6.0 2.1.0
svn commit: r970284 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Mon Oct 26 15:47:38 2015 New Revision: 970284 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Mon Oct 26 15:47:38 2015 @@ -118,15 +118,15 @@ Apache CXF -- JAX-RS JOSE /**/ +/*]]>*/ IntroductionMaven DependenciesJOSE OverviewJWA AlgorithmsJWK KeysJWS SignatureJSON EncryptionJSON Web TokensLinking JWT authentications to JWS or JWE contentJOSE JAX-RS Filters JWEJWS Configuration -Configuration that applies to both encryption and signatureConfiguration that applies to signature only +Configuration that applies to both encryption and signatureConfiguration that applies to signature onlyConfiguration that applies to encryption onlyConfiguration that applies to JWT tokens only Encrypting JWK storesOAuth2 and JoseOIDC and JoseFuture WorkThird-Party Alternatives IntroductionCXF 3.0.x implements https://datatracker.ietf.org/wg/jose/documents/; rel="nofollow">JOSE.Maven Dependencies dependency @@ -176,7 +176,7 @@ AesWrapKeyDecryptionAlgorithm keyDecrypt JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); String decryptedText = decryption.decrypt(jweContent).getContentText(); assertEquals(specPlainText, decryptedText); -CXF ships JWE related classes in https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe;h=71e0e29025252080838168458b3d2e0179a7a0bd;hb=HEAD;>this package and offers a support for all of JWA encryption algorithms.https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD;>JweEncryptionProvider supports encrypting the content, https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD;>JweDecryptionProvider - decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.JweCompactConsumer and JweCompactProducer offer a utility support for creating and validating JWE compact serialization and accept keys in a variety of formats(as JWKs, JCA representations, created out of band and wrapped in either JweEncryptionProvider or JweDecryptionProvider).JweJwtCompactConsumer and JweJwtCompactProducer are JweCompactConsumer and JweCompactProducer specializations that offer a utility support for encrypting Json Web Tokens in a compact format.JweJsonConsumer and JweJsonProducer support JWE JSON (full) serialization.JweOutputStream is a specialized output stream that can be used in conjunction with JWE JAX-RS filters (see one of the next sections)to support the best effort at streaming the content while encrypting it. These classes will use https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src /main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java;h=918ef5a085c3dc51025e2e9cbba37388f37eb49e;hb=HEAD">JweEncryptionOutput optionally returned from JweEncryptionProviderinstead of working with the consumer utility classes which deal with the encryption process completely in memory.Many more examples will be added here.JSON Web Tokenshttps://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32; rel="nofollow">JSON Web Token (JWT) is a collection of claims in JSON format. It offers a standard JSON container for representing various properties or claims.JWT can be signed and or encrypted, i.e, serve as a JOSE signature or encryption input like any other data structure.JWT has been primarily used in OAuth2 applications to represent self-contained access tokens but can also be used in other contex ts.CXF offers an initial JWT support in https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt;h=ab5e633cd9d81374288c46c7d283df49931cc0d8;hb=HEAD;>this package.Linking JWT
cxf git commit: [CXF-6621] Schema imports are not handled correctly in generated WSDL
Repository: cxf Updated Branches: refs/heads/master 7abdac771 -> a602c9df3 [CXF-6621] Schema imports are not handled correctly in generated WSDL ...and XSD files when using catalog rewrites Fixes these issues: - import of nested XSDs that lies in different directory tree from WSDL files example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/xsd/"/> WSDL structure: /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd; /xsd/schema.xsd ``` - import and access of nested XSDs with equal relative paths when XSDs are outside of WSDL directory (previously this was working only when XSDs were inside WSDL directory) example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/xsd/"/> WSDL structure: /wsdl/service.wsdl - imports "http://example.org/uri/schema.xsd; /xsd/schema.xsd - imports "d/included.xsd" /xsd/d/included.xsd - imports "d/included.xsd" /xsd/d/d/included.xsd ``` - accessing nested XSD and WSDL under URIs affected by rewrite rules which aren't directly used by WSDLs/XSDs example: ``` jax-ws-catalog.xml contains: http://example.org/uri/; rewritePrefix="/wsdl/"/> WSDL structure: /wsdl/service.wsdl - imports "./included.wsdl" /wsdl/included.wsdl request for: http://example.org/uri/included.wsdl ``` - in some cases imports weren't working when catalog rule rewritePrefix was "/path" instead of "classpath:/path" - catalog resolves those two into different values Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a602c9df Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a602c9df Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a602c9df Branch: refs/heads/master Commit: a602c9df3e2e09855410f0e75af9b108620b7794 Parents: 7abdac7 Author: Tomas HofmanAuthored: Thu Oct 1 15:43:37 2015 +0200 Committer: Alessio Soldano Committed: Mon Oct 26 17:17:44 2015 +0100 -- .../org/apache/cxf/frontend/WSDLGetUtils.java | 214 +++ .../cxf/systest/jaxws/OASISCatalogTest.java | 131 .../main/resources/META-INF/jax-ws-catalog.xml | 2 + .../others/hello_world_messages_catalog.wsdl| 10 + .../resources/wsdl/schemas/another-schema.xsd | 29 +++ .../wsdl/schemas/d/another-included.xsd | 29 +++ .../wsdl/schemas/d/d/another-included.xsd | 27 +++ .../resources/wsdl/schemas/d/d/included.xsd | 27 +++ .../main/resources/wsdl/schemas/d/included.xsd | 29 +++ .../src/main/resources/wsdl/schemas/schema.xsd | 29 +++ 10 files changed, 344 insertions(+), 183 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a602c9df/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java -- diff --git a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java index 822233e..c7ffc71 100644 --- a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java +++ b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java @@ -60,6 +60,7 @@ import org.apache.cxf.catalog.OASISCatalogManagerHelper; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.URIParserUtil; +import org.apache.cxf.common.util.UrlUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.message.Message; @@ -356,7 +357,8 @@ public class WSDLGetUtils { Map done, Map doneSchemas, String base, -String docBase) { +String docBase, +String parentResolvedLocation) { OASISCatalogManager catalogs = OASISCatalogManager.getCatalogManager(bus); Collection imports = CastUtils.cast((Collection)def.getImports().values()); @@ -364,7 +366,7 @@ public class WSDLGetUtils { List impLst = CastUtils.cast(lst); for (Import imp : impLst) { String start = imp.getLocationURI(); -String decodedStart = null; +String decodedStart; // Always use the URL decoded version to ensure that we have a // canonical representation of the import URL for lookup. @@ -391,13 +393,20 @@ public class WSDLGetUtils { //ignore } if
[5/5] cxf git commit: Fixing problem with retrieving private keys
Fixing problem with retrieving private keys Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/95bf2ad6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/95bf2ad6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/95bf2ad6 Branch: refs/heads/master Commit: 95bf2ad6c0a4f42ce8c4e44409ccbfe256520a01 Parents: 2f88eea Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:08:50 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 16:21:07 2015 + -- .../cxf/rs/security/jose/common/KeyManagementUtils.java | 10 -- .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 1 - .../org/apache/cxf/rt/security/crypto/CryptoUtils.java| 4 3 files changed, 4 insertions(+), 11 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index c491712..9207e65 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -375,16 +375,6 @@ public final class KeyManagementUtils { try { String alias = ks.getCertificateAlias(inCerts.get(0)); -if (alias != null) { -for (Enumeration e = ks.aliases(); e.hasMoreElements();) { -String currentAlias = e.nextElement(); -X509Certificate[] currentCertArray = loadX509CertificateOrChain(ks, currentAlias); -if (currentCertArray != null) { -alias = currentAlias; -break; -} -} -} return loadPrivateKey(ks, m, props, keyOper, alias); } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 0d2e50d..ad9b137 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -368,7 +368,6 @@ public final class JweUtils { SecretKey ctDecryptionKey = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { -//TODO: validate incoming public keys or certificates //TODO: optionally validate inHeaders.getAlgorithm against a property in props // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); http://git-wip-us.apache.org/repos/asf/cxf/blob/95bf2ad6/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java index fdf62a2..0c80fb4 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java @@ -711,6 +711,10 @@ public final class CryptoUtils { if (!keyStore.containsAlias(alias)) { throw new SecurityException("No alias exists in the keystore for: " + alias); } +if (!keyStore.isKeyEntry(alias)) { +throw new SecurityException("The given alias " + alias ++ " is not a private key in the keystore."); +} KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); return pkEntry.getPrivateKey();
[1/5] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header
Repository: cxf Updated Branches: refs/heads/master a602c9df3 -> d09c4eafb Add support for selecting a key for decryption using the sha-1 hash in the header Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d09c4eaf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d09c4eaf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d09c4eaf Branch: refs/heads/master Commit: d09c4eafbb8d570c2bfd69270726511cee420645 Parents: e51a7bd Author: Colm O hEigeartaighAuthored: Mon Oct 26 16:06:58 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 16:21:07 2015 + -- .../rs/security/jose/common/KeyManagementUtils.java | 4 ++-- .../apache/cxf/rs/security/jose/jwe/JweUtils.java| 15 ++- 2 files changed, 16 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d09c4eaf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 57929c2..3eb4637 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -369,12 +369,12 @@ public final class KeyManagementUtils { return props; } public static PrivateKey loadPrivateKey(Message m, Properties props, -List inCerts, +X509Certificate inCert, KeyOperation keyOper) { KeyStore ks = loadPersistKeyStore(m, props); try { -String alias = ks.getCertificateAlias(inCerts.get(0)); +String alias = ks.getCertificateAlias(inCert); return loadPrivateKey(ks, m, props, keyOper, alias); } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/d09c4eaf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 4591bc3..e23f605 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -368,11 +368,24 @@ public final class JweUtils { // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); +X509Certificate cert = chain == null ? null : chain.get(0); PrivateKey privateKey = -KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT); +KeyManagementUtils.loadPrivateKey(m, props, cert, KeyOperation.DECRYPT); contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName(); keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, inHeaders.getKeyEncryptionAlgorithm()); +} else if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT) != null) { +X509Certificate foundCert = + KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(), + MessageDigestUtils.ALGO_SHA_1, +m, props); +if (foundCert != null) { +PrivateKey privateKey = +KeyManagementUtils.loadPrivateKey(m, props, foundCert, KeyOperation.DECRYPT); +contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName(); +keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, + inHeaders.getKeyEncryptionAlgorithm()); +} } else { if
[4/5] cxf git commit: Another change of the "include" properties
Another change of the "include" properties Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e51a7bd7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e51a7bd7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e51a7bd7 Branch: refs/heads/master Commit: e51a7bd7f3dcc120dbeeebb3e5c306941af64554 Parents: 948fd80 Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:32:51 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 16:21:07 2015 + -- .../rs/security/jose/common/JoseConstants.java | 32 +++- .../cxf/rs/security/jose/jwe/JweUtils.java | 20 +--- .../cxf/rs/security/jose/jws/JwsUtils.java | 20 +--- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 7 +++-- 4 files changed, 24 insertions(+), 55 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 66c86d9..c05b37d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -100,26 +100,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * Include the JWK public key (for signature or encryption) in the "jwk" header. - */ -public static final String RSSEC_INCLUDE_PUBLIC_KEY = "rs.security.include.public.key"; - -/** - * Include the X.509 certificate (for signature or encryption) in the "x5c" header. - */ -public static final String RSSEC_INCLUDE_CERT = "rs.security.include.cert"; - -/** - * Include the JWK key id (for signature or encryption) in the "kid" header. - */ -public static final String RSSEC_INCLUDE_KEY_ID = "rs.security.include.key.id"; - -/** - * Include the X.509 certificate SHA-1 digest (for signature or encryption) in the "x5t" header. - */ -public static final String RSSEC_INCLUDE_CERT_SHA1 = "rs.security.include.cert.sha1"; - -/** * Whether to allow using a JWK received in the header for signature validation. The default * is "false". */ @@ -187,26 +167,22 @@ public final class JoseConstants { public static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties"; /** - * Include the JWK public key for signature in the "jwk" header. If not configured then it - * falls back to RSSEC_INCLUDE_PUBLIC_KEY. + * Include the JWK public key for signature in the "jwk" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key"; /** - * Include the X.509 certificate for signature in the "x5c" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT. + * Include the X.509 certificate for signature in the "x5c" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert"; /** - * Include the JWK key id for signature in the "kid" header. If not configured then it - * falls back to RSSEC_INCLUDE_KEY_ID. + * Include the JWK key id for signature in the "kid" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = "rs.security.signature.include.key.id"; /** - * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT_SHA1. + * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = "rs.security.signature.include.cert.sha1"; http://git-wip-us.apache.org/repos/asf/cxf/blob/e51a7bd7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index ad9b137..4591bc3 100644 ---
[2/5] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs
Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/948fd800 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/948fd800 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/948fd800 Branch: refs/heads/master Commit: 948fd8001e710e5c42924324d8dc00cf41aa4ebd Parents: 95bf2ad Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:20:13 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 16:21:07 2015 + -- .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 2 +- .../cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java | 2 +- .../main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java | 3 ++- .../apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java| 2 +- .../jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java| 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 9207e65..57929c2 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -146,7 +146,7 @@ public final class KeyManagementUtils { String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD); String theAlias = alias != null ? alias : getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); -char[] keyPswdChars = provider != null ? provider.getPassword(props) +char[] keyPswdChars = provider != null ? provider.getPassword(theAlias, props) : keyPswd != null ? keyPswd.toCharArray() : null; return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias); } http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java index fc58ee5..86fb0e5 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java @@ -21,5 +21,5 @@ package org.apache.cxf.rs.security.jose.common; import java.util.Properties; public interface PrivateKeyPasswordProvider { -char[] getPassword(Properties storeProperties); +char[] getPassword(String alias, Properties storeProperties); } http://git-wip-us.apache.org/repos/asf/cxf/blob/948fd800/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 60d3c83..b45b4bc 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -266,7 +266,8 @@ public final class JwkUtils { public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb, JwkReaderWriter reader) { JweDecryptionProvider decryption = cb != null -? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null; +? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm( +cb.getPassword(null, props))) : null; return loadJwkSet(props, bus, decryption, reader); } public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) {
[3/5] cxf git commit: Minor doc update
Minor doc update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f88eea2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f88eea2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f88eea2 Branch: refs/heads/master Commit: 2f88eea2ae0d079fe0f8fd9e0c895e6efc54abaa Parents: a602c9d Author: Colm O hEigeartaighAuthored: Mon Oct 26 14:31:59 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 16:21:07 2015 + -- .../cxf/rs/security/jose/common/JoseConstants.java | 12 1 file changed, 8 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2f88eea2/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index b05fdd6..66c86d9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -187,22 +187,26 @@ public final class JoseConstants { public static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties"; /** - * Include the JWK public key for signature in the "jwk" header. + * Include the JWK public key for signature in the "jwk" header. If not configured then it + * falls back to RSSEC_INCLUDE_PUBLIC_KEY. */ public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key"; /** - * Include the X.509 certificate for signature in the "x5c" header. + * Include the X.509 certificate for signature in the "x5c" header. If not configured then it + * falls back to RSSEC_INCLUDE_CERT. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert"; /** - * Include the JWK key id for signature in the "kid" header. + * Include the JWK key id for signature in the "kid" header. If not configured then it + * falls back to RSSEC_INCLUDE_KEY_ID. */ public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = "rs.security.signature.include.key.id"; /** - * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. + * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not configured then it + * falls back to RSSEC_INCLUDE_CERT_SHA1. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = "rs.security.signature.include.cert.sha1";
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes beaf69154 -> df052fbb3 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df052fbb Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df052fbb Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df052fbb Branch: refs/heads/2.7.x-fixes Commit: df052fbb3d0982176dfebf91ab702aae2f5f7a9a Parents: beaf691 Author: Colm O hEigeartaighAuthored: Mon Oct 26 17:09:32 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:09:32 2015 + -- .gitmergeinfo | 6 ++ 1 file changed, 6 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/df052fbb/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index da06621..4cb39af 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -57,6 +57,7 @@ B 04483ebcf4a4f603449fbc89fcaf394ca03f106a B 0470e3a044828a96fda7193ff8f3faf3f05b950b B 0479e4610d38cf7561ab594bbb6c61049df3dab2 B 0494f762414f065b8858b7b279e7db9de3660b3f +B 049a8bd438df760ac2315e43b463811b91959aaa B 04a3c603e46f529e9f2a3602168a051db96e1657 B 04b535bbb4667e43492515718a061553d50644d8 B 05935e926a50cdd5f3a9db57b2f3772f628b1929 @@ -237,6 +238,7 @@ B 1777dcd70fd82f6c0db18b13b668c37e88b44658 B 177eb6c202bba2e5f5dd3bd6df70ab5a6bcbfaa2 B 1797749c7e90d0b486d41d3ec78bb0540e26741d B 179c1d418e870de16c60630255cae204c5b50664 +B 179db4aa4090eb244d1aad54e2073f0ade0a6beb B 17a6302e91d067c9a9c71b9897299d1ae21dc9eb B 17c66755fc2376920f9b20b8e28a8314ec0de0c0 B 17f221b25e01a9c5824b0005b30e8aee0668fea7 @@ -915,6 +917,7 @@ B 5edc42656ea858bb8eec3ba287caa8b30f7f8d62 B 5ee6a3da809a30d055b822080c8cbf7daca814b9 B 5f1a556bda9d4eb50c3dae1de2b0408ae461ea99 B 5f239df56260353860e34125df728d25b1e0bf4b +B 5f277db3541b51b1e718a7e9c22bae03ec7befe2 B 5f321f0a2c77e84381f3489501bf7c0eee91b5a8 B 5f49a3e06a2745d8bfa554639e8229bd36c8ebf1 B 5f517813253189b1ee2d57be24e0b1a56a1dfce3 @@ -986,6 +989,7 @@ B 657f7112d1bff18d71c564e147e04e424cd4c8b9 B 658a15b4a2751d2e291d508a71499c6b2a374fdd B 65ad54cb421575b1eaf8cf25de0ae460ed79d07f B 65b9eaad9a6845163c03f34faa67d758ceac7536 +B 65c9136f5c8eeb87853f1cf38483b2b920ce3f64 B 66465468f1e2aa68a32212437f944bc559cffc03 B 66502264aa200f761182f7e2465794b10a8cad3f B 665ca4fc95c3ea73b7a8579916eda4e0c69f45c8 @@ -1084,6 +1088,7 @@ B 709ad76d6e98c3ef731a08365e471bdbd9e5fbe9 B 70bbd4f40211f8a70cf01c02aaee8b8a13a90ff7 B 70c1b9276e4a0c95a39595990c7715e4fce76c8e B 70cf4945007d05db301dff4b335e3c722d544f48 +B 71048a0f77a2b6314857b6d06d8603cf586921d0 B 710990c44b052554126495b78c9e3e741d711164 B 711619f9f578f9ea64549f20cdd7d0f22ed28795 B 713410ebe462199dccf1b98d6f6c422dd258196b @@ -2248,6 +2253,7 @@ B ec9805a4792c1bdbf486e4ba18acb91046514e4b B ec9df9cd410d00640d8939077f80849727ae46f0 B eca7b721742ee7272aa7ce3658a97c493ee916dc B ecae5ecb2a104dc5eabfe27c704d11914e720cb1 +B ecb9139d11b2378b11427f66df61523743187b3a B ecf2fdbe01d938809dcc1f71f3d4cd4de82fa702 B ecf96252126fe63cbe1038c0ac9f407a53478c31 B ed0ab4cb9a9b9088eae32cabfbdfe946c17f9eb2
[1/6] cxf git commit: Minor doc update
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes d435640fd -> ecb9139d1 Minor doc update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/65c9136f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/65c9136f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/65c9136f Branch: refs/heads/3.0.x-fixes Commit: 65c9136f5c8eeb87853f1cf38483b2b920ce3f64 Parents: d435640 Author: Colm O hEigeartaighAuthored: Mon Oct 26 14:31:59 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:43 2015 + -- .../cxf/rs/security/jose/common/JoseConstants.java | 12 1 file changed, 8 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/65c9136f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index b05fdd6..66c86d9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -187,22 +187,26 @@ public final class JoseConstants { public static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties"; /** - * Include the JWK public key for signature in the "jwk" header. + * Include the JWK public key for signature in the "jwk" header. If not configured then it + * falls back to RSSEC_INCLUDE_PUBLIC_KEY. */ public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key"; /** - * Include the X.509 certificate for signature in the "x5c" header. + * Include the X.509 certificate for signature in the "x5c" header. If not configured then it + * falls back to RSSEC_INCLUDE_CERT. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert"; /** - * Include the JWK key id for signature in the "kid" header. + * Include the JWK key id for signature in the "kid" header. If not configured then it + * falls back to RSSEC_INCLUDE_KEY_ID. */ public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = "rs.security.signature.include.key.id"; /** - * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. + * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not configured then it + * falls back to RSSEC_INCLUDE_CERT_SHA1. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = "rs.security.signature.include.cert.sha1";
[6/6] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ecb9139d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ecb9139d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ecb9139d Branch: refs/heads/3.0.x-fixes Commit: ecb9139d11b2378b11427f66df61523743187b3a Parents: 179db4a Author: Colm O hEigeartaighAuthored: Mon Oct 26 17:08:47 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:47 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ecb9139d/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index ceac54b..c7e880e 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -684,6 +684,7 @@ M e2225709c37cb289b99db015b3d8ba5b9b317615 M e2ad037fbc74f42655ac968415fcb4bded87bb38 M e3f89d3c07f38f2e01c951d7bad8336e090837ae M e47e394114d6a3bf06401960618e6bd556a904d7 +M e51a7bd7f3dcc120dbeeebb3e5c306941af64554 M e5a805853864e291626bdb913448fc4e2409cca0 M e617a2c5865cf3d11d0d344a23dc2d493ff4809b M e681dda5bfd7d68ebf340a459ecf612e8a926290
[2/6] cxf git commit: Fixing problem with retrieving private keys
Fixing problem with retrieving private keys Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5f277db3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5f277db3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5f277db3 Branch: refs/heads/3.0.x-fixes Commit: 5f277db3541b51b1e718a7e9c22bae03ec7befe2 Parents: 65c9136 Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:08:50 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:44 2015 + -- .../cxf/rs/security/jose/common/KeyManagementUtils.java | 10 -- .../org/apache/cxf/rs/security/jose/jwe/JweUtils.java | 1 - .../org/apache/cxf/rt/security/crypto/CryptoUtils.java| 4 3 files changed, 4 insertions(+), 11 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index c491712..9207e65 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -375,16 +375,6 @@ public final class KeyManagementUtils { try { String alias = ks.getCertificateAlias(inCerts.get(0)); -if (alias != null) { -for (Enumeration e = ks.aliases(); e.hasMoreElements();) { -String currentAlias = e.nextElement(); -X509Certificate[] currentCertArray = loadX509CertificateOrChain(ks, currentAlias); -if (currentCertArray != null) { -alias = currentAlias; -break; -} -} -} return loadPrivateKey(ks, m, props, keyOper, alias); } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 0d2e50d..ad9b137 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -368,7 +368,6 @@ public final class JweUtils { SecretKey ctDecryptionKey = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { -//TODO: validate incoming public keys or certificates //TODO: optionally validate inHeaders.getAlgorithm against a property in props // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); http://git-wip-us.apache.org/repos/asf/cxf/blob/5f277db3/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java -- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java index 4ff2476..7495fee 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java @@ -726,6 +726,10 @@ public final class CryptoUtils { if (!keyStore.containsAlias(alias)) { throw new SecurityException("No alias exists in the keystore for: " + alias); } +if (!keyStore.isKeyEntry(alias)) { +throw new SecurityException("The given alias " + alias ++ " is not a private key in the keystore."); +} KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); return pkEntry.getPrivateKey();
[4/6] cxf git commit: Another change of the "include" properties
Another change of the "include" properties Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/049a8bd4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/049a8bd4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/049a8bd4 Branch: refs/heads/3.0.x-fixes Commit: 049a8bd438df760ac2315e43b463811b91959aaa Parents: 71048a0 Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:32:51 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:46 2015 + -- .../rs/security/jose/common/JoseConstants.java | 32 +++- .../cxf/rs/security/jose/jwe/JweUtils.java | 20 +--- .../cxf/rs/security/jose/jws/JwsUtils.java | 20 +--- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 7 +++-- 4 files changed, 24 insertions(+), 55 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/049a8bd4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 66c86d9..c05b37d 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -100,26 +100,6 @@ public final class JoseConstants { public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; /** - * Include the JWK public key (for signature or encryption) in the "jwk" header. - */ -public static final String RSSEC_INCLUDE_PUBLIC_KEY = "rs.security.include.public.key"; - -/** - * Include the X.509 certificate (for signature or encryption) in the "x5c" header. - */ -public static final String RSSEC_INCLUDE_CERT = "rs.security.include.cert"; - -/** - * Include the JWK key id (for signature or encryption) in the "kid" header. - */ -public static final String RSSEC_INCLUDE_KEY_ID = "rs.security.include.key.id"; - -/** - * Include the X.509 certificate SHA-1 digest (for signature or encryption) in the "x5t" header. - */ -public static final String RSSEC_INCLUDE_CERT_SHA1 = "rs.security.include.cert.sha1"; - -/** * Whether to allow using a JWK received in the header for signature validation. The default * is "false". */ @@ -187,26 +167,22 @@ public final class JoseConstants { public static final String RSSEC_SIGNATURE_LIST_PROPS = "rs.security.signature.list.properties"; /** - * Include the JWK public key for signature in the "jwk" header. If not configured then it - * falls back to RSSEC_INCLUDE_PUBLIC_KEY. + * Include the JWK public key for signature in the "jwk" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_PUBLIC_KEY = "rs.security.signature.include.public.key"; /** - * Include the X.509 certificate for signature in the "x5c" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT. + * Include the X.509 certificate for signature in the "x5c" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT = "rs.security.signature.include.cert"; /** - * Include the JWK key id for signature in the "kid" header. If not configured then it - * falls back to RSSEC_INCLUDE_KEY_ID. + * Include the JWK key id for signature in the "kid" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_KEY_ID = "rs.security.signature.include.key.id"; /** - * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. If not configured then it - * falls back to RSSEC_INCLUDE_CERT_SHA1. + * Include the X.509 certificate SHA-1 digest for signature in the "x5t" header. */ public static final String RSSEC_SIGNATURE_INCLUDE_CERT_SHA1 = "rs.security.signature.include.cert.sha1"; http://git-wip-us.apache.org/repos/asf/cxf/blob/049a8bd4/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index ad9b137..4591bc3 100644 ---
[3/6] cxf git commit: Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs
Add an "alias" to the password provider so that we can provide passwords for multiple aliases/certs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/71048a0f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/71048a0f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/71048a0f Branch: refs/heads/3.0.x-fixes Commit: 71048a0f77a2b6314857b6d06d8603cf586921d0 Parents: 5f277db Author: Colm O hEigeartaighAuthored: Mon Oct 26 15:20:13 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:45 2015 + -- .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 2 +- .../cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java | 2 +- .../main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java | 3 ++- .../apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java| 2 +- .../jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java| 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 9207e65..57929c2 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -146,7 +146,7 @@ public final class KeyManagementUtils { String keyPswd = props.getProperty(JoseConstants.RSSEC_KEY_PSWD); String theAlias = alias != null ? alias : getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); -char[] keyPswdChars = provider != null ? provider.getPassword(props) +char[] keyPswdChars = provider != null ? provider.getPassword(theAlias, props) : keyPswd != null ? keyPswd.toCharArray() : null; return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias); } http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java index fc58ee5..86fb0e5 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/PrivateKeyPasswordProvider.java @@ -21,5 +21,5 @@ package org.apache.cxf.rs.security.jose.common; import java.util.Properties; public interface PrivateKeyPasswordProvider { -char[] getPassword(Properties storeProperties); +char[] getPassword(String alias, Properties storeProperties); } http://git-wip-us.apache.org/repos/asf/cxf/blob/71048a0f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 60d3c83..b45b4bc 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -266,7 +266,8 @@ public final class JwkUtils { public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb, JwkReaderWriter reader) { JweDecryptionProvider decryption = cb != null -? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null; +? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm( +cb.getPassword(null, props))) : null; return loadJwkSet(props, bus, decryption, reader); } public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) {
[5/6] cxf git commit: Add support for selecting a key for decryption using the sha-1 hash in the header
Add support for selecting a key for decryption using the sha-1 hash in the header Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/179db4aa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/179db4aa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/179db4aa Branch: refs/heads/3.0.x-fixes Commit: 179db4aa4090eb244d1aad54e2073f0ade0a6beb Parents: 049a8bd Author: Colm O hEigeartaighAuthored: Mon Oct 26 16:06:58 2015 + Committer: Colm O hEigeartaigh Committed: Mon Oct 26 17:08:47 2015 + -- .../rs/security/jose/common/KeyManagementUtils.java | 4 ++-- .../apache/cxf/rs/security/jose/jwe/JweUtils.java| 15 ++- 2 files changed, 16 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java index 57929c2..3eb4637 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java @@ -369,12 +369,12 @@ public final class KeyManagementUtils { return props; } public static PrivateKey loadPrivateKey(Message m, Properties props, -List inCerts, +X509Certificate inCert, KeyOperation keyOper) { KeyStore ks = loadPersistKeyStore(m, props); try { -String alias = ks.getCertificateAlias(inCerts.get(0)); +String alias = ks.getCertificateAlias(inCert); return loadPrivateKey(ks, m, props, keyOper, alias); } catch (Exception ex) { http://git-wip-us.apache.org/repos/asf/cxf/blob/179db4aa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 4591bc3..e23f605 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -368,11 +368,24 @@ public final class JweUtils { // Supporting loading a private key via a certificate for now List chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); +X509Certificate cert = chain == null ? null : chain.get(0); PrivateKey privateKey = -KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT); +KeyManagementUtils.loadPrivateKey(m, props, cert, KeyOperation.DECRYPT); contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName(); keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, inHeaders.getKeyEncryptionAlgorithm()); +} else if (inHeaders != null && inHeaders.getHeader(JoseConstants.HEADER_X509_THUMBPRINT) != null) { +X509Certificate foundCert = + KeyManagementUtils.getCertificateFromThumbprint(inHeaders.getX509Thumbprint(), + MessageDigestUtils.ALGO_SHA_1, +m, props); +if (foundCert != null) { +PrivateKey privateKey = +KeyManagementUtils.loadPrivateKey(m, props, foundCert, KeyOperation.DECRYPT); +contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName(); +keyDecryptionProvider = getPrivateKeyDecryptionProvider(privateKey, + inHeaders.getKeyEncryptionAlgorithm()); +} } else { if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk =
[1/3] cxf git commit: [CXF-6621] integration of changes from cxf-2.7.x-fixes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes ecb9139d1 -> 58ceaafe4 [CXF-6621] integration of changes from cxf-2.7.x-fixes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/47fe9b86 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/47fe9b86 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/47fe9b86 Branch: refs/heads/3.0.x-fixes Commit: 47fe9b86df867010af31023e7d528cf8859a Parents: edcfc3b Author: rsearlsAuthored: Mon Oct 26 09:33:47 2015 -0400 Committer: Alessio Soldano Committed: Mon Oct 26 18:21:10 2015 +0100 -- .../apache/cxf/common/util/URIParserUtil.java | 18 +- .../org/apache/cxf/frontend/WSDLGetUtils.java | 217 +++ .../cxf/systest/jaxws/OASISCatalogTest.java | 131 +++ .../systest/schemaimport/SchemaImportTest.java | 4 +- .../main/resources/META-INF/jax-ws-catalog.xml | 3 + .../others/hello_world_messages_catalog.wsdl| 25 ++- .../others/hello_world_wsdl_import_catalog.wsdl | 2 + .../resources/wsdl/schemas/another-schema.xsd | 29 +++ .../wsdl/schemas/d/another-included.xsd | 29 +++ .../wsdl/schemas/d/d/another-included.xsd | 27 +++ .../resources/wsdl/schemas/d/d/included.xsd | 27 +++ .../main/resources/wsdl/schemas/d/included.xsd | 29 +++ .../src/main/resources/wsdl/schemas/schema.xsd | 29 +++ .../cxf/tools/util/URIParserUtilTest.java | 25 +++ 14 files changed, 404 insertions(+), 191 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/47fe9b86/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java -- diff --git a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java index 98afa1f..158765c 100644 --- a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java +++ b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java @@ -26,13 +26,23 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; import java.util.List; +import java.util.Set; import java.util.StringTokenizer; import org.apache.cxf.common.classloader.ClassLoaderUtils; -import org.apache.cxf.helpers.JavaUtils; public final class URIParserUtil { +private static final Set KEYWORDS = new HashSet(Arrays +.asList(new String[] {"abstract", "boolean", "break", "byte", "case", "catch", "char", "class", + "const", "continue", "default", "do", "double", "else", "extends", "final", + "finally", "float", "for", "goto", "if", "implements", "import", "instanceof", + "int", "interface", "long", "native", "new", "package", "private", "protected", + "public", "return", "short", "static", "strictfp", "super", "switch", + "synchronized", "this", "throw", "throws", "transient", "try", "void", + "volatile", "while", "true", "false", "null", "assert", "enum"})); private static final String EXCLUDED_CHARS = "<>\"{}|\\^`"; private static final String HEX_DIGITS = "0123456789abcdef"; @@ -213,7 +223,7 @@ public final class URIParserUtil { } public static boolean containsReservedKeywords(String token) { -return JavaUtils.isJavaKeyword(token); +return KEYWORDS.contains(token); } public static String escapeChars(String s) { @@ -303,8 +313,8 @@ public final class URIParserUtil { * doing but is not actually doing when URI roots do not fully match. * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081 * - * @param base The base URI - * @param toBeRelativized The URI to be realivized + * @param baseURI The base URI + * @param toBeRelativizedURI The URI to be realivized * @return The string value of the URI you'd expect to get as result * of calling baseURI.relativize(toBeRelativizedURI). * null is returned if the parameters are null or are not http://git-wip-us.apache.org/repos/asf/cxf/blob/47fe9b86/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java -- diff --git a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/WSDLGetUtils.java index f114e47..3202bab 100644 ---
[3/3] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/58ceaafe Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/58ceaafe Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/58ceaafe Branch: refs/heads/3.0.x-fixes Commit: 58ceaafe46d5d08f2cab23b22607bd46ebdd3882 Parents: 47fe9b8 Author: Alessio SoldanoAuthored: Mon Oct 26 18:22:37 2015 +0100 Committer: Alessio Soldano Committed: Mon Oct 26 18:22:37 2015 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/58ceaafe/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index c7e880e..7479c33 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -318,6 +318,7 @@ B a4222c930f7d69608f826c14e4bc7bc9f670097c B a4315cb442fa31960cbd47f11e95e81b4a71441d B a5aff3e7a43274b3d47cda706aaf8108bd7a9b07 B a5f8a4dd4d9ecbfc1f8a1a8e5bcb4af17f561cc5 +B a602c9df3e2e09855410f0e75af9b108620b7794 B a77c05fcbef3f8a0d963dd196fa1f142a975f6cd B a79bb058aaf71e85dcb5c90e7b2f6e4ab8e63cba B a7b79ea692add4f9da0f1232e3bfb338099f4147
[2/3] cxf git commit: [CXF-6413] Backport of changes provided in CXF-6552 (tag: cxf-3.1.3)
[CXF-6413] Backport of changes provided in CXF-6552 (tag: cxf-3.1.3) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/edcfc3b8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/edcfc3b8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/edcfc3b8 Branch: refs/heads/3.0.x-fixes Commit: edcfc3b8f44e0ec495e2477e4c566b6c78765ef3 Parents: ecb9139 Author: rsearlsAuthored: Thu Oct 15 11:34:55 2015 -0400 Committer: Alessio Soldano Committed: Mon Oct 26 18:21:10 2015 +0100 -- .../apache/cxf/common/util/URIParserUtil.java | 74 +++ .../cxf/common/util/URIParserUtilsTest.java | 54 +++ pom.xml | 4 +- .../org/apache/cxf/frontend/WSDLGetUtils.java | 97 +++- .../cxf/rs/security/jose/jwt/JwtUtils.java | 25 - .../cxf/systest/jaxws/OASISCatalogTest.java | 2 +- .../cxf/systest/schemaimport/SayHiImpl2.java| 64 + .../systest/schemaimport/SchemaImportTest.java | 33 ++- .../apache/cxf/systest/schemaimport/Server.java | 3 + .../test/resources/wsdl_systest/e/sayHi.wsdl| 63 + .../others/hello_world_bindings_catalog.wsdl| 2 +- .../others/hello_world_services_catalog.wsdl| 2 +- .../others/hello_world_wsdl_import_catalog.wsdl | 2 +- 13 files changed, 395 insertions(+), 30 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/edcfc3b8/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java -- diff --git a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java index 8372db0..98afa1f 100644 --- a/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java +++ b/core/src/main/java/org/apache/cxf/common/util/URIParserUtil.java @@ -290,4 +290,78 @@ public final class URIParserUtil { return normalize(arg); } } + +public static String relativize(String base, String toBeRelativized) throws URISyntaxException { +if (base == null || toBeRelativized == null) { +return null; +} +return relativize(new URI(base), new URI(toBeRelativized)); +} + +/** + * This is a custom implementation for doing what URI.relativize(URI uri) should be + * doing but is not actually doing when URI roots do not fully match. + * See http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6226081 + * + * @param base The base URI + * @param toBeRelativized The URI to be realivized + * @return The string value of the URI you'd expect to get as result + * of calling baseURI.relativize(toBeRelativizedURI). + * null is returned if the parameters are null or are not + * both absolute or not absolute. + * @throws URISyntaxException + */ +public static String relativize(URI baseURI, URI toBeRelativizedURI) throws URISyntaxException { +if (baseURI == null || toBeRelativizedURI == null) { +return null; +} +if (baseURI.isAbsolute() ^ toBeRelativizedURI.isAbsolute()) { +return null; +} +final String base = baseURI.getSchemeSpecificPart(); +final String toBeRelativized = toBeRelativizedURI.getSchemeSpecificPart(); +final int l1 = base.length(); +final int l2 = toBeRelativized.length(); +if (l1 == 0) { +return toBeRelativized; +} +int slashes = 0; +StringBuilder sb = new StringBuilder(); +boolean differenceFound = false; +for (int i = 0; i < l1; i++) { +char c = base.charAt(i); +if (i < l2) { +if (!differenceFound && c == toBeRelativized.charAt(i)) { +sb.append(c); +} else { +differenceFound = true; +if (c == '/') { +slashes++; +} +} +} else { +if (c == '/') { +slashes++; +} +} +} +String rResolved = new URI(getRoot(sb.toString())).relativize(new URI(toBeRelativized)).toString(); +StringBuilder relativizedPath = new StringBuilder(); +for (int i = 0; i < slashes; i++) { +relativizedPath.append("../"); +} +relativizedPath.append(rResolved); +return relativizedPath.toString(); +} + +private static String getRoot(String uri) { +int idx = uri.lastIndexOf('/'); +if (idx == uri.length() - 1) { +