summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-03-20 13:51:57 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-03-20 13:51:57 +0100
commitf3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd (patch)
treecbc5aeebecdb3b25ed0416f15a1d7011b038d731
parent895066c1aa921204346225551525006b6d34b7c6 (diff)
downloadEAAF-Components-f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd.tar.gz
EAAF-Components-f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd.tar.bz2
EAAF-Components-f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd.zip
add JOSE header into JWS verificationresult DAO
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java10
-rw-r--r--eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java37
2 files changed, 29 insertions, 18 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index bb0c41d7..0f88e251 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -9,6 +9,7 @@ public class VerificationResult {
private Boolean validSigned = null;
private List<X509Certificate> certs = null;
+ private JsonNode header = null;
private JsonNode payload = null;
public VerificationResult(final JsonNode payload) {
@@ -19,11 +20,14 @@ public class VerificationResult {
/**
* JWS signature verification-result container.
*
+ * @param joseHeader JWS header
* @param payload JWS payload
* @param certs JWS signercertificate
* @param wasValidSigned true if signature was valid
*/
- public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) {
+ public VerificationResult(final JsonNode joseHeader, final JsonNode payload,
+ final List<X509Certificate> certs, final boolean wasValidSigned) {
+ this.header = joseHeader;
this.payload = payload;
this.certs = certs;
this.validSigned = wasValidSigned;
@@ -42,4 +46,8 @@ public class VerificationResult {
return payload;
}
+ public JsonNode getJoseHeader() {
+ return header;
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index ccb650b3..43c44647 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -13,22 +13,6 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.PostConstruct;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
import org.apache.commons.lang3.StringUtils;
import org.jose4j.jca.ProviderContext;
import org.jose4j.jwa.AlgorithmConstraints;
@@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonNode;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
@Service
public class JsonSecurityUtils implements IJoseTools {
private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
@@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools {
jws.setKey(selectedKey);
// load payLoad
- return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
+ return new VerificationResult(
+ mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()),
+ mapper.getMapper().readTree(jws.getPayload()),
+ x5cCerts, jws.verifySignature());
}