Repository: cxf Updated Branches: refs/heads/master 8644ac41e -> 6129ec5f6
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index a58f161..4ad9c27 100644 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -23,9 +23,9 @@ import java.util.Arrays; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] key; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index f5693c4..c2f5a6a 100644 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -24,8 +24,8 @@ import java.security.Signature; import java.security.SignatureException; import java.security.spec.AlgorithmParameterSpec; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { private PrivateKey key; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 546ce1b..d485256 100644 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -21,9 +21,9 @@ package org.apache.cxf.rs.security.jose.jws; import java.security.PublicKey; import java.security.spec.AlgorithmParameterSpec; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { private PublicKey key; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java index c1f30f6..b62dc87 100644 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java @@ -26,10 +26,10 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.AfterClass; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index 5f287f3..bf868bc 100644 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -27,6 +27,7 @@ import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -35,7 +36,6 @@ import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; import org.junit.Assert; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java index 1959952..6d50584 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java @@ -25,10 +25,10 @@ import java.util.Set; import javax.crypto.SecretKey; +import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; -import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport; public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java index 06f55fb..371e907 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java @@ -19,7 +19,7 @@ package org.apache.cxf.rs.security.oauth2.grants.code; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.rs.security.oauth2.utils.MessageDigestUtils; +import org.apache.cxf.common.util.crypto.MessageDigestUtils; public class DigestCodeVerifier implements CodeVerifierTransformer { http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java index 94f1886..f139632 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java @@ -27,11 +27,11 @@ import java.util.concurrent.ConcurrentHashMap; import javax.crypto.SecretKey; +import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; -import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport; public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java index 2bcccfe..ff75484 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java @@ -18,11 +18,11 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; +import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; //https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 //-> http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java index 82d5876..2321e4a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java @@ -26,6 +26,7 @@ import java.util.Map; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; @@ -35,7 +36,6 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; public class HawkAccessTokenValidator implements AccessTokenValidator { private OAuthDataProvider dataProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java index 02073e9..64c7959 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java @@ -23,10 +23,10 @@ import java.util.Map; import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties; import org.apache.cxf.rs.security.oauth2.common.AccessToken; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; // https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 // -> // https://github.com/hueniverse/hawk/blob/master/README.md http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestUtils.java deleted file mode 100644 index 5a2d18a..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/MessageDigestUtils.java +++ /dev/null @@ -1,80 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.utils; - -import java.io.UnsupportedEncodingException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; - -/** - * The utility Message Digest generator which can be used for generating - * random values - */ -public final class MessageDigestUtils { - - public static final String ALGO_SHA_1 = "SHA-1"; - public static final String ALGO_SHA_256 = "SHA-256"; - public static final String ALGO_MD5 = "MD5"; - - private MessageDigestUtils() { - - } - - public static String generate(byte[] input) throws OAuthServiceException { - return generate(input, ALGO_MD5); - } - - public static String generate(byte[] input, String algo) throws OAuthServiceException { - if (input == null) { - throw new OAuthServiceException("You have to pass input to Token Generator"); - } - - try { - byte[] messageDigest = createDigest(input, algo); - StringBuffer hexString = new StringBuffer(); - for (int i = 0; i < messageDigest.length; i++) { - hexString.append(Integer.toHexString(0xFF & messageDigest[i])); - } - - return hexString.toString(); - } catch (NoSuchAlgorithmException e) { - throw new OAuthServiceException("server_error", e); - } - } - - public static byte[] createDigest(String input, String algo) { - try { - return createDigest(input.getBytes("UTF-8"), algo); - } catch (UnsupportedEncodingException e) { - throw new OAuthServiceException("server_error", e); - } catch (NoSuchAlgorithmException e) { - throw new OAuthServiceException("server_error", e); - } - } - - public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { - MessageDigest md = MessageDigest.getInstance(algo); - md.reset(); - md.update(input); - return md.digest(); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index cd5075a..b33b929 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -29,6 +29,7 @@ import java.util.UUID; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.model.URITemplate; import org.apache.cxf.rs.security.oauth2.common.Client; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java deleted file mode 100644 index 1ed0cd8..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java +++ /dev/null @@ -1,774 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.oauth2.utils.crypto; - -import java.io.InputStream; -import java.math.BigInteger; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.cert.Certificate; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.util.Properties; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.cxf.Bus; -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.CompressionUtils; -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.jaxrs.utils.ResourceUtils; -import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.security.SecurityContext; - - -/** - * Encryption helpers - */ -public final class CryptoUtils { - public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type"; - public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password"; - public static final String RSSEC_KEY_PSWD = "rs.security.key.password"; - public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias"; - public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file"; - public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name"; - public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider"; - public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider"; - public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider"; - - private CryptoUtils() { - } - - public static String encodeSecretKey(SecretKey key) throws SecurityException { - return encodeBytes(key.getEncoded()); - } - - public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) - throws SecurityException { - KeyProperties props = new KeyProperties(publicKey.getAlgorithm()); - return encryptSecretKey(secretKey, publicKey, props); - } - - public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey, - KeyProperties props) throws SecurityException { - byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(), - publicKey, - props); - return encodeBytes(encryptedBytes); - } - - public static byte[] generateSecureRandomBytes(int size) { - SecureRandom sr = new SecureRandom(); - byte[] bytes = new byte[size]; - sr.nextBytes(bytes); - return bytes; - } - - public static RSAPublicKey getRSAPublicKey(String encodedModulus, - String encodedPublicExponent) { - try { - return getRSAPublicKey(decodeSequence(encodedModulus), - decodeSequence(encodedPublicExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes, - byte[] publicExponentBytes) { - try { - return getRSAPublicKey(KeyFactory.getInstance("RSA"), - modulusBytes, - publicExponentBytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPublicKey getRSAPublicKey(KeyFactory factory, - byte[] modulusBytes, - byte[] publicExponentBytes) { - BigInteger modulus = new BigInteger(1, modulusBytes); - BigInteger publicExponent = new BigInteger(1, publicExponentBytes); - try { - return (RSAPublicKey)factory.generatePublic( - new RSAPublicKeySpec(modulus, publicExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias, - String storeType) { - KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); - return loadCertificate(keyStore, alias); - } - public static Certificate loadCertificate(KeyStore keyStore, String alias) { - try { - return keyStore.getCertificate(alias); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias, - String storeType) { - return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey(); - } - public static PublicKey loadPublicKey(KeyStore keyStore, String alias) { - return loadCertificate(keyStore, alias).getPublicKey(); - } - public static PublicKey loadPublicKey(Message m, Properties props) { - KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props); - return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS)); - } - public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) { - return loadPublicKey(m, keyStoreLocProp, null); - } - public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String keyStoreLocPropDefault) { - String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault); - Bus bus = m.getExchange().getBus(); - try { - Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus); - return CryptoUtils.loadPublicKey(m, props); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - private static String getMessageProperty(Message m, String keyStoreLocPropPreferred, - String keyStoreLocPropDefault) { - String propLoc = - (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault); - if (propLoc == null) { - throw new SecurityException(); - } - return propLoc; - } - public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) { - KeyStore keyStore = loadKeyStore(props, bus); - return loadPrivateKey(keyStore, props, bus, provider); - } - public static PrivateKey loadPrivateKey(KeyStore keyStore, - Properties props, - Bus bus, - PrivateKeyPasswordProvider provider) { - - String keyPswd = props.getProperty(RSSEC_KEY_PSWD); - String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS); - char[] keyPswdChars = provider != null ? provider.getPassword(props) - : keyPswd != null ? keyPswd.toCharArray() : null; - return loadPrivateKey(keyStore, keyPswdChars, alias); - } - public static PrivateKey loadPrivateKey(InputStream storeLocation, - char[] storePassword, - char[] keyPassword, - String alias, - String storeType) { - KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); - return loadPrivateKey(keyStore, keyPassword, alias); - } - - public static PrivateKey loadPrivateKey(KeyStore keyStore, - char[] keyPassword, - String alias) { - try { - KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) - keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); - return pkEntry.getPrivateKey(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp) { - return loadPrivateKey(m, keyStoreLocProp, null, passwordProviderProp); - } - public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred, - String keyStoreLocPropDefault, String passwordProviderProp) { - String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault); - Bus bus = m.getExchange().getBus(); - try { - Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus); - return CryptoUtils.loadPrivateKey(m, props, passwordProviderProp); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static PrivateKey loadPrivateKey(Message m, Properties props, String passwordProviderProp) { - Bus bus = m.getExchange().getBus(); - KeyStore keyStore = CryptoUtils.loadPersistKeyStore(m, props); - PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp); - if (cb != null && m.getExchange().getInMessage() != null) { - SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class); - if (sc != null) { - Principal p = sc.getUserPrincipal(); - if (p != null) { - props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName()); - } - } - } - return CryptoUtils.loadPrivateKey(keyStore, props, bus, cb); - } - public static KeyStore loadPersistKeyStore(Message m, Properties props) { - KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE)); - if (keyStore == null) { - keyStore = CryptoUtils.loadKeyStore(props, m.getExchange().getBus()); - m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), keyStore); - } - return keyStore; - } - public static KeyStore loadKeyStore(Properties props, Bus bus) { - String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE); - String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE); - String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD); - try { - InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus); - return loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) { - try { - KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type); - ks.load(storeLocation, storePassword); - return ks; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, - String encodedPrivateExponent) { - try { - return getRSAPrivateKey(decodeSequence(encodedModulus), - decodeSequence(encodedPrivateExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, - byte[] privateExponentBytes) { - BigInteger modulus = new BigInteger(1, modulusBytes); - BigInteger privateExponent = new BigInteger(1, privateExponentBytes); - try { - KeyFactory factory = KeyFactory.getInstance("RSA"); - return (RSAPrivateKey)factory.generatePrivate( - new RSAPrivateKeySpec(modulus, privateExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - //CHECKSTYLE:OFF - public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, - String encodedPublicExponent, - String encodedPrivateExponent, - String encodedPrimeP, - String encodedPrimeQ, - String encodedPrimeExpP, - String encodedPrimeExpQ, - String encodedCrtCoefficient) { - //CHECKSTYLE:ON - try { - return getRSAPrivateKey(decodeSequence(encodedModulus), - decodeSequence(encodedPublicExponent), - decodeSequence(encodedPrivateExponent), - decodeSequence(encodedPrimeP), - decodeSequence(encodedPrimeQ), - decodeSequence(encodedPrimeExpP), - decodeSequence(encodedPrimeExpQ), - decodeSequence(encodedCrtCoefficient)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - //CHECKSTYLE:OFF - public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, - byte[] publicExponentBytes, - byte[] privateExponentBytes, - byte[] primePBytes, - byte[] primeQBytes, - byte[] primeExpPBytes, - byte[] primeExpQBytes, - byte[] crtCoefficientBytes) { - //CHECKSTYLE:ON - BigInteger modulus = new BigInteger(1, modulusBytes); - BigInteger publicExponent = new BigInteger(1, publicExponentBytes); - BigInteger privateExponent = new BigInteger(1, privateExponentBytes); - BigInteger primeP = new BigInteger(1, primePBytes); - BigInteger primeQ = new BigInteger(1, primeQBytes); - BigInteger primeExpP = new BigInteger(1, primeExpPBytes); - BigInteger primeExpQ = new BigInteger(1, primeExpQBytes); - BigInteger crtCoefficient = new BigInteger(1, crtCoefficientBytes); - try { - KeyFactory factory = KeyFactory.getInstance("RSA"); - return (RSAPrivateKey)factory.generatePrivate( - new RSAPrivateCrtKeySpec(modulus, - publicExponent, - privateExponent, - primeP, - primeQ, - primeExpP, - primeExpQ, - crtCoefficient)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) { - try { - return getECPrivateKey(curve, decodeSequence(encodedPrivateKey)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) { - try { - ECParameterSpec params = getECParameterSpec(curve, true); - ECPrivateKeySpec keySpec = new ECPrivateKeySpec( - new BigInteger(1, privateKey), params); - KeyFactory kf = KeyFactory.getInstance("EC"); - return (ECPrivateKey) kf.generatePrivate(keySpec); - - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate) - throws Exception { - KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); - ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec" - + curve.toLowerCase().replace("-", "") - + "r1"); - kpg.initialize(kpgparams); - KeyPair pair = kpg.generateKeyPair(); - return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams() - : ((ECPrivateKey) pair.getPrivate()).getParams(); - } - - public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) { - try { - return getECPublicKey(curve, - decodeSequence(encodedXPoint), - decodeSequence(encodedYPoint)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) { - try { - ECParameterSpec params = getECParameterSpec(curve, false); - - ECPoint ecPoint = new ECPoint(new BigInteger(1, xPoint), - new BigInteger(1, yPoint)); - ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params); - KeyFactory kf = KeyFactory.getInstance("EC"); - return (ECPublicKey) kf.generatePublic(keySpec); - - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) { - if (authTagLength > 0) { - return CryptoUtils.getGCMParameterSpec(authTagLength, iv); - } else if (iv.length > 0) { - return new IvParameterSpec(iv); - } else { - return null; - } - } - - public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) { - return new GCMParameterSpec(authTagLength, iv); - } - - public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) { - return signData(data, key, signAlgo, null, null); - } - - public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random, - AlgorithmParameterSpec params) { - try { - Signature s = getSignature(key, signAlgo, random, params); - s.update(data); - return s.sign(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random, - AlgorithmParameterSpec params) { - try { - Signature s = Signature.getInstance(signAlgo); - if (random == null) { - s.initSign(key); - } else { - s.initSign(key, random); - } - if (params != null) { - s.setParameter(params); - } - return s; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) { - return verifySignature(data, signature, key, signAlgo, null); - } - - public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, - AlgorithmParameterSpec params) { - try { - Signature s = Signature.getInstance(signAlgo); - s.initVerify(key); - if (params != null) { - s.setParameter(params); - } - s.update(data); - return s.verify(signature); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException { - return getSecretKey(new KeyProperties(symEncAlgo)); - } - - public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException { - return getSecretKey(new KeyProperties(symEncAlgo, keySize)); - } - - public static SecretKey getSecretKey(KeyProperties props) throws SecurityException { - try { - KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo()); - AlgorithmParameterSpec algoSpec = props.getAlgoSpec(); - SecureRandom random = props.getSecureRandom(); - if (algoSpec != null) { - if (random != null) { - keyGen.init(algoSpec, random); - } else { - keyGen.init(algoSpec); - } - } else { - int keySize = props.getKeySize(); - if (keySize == -1) { - keySize = 128; - } - if (random != null) { - keyGen.init(keySize, random); - } else { - keyGen.init(keySize); - } - } - - return keyGen.generateKey(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String decryptSequence(String encodedToken, String encodedSecretKey) - throws SecurityException { - return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES")); - } - - public static String decryptSequence(String encodedData, String encodedSecretKey, - KeyProperties props) throws SecurityException { - SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo()); - return decryptSequence(encodedData, key, props); - } - - public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException { - return decryptSequence(encodedData, secretKey, null); - } - - public static String decryptSequence(String encodedData, Key secretKey, - KeyProperties props) throws SecurityException { - byte[] encryptedBytes = decodeSequence(encodedData); - byte[] bytes = decryptBytes(encryptedBytes, secretKey, props); - try { - return new String(bytes, "UTF-8"); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String encryptSequence(String sequence, Key secretKey) throws SecurityException { - return encryptSequence(sequence, secretKey, null); - } - - public static String encryptSequence(String sequence, Key secretKey, - KeyProperties keyProps) throws SecurityException { - try { - byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps); - return encodeBytes(bytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String encodeBytes(byte[] bytes) throws SecurityException { - try { - return Base64UrlUtility.encode(bytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException { - return encryptBytes(bytes, secretKey, null); - } - - public static byte[] encryptBytes(byte[] bytes, Key secretKey, - KeyProperties keyProps) throws SecurityException { - return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE); - } - - public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException { - return decryptBytes(bytes, secretKey, null); - } - - public static byte[] decryptBytes(byte[] bytes, Key secretKey, - KeyProperties keyProps) throws SecurityException { - return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE); - } - - public static byte[] wrapSecretKey(byte[] keyBytes, - String keyAlgo, - Key wrapperKey, - KeyProperties wrapperKeyProps) throws SecurityException { - return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)), - wrapperKey, - wrapperKeyProps); - } - - public static byte[] wrapSecretKey(Key secretKey, - Key wrapperKey, - KeyProperties keyProps) throws SecurityException { - try { - Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE); - return c.wrap(secretKey); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static SecretKey unwrapSecretKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - String unwrapperKeyAlgo) throws SecurityException { - return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, - new KeyProperties(unwrapperKeyAlgo)); - } - - public static SecretKey unwrapSecretKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - KeyProperties keyProps) throws SecurityException { - return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY); - } - - public static Key unwrapKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - KeyProperties keyProps, - int wrappedKeyType) throws SecurityException { - try { - Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE); - return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static byte[] processBytes(byte[] bytes, - Key secretKey, - KeyProperties keyProps, - int mode) throws SecurityException { - boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported(); - if (compressionSupported && mode == Cipher.ENCRYPT_MODE) { - bytes = CompressionUtils.deflate(bytes, false); - } - try { - Cipher c = initCipher(secretKey, keyProps, mode); - byte[] result = new byte[0]; - int blockSize = keyProps != null ? keyProps.getBlockSize() : -1; - if (secretKey instanceof SecretKey && blockSize == -1) { - result = c.doFinal(bytes); - } else { - if (blockSize == -1) { - blockSize = secretKey instanceof PublicKey ? 117 : 128; - } - boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null; - int offset = 0; - for (; offset + blockSize < bytes.length; offset += blockSize) { - byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize) - : c.update(bytes, offset, blockSize); - result = addToResult(result, next); - } - if (offset < bytes.length) { - result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset)); - } else { - result = addToResult(result, c.doFinal()); - } - } - if (compressionSupported && mode == Cipher.DECRYPT_MODE) { - result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false)); - } - return result; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException { - try { - String algorithm = keyProps != null && keyProps.getKeyAlgo() != null - ? keyProps.getKeyAlgo() : secretKey.getAlgorithm(); - Cipher c = Cipher.getInstance(algorithm); - if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) { - c.init(mode, secretKey); - } else { - AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec(); - SecureRandom random = keyProps.getSecureRandom(); - if (algoSpec == null) { - c.init(mode, secretKey, random); - } else if (random == null) { - c.init(mode, secretKey, algoSpec); - } else { - c.init(mode, secretKey, algoSpec, random); - } - } - if (keyProps != null && keyProps.getAdditionalData() != null) { - c.updateAAD(keyProps.getAdditionalData()); - } - return c; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static byte[] addToResult(byte[] prefix, byte[] suffix) { - if (suffix == null || suffix.length == 0) { - return prefix; - } else if (prefix.length == 0) { - return suffix; - } else { - byte[] result = new byte[prefix.length + suffix.length]; - System.arraycopy(prefix, 0, result, 0, prefix.length); - System.arraycopy(suffix, 0, result, prefix.length, suffix.length); - return result; - } - } - - public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException { - return decodeSecretKey(encodedSecretKey, "AES"); - } - - public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) - throws SecurityException { - byte[] secretKeyBytes = decodeSequence(encodedSecretKey); - return createSecretKeySpec(secretKeyBytes, secretKeyAlgo); - } - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - PrivateKey privateKey) { - return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey); - } - - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - String secretKeyAlgo, - PrivateKey privateKey) - throws SecurityException { - KeyProperties props = new KeyProperties(privateKey.getAlgorithm()); - return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey); - } - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - String secretKeyAlgo, - KeyProperties props, - PrivateKey privateKey) throws SecurityException { - byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey); - byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props); - return createSecretKeySpec(descryptedBytes, secretKeyAlgo); - } - - public static SecretKey createSecretKeySpec(String encodedBytes, String algo) { - return new SecretKeySpec(decodeSequence(encodedBytes), algo); - } - public static SecretKey createSecretKeySpec(byte[] bytes, String algo) { - return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo)); - } - public static byte[] decodeSequence(String encodedSequence) throws SecurityException { - try { - return Base64UrlUtility.decode(encodedSequence); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static String convertJCECipherToSecretKeyName(String jceCipherName) { - if (jceCipherName != null) { - if (jceCipherName.startsWith("AES")) { - return "AES"; - } else if (jceCipherName.startsWith("DESede")) { - return "DESede"; - } else if (jceCipherName.startsWith("SEED")) { - return "SEED"; - } else if (jceCipherName.startsWith("Camellia")) { - return "Camellia"; - } - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java deleted file mode 100644 index 6dd310d..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/HmacUtils.java +++ /dev/null @@ -1,146 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.utils.crypto; - -import java.io.UnsupportedEncodingException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; - -public final class HmacUtils { - - private HmacUtils() { - - } - - public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) { - return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data)); - } - - public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) { - byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data); - return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes); - } - - public static Mac getMac(String macAlgoJavaName) { - return getMac(macAlgoJavaName, (String)null); - } - - public static Mac getMac(String macAlgoJavaName, String provider) { - try { - return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider); - } catch (NoSuchAlgorithmException e) { - throw new OAuthServiceException(e); - } catch (NoSuchProviderException e) { - throw new OAuthServiceException(e); - } - } - - public static Mac getMac(String macAlgoJavaName, Provider provider) { - try { - return Mac.getInstance(macAlgoJavaName, provider); - } catch (NoSuchAlgorithmException e) { - throw new OAuthServiceException(e); - } - } - - public static byte[] computeHmac(String key, String macAlgoJavaName, String data) { - Mac mac = getMac(macAlgoJavaName); - return computeHmac(key, mac, data); - } - - public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) { - return computeHmac(key, macAlgoJavaName, null, data); - } - public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec, - String data) { - Mac mac = getMac(macAlgoJavaName); - return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data); - } - - public static byte[] computeHmac(String key, Mac hmac, String data) { - try { - return computeHmac(key.getBytes("UTF-8"), hmac, data); - } catch (UnsupportedEncodingException e) { - throw new OAuthServiceException(e); - } - } - - public static byte[] computeHmac(byte[] key, Mac hmac, String data) { - SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm()); - return computeHmac(secretKey, hmac, data); - } - - public static byte[] computeHmac(Key secretKey, Mac hmac, String data) { - return computeHmac(secretKey, hmac, null, data); - } - - public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) { - initMac(hmac, secretKey, spec); - return hmac.doFinal(data.getBytes()); - } - - public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) { - Mac hmac = getMac(algo); - initMac(hmac, key, spec); - return hmac; - } - - private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) { - initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec); - - } - private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) { - try { - if (spec == null) { - hmac.init(secretKey); - } else { - hmac.init(secretKey, spec); - } - } catch (InvalidKeyException e) { - throw new OAuthServiceException(e); - } catch (InvalidAlgorithmParameterException e) { - throw new OAuthServiceException(e); - } - } - - public static String generateKey(String algo) { - try { - KeyGenerator keyGen = KeyGenerator.getInstance(algo); - return Base64Utility.encode(keyGen.generateKey().getEncoded()); - } catch (NoSuchAlgorithmException e) { - throw new OAuthServiceException(e); - } - } - - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/KeyProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/KeyProperties.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/KeyProperties.java deleted file mode 100644 index 8a473d8..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/KeyProperties.java +++ /dev/null @@ -1,88 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.utils.crypto; - -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -public class KeyProperties { - private String keyAlgo; - private int keySize; - private int blockSize = -1; - private byte[] additionalData; - private SecureRandom secureRandom; - private AlgorithmParameterSpec algoSpec; - private boolean compressionSupported; - - public KeyProperties() { - } - - public KeyProperties(String keyAlgo) { - this(keyAlgo, -1); - } - public KeyProperties(String keyAlgo, int keySize) { - this.keyAlgo = keyAlgo; - this.keySize = keySize; - } - public String getKeyAlgo() { - return keyAlgo; - } - public void setKeyAlgo(String keyAlgo) { - this.keyAlgo = keyAlgo; - } - public int getKeySize() { - return keySize; - } - public void setKeySize(int keySize) { - this.keySize = keySize; - } - public SecureRandom getSecureRandom() { - return secureRandom; - } - public void setSecureRandom(SecureRandom secureRandom) { - this.secureRandom = secureRandom; - } - public AlgorithmParameterSpec getAlgoSpec() { - return algoSpec; - } - public void setAlgoSpec(AlgorithmParameterSpec algoSpec) { - this.algoSpec = algoSpec; - } - public int getBlockSize() { - return blockSize; - } - public void setBlockSize(int blockSize) { - this.blockSize = blockSize; - } - public boolean isCompressionSupported() { - return compressionSupported; - } - public void setCompressionSupported(boolean compressionSupported) { - this.compressionSupported = compressionSupported; - } - public byte[] getAdditionalData() { - return additionalData; - } - public void setAdditionalData(byte[] additionalData) { - this.additionalData = additionalData; - } - - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java index cfd510f..e0a5730 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java @@ -29,6 +29,8 @@ import java.util.Map; import javax.crypto.SecretKey; +import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/PrivateKeyPasswordProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/PrivateKeyPasswordProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/PrivateKeyPasswordProvider.java deleted file mode 100644 index e727464..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/PrivateKeyPasswordProvider.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.utils.crypto; - -import java.util.Properties; - -public interface PrivateKeyPasswordProvider { - char[] getPassword(Properties storeProperties); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java index 159a524..bf05c13 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java @@ -31,6 +31,8 @@ import java.util.List; import javax.crypto.SecretKey; import javax.ws.rs.core.MediaType; +import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.provider.json.JSONProvider; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java index 4b3c44f..fdd3f1b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java @@ -27,6 +27,7 @@ import java.util.Set; import javax.crypto.SecretKey; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java index 721ef90..740c6a8 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java @@ -34,6 +34,7 @@ import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter; import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.JwsClientResponseFilter; import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor; +import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; import org.apache.cxf.rs.security.jose.jwa.Algorithm; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; @@ -41,7 +42,6 @@ import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyDecryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; -import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.bouncycastle.jce.provider.BouncyCastleProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java index c34912c..9fbdc81 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/PrivateKeyPasswordProviderImpl.java @@ -20,7 +20,7 @@ package org.apache.cxf.systest.jaxrs.security.jwt; import java.util.Properties; -import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider; +import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; public class PrivateKeyPasswordProviderImpl implements PrivateKeyPasswordProvider { http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java index bf6d618..ed78743 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java @@ -26,6 +26,7 @@ import java.util.List; import java.util.Map; import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; @@ -35,7 +36,6 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.saml.Constants; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; public class OAuthDataProviderImpl implements OAuthDataProvider { @@ -67,8 +67,6 @@ public class OAuthDataProviderImpl implements OAuthDataProvider { return CryptoUtils.loadCertificate(is, new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}, "morpit", null); } - - @Override public Client getClient(String clientId) throws OAuthServiceException { return clients.get(clientId);
