Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 21472024a -> d7cec5b8c
[CXF-5944] Refactoring some of JWE class constractors Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d7cec5b8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d7cec5b8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d7cec5b8 Branch: refs/heads/3.0.x-fixes Commit: d7cec5b8c8d107b98237e4e31c6d02accf765427 Parents: 2147202 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Thu Sep 18 14:13:21 2014 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Thu Sep 18 14:17:05 2014 +0100 ---------------------------------------------------------------------- .../jose/jaxrs/JweWriterInterceptor.java | 8 +++-- .../jwe/AbstractContentEncryptionAlgorithm.java | 15 ++++----- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 18 ++++++----- .../jose/jwe/AesCbcHmacJweEncryption.java | 18 ++++++----- .../jwe/AesGcmContentEncryptionAlgorithm.java | 33 ++++++++++++++------ .../jose/jwe/ContentEncryptionAlgorithm.java | 1 + .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 5 +++ .../jose/jwe/DirectKeyJweEncryption.java | 2 +- .../jose/jwe/KeyEncryptionAlgorithm.java | 1 + .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 6 +++- .../jose/jwe/WrappedKeyJweEncryption.java | 24 ++++++++------ .../cxf/rs/security/jose/jwk/JwkUtils.java | 4 +-- .../jose/jwe/JweCompactReaderWriterTest.java | 11 +++---- .../jose/jwe/JwePbeHmacAesWrapTest.java | 5 +-- .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 3 +- .../cxf/systest/jaxrs/security/jwt/server.xml | 1 - 16 files changed, 96 insertions(+), 59 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java index 2fac63e..1daf285 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java @@ -41,6 +41,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; +import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesGcmWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; @@ -171,10 +172,11 @@ public class JweWriterInterceptor implements WriterInterceptor { } boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo); if (isAesHmac) { - return new AesCbcHmacJweEncryption( - keyEncryptionAlgo, contentEncryptionAlgo, keyEncryptionProvider); + return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider); } else { - return new WrappedKeyJweEncryption(headers, keyEncryptionProvider); + return new WrappedKeyJweEncryption(headers, + keyEncryptionProvider, + new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo)); } } catch (SecurityException ex) { throw ex; http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java index ef1fbbb..adf6d59 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java @@ -20,8 +20,6 @@ package org.apache.cxf.rs.security.jose.jwe; import java.util.concurrent.atomic.AtomicInteger; -import javax.crypto.SecretKey; - import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; @@ -31,17 +29,20 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent private byte[] cek; private byte[] iv; private AtomicInteger providedIvUsageCount; - protected AbstractContentEncryptionAlgorithm(SecretKey key, byte[] iv) { - this(key.getEncoded(), iv); - } - protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv) { + private String algorithm; + + protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { this.cek = cek; this.iv = iv; if (iv != null && iv.length > 0) { providedIvUsageCount = new AtomicInteger(); } + this.algorithm = algo; + } + @Override + public String getAlgorithm() { + return algorithm; } - public byte[] getContentEncryptionKey(JweHeaders headers) { return cek; } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java index 162a8df..6e831a9 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java @@ -48,8 +48,12 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio this.supportedAlgorithms = supportedAlgorithms; } @Override + public String getAlgorithm() { + return algorithm; + } + @Override public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) { - checkAlgorithms(headers, algorithm); + checkAlgorithms(headers); KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers)); AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); if (spec != null) { @@ -79,17 +83,17 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio } return algo; } - protected void checkAlgorithms(JweHeaders headers, String defaultAlgo) { + protected void checkAlgorithms(JweHeaders headers) { String providedAlgo = headers.getKeyEncryptionAlgorithm(); - if ((providedAlgo == null && defaultAlgo == null) - || (providedAlgo != null && defaultAlgo != null && !providedAlgo.equals(defaultAlgo))) { + if ((providedAlgo == null && algorithm == null) + || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) { throw new SecurityException(); } if (providedAlgo != null) { checkAlgorithm(providedAlgo); - } else if (defaultAlgo != null) { - headers.setKeyEncryptionAlgorithm(defaultAlgo); - checkAlgorithm(defaultAlgo); + } else if (algorithm != null) { + headers.setKeyEncryptionAlgorithm(algorithm); + checkAlgorithm(algorithm); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java index 40bba7d..5e3eaa5 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java @@ -51,11 +51,10 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48); AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64); } - public AesCbcHmacJweEncryption(String keyAlgo, - String cekAlgoJwt, + public AesCbcHmacJweEncryption(String cekAlgoJwt, KeyEncryptionAlgorithm keyEncryptionAlgorithm) { - this(new JweHeaders(keyAlgo, validateCekAlgorithm(cekAlgoJwt)), - null, null, keyEncryptionAlgorithm); + this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), cekAlgoJwt), null, null, + keyEncryptionAlgorithm); } public AesCbcHmacJweEncryption(JweHeaders headers, KeyEncryptionAlgorithm keyEncryptionAlgorithm) { @@ -70,8 +69,11 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm, JwtHeadersWriter writer) { - super(headers, new AesCbcContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm, writer); - validateCekAlgorithm(headers.getContentEncryptionAlgorithm()); + super(headers, + new AesCbcContentEncryptionAlgorithm(cek, iv, + validateCekAlgorithm(headers.getContentEncryptionAlgorithm())), + keyEncryptionAlgorithm, writer); + } @Override protected byte[] getActualCek(byte[] theCek, String algoJwt) { @@ -166,8 +168,8 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption { } private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { - public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv) { - super(cek, iv); + public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { + super(cek, iv, algo); } @Override public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) { http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java index 87774e9..fd028c1 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java @@ -18,26 +18,41 @@ */ package org.apache.cxf.rs.security.jose.jwe; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; + import javax.crypto.SecretKey; +import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { + private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( + Arrays.asList(Algorithm.A128GCM.getJwtName(), + Algorithm.A192GCM.getJwtName(), + Algorithm.A256GCM.getJwtName())); private static final int DEFAULT_IV_SIZE = 96; - public AesGcmContentEncryptionAlgorithm() { - this((byte[])null, null); + public AesGcmContentEncryptionAlgorithm(String algo) { + this((byte[])null, null, algo); } - public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv) { - this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv)); + public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) { + this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo); } - public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv) { - this(key.getEncoded(), iv); + public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { + this(key.getEncoded(), iv, algo); } - public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv) { - super(cek, iv); + public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { + super(cek, iv, checkAlgorithm(algo)); } protected int getIvSize() { return DEFAULT_IV_SIZE; } -} + private static String checkAlgorithm(String algo) { + if (SUPPORTED_ALGORITHMS.contains(algo)) { + return algo; + } + throw new SecurityException(); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java index 6f53f53..07b370e 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jwe; public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { + String getAlgorithm(); byte[] getInitVector(); byte[] getContentEncryptionKey(JweHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java index 8bbfd29..6714c3c 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java @@ -26,4 +26,9 @@ public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { } return new byte[0]; } + + @Override + public String getAlgorithm() { + return null; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java index 69e4ed9..fdd8658 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java @@ -28,7 +28,7 @@ public class DirectKeyJweEncryption extends AbstractJweEncryption { cek.getEncoded().length * 8)), cek.getEncoded(), iv); } public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) { - this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv)); + this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv, headers.getContentEncryptionAlgorithm())); } public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo) { super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm()); http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java index a6a147b..3885291 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java @@ -20,5 +20,6 @@ package org.apache.cxf.rs.security.jose.jwe; public interface KeyEncryptionAlgorithm { + String getAlgorithm(); byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek); } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index b67332d..377e186 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -99,7 +99,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt); KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt) { - protected void checkAlgorithms(JweHeaders headers, String defaultAlgo) { + protected void checkAlgorithms(JweHeaders headers) { // complete } protected String getKeyEncryptionAlgoJava(JweHeaders headers) { @@ -165,5 +165,9 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor bb.get(b); return b; } + @Override + public String getAlgorithm() { + return keyAlgoJwt; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java index 98bad90..8a40bc2 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java @@ -21,20 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe; import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter; public class WrappedKeyJweEncryption extends AbstractJweEncryption { - public WrappedKeyJweEncryption(JweHeaders headers, - KeyEncryptionAlgorithm keyEncryptionAlgorithm) { - this(headers, null, null, keyEncryptionAlgorithm); + public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm, + ContentEncryptionAlgorithm contentEncryptionAlgo) { + this(keyEncryptionAlgorithm, contentEncryptionAlgo, null); + } + public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm, + ContentEncryptionAlgorithm contentEncryptionAlgo, + JwtHeadersWriter writer) { + this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), contentEncryptionAlgo.getAlgorithm()), + keyEncryptionAlgorithm, contentEncryptionAlgo, writer); } - public WrappedKeyJweEncryption(JweHeaders headers, byte[] cek, - byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) { - this(headers, cek, iv, keyEncryptionAlgorithm, null); + public WrappedKeyJweEncryption(JweHeaders headers, + KeyEncryptionAlgorithm keyEncryptionAlgorithm, + ContentEncryptionAlgorithm contentEncryptionAlgo) { + this(headers, keyEncryptionAlgorithm, contentEncryptionAlgo, null); } public WrappedKeyJweEncryption(JweHeaders headers, - byte[] cek, - byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm, + ContentEncryptionAlgorithm contentEncryptionAlgo, JwtHeadersWriter writer) { - super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm, writer); + super(headers, contentEncryptionAlgo, keyEncryptionAlgorithm, writer); } http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 9661bdb..8b5b0e9 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -86,9 +86,7 @@ public final class JwkUtils { private static JweEncryptionProvider createDefaultEncryption(char[] password) { KeyEncryptionAlgorithm keyEncryption = new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); - return new AesCbcHmacJweEncryption(Algorithm.PBES2_HS256_A128KW.getJwtName(), - Algorithm.A128CBC_HS256.getJwtName(), - keyEncryption); + return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption); } private static JweDecryptionProvider createDefaultDecryption(char[] password) { KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java index 554e5db..ca49a38 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java @@ -173,12 +173,11 @@ public class JweCompactReaderWriterTest extends Assert { } else { jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8); } - JweEncryptionProvider encryptor = new WrappedKeyJweEncryption( - new JweHeaders(Algorithm.RSA_OAEP.getJwtName(), jwtKeyName), - key == null ? null : key.getEncoded(), - INIT_VECTOR_A1, - new RSAOaepKeyEncryptionAlgorithm(publicKey, - Algorithm.RSA_OAEP.getJwtName())); + KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey, + Algorithm.RSA_OAEP.getJwtName()); + ContentEncryptionAlgorithm contentEncryptionAlgo = + new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName); + JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(keyEncryptionAlgo, contentEncryptionAlgo); return encryptor.encrypt(content.getBytes("UTF-8"), null); } private String encryptContentDirect(SecretKey key, String content) throws Exception { http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java index e914b9b..af5ae37 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java @@ -65,8 +65,9 @@ public class JwePbeHmacAesWrapTest extends Assert { final String password = "Thus from my lips, by yours, my sin is purged."; KeyEncryptionAlgorithm keyEncryption = new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = - new WrappedKeyJweEncryption(headers, keyEncryption); + JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers, + keyEncryption, + new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName())); String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, null, null); http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index f4709d9..12fe555 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -288,8 +288,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg"; AesWrapKeyEncryptionAlgorithm keyEncryption = new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); - jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128KW.getJwtName(), - Algorithm.A128CBC_HS256.getJwtName(), + jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption)); // reader http://git-wip-us.apache.org/repos/asf/cxf/blob/d7cec5b8/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml index 874b082..e93cb09 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml @@ -54,7 +54,6 @@ under the License. <constructor-arg value="A128KW"/> </bean> <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption"> - <constructor-arg value="A128KW"/> <constructor-arg value="A128CBC-HS256"/> <constructor-arg ref="aesWrapEncryptionAlgo"/> </bean>