From f3792e2ffbfbf0dea3d2ede7b311acdefc1c19fd Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 20 Mar 2020 13:51:57 +0100
Subject: add JOSE header into JWS verificationresult DAO

---
 .../modules/auth/sl20/data/VerificationResult.java | 10 +++++-
 .../modules/auth/sl20/utils/JsonSecurityUtils.java | 37 ++++++++++++----------
 2 files changed, 29 insertions(+), 18 deletions(-)

(limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main')

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
index bb0c41d7..0f88e251 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/data/VerificationResult.java
@@ -9,6 +9,7 @@ public class VerificationResult {
 
   private Boolean validSigned = null;
   private List<X509Certificate> certs = null;
+  private JsonNode header = null;
   private JsonNode payload = null;
 
   public VerificationResult(final JsonNode payload) {
@@ -19,11 +20,14 @@ public class VerificationResult {
   /**
    * JWS signature verification-result container.
    * 
+   * @param joseHeader JWS header
    * @param payload JWS payload
    * @param certs JWS signercertificate
    * @param wasValidSigned true if signature was valid
    */
-  public VerificationResult(final JsonNode payload, final List<X509Certificate> certs, final boolean wasValidSigned) {
+  public VerificationResult(final JsonNode joseHeader, final JsonNode payload, 
+      final List<X509Certificate> certs, final boolean wasValidSigned) {
+    this.header = joseHeader;
     this.payload = payload;
     this.certs = certs;
     this.validSigned = wasValidSigned;
@@ -42,4 +46,8 @@ public class VerificationResult {
     return payload;
   }
 
+  public JsonNode getJoseHeader() {
+    return header;
+    
+  }
 }
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index ccb650b3..43c44647 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -13,22 +13,6 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.PostConstruct;
 
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
 import org.apache.commons.lang3.StringUtils;
 import org.jose4j.jca.ProviderContext;
 import org.jose4j.jwa.AlgorithmConstraints;
@@ -50,6 +34,22 @@ import org.springframework.util.Base64Utils;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.JsonNode;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
 @Service
 public class JsonSecurityUtils implements IJoseTools {
   private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
@@ -230,7 +230,10 @@ public class JsonSecurityUtils implements IJoseTools {
     jws.setKey(selectedKey);
 
     // load payLoad
-    return new VerificationResult(mapper.getMapper().readTree(jws.getPayload()), x5cCerts, jws.verifySignature());
+    return new VerificationResult(
+        mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()), 
+        mapper.getMapper().readTree(jws.getPayload()), 
+        x5cCerts, jws.verifySignature());
 
   }
 
-- 
cgit v1.2.3