http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObjectReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObjectReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObjectReaderWriter.java deleted file mode 100644 index a70eca7..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObjectReaderWriter.java +++ /dev/null @@ -1,212 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.Arrays; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; - - - -public class AbstractJwtObjectReaderWriter { - private static final Set<String> DATE_PROPERTIES = - new HashSet<String>(Arrays.asList(JwtConstants.CLAIM_EXPIRY, - JwtConstants.CLAIM_ISSUED_AT, - JwtConstants.CLAIM_NOT_BEFORE)); - private boolean format; - - protected String toJson(AbstractJwtObject jwt) { - StringBuilder sb = new StringBuilder(); - toJsonInternal(sb, jwt.asMap()); - return sb.toString(); - } - - protected void toJsonInternal(StringBuilder sb, Map<String, Object> map) { - sb.append("{"); - for (Iterator<Map.Entry<String, Object>> it = map.entrySet().iterator(); it.hasNext();) { - Map.Entry<String, Object> entry = it.next(); - sb.append("\"").append(entry.getKey()).append("\""); - sb.append(":"); - toJsonInternal(sb, entry.getValue(), it.hasNext()); - } - sb.append("}"); - } - - protected void toJsonInternal(StringBuilder sb, Object[] array) { - toJsonInternal(sb, Arrays.asList(array)); - } - - protected void toJsonInternal(StringBuilder sb, Collection<?> coll) { - sb.append("["); - formatIfNeeded(sb); - for (Iterator<?> iter = coll.iterator(); iter.hasNext();) { - toJsonInternal(sb, iter.next(), iter.hasNext()); - } - formatIfNeeded(sb); - sb.append("]"); - } - - @SuppressWarnings("unchecked") - protected void toJsonInternal(StringBuilder sb, Object value, boolean hasNext) { - if (AbstractJwtObject.class.isAssignableFrom(value.getClass())) { - sb.append(toJson((AbstractJwtObject)value)); - } else if (value.getClass().isArray()) { - toJsonInternal(sb, (Object[])value); - } else if (Collection.class.isAssignableFrom(value.getClass())) { - toJsonInternal(sb, (Collection<?>)value); - } else if (Map.class.isAssignableFrom(value.getClass())) { - toJsonInternal(sb, (Map<String, Object>)value); - } else { - if (value.getClass() == String.class) { - sb.append("\""); - } - sb.append(value); - if (value.getClass() == String.class) { - sb.append("\""); - } - } - if (hasNext) { - sb.append(","); - formatIfNeeded(sb); - } - - } - - protected void formatIfNeeded(StringBuilder sb) { - if (format) { - sb.append("\r\n "); - } - } - - protected void fromJsonInternal(AbstractJwtObject jwt, String json) { - String theJson = json.trim(); - Map<String, Object> values = readJwtObjectAsMap(theJson.substring(1, theJson.length() - 1)); - fromJsonInternal(jwt, values); - } - - protected void fromJsonInternal(AbstractJwtObject jwt, Map<String, Object> values) { - for (Map.Entry<String, Object> entry : values.entrySet()) { - jwt.setValue(entry.getKey(), entry.getValue()); - } - } - - protected Map<String, Object> readJwtObjectAsMap(String json) { - Map<String, Object> values = new LinkedHashMap<String, Object>(); - for (int i = 0; i < json.length(); i++) { - if (isWhiteSpace(json.charAt(i))) { - continue; - } - - int closingQuote = json.indexOf('"', i + 1); - int from = json.charAt(i) == '"' ? i + 1 : i; - String name = json.substring(from, closingQuote); - int sepIndex = json.indexOf(':', closingQuote + 1); - - int j = 1; - while (isWhiteSpace(json.charAt(sepIndex + j))) { - j++; - } - if (json.charAt(sepIndex + j) == '{') { - int closingIndex = getClosingIndex(json, '{', '}', sepIndex + j); - String newJson = json.substring(sepIndex + j + 1, closingIndex); - values.put(name, readJwtObjectAsMap(newJson)); - i = closingIndex + 1; - } else if (json.charAt(sepIndex + j) == '[') { - int closingIndex = getClosingIndex(json, '[', ']', sepIndex + j); - String newJson = json.substring(sepIndex + j + 1, closingIndex); - values.put(name, readJwtObjectAsList(newJson)); - i = closingIndex + 1; - } else { - int commaIndex = getCommaIndex(json, sepIndex + j); - Object value = readPrimitiveValue(json, sepIndex + j, commaIndex); - if (DATE_PROPERTIES.contains(name)) { - value = Long.valueOf(value.toString()); - } - values.put(name, value); - i = commaIndex + 1; - } - - } - return values; - } - protected List<Object> readJwtObjectAsList(String json) { - List<Object> values = new LinkedList<Object>(); - for (int i = 0; i < json.length(); i++) { - if (isWhiteSpace(json.charAt(i))) { - continue; - } - if (json.charAt(i) == '{') { - int closingIndex = getClosingIndex(json, '{', '}', i); - values.add(readJwtObjectAsMap(json.substring(i + 1, closingIndex))); - i = closingIndex + 1; - } else { - int commaIndex = getCommaIndex(json, i); - Object value = readPrimitiveValue(json, i, commaIndex); - values.add(value); - i = commaIndex + 1; - } - } - - return values; - } - protected Object readPrimitiveValue(String json, int from, int to) { - Object value = json.substring(from, to); - String valueStr = value.toString().trim(); - if (valueStr.startsWith("\"")) { - value = valueStr.substring(1, valueStr.length() - 1); - } else if ("true".equals(value) || "false".equals(value)) { - value = Boolean.valueOf(valueStr); - } - return value; - } - - protected static int getCommaIndex(String json, int from) { - int commaIndex = json.indexOf(",", from); - if (commaIndex == -1) { - commaIndex = json.length(); - } - return commaIndex; - } - protected int getClosingIndex(String json, char openChar, char closeChar, int from) { - int nextOpenIndex = json.indexOf(openChar, from + 1); - int closingIndex = json.indexOf(closeChar, from + 1); - while (nextOpenIndex != -1 && nextOpenIndex < closingIndex) { - nextOpenIndex = json.indexOf(openChar, closingIndex + 1); - closingIndex = json.indexOf(closeChar, closingIndex + 1); - } - return closingIndex; - } - protected boolean isWhiteSpace(char jsonChar) { - return jsonChar == ' ' || jsonChar == '\r' || jsonChar == '\n' || jsonChar == '\t'; - } - - public void setFormat(boolean format) { - this.format = format; - } - - - - -}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java deleted file mode 100644 index 46644a8..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java +++ /dev/null @@ -1,100 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.Map; - - - - -public class JwtClaims extends AbstractJwtObject { - - public JwtClaims() { - } - - public JwtClaims(Map<String, Object> values) { - super(values); - } - - public void setIssuer(String issuer) { - setClaim(JwtConstants.CLAIM_ISSUER, issuer); - } - - public String getIssuer() { - return (String)getValue(JwtConstants.CLAIM_ISSUER); - } - - public void setSubject(String subject) { - setClaim(JwtConstants.CLAIM_SUBJECT, subject); - } - - public String getSubject() { - return (String)getClaim(JwtConstants.CLAIM_SUBJECT); - } - - public void setAudience(String audience) { - setClaim(JwtConstants.CLAIM_AUDIENCE, audience); - } - - public String getAudience() { - return (String)getClaim(JwtConstants.CLAIM_AUDIENCE); - } - - public void setExpiryTime(Long expiresIn) { - setClaim(JwtConstants.CLAIM_EXPIRY, expiresIn); - } - - public Long getExpiryTime() { - return getLongDate(JwtConstants.CLAIM_EXPIRY); - } - - public void setNotBefore(Long notBefore) { - setClaim(JwtConstants.CLAIM_NOT_BEFORE, notBefore); - } - - public Long getNotBefore() { - return getLongDate(JwtConstants.CLAIM_NOT_BEFORE); - } - - public void setIssuedAt(Long issuedAt) { - setClaim(JwtConstants.CLAIM_ISSUED_AT, issuedAt); - } - - public Long getIssuedAt() { - return getLongDate(JwtConstants.CLAIM_ISSUED_AT); - } - - public void setTokenId(String id) { - setValue(JwtConstants.CLAIM_JWT_ID, id); - } - - public String getTokenId() { - return (String)getClaim(JwtConstants.CLAIM_JWT_ID); - } - - public JwtClaims setClaim(String name, Object value) { - setValue(name, value); - return this; - } - - public Object getClaim(String name) { - return getValue(name); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java deleted file mode 100644 index e912b31..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java +++ /dev/null @@ -1,89 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -public final class JwtConstants { - public static final String HEADER_TYPE = "typ"; - public static final String HEADER_ALGORITHM = "alg"; - public static final String HEADER_CONTENT_TYPE = "cty"; - public static final String HEADER_CRITICAL = "crit"; - - public static final String HEADER_KEY_ID = "kid"; - public static final String HEADER_X509_URL = "x5u"; - public static final String HEADER_X509_CHAIN = "x5c"; - public static final String HEADER_X509_THUMBPRINT = "x5t"; - public static final String HEADER_X509_THUMBPRINT_SHA256 = "x5t#S256"; - public static final String HEADER_JSON_WEB_KEY = "jwk"; - public static final String HEADER_JSON_WEB_KEY_SET = "jku"; - - public static final String JWE_HEADER_KEY_ENC_ALGORITHM = HEADER_ALGORITHM; - public static final String JWE_HEADER_CONTENT_ENC_ALGORITHM = "enc"; - public static final String JWE_HEADER_ZIP_ALGORITHM = "zip"; - public static final String DEFLATE_ZIP_ALGORITHM = "DEF"; - - public static final String TYPE_JWT = "JWT"; - public static final String TYPE_JOSE = "JOSE"; - public static final String TYPE_JOSE_JSON = "JOSE+JSON"; - public static final String MEDIA_TYPE_JOSE_JSON = "application/jose+json"; - - public static final String CLAIM_ISSUER = "iss"; - public static final String CLAIM_SUBJECT = "sub"; - public static final String CLAIM_AUDIENCE = "aud"; - public static final String CLAIM_EXPIRY = "exp"; - public static final String CLAIM_NOT_BEFORE = "nbf"; - public static final String CLAIM_ISSUED_AT = "iat"; - public static final String CLAIM_JWT_ID = "jti"; - - public static final String PLAIN_TEXT_ALGO = "none"; - public static final String HMAC_SHA_256_ALGO = "HS256"; - public static final String HMAC_SHA_384_ALGO = "HS384"; - public static final String HMAC_SHA_512_ALGO = "HS512"; - public static final String RS_SHA_256_ALGO = "RS256"; - public static final String RS_SHA_384_ALGO = "RS384"; - public static final String RS_SHA_512_ALGO = "RS512"; - public static final String ES_SHA_256_ALGO = "ES256"; - public static final String ES_SHA_384_ALGO = "ES384"; - public static final String ES_SHA_512_ALGO = "ES512"; - - // Key Encryption - public static final String RSA_OAEP_ALGO = "RSA-OAEP"; - public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256"; - public static final String RSA_1_5_ALGO = "RSA1_5"; - public static final String A128KW_ALGO = "A128KW"; - public static final String A192KW_ALGO = "A192KW"; - public static final String A256KW_ALGO = "A256KW"; - public static final String A128GCMKW_ALGO = "A128GCMKW"; - public static final String A192GCMKW_ALGO = "A192GCMKW"; - public static final String A256GCMKW_ALGO = "A256GCMKW"; - public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW"; - public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW"; - public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW"; - // Content Encryption - public static final String A128CBC_HS256_ALGO = "A128CBC-HS256"; - public static final String A192CBC_HS384_ALGO = "A192CBC-HS384"; - public static final String A256CBC_HS512_ALGO = "A256CBC-HS512"; - public static final String A128GCM_ALGO = "A128GCM"; - public static final String A192GCM_ALGO = "A192GCM"; - public static final String A256GCM_ALGO = "A256GCM"; - - private JwtConstants() { - - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java deleted file mode 100644 index b723f7d..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java +++ /dev/null @@ -1,172 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; - -public class JwtHeaders extends AbstractJwtObject { - - public JwtHeaders() { - } - - public JwtHeaders(String algorithm) { - init(algorithm); - } - - public JwtHeaders(Algorithm algo) { - init(algo.getJwtName()); - } - - public JwtHeaders(Map<String, Object> values) { - super(values); - } - - private void init(String algo) { - setType(JwtConstants.TYPE_JWT); - this.setAlgorithm(algo); - } - - - public void setType(String type) { - setHeader(JwtConstants.HEADER_TYPE, type); - } - - public String getType() { - return (String)getHeader(JwtConstants.HEADER_TYPE); - } - - public void setContentType(String type) { - setHeader(JwtConstants.HEADER_CONTENT_TYPE, type); - } - - public String getContentType() { - return (String)getHeader(JwtConstants.HEADER_CONTENT_TYPE); - } - - public void setAlgorithm(String algo) { - setHeader(JwtConstants.HEADER_ALGORITHM, algo); - } - - public String getAlgorithm() { - return (String)getHeader(JwtConstants.HEADER_ALGORITHM); - } - - public void setKeyId(String kid) { - setHeader(JwtConstants.HEADER_KEY_ID, kid); - } - - public String getKeyId() { - return (String)getHeader(JwtConstants.HEADER_KEY_ID); - } - - public void setX509Url(String x509Url) { - setHeader(JwtConstants.HEADER_X509_URL, x509Url); - } - - public String getX509Url() { - return (String)getHeader(JwtConstants.HEADER_X509_URL); - } - - public void setX509Chain(String x509Chain) { - setHeader(JwtConstants.HEADER_X509_CHAIN, x509Chain); - } - - public String getX509Chain() { - return (String)getHeader(JwtConstants.HEADER_X509_CHAIN); - } - - public void setX509Thumbprint(String x509Thumbprint) { - setHeader(JwtConstants.HEADER_X509_THUMBPRINT, x509Thumbprint); - } - - public String getX509Thumbprint() { - return (String)getHeader(JwtConstants.HEADER_X509_THUMBPRINT); - } - - public void setX509ThumbprintSHA256(String x509Thumbprint) { - super.setValue(JwtConstants.HEADER_X509_THUMBPRINT_SHA256, x509Thumbprint); - } - - public String getX509ThumbprintSHA256() { - return (String)super.getValue(JwtConstants.HEADER_X509_THUMBPRINT_SHA256); - } - - public void setCritical(List<String> crit) { - setHeader(JwtConstants.HEADER_CRITICAL, crit); - } - - public List<String> getCritical() { - return CastUtils.cast((List<?>)getHeader(JwtConstants.HEADER_CRITICAL)); - } - - public void setJsonWebKey(JsonWebKey key) { - setValue(JwtConstants.HEADER_JSON_WEB_KEY, key); - } - - public JsonWebKey getJsonWebKey() { - Object jsonWebKey = getValue(JwtConstants.HEADER_JSON_WEB_KEY); - if (jsonWebKey == null || jsonWebKey instanceof JsonWebKey) { - return (JsonWebKey)jsonWebKey; - } - Map<String, Object> map = CastUtils.cast((Map<?, ?>)jsonWebKey); - return new JsonWebKey(map); - } - - public JwtHeaders setHeader(String name, Object value) { - setValue(name, value); - return this; - } - - public Object getHeader(String name) { - return getValue(name); - } - - public JwtHeaders setIntegerHeader(String name, Integer value) { - setValue(name, value); - return this; - } - - public Integer getIntegerHeader(String name) { - Object value = getValue(name); - if (value != null) { - return value instanceof Integer ? (Integer)value : Integer.parseInt(value.toString()); - } else { - return null; - } - } - public JwtHeaders setLongHeader(String name, Long value) { - setValue(name, value); - return this; - } - - public Long getLongHeader(String name) { - Object value = getValue(name); - if (value != null) { - return value instanceof Long ? (Long)value : Long.parseLong(value.toString()); - } else { - return null; - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersReader.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersReader.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersReader.java deleted file mode 100644 index 8a15819..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersReader.java +++ /dev/null @@ -1,24 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - -public interface JwtHeadersReader { - JwtHeaders fromJsonHeaders(String jsonHeaders); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersWriter.java deleted file mode 100644 index 6c63dea..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeadersWriter.java +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public interface JwtHeadersWriter { - - String headersToJson(JwtHeaders headers); - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java deleted file mode 100644 index 630813c..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public class JwtToken { - private JwtHeaders headers; - private JwtClaims claims; - public JwtToken(JwtHeaders headers, JwtClaims claims) { - this.headers = headers; - this.claims = claims; - } - public JwtHeaders getHeaders() { - return headers; - } - public JwtClaims getClaims() { - return claims; - } - public int hashCode() { - return headers.hashCode() + 37 * claims.hashCode(); - } - - public boolean equals(Object obj) { - return obj instanceof JwtToken - && ((JwtToken)obj).headers.equals(this.headers) - && ((JwtToken)obj).claims.equals(this.claims); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java deleted file mode 100644 index e8e79f0..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public class JwtTokenJson { - private String headersJson; - private String claimsJson; - public JwtTokenJson(String headersJson, String claimsJson) { - this.headersJson = headersJson; - this.claimsJson = claimsJson; - } - public String getHeadersJson() { - return headersJson; - } - public String getClaimsJson() { - return claimsJson; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java deleted file mode 100644 index 2be6305..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - -public interface JwtTokenReader extends JwtHeadersReader { - JwtClaims fromJsonClaims(String jsonClaims); - JwtToken fromJson(JwtTokenJson jsonPair); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java deleted file mode 100644 index c207e0e..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java +++ /dev/null @@ -1,67 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - - -public class JwtTokenReaderWriter extends AbstractJwtObjectReaderWriter - implements JwtTokenReader, JwtTokenWriter { - @Override - public String headersToJson(JwtHeaders headers) { - return toJson(headers); - } - - @Override - public String claimsToJson(JwtClaims claims) { - return toJson(claims); - } - - @Override - public JwtTokenJson tokenToJson(JwtToken token) { - return new JwtTokenJson(toJson(token.getHeaders()), - toJson(token.getClaims())); - } - - @Override - public JwtHeaders fromJsonHeaders(String headersJson) { - JwtHeaders headers = new JwtHeaders(); - fromJsonInternal(headers, headersJson); - return headers; - } - - @Override - public JwtClaims fromJsonClaims(String claimsJson) { - JwtClaims claims = new JwtClaims(); - fromJsonInternal(claims, claimsJson); - return claims; - - } - - private JwtToken fromJson(String headersJson, String claimsJson) { - JwtHeaders headers = fromJsonHeaders(headersJson); - JwtClaims claims = fromJsonClaims(claimsJson); - return new JwtToken(headers, claims); - } - - @Override - public JwtToken fromJson(JwtTokenJson pair) { - return fromJson(pair.getHeadersJson(), pair.getClaimsJson()); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java deleted file mode 100644 index bdbd029..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public interface JwtTokenWriter extends JwtHeadersWriter { - - String claimsToJson(JwtClaims claims); - JwtTokenJson tokenToJson(JwtToken token); - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java deleted file mode 100644 index 6238e2f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - -public final class JwtUtils { - private JwtUtils() { - - } - - public static String checkContentType(String contentType, String defaultType) { - if (contentType != null) { - int paramIndex = contentType.indexOf(';'); - String typeWithoutParams = paramIndex == -1 ? contentType : contentType.substring(0, paramIndex); - if (typeWithoutParams.indexOf('/') == -1) { - contentType = "application/" + contentType; - } - } else { - contentType = defaultType; - } - return contentType; - } - public static String expandContentType(String contentType) { - int paramIndex = contentType.indexOf(';'); - String typeWithoutParams = paramIndex == -1 ? contentType : contentType.substring(0, paramIndex); - if (typeWithoutParams.indexOf('/') == -1) { - contentType = "application/" + contentType; - } - return contentType; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtBearerGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtBearerGrant.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtBearerGrant.java deleted file mode 100644 index 4572b30..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtBearerGrant.java +++ /dev/null @@ -1,69 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import javax.ws.rs.core.MultivaluedMap; - -import org.apache.cxf.jaxrs.impl.MetadataMap; -import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; - -public abstract class AbstractJwtBearerGrant implements AccessTokenGrant { - private static final long serialVersionUID = 5754722119855372511L; - private String assertion; - private String scope; - private boolean encoded; - private String grantType; - protected AbstractJwtBearerGrant(String grantType, String assertion, boolean encoded, String scope) { - this.grantType = grantType; - this.assertion = assertion; - this.encoded = encoded; - this.scope = scope; - } - - public String getType() { - return grantType; - } - - protected MultivaluedMap<String, String> initMap() { - MultivaluedMap<String, String> map = new MetadataMap<String, String>(); - map.putSingle(OAuthConstants.GRANT_TYPE, grantType); - return map; - } - - protected void addScope(MultivaluedMap<String, String> map) { - if (scope != null) { - map.putSingle(OAuthConstants.SCOPE, scope); - } - } - - protected String encodeAssertion() { - if (encoded) { - return assertion; - } - - try { - return Base64UrlUtility.encode(assertion); - } catch (Exception ex) { - throw new OAuthServiceException(ex.getMessage(), ex); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtHandler.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtHandler.java deleted file mode 100644 index dbc8ffe..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/AbstractJwtHandler.java +++ /dev/null @@ -1,100 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import java.util.List; -import java.util.Set; - -import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.common.Client; -import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; - - -/** - * The "JWT Bearer" grant handler - */ -public abstract class AbstractJwtHandler extends AbstractGrantHandler { - private Set<String> supportedIssuers; - private JwsSignatureVerifier jwsVefifier; - - protected AbstractJwtHandler(List<String> grants) { - super(grants); - } - - protected void validateSignature(JwtHeaders headers, String unsignedText, byte[] signature) { - if (jwsVefifier.verify(headers, unsignedText, signature)) { - throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); - } - } - - protected void validateClaims(Client client, JwtClaims claims) { - validateIssuer(claims.getIssuer()); - validateSubject(client, claims.getSubject()); - validateAudience(client, claims.getAudience()); - validateExpiryTime(claims.getExpiryTime()); - validateNotBeforeTime(claims.getNotBefore()); - validateIssuedAtTime(claims.getIssuedAt()); - validateTokenId(claims.getTokenId()); - } - - protected void validateIssuer(String issuer) { - if (issuer == null || !supportedIssuers.contains(issuer)) { - throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); - } - } - - protected void validateSubject(Client client, String subject) { - //TODO - } - protected void validateAudience(Client client, String audience) { - //TODO - } - protected void validateExpiryTime(Long timestamp) { - if (timestamp != null) { - //TODO - } - } - protected void validateNotBeforeTime(Long timestamp) { - if (timestamp != null) { - //TODO - } - } - protected void validateIssuedAtTime(Long timestamp) { - if (timestamp != null) { - //TODO - } - } - protected void validateTokenId(String tokenId) { - if (tokenId != null) { - //TODO - } - } - public void setSupportedIssuers(Set<String> supportedIssuers) { - this.supportedIssuers = supportedIssuers; - } - - public void setJwsVefifier(JwsSignatureVerifier jwsVefifier) { - this.jwsVefifier = jwsVefifier; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/Constants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/Constants.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/Constants.java deleted file mode 100644 index 8714aac..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/Constants.java +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -public final class Constants { - public static final String JWT_BEARER_GRANT = "urn:ietf:params:oauth:grant-type:jwt-bearer"; - public static final String CLIENT_GRANT_ASSERTION_PARAM = "assertion"; - - public static final String CLIENT_AUTH_ASSERTION_PARAM = "client_assertion"; - public static final String CLIENT_AUTH_ASSERTION_TYPE = "client_assertion_type"; - public static final String CLIENT_AUTH_JWT_BEARER = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; - - - private Constants() { - - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerClientCredentialsGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerClientCredentialsGrant.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerClientCredentialsGrant.java deleted file mode 100644 index f5f86a8..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerClientCredentialsGrant.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import javax.ws.rs.core.MultivaluedMap; - -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; - -public class JwtBearerClientCredentialsGrant extends AbstractJwtBearerGrant { - - private static final long serialVersionUID = 4801583498206813025L; - - public JwtBearerClientCredentialsGrant(String assertion, boolean encoded, String scope) { - super(OAuthConstants.CLIENT_CREDENTIALS_GRANT, assertion, encoded, scope); - } - - public MultivaluedMap<String, String> toMap() { - MultivaluedMap<String, String> map = initMap(); - map.putSingle(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_JWT_BEARER); - map.putSingle(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodeAssertion()); - addScope(map); - return map; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrant.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrant.java deleted file mode 100644 index 49041b9..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrant.java +++ /dev/null @@ -1,48 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import javax.ws.rs.core.MultivaluedMap; - -public class JwtBearerGrant extends AbstractJwtBearerGrant { - private static final long serialVersionUID = -7296527609343431294L; - - public JwtBearerGrant(String assertion) { - this(assertion, false); - } - - public JwtBearerGrant(String assertion, boolean encoded) { - this(assertion, false, null); - } - - public JwtBearerGrant(String assertion, String scope) { - this(assertion, false, scope); - } - - public JwtBearerGrant(String assertion, boolean encoded, String scope) { - super(Constants.JWT_BEARER_GRANT, assertion, encoded, scope); - } - - public MultivaluedMap<String, String> toMap() { - MultivaluedMap<String, String> map = initMap(); - map.putSingle(Constants.CLIENT_GRANT_ASSERTION_PARAM, encodeAssertion()); - addScope(map); - return map; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrantHandler.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrantHandler.java deleted file mode 100644 index c3a2283..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtBearerGrantHandler.java +++ /dev/null @@ -1,91 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import java.util.Arrays; - -import javax.ws.rs.core.MultivaluedMap; - -import org.apache.cxf.jaxrs.utils.HttpUtils; -import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReader; -import org.apache.cxf.rs.security.oauth2.common.Client; -import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; -import org.apache.cxf.rs.security.oauth2.common.UserSubject; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; - -/** - * The "JWT Bearer" grant handler - */ -public class JwtBearerGrantHandler extends AbstractJwtHandler { - private static final String ENCODED_JWT_BEARER_GRANT; - static { - // AccessTokenService may be configured with the form provider - // which will not decode by default - so listing both the actual - // and encoded grant type value will help - ENCODED_JWT_BEARER_GRANT = HttpUtils.urlEncode(Constants.JWT_BEARER_GRANT, "UTF-8"); - } - private JwtTokenReader jwtReader; - public JwtBearerGrantHandler() { - super(Arrays.asList(Constants.JWT_BEARER_GRANT, ENCODED_JWT_BEARER_GRANT)); - } - - @Override - public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params) - throws OAuthServiceException { - String assertion = params.getFirst(Constants.CLIENT_GRANT_ASSERTION_PARAM); - if (assertion == null) { - throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); - } - try { - JwsJwtCompactConsumer jwsReader = getJwsReader(assertion); - JwtToken jwtToken = jwsReader.getJwtToken(); - super.validateSignature(jwtToken.getHeaders(), - jwsReader.getUnsignedEncodedPayload(), - jwsReader.getDecodedSignature()); - - - super.validateClaims(client, jwtToken.getClaims()); - UserSubject grantSubject = new UserSubject(jwtToken.getClaims().getSubject()); - - return doCreateAccessToken(client, - grantSubject, - Constants.JWT_BEARER_GRANT, - OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE))); - } catch (OAuthServiceException ex) { - throw ex; - } catch (Exception ex) { - throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex); - } - - } - - protected JwsJwtCompactConsumer getJwsReader(String assertion) { - return new JwsJwtCompactConsumer(assertion, jwtReader); - } - - public void setJwtReader(JwtTokenReader tokenReader) { - this.jwtReader = tokenReader; - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubject.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubject.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubject.java deleted file mode 100644 index 18eaae1..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/grant/JwtUserSubject.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt.grant; - -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.oauth2.common.UserSubject; - -public class JwtUserSubject extends UserSubject { - private static final long serialVersionUID = -1135272749329239037L; - private JwtToken token; - public JwtUserSubject(String user, JwtToken token) { - super(user); - this.token = token; - } - public JwtToken getToken() { - return token; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java deleted file mode 100644 index ca49a38..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ /dev/null @@ -1,209 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import java.security.Security; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -public class JweCompactReaderWriterTest extends Assert { - // A1 example - private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = { - (byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225, - 115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246, - (byte)138, 7, 110, 91, 112, 46, 34, 105, 47, - (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252}; - private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" - + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" - + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" - + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" - + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" - + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"; - private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB"; - private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = - "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" - + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" - + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" - + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" - + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" - + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"; - - private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219, - (byte)233, 68, (byte)180, (byte)225, 77, (byte)219}; - - // A3 example - private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = { - 4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100, - (byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212, - 45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143, - (byte)156, 44, (byte)207}; - private static final byte[] INIT_VECTOR_A3 = { - 3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101}; - private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg"; - private static final String JWE_OUTPUT_A3 = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" - + ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ" - + ".AxY8DCtDaGlsbGljb3RoZQ" - + ".KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" - + ".U0m_YmjN04DJvceFICbCVQ"; - - @BeforeClass - public static void registerBouncyCastleIfNeeded() throws Exception { - try { - // Java 8 apparently has it - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); - } catch (Throwable t) { - // Oracle Java 7 - Security.addProvider(new BouncyCastleProvider()); - } - } - @AfterClass - public static void unregisterBouncyCastleIfNeeded() throws Exception { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - - @Test - public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(Algorithm.A128KW.getJwtName()); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - - byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); - - AesWrapKeyEncryptionAlgorithm keyEncryption = - new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, - CONTENT_ENCRYPTION_KEY_A3, - INIT_VECTOR_A3, - keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - assertEquals(JWE_OUTPUT_A3, jweContent); - - AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - } - @Test - public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JwtConstants.A128GCMKW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - - byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); - - AesGcmWrapKeyEncryptionAlgorithm keyEncryption = - new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JwtConstants.A128GCMKW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, - CONTENT_ENCRYPTION_KEY_A3, - INIT_VECTOR_A3, - keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - - AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - } - - @Test - public void testEncryptDecryptSpecExample() throws Exception { - final String specPlainText = "The true sign of intelligence is not knowledge but imagination."; - String jweContent = encryptContent(specPlainText, true); - - decrypt(jweContent, specPlainText, true); - } - - @Test - public void testDirectKeyEncryptDecrypt() throws Exception { - final String specPlainText = "The true sign of intelligence is not knowledge but imagination."; - SecretKey key = createSecretKey(true); - String jweContent = encryptContentDirect(key, specPlainText); - - decryptDirect(key, jweContent, specPlainText); - } - - @Test - public void testEncryptDecryptJwsToken() throws Exception { - String jweContent = encryptContent(JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false); - decrypt(jweContent, JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false); - } - - private String encryptContent(String content, boolean createIfException) throws Exception { - RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, - RSA_PUBLIC_EXPONENT_ENCODED_A1); - SecretKey key = createSecretKey(createIfException); - String jwtKeyName = null; - if (key == null) { - // the encryptor will generate it - jwtKeyName = Algorithm.A128GCM.getJwtName(); - } else { - jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8); - } - KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey, - Algorithm.RSA_OAEP.getJwtName()); - ContentEncryptionAlgorithm contentEncryptionAlgo = - new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName); - JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(keyEncryptionAlgo, contentEncryptionAlgo); - return encryptor.encrypt(content.getBytes("UTF-8"), null); - } - private String encryptContentDirect(SecretKey key, String content) throws Exception { - DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption(key, INIT_VECTOR_A1); - return encryptor.encrypt(content.getBytes("UTF-8"), null); - } - private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception { - RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, - RSA_PRIVATE_EXPONENT_ENCODED_A1); - JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey)); - String decryptedText = decryptor.decrypt(jweContent).getContentText(); - assertEquals(decryptedText, plainContent); - } - private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception { - DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key); - String decryptedText = decryptor.decrypt(jweContent).getContentText(); - assertEquals(decryptedText, plainContent); - } - private SecretKey createSecretKey(boolean createIfException) throws Exception { - SecretKey key = null; - if (Cipher.getMaxAllowedKeyLength("AES") > 128) { - key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES"); - } else if (createIfException) { - key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES"); - } - return key; - } -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java deleted file mode 100644 index af5ae37..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java +++ /dev/null @@ -1,79 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import java.security.Security; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class JwePbeHmacAesWrapTest extends Assert { - @Before - public void registerBouncyCastleIfNeeded() throws Exception { - Security.addProvider(new BouncyCastleProvider()); - } - @After - public void unregisterBouncyCastleIfNeeded() throws Exception { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - @Test - public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - - PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - - } - @Test - public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JwtConstants.PBES2_HS256_A128KW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()); - final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers, - keyEncryption, - new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName())); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); - JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, null, null); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - - } -} -
