Repository: cxf Updated Branches: refs/heads/master b5409a6d6 -> 97a38ec29
[CXF-5311] Minor modifications and reverting a previous 'fix' to RSA helpers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/97a38ec2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/97a38ec2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/97a38ec2 Branch: refs/heads/master Commit: 97a38ec2966efc4ba8daf916304ba9a70536eac9 Parents: b5409a6 Author: Sergey Beryozkin <[email protected]> Authored: Fri May 23 15:45:26 2014 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Fri May 23 15:45:26 2014 +0100 ---------------------------------------------------------------------- .../rs/security/oauth2/jwe/JweEncryptor.java | 2 +- .../rs/security/oauth2/jwe/RSAJweDecryptor.java | 9 ++++--- .../rs/security/oauth2/jwe/RSAJweEncryptor.java | 26 ++++++++++---------- .../cxf/rs/security/oauth2/jwt/Algorithm.java | 5 ++++ .../rs/security/oauth2/jwt/JwtConstants.java | 3 +++ .../oauth2/jwe/JweCompactReaderWriterTest.java | 8 +++--- .../oauth2/utils/crypto/CryptoUtils.java | 4 +++ 7 files changed, 35 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java index 98a8f73..b1b617f 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java @@ -80,7 +80,7 @@ public class JweEncryptor { protected byte[] getContentEncryptionKey() { if (cek == null && cekEncryptionKey != null) { String algo = headers.getContentEncryptionAlgorithm(); - return CryptoUtils.generateSecureRandomBytes(Algorithm.valueOf(algo).getKeySizeBits() / 8); + return CryptoUtils.getSecretKey(algo, Algorithm.valueOf(algo).getKeySizeBits()).getEncoded(); } else { return cek; } http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java index 7f4829a..a0ddc79 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java @@ -18,15 +18,16 @@ */ package org.apache.cxf.rs.security.oauth2.jwe; +import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; public class RSAJweDecryptor extends JweDecryptor { - public RSAJweDecryptor(String jweContent, RSAPublicKey publicKey, boolean unwrap) { - super(jweContent, publicKey, unwrap); + public RSAJweDecryptor(String jweContent, RSAPrivateKey privateKey, boolean unwrap) { + super(jweContent, privateKey, unwrap); } - public RSAJweDecryptor(String jweContent, RSAPublicKey publicKey) { - this(jweContent, publicKey, true); + public RSAJweDecryptor(String jweContent, RSAPrivateKey privateKey) { + this(jweContent, privateKey, true); } protected int getKeyCipherBlockSize() { return ((RSAPublicKey)getDecryptionKey()).getModulus().toByteArray().length; http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java index 387a19e..087d14d 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java @@ -18,7 +18,7 @@ */ package org.apache.cxf.rs.security.oauth2.jwe; -import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; import javax.crypto.SecretKey; @@ -26,32 +26,32 @@ import org.apache.cxf.rs.security.oauth2.jwt.Algorithm; import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter; public class RSAJweEncryptor extends JweEncryptor { - public RSAJweEncryptor(RSAPrivateKey privateKey, String contentEncryptionAlgo) { + public RSAJweEncryptor(RSAPublicKey publicKey, String contentEncryptionAlgo) { super(new JweHeaders(Algorithm.RSA_OAEP_ALGO.getJwtName(), - contentEncryptionAlgo), privateKey); + contentEncryptionAlgo), publicKey); } - public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[] iv) { - this(privateKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true); + public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv) { + this(publicKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true); } - public RSAJweEncryptor(RSAPrivateKey privateKey, SecretKey secretKey, byte[] iv) { - this(privateKey, + public RSAJweEncryptor(RSAPublicKey publicKey, SecretKey secretKey, byte[] iv) { + this(publicKey, new JweHeaders(Algorithm.RSA_OAEP_ALGO.getJwtName(), Algorithm.toJwtName(secretKey.getAlgorithm())), secretKey.getEncoded(), iv, DEFAULT_AUTH_TAG_LENGTH, true); } - public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[] iv, + public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv, int authTagLen, boolean wrap) { - this(privateKey, headers, cek, iv, authTagLen, wrap, null); + this(publicKey, headers, cek, iv, authTagLen, wrap, null); } - public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[] iv, + public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv, JwtHeadersWriter writer) { - this(privateKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true, null); + this(publicKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true, null); } - public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[] iv, + public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv, int authTagLen, boolean wrap, JwtHeadersWriter writer) { - super(headers, privateKey, cek, iv, authTagLen, wrap, writer); + super(headers, publicKey, cek, iv, authTagLen, wrap, writer); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java index 3c08e8e..0d9896b 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java @@ -47,6 +47,8 @@ public enum Algorithm { public static final String RS_SHA_384_JAVA = "SHA384withRSA"; public static final String RS_SHA_512_JAVA = "SHA512withRSA"; public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; + public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"; + public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding"; public static final String A256GCM_ALGO_JAVA = "AES/GCM/NoPadding"; private static final Map<String, String> JAVA_TO_JWT_NAMES; @@ -60,6 +62,8 @@ public enum Algorithm { JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JwtConstants.RS_SHA_384_ALGO); JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JwtConstants.RS_SHA_512_ALGO); JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JwtConstants.RSA_OAEP_ALGO); + JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JwtConstants.RSA_OAEP_256_ALGO); + JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JwtConstants.RSA_1_5_ALGO); JAVA_TO_JWT_NAMES.put(A256GCM_ALGO_JAVA, JwtConstants.A256GCM_ALGO); JWT_TO_JAVA_NAMES = new HashMap<String, String>(); JWT_TO_JAVA_NAMES.put(JwtConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA); @@ -69,6 +73,7 @@ public enum Algorithm { JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA); JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA); JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA); + JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA); JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCM_ALGO, A256GCM_ALGO_JAVA); } private final String jwtName; http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java index f7fb859..b26f526 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java @@ -57,6 +57,9 @@ public final class JwtConstants { public static final String RS_SHA_384_ALGO = "RS384"; public static final String RS_SHA_512_ALGO = "RS512"; public static final String RSA_OAEP_ALGO = "RSA-OAEP"; + public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256"; + public static final String RSA_1_5_ALGO = "RSA1_5"; + public static final String A256GCM_ALGO = "A256GCM"; private JwtConstants() { http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java index f9673a2..c574e83 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java @@ -104,15 +104,15 @@ public class JweCompactReaderWriterTest extends Assert { } private String encryptContent(String content) throws Exception { - RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); + RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); SecretKey key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY, Algorithm.A256GCM_ALGO.getJavaName()); - RSAJweEncryptor encryptor = new RSAJweEncryptor(privateKey, key, INIT_VECTOR); + RSAJweEncryptor encryptor = new RSAJweEncryptor(publicKey, key, INIT_VECTOR); return encryptor.getJweContent(content); } private void decrypt(String jweContent, String plainContent) throws Exception { - RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); - RSAJweDecryptor decryptor = new RSAJweDecryptor(jweContent, publicKey); + RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); + RSAJweDecryptor decryptor = new RSAJweDecryptor(jweContent, privateKey); String decryptedText = decryptor.getDecryptedContentText(); assertEquals(decryptedText, plainContent); } http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java index 0a408fc..fda8527 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java @@ -214,6 +214,10 @@ public final class CryptoUtils { return getSecretKey(new KeyProperties(symEncAlgo)); } + public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException { + return getSecretKey(new KeyProperties(symEncAlgo, keySize)); + } + public static SecretKey getSecretKey(KeyProperties props) throws SecurityException { try { KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
