org.apache.cxf.rs.security.jose.common.JoseConstants Java Examples

public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid) {
    PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper);
    JsonWebKeys jwkSet = loadJwkSet(m, props, cb);
    String kid = null;
    if (inHeaderKid != null
        && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY, false)) {
        kid = inHeaderKid;
    } else {
        kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
    }
    if (kid != null) {
        return jwkSet.getKey(kid);
    } else if (keyOper != null) {
        List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper);
        if (keys != null && keys.size() == 1) {
            return keys.get(0);
        }
    }
    return null;
}
 

@Test
public void testJweCompactJwsJsonBookBeanHmac() throws Exception {
    if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
        return;
    }
    String address = "https://localhost:" + PORT + "/jwejwsjsonhmac";
    List<?> extraProviders = Arrays.asList(new JacksonJsonProvider(),
                                           new JweWriterInterceptor(),
                                           new JweClientResponseFilter());
    String jwkStoreProperty = "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties";
    Map<String, Object> props = new HashMap<>();
    props.put(JoseConstants.RSSEC_SIGNATURE_PROPS, jwkStoreProperty);
    props.put(JoseConstants.RSSEC_ENCRYPTION_PROPS, jwkStoreProperty);
    BookStore bs = createBookStore(address,
                                   props,
                                   extraProviders);
    Book book = bs.echoBook(new Book("book", 123L));
    assertEquals("book", book.getName());
    assertEquals(123L, book.getId());
}
 

private BookStore createBookStoreTwoRecipients(String address) throws Exception {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    bean.setProvider(new JweJsonWriterInterceptor());

    List<String> properties = new ArrayList<>();
    properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties");
    properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties");
    bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
                             properties);
    return bean.create(BookStore.class);
}
 

private BookStore createBookStore(String address, String propLoc) throws Exception {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<>();
    JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor();
    providers.add(writer);
    providers.add(new JweJsonClientResponseFilter());
    bean.setProviders(providers);
    bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
                                 propLoc);
    return bean.create(BookStore.class);
}
 

private Properties prepareSignatureVerificationProperties(JoseOperation operation) {
    Properties props = new Properties();
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword());
    props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.signatureKeyPassword());
    props.setProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, config.signatureAlgorithm());

    if (operation.equals(JoseOperation.SIGN)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, signatureKeyAlias());

    } else if (operation.equals(JoseOperation.VERIFICATION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, verificationKeyAlias());
    }
    return props;
}
 

private Properties prepareEncryptionDecryptionProperties(JoseOperation operation) {
    Properties props = new Properties();

    props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword());
    props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.encryptionKeyPassword());
    props.setProperty(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, config.keyEncryptionAlgorithm());
    props.setProperty(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, config.contentEncryptionAlgorithm());

    if (operation.equals(JoseOperation.ENCRYPTION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, encryptionKeyAlias());

    } else if (operation.equals(JoseOperation.DECRYPTION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, decryptionKeyAlias());

    }
    return props;
}
 

private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 

@Test
public void testLoadVerificationKeyWithCert() throws Exception {
    Properties p = new Properties();
    p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
        "org/apache/cxf/rs/security/jose/jws/alice.jks");
    p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
    p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
    p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true);
    JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
    assertEquals(1, keySet.asMap().size());
    List<JsonWebKey> keys = keySet.getRsaKeys();
    assertEquals(1, keys.size());
    JsonWebKey key = keys.get(0);
    assertEquals(KeyType.RSA, key.getKeyType());
    assertEquals("alice", key.getKeyId());
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
    assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
    List<String> chain = key.getX509Chain();
    assertNotNull(chain);
    assertEquals(2, chain.size());
}
 

@Test
public void testLoadVerificationKey() throws Exception {
    Properties p = new Properties();
    p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
        "org/apache/cxf/rs/security/jose/jws/alice.jks");
    p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
    p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
    JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
    assertEquals(1, keySet.asMap().size());
    List<JsonWebKey> keys = keySet.getRsaKeys();
    assertEquals(1, keys.size());
    JsonWebKey key = keys.get(0);
    assertEquals(KeyType.RSA, key.getKeyType());
    assertEquals("alice", key.getKeyId());
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
    assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
    assertNull(key.getX509Chain());
}
 

private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
    JwsHeaders headers = new JwsHeaders();
    headers.setType(JoseType.JWT);
    headers.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey);

    JwtClaims claims = new JwtClaims();
    claims.setIssuer("joe");
    claims.setExpiryTime(1300819380L);
    claims.setClaim("http://example.com/is_root", Boolean.TRUE);

    JwtToken token = new JwtToken(headers, claims);
    JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
    jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));

    assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
}
 

public static JweEncryptionProvider loadEncryptionProvider(Properties props, Message m, JweHeaders headers) {

        KeyEncryptionProvider keyEncryptionProvider = loadKeyEncryptionProvider(props, m, headers);
        ContentAlgorithm contentAlgo = getContentEncryptionAlgorithm(m, props, null, ContentAlgorithm.A128GCM);
        if (m != null) {
            m.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentAlgo.getJwaName());
        }
        ContentEncryptionProvider ctEncryptionProvider = null;
        if (KeyAlgorithm.DIRECT == keyEncryptionProvider.getAlgorithm()) {
            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
            if (jwk != null) {
                contentAlgo = getContentEncryptionAlgorithm(m, props,
                    jwk.getAlgorithm() != null ? ContentAlgorithm.getAlgorithm(jwk.getAlgorithm()) : null,
                    contentAlgo);
                ctEncryptionProvider = getContentEncryptionProvider(jwk, contentAlgo);
            }
        }
        String compression = props.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM);
        return createJweEncryptionProvider(keyEncryptionProvider,
                                    ctEncryptionProvider,
                                    contentAlgo,
                                    compression,
                                    headers);
    }
 

public static SignatureAlgorithm getClientSecretSignatureAlgorithm(Properties sigProps) {

        String clientSecretSigProp = sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM);
        if (clientSecretSigProp == null) {
            String sigProp = sigProps.getProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
            if (AlgorithmUtils.isHmacSign(sigProp)) {
                clientSecretSigProp = sigProp;
            }
        }
        SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(clientSecretSigProp);
        sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
        if (!AlgorithmUtils.isHmacSign(sigAlgo)) {
            // Must be HS-based for the symmetric signature
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        return sigAlgo;
    }
 

public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey key,
                                                                   Properties props,
                                                                   KeyAlgorithm algo) {
    if (algo == null) {
        algo = getDefaultPublicKeyAlgorithm(key);
    }
    if (key instanceof RSAPublicKey) {
        return new RSAKeyEncryptionAlgorithm((RSAPublicKey)key, algo);
    } else if (key instanceof ECPublicKey) {
        ContentAlgorithm ctAlgo = null;
        Message m = PhaseInterceptorChain.getCurrentMessage();
        if (m != null) {
            ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        String curve = props == null ? JsonWebKey.EC_CURVE_P256
            : props.getProperty(JoseConstants.RSSEC_EC_CURVE, JsonWebKey.EC_CURVE_P256);
        return new EcdhAesWrapKeyEncryptionAlgorithm((ECPublicKey)key,
                                                     curve,
                                                     algo,
                                                     ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo);
    }

    return null;
}
 

protected List<String> getPropertyLocations() {
    Message m = JAXRSUtils.getCurrentMessage();
    Object propLocsProp =
        MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS,
                                           JoseConstants.RSSEC_ENCRYPTION_PROPS);
    if (propLocsProp == null) {
        if (encProviders == null) {
            LOG.warning("JWE JSON init properties resource is not identified");
            throw new JweException(JweException.Error.NO_INIT_PROPERTIES);
        }
        return Collections.emptyList();
    }
    List<String> propLocs = null;
    if (propLocsProp instanceof String) {
        String[] props = ((String)propLocsProp).split(",");
        propLocs = Arrays.asList(props);
    } else {
        propLocs = CastUtils.cast((List<?>)propLocsProp);
    }
    return propLocs;
}
 

public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
    KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
    KeyEncryptionProvider keyEncryptionProvider = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        keyEncryptionProvider = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true),
                                                             keyAlgo);
    } else if (KeyType.OCTET == keyType) {
        keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk, keyAlgo),
                                                                keyAlgo);
    } else if (keyAlgo == KeyAlgorithm.ECDH_ES_DIRECT) {
        return new EcdhDirectKeyEncryptionAlgorithm();
    } else {
        ContentAlgorithm ctAlgo = null;
        Message m = PhaseInterceptorChain.getCurrentMessage();
        if (m != null) {
            ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk),
                                    jwk.getStringProperty(JsonWebKey.EC_CURVE),
                                    keyAlgo,
                                    ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo);
    }
    return keyEncryptionProvider;
}
 

private DecryptionOutput decryptCompact(Properties props, String jwe) {
    try {
        JweCompactConsumer consumer = new JweCompactConsumer(jwe);

        if (config.acceptEncryptionAlias()) {
            JweHeaders header = consumer.getJweHeaders();
            props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, header.getKeyId());
        }

        JweDecryptionProvider decryptor = getDecryptionProvider(props, consumer.getJweHeaders());
        String decryptedData = consumer.getDecryptedContentText(decryptor);
        return new DecryptionOutput(consumer.getJweHeaders().asMap(), decryptedData);
    } catch (Exception ex) {
        throw new JoseException("JWE Compact Decryption Failure");
    }
}
 

public static JsonWebKeys loadPublicVerificationKeys(Message m, Properties props, boolean stripPrivateParameters) {
    String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
    if ("jwk".equals(storeType)) {
        List<JsonWebKey> jsonWebKeys = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN, null);
        if (jsonWebKeys == null || jsonWebKeys.isEmpty()) {
            throw new JoseException("Error loading keys");
        }
        return new JsonWebKeys(stripPrivateParameters ? JwkUtils.stripPrivateParameters(jsonWebKeys) : jsonWebKeys);
    }
    X509Certificate[] certs = null;
    if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
        certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
    }
    PublicKey key = certs != null && certs.length > 0
        ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props);
    JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
    jwk.setPublicKeyUse(PublicKeyUse.SIGN);
    if (certs != null) {
        jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
    }
    return new JsonWebKeys(jwk);
}
 

protected List<String> getPropertyLocations() {
    Message m = JAXRSUtils.getCurrentMessage();
    Object propLocsProp =
        MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,
                                           JoseConstants.RSSEC_SIGNATURE_PROPS);
    if (propLocsProp == null) {
        if (sigProviders == null) {
            LOG.warning("JWS JSON init properties resource is not identified");
            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
        }
        return Collections.emptyList();
    }
    List<String> propLocs = null;
    if (propLocsProp instanceof String) {
        String[] props = ((String)propLocsProp).split(",");
        propLocs = Arrays.asList(props);
    } else {
        propLocs = CastUtils.cast((List<?>)propLocsProp);
    }
    return propLocs;
}
 

public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb) {
    String key = (String)props.get(JoseConstants.RSSEC_KEY_STORE_FILE);
    JsonWebKeys jwkSet = null;
    if (key != null && m != null) {
        Object jwkSetProp = m.getExchange().get(key);
        if (jwkSetProp != null && !(jwkSetProp instanceof JsonWebKeys)) {
            throw new JwkException("Unexpected key store class: " + jwkSetProp.getClass().getName());
        } else {
            jwkSet = (JsonWebKeys)jwkSetProp;
        }
    }
    if (jwkSet == null) {
        jwkSet = loadJwkSet(props, m != null ? m.getExchange().getBus() : null, cb);
        if (key != null && m != null) {
            m.getExchange().put(key, jwkSet);
        }
    }
    return jwkSet;
}
 

protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
    KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
    keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
    AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
    keyProperties.setAlgoSpec(spec);
    boolean compressionSupported =
        JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
    keyProperties.setCompressionSupported(compressionSupported);
    byte[] actualCek = getActualCek(cek,
                           jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
    byte[] bytes =
        CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);

    // Here we're finished with the SecretKey we created, so we can destroy it
    try {
        secretKey.destroy();
    } catch (DestroyFailedException e) {
        // ignore
    }
    Arrays.fill(cek, (byte) 0);
    if (actualCek != cek) {
        Arrays.fill(actualCek, (byte) 0);
    }

    return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
 

@Test
public void testLoadPublicJwkSet() throws Exception {
    final Properties props = new Properties();
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, "unavailable");
    try {
        JwkUtils.loadPublicJwkSet(null, props);
        fail();
    } catch (JwkException e) {
        assertNull(e.getCause());
    }
}
 

private void init(KeyAlgorithm keyEncAlgo, ContentAlgorithm ctEncAlgo, boolean deflate) {
    if (keyEncAlgo != null) {
        setKeyEncryptionAlgorithm(keyEncAlgo);
    }
    setContentEncryptionAlgorithm(ctEncAlgo);
    if (deflate) {
        setZipAlgorithm(JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM);
    }
}
 

private Message createMessage() {
    Message m = new MessageImpl();
    Exchange e = new ExchangeImpl();
    e.put(Bus.class, BusFactory.getThreadDefaultBus());
    m.setExchange(e);
    m.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, "true");
    e.setInMessage(m);
    return m;
}
 

@Override
protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) {
    super.prepareConfigurationData(cfg, baseUri);
    // UriInfo Endpoint
    if (!isUserInfoEndpointNotAvailable()) {
        String theUserInfoEndpointAddress =
            calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
        cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
    }

    Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
    if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) {
        cfg.put("id_token_signing_alg_values_supported",
                Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
    }
    
    // RP Initiated Logout Endpoint
    if (!isEndSessionEndpointNotAvailable()) {
        String theEndSessionEndpointAddress =
            calculateEndpointAddress(endSessionEndpointAddress, baseUri, "/idp/logout");
        cfg.put("end_session_endpoint", theEndSessionEndpointAddress);
    }
    
    if (isBackChannelLogoutSupported()) {
        cfg.put("backchannel_logout_supported", Boolean.TRUE);
    }
    
    //Subject types: pairwise is not supported yet
    cfg.put("subject_types_supported", Collections.singletonList("public"));
    
    List<String> theResponseTypes = responseTypes == null ? DEFAULT_RESPONSE_TYPES : responseTypes;
    cfg.put("response_types_supported", theResponseTypes);
}
 

public static SignatureAlgorithm getSignatureAlgorithm(Message m,
                                                       Properties props,
                                                       SignatureAlgorithm defaultAlgo) {
    String algo = KeyManagementUtils.getKeyAlgorithm(m,
                                              props,
                                              JoseConstants.RSSEC_SIGNATURE_ALGORITHM,
                                              defaultAlgo == null ? null : defaultAlgo.getJwaName());
    return SignatureAlgorithm.getAlgorithm(algo);
}
 

public static Properties loadSignatureInProperties(boolean required) {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    return KeyManagementUtils.loadStoreProperties(m, required,
                                                  JoseConstants.RSSEC_SIGNATURE_IN_PROPS,
                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);

}
 

public static Properties loadSignatureOutProperties(boolean required) {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    return KeyManagementUtils.loadStoreProperties(m, required,
                                                  JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,
                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);

}
 

public void setPayloadEncodingStatus(Boolean status) {
    super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status);
    if (!status) {
        List<String> critical = this.getCritical();
        if (critical == null) {
            critical = new LinkedList<>();
            setCritical(critical);
        } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) {
            return;
        }
        critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);

    }
}
 

private JwsSignatureVerifier getJwsSignatureVerifier(Properties props, JwsHeaders headers) {
    if (config.acceptSignatureAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        return JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias()));
    } else {
        return JwsUtils.loadSignatureVerifier(props, headers);
    }
}
 

public static JsonWebKey fromPublicKey(PublicKey key, Properties props, String algoProp) {
    final JsonWebKey jwk;
    if (key instanceof RSAPublicKey) {
        String algo = props.getProperty(algoProp);
        jwk = JwkUtils.fromRSAPublicKey((RSAPublicKey)key, algo);
    } else {
        jwk = JwkUtils.fromECPublicKey((ECPublicKey)key,
                                       props.getProperty(JoseConstants.RSSEC_EC_CURVE));
    }
    String kid = props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS);
    if (kid != null) {
        jwk.setKeyId(kid);
    }
    return jwk;
}