subject:"git commit\: \[CXF\-6084\] Support for validating critical headers, applying a patch on behalf of Daniel Torkian"

git commit: [CXF-6084] Support for validating critical headers, applying a patch on behalf of Daniel Torkian

2014-11-05 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/master de0524a87 - afa521931


[CXF-6084] Support for validating critical headers, applying a patch on behalf 
of Daniel Torkian


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/afa52193
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/afa52193
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/afa52193

Branch: refs/heads/master
Commit: afa52193148d7b1a6b60266ff73a92c1005f4c38
Parents: de0524a
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Wed Nov 5 12:55:12 2014 +
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Wed Nov 5 12:55:12 2014 +

--
 .../apache/cxf/rs/security/jose/JoseUtils.java  | 23 +
 .../security/jose/jwe/JweCompactConsumer.java   |  4 ++
 .../cxf/rs/security/jose/jwe/JweUtils.java  |  6 +++
 .../security/jose/jws/JwsCompactConsumer.java   |  4 +-
 .../jose/jws/JwsJsonSignatureEntry.java |  7 +++
 .../cxf/rs/security/jose/jws/JwsUtils.java  |  6 +++
 .../security/jose/jws/JwsCompactHeaderTest.java | 49 
 .../provider/ClientSecretHashVerifier.java  | 39 
 8 files changed, 137 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/afa52193/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
index b0ba894..23f9936 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
+++ 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
@@ -19,6 +19,9 @@
 package org.apache.cxf.rs.security.jose;
 
 import java.io.UnsupportedEncodingException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 
@@ -59,4 +62,24 @@ public final class JoseUtils {
 public static byte[] decode(String encoded) {
 return CryptoUtils.decodeSequence(encoded);
 }
+
+public static boolean validateCriticalHeaders(JoseHeaders headers) {
+ListString critical = headers.getCritical();
+if (critical == null) {
+return true;
+}
+// The crit value MUST NOT be empty [] or contain either duplicate 
values or crit
+if (critical.isEmpty() 
+|| detectDoubleEntry(critical)
+|| critical.contains(JoseConstants.HEADER_CRITICAL)) {
+return false;
+}
+
+// Check that the headers contain these critical headers
+return headers.asMap().keySet().containsAll(critical);
+}
+private static boolean detectDoubleEntry(List? list) {
+SetObject inputSet = new HashSetObject(list);
+return list.size()  inputSet.size();
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/afa52193/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
index 8673d4d..ab4c9b5 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
@@ -26,6 +26,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReader;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
 
 public class JweCompactConsumer {
@@ -113,4 +114,7 @@ public class JweCompactConsumer {
 throw new SecurityException(ex);
 }
 }
+public boolean validateCriticalHeaders() {
+return JwsUtils.validateCriticalHeaders(getJweHeaders());
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/afa52193/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 4158da6..836a284 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++

git commit: [CXF-6084] Support for validating critical headers, applying a patch on behalf of Daniel Torkian

2014-11-05 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes aca6e050f - 360a89355


[CXF-6084] Support for validating critical headers, applying a patch on behalf 
of Daniel Torkian


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/360a8935
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/360a8935
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/360a8935

Branch: refs/heads/3.0.x-fixes
Commit: 360a89355da3b90a6687833e314d751f10d6ef39
Parents: aca6e05
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Wed Nov 5 12:55:12 2014 +
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Wed Nov 5 12:56:06 2014 +

--
 .../apache/cxf/rs/security/jose/JoseUtils.java  | 23 +
 .../security/jose/jwe/JweCompactConsumer.java   |  4 ++
 .../cxf/rs/security/jose/jwe/JweUtils.java  |  6 +++
 .../security/jose/jws/JwsCompactConsumer.java   |  4 +-
 .../jose/jws/JwsJsonSignatureEntry.java |  7 +++
 .../cxf/rs/security/jose/jws/JwsUtils.java  |  6 +++
 .../security/jose/jws/JwsCompactHeaderTest.java | 49 
 .../provider/ClientSecretHashVerifier.java  | 39 
 8 files changed, 137 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/360a8935/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
index b0ba894..23f9936 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
+++ 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java
@@ -19,6 +19,9 @@
 package org.apache.cxf.rs.security.jose;
 
 import java.io.UnsupportedEncodingException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 import org.apache.cxf.common.util.crypto.CryptoUtils;
 
@@ -59,4 +62,24 @@ public final class JoseUtils {
 public static byte[] decode(String encoded) {
 return CryptoUtils.decodeSequence(encoded);
 }
+
+public static boolean validateCriticalHeaders(JoseHeaders headers) {
+ListString critical = headers.getCritical();
+if (critical == null) {
+return true;
+}
+// The crit value MUST NOT be empty [] or contain either duplicate 
values or crit
+if (critical.isEmpty() 
+|| detectDoubleEntry(critical)
+|| critical.contains(JoseConstants.HEADER_CRITICAL)) {
+return false;
+}
+
+// Check that the headers contain these critical headers
+return headers.asMap().keySet().containsAll(critical);
+}
+private static boolean detectDoubleEntry(List? list) {
+SetObject inputSet = new HashSetObject(list);
+return list.size()  inputSet.size();
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/360a8935/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
index 8673d4d..ab4c9b5 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
+++ 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java
@@ -26,6 +26,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReader;
 import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 
 
 public class JweCompactConsumer {
@@ -113,4 +114,7 @@ public class JweCompactConsumer {
 throw new SecurityException(ex);
 }
 }
+public boolean validateCriticalHeaders() {
+return JwsUtils.validateCriticalHeaders(getJweHeaders());
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/360a8935/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
--
diff --git 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
 
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 4158da6..836a284 100644
--- 
a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++

git commit: [CXF-6084] Support for validating critical headers, applying a patch on behalf of Daniel Torkian

git commit: [CXF-6084] Support for validating critical headers, applying a patch on behalf of Daniel Torkian

2 matches

Site Navigation

Mail list logo

Footer information