Repository: cxf Updated Branches: refs/heads/master 7d1f30f76 -> 49a78e92b
Adding JweJwt helpers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49a78e92 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49a78e92 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49a78e92 Branch: refs/heads/master Commit: 49a78e92bf89d82af62a4769b64b4dcbf62f3c27 Parents: 7d1f30f Author: Sergey Beryozkin <[email protected]> Authored: Thu Nov 13 15:04:22 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Nov 13 15:04:22 2014 +0000 ---------------------------------------------------------------------- .../jose/jaxrs/JweWriterInterceptor.java | 10 ++- .../jose/jwe/AbstractJweEncryption.java | 20 +++-- .../jose/jwe/JweEncryptionProvider.java | 4 +- .../jose/jwe/JweJwtCompactConsumer.java | 62 +++++++++++++++ .../jose/jwe/JweJwtCompactProducer.java | 61 +++++++++++++++ .../cxf/rs/security/jose/jwe/JweUtils.java | 80 +++++++++++++++++++- .../cxf/rs/security/jose/jwk/JwkUtils.java | 11 ++- .../security/jose/jws/JwsCompactConsumer.java | 8 ++ .../security/jose/jws/JwsCompactProducer.java | 19 +++-- .../rs/security/jose/jws/JwsJsonConsumer.java | 7 ++ .../rs/security/jose/jws/JwsJsonProducer.java | 7 ++ .../jose/jws/JwsJwtCompactProducer.java | 11 +-- .../cxf/rs/security/jose/jwt/JwtUtils.java | 44 +++++++++++ 13 files changed, 314 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java index a50c6a5..a80ac67 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.OutputStream; +import java.util.Collections; import java.util.zip.DeflaterOutputStream; import javax.annotation.Priority; @@ -41,6 +42,7 @@ import org.apache.cxf.rs.security.jose.JoseHeadersWriter; import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweOutputStream; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -73,7 +75,7 @@ public class JweWriterInterceptor implements WriterInterceptor { } if (useJweOutputStream) { - JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(ctString); + JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(toJweHeaders(ctString)); try { JweCompactProducer.startJweContent(actualOs, encryption.getHeaders(), @@ -99,7 +101,7 @@ public class JweWriterInterceptor implements WriterInterceptor { CachedOutputStream cos = new CachedOutputStream(); ctx.setOutputStream(cos); ctx.proceed(); - String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString); + String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), toJweHeaders(ctString)); setJoseMediaType(ctx); IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), actualOs); @@ -136,5 +138,7 @@ public class JweWriterInterceptor implements WriterInterceptor { public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) { this.encryptionProvider = encryptionProvider; } - + private static JweHeaders toJweHeaders(String ct) { + return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE, ct)); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 9a7764c..02de81a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -91,8 +91,8 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { protected byte[] getAAD(JweHeaders theHeaders) { return contentEncryptionAlgo.getAdditionalAuthenticationData(writer.headersToJson(theHeaders)); } - public String encrypt(byte[] content, String contentType) { - JweEncryptionInternal state = getInternalState(contentType); + public String encrypt(byte[] content, JweHeaders jweHeaders) { + JweEncryptionInternal state = getInternalState(jweHeaders); byte[] cipher = CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps); @@ -125,8 +125,8 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { return contentEncryptionAlgo.getAlgorithm(); } @Override - public JweEncryptionState createJweEncryptionState(String contentType) { - JweEncryptionInternal state = getInternalState(contentType); + public JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders) { + JweEncryptionInternal state = getInternalState(jweHeaders); Cipher c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, Cipher.ENCRYPT_MODE); return new JweEncryptionState(c, @@ -148,7 +148,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { return theCek; } - private JweEncryptionInternal getInternalState(String contentType) { + private JweEncryptionInternal getInternalState(JweHeaders jweHeaders) { byte[] theCek = getContentEncryptionKey(); String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm()); KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName); @@ -160,9 +160,15 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek); JweHeaders theHeaders = headers; - if (contentType != null) { + if (jweHeaders != null) { + if (jweHeaders.getKeyEncryptionAlgorithm() != null + && !keyEncryptionAlgo.getAlgorithm().equals(jweHeaders.getKeyEncryptionAlgorithm()) + || jweHeaders.getAlgorithm() != null + && !contentEncryptionAlgo.getAlgorithm().equals(jweHeaders.getAlgorithm())) { + throw new SecurityException(); + } theHeaders = new JweHeaders(theHeaders.asMap()); - theHeaders.setContentType(contentType); + theHeaders.asMap().putAll(jweHeaders.asMap()); } byte[] additionalEncryptionParam = getAAD(theHeaders); keyProps.setAdditionalData(additionalEncryptionParam); http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java index 548191b..b685a29 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java @@ -21,6 +21,6 @@ package org.apache.cxf.rs.security.jose.jwe; public interface JweEncryptionProvider extends JweKeyProperties { - String encrypt(byte[] jweContent, String contentType); - JweEncryptionState createJweEncryptionState(String contentType); + String encrypt(byte[] jweContent, JweHeaders jweHeaders); + JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders); } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java new file mode 100644 index 0000000..8f4599a --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java @@ -0,0 +1,62 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; +import java.security.interfaces.RSAPrivateKey; + +import javax.crypto.SecretKey; + +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; +import org.apache.cxf.rs.security.jose.jwt.JwtToken; +import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; + + +public class JweJwtCompactConsumer { + private JweCompactConsumer jweConsumer; + private JweHeaders headers; + public JweJwtCompactConsumer(String content) { + jweConsumer = new JweCompactConsumer(content); + headers = jweConsumer.getJweHeaders(); + } + public JwtToken decryptWith(JsonWebKey key) { + return decryptWith(JweUtils.createJweDecryptionProvider(key, headers.getContentEncryptionAlgorithm())); + } + public JwtToken decryptWith(RSAPrivateKey key) { + return decryptWith(JweUtils.createJweDecryptionProvider(key, + headers.getKeyEncryptionAlgorithm(), + headers.getContentEncryptionAlgorithm())); + } + public JwtToken decryptWith(SecretKey key) { + return decryptWith(JweUtils.createJweDecryptionProvider(key, + headers.getKeyEncryptionAlgorithm(), + headers.getContentEncryptionAlgorithm())); + } + public JwtToken decryptWith(JweDecryptionProvider jwe) { + byte[] bytes = jwe.decrypt(jweConsumer); + JwtClaims claims = new JwtTokenReaderWriter().fromJsonClaims(toString(bytes)); + return new JwtToken(headers, claims); + } + private static String toString(byte[] bytes) { + try { + return new String(bytes, "UTF-8"); + } catch (Exception ex) { + throw new RuntimeException(ex); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java new file mode 100644 index 0000000..f0ce331 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java @@ -0,0 +1,61 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; +import java.security.interfaces.RSAPublicKey; + +import javax.crypto.SecretKey; + +import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; +import org.apache.cxf.rs.security.jose.jwt.JwtToken; +import org.apache.cxf.rs.security.jose.jwt.JwtUtils; + + +public class JweJwtCompactProducer { + private JweHeaders headers; + private String claimsJson; + public JweJwtCompactProducer(JwtToken token) { + this(token.getHeaders(), token.getClaims()); + } + public JweJwtCompactProducer(JwtClaims claims) { + this(new JoseHeaders(), claims); + } + public JweJwtCompactProducer(JoseHeaders joseHeaders, JwtClaims claims) { + headers = new JweHeaders(joseHeaders); + claimsJson = JwtUtils.claimsToJson(claims, null); + } + + public String encryptWith(JsonWebKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); + } + public String encryptWith(RSAPublicKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); + } + public String encryptWith(SecretKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); + } + public String encryptWith(JweEncryptionProvider jwe) { + return jwe.encrypt(StringUtils.toBytesUTF8(claimsJson), headers); + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 628e234..c7a5378 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -20,12 +20,14 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; +import java.util.Collections; import java.util.Properties; import javax.crypto.SecretKey; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils; @@ -58,12 +60,20 @@ public final class JweUtils { return encryptDirect(key, contentAlgo, content, ct); } } + public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) { + KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + return encrypt(keyEncryptionProvider, contentAlgo, content, ct); + } public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) { return encryptDirect(key, contentAlgo, content, null); } public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content, String ct) { JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo); - return jwe.encrypt(content, ct); + return jwe.encrypt(content, toJweHeaders(ct)); + } + public static String encryptDirect(JsonWebKey key, byte[] content, String ct) { + JweEncryptionProvider jwe = getDirectKeyJweEncryption(key); + return jwe.encrypt(content, toJweHeaders(ct)); } public static byte[] decrypt(RSAPrivateKey key, String keyAlgo, String contentAlgo, String content) { KeyDecryptionAlgorithm keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(key, keyAlgo); @@ -77,10 +87,18 @@ public final class JweUtils { return decryptDirect(key, contentAlgo, content); } } + public static byte[] decrypt(JsonWebKey key, String contentAlgo, String content) { + KeyDecryptionAlgorithm keyDecryptionProvider = getKeyDecryptionAlgorithm(key); + return decrypt(keyDecryptionProvider, contentAlgo, content); + } public static byte[] decryptDirect(SecretKey key, String contentAlgo, String content) { JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo); return jwe.decrypt(content).getContent(); } + public static byte[] decryptDirect(JsonWebKey key, String content) { + JweDecryptionProvider jwe = getDirectKeyJweDecryption(key); + return jwe.decrypt(content).getContent(); + } public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) { return getKeyEncryptionAlgorithm(jwk, null); } @@ -177,12 +195,19 @@ public final class JweUtils { } return null; } + public static DirectKeyJweEncryption getDirectKeyJweEncryption(JsonWebKey key) { + return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(key, key.getAlgorithm())); + } public static DirectKeyJweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) { return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(key, algorithm)); } public static DirectKeyJweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) { return new DirectKeyJweDecryption(key, getContentDecryptionAlgorithm(algorithm)); } + public static DirectKeyJweDecryption getDirectKeyJweDecryption(JsonWebKey key) { + return new DirectKeyJweDecryption(JwkUtils.toSecretKey(key), + getContentDecryptionAlgorithm(key.getAlgorithm())); + } public static JweEncryptionProvider loadEncryptionProvider(String propLoc, Message m) { KeyEncryptionAlgorithm keyEncryptionProvider = null; String keyEncryptionAlgo = null; @@ -242,6 +267,40 @@ public final class JweUtils { } return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo); } + public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, + String keyAlgo, + String contentEncryptionAlgo, + String compression) { + KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, keyAlgo); + return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); + } + public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) { + KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, + headers.getKeyEncryptionAlgorithm()); + return createJweEncryptionProvider(keyEncryptionProvider, headers); + } + public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, + String keyAlgo, + String contentEncryptionAlgo, + String compression) { + KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); + return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); + } + public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) { + KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, + headers.getKeyEncryptionAlgorithm()); + return createJweEncryptionProvider(keyEncryptionProvider, headers); + } + public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, + String contentEncryptionAlgo, + String compression) { + KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); + } + public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers) { + KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + return createJweEncryptionProvider(keyEncryptionProvider, headers); + } public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider, String contentEncryptionAlgo, String compression) { @@ -261,6 +320,20 @@ public final class JweUtils { getContentEncryptionAlgorithm(contentEncryptionAlgo)); } } + public static JweDecryptionProvider createJweDecryptionProvider(RSAPrivateKey key, + String keyAlgo, + String contentDecryptionAlgo) { + return createJweDecryptionProvider(getRSAKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo); + } + public static JweDecryptionProvider createJweDecryptionProvider(SecretKey key, + String keyAlgo, + String contentDecryptionAlgo) { + return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo); + } + public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey key, + String contentDecryptionAlgo) { + return createJweDecryptionProvider(getKeyDecryptionAlgorithm(key), contentDecryptionAlgo); + } public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider, String contentDecryptionAlgo) { if (Algorithm.isAesCbcHmac(contentDecryptionAlgo)) { @@ -325,10 +398,13 @@ public final class JweUtils { private static String encrypt(KeyEncryptionAlgorithm keyEncryptionProvider, String contentAlgo, byte[] content, String ct) { JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null); - return jwe.encrypt(content, ct); + return jwe.encrypt(content, toJweHeaders(ct)); } private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo, String content) { JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo); return jwe.decrypt(content).getContent(); } + private static JweHeaders toJweHeaders(String ct) { + return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE, ct)); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 05ade0d..6d0a2fe 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -40,6 +40,7 @@ import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; @@ -48,6 +49,7 @@ import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm; @@ -105,7 +107,8 @@ public final class JwkUtils { return encryptJwkSet(jwkSet, createDefaultEncryption(password), writer); } public static String encryptJwkSet(JsonWebKeys jwkSet, JweEncryptionProvider jwe, JwkReaderWriter writer) { - return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), "jwk-set+json"); + return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), + toJweHeaders("jwk-set+json")); } public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, String keyAlgo, String contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)), @@ -154,7 +157,8 @@ public final class JwkUtils { return encryptJwkKey(jwkKey, createDefaultEncryption(password), writer); } public static String encryptJwkKey(JsonWebKey jwkKey, JweEncryptionProvider jwe, JwkReaderWriter writer) { - return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), "jwk+json"); + return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), + toJweHeaders("jwk+json")); } public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, String keyAlgo, String contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)), @@ -415,4 +419,7 @@ public final class JwkUtils { throw new RuntimeException(ex); } } + private static JweHeaders toJweHeaders(String ct) { + return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE, ct)); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index f9c43da..105d895 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -18,6 +18,8 @@ */ package org.apache.cxf.rs.security.jose.jws; +import java.security.interfaces.RSAPublicKey; + import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReader; @@ -94,6 +96,12 @@ public class JwsCompactConsumer { public boolean verifySignatureWith(JsonWebKey key) { return verifySignatureWith(JwsUtils.getSignatureVerifier(key)); } + public boolean verifySignatureWith(RSAPublicKey key, String algo) { + return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo)); + } + public boolean verifySignatureWith(byte[] key, String algo) { + return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo)); + } public boolean validateCriticalHeaders() { return JwsUtils.validateCriticalHeaders(getJoseHeaders()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index f1413a1..b033afd 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -18,6 +18,8 @@ */ package org.apache.cxf.rs.security.jose.jws; +import java.security.interfaces.RSAPrivateKey; + import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.JoseConstants; @@ -71,7 +73,14 @@ public class JwsCompactProducer { } public String signWith(JsonWebKey jwk) { - return signWith(JwsUtils.getSignatureProvider(jwk)); + return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm())); + } + + public String signWith(RSAPrivateKey key) { + return signWith(JwsUtils.getRSAKeySignatureProvider(key, headers.getAlgorithm())); + } + public String signWith(byte[] key) { + return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm())); } public String signWith(JwsSignatureProvider signer) { @@ -79,17 +88,15 @@ public class JwsCompactProducer { byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws()); worker.update(bytes, 0, bytes.length); - signWith(worker.sign()); - return getSignedEncodedJws(); - + return setSignatureBytes(worker.sign()); } - public String signWith(String signatureText) { + public String setSignatureText(String signatureText) { setEncodedSignature(Base64UrlUtility.encode(signatureText)); return getSignedEncodedJws(); } - public String signWith(byte[] signatureOctets) { + public String setSignatureBytes(byte[] signatureOctets) { setEncodedSignature(Base64UrlUtility.encode(signatureOctets)); return getSignedEncodedJws(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java index b1d2663..90fe02a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.jose.jws; +import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Collections; import java.util.LinkedList; @@ -105,6 +106,12 @@ public class JwsJsonConsumer { } return false; } + public boolean verifySignatureWith(RSAPublicKey key, String algo) { + return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo)); + } + public boolean verifySignatureWith(byte[] key, String algo) { + return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo)); + } public boolean verifySignatureWith(List<JwsSignatureVerifier> validators) { try { verifyAndGetNonValidated(validators); http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index b43dc40..5aaee71 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.jose.jws; +import java.security.interfaces.RSAPrivateKey; import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -81,6 +82,12 @@ public class JwsJsonProducer { public String signWith(JsonWebKey jwk) { return signWith(JwsUtils.getSignatureProvider(jwk)); } + public String signWith(RSAPrivateKey key, String algo) { + return signWith(JwsUtils.getRSAKeySignatureProvider(key, algo)); + } + public String signWith(byte[] key, String algo) { + return signWith(JwsUtils.getHmacSignatureProvider(key, algo)); + } public String signWith(JwsSignatureProvider signer, JwsJsonProtectedHeader protectedHeader, JwsJsonUnprotectedHeader unprotectedHeader) { http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java index bc3cc22..cbfc64c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java @@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; +import org.apache.cxf.rs.security.jose.jwt.JwtUtils; public class JwsJwtCompactProducer extends JwsCompactProducer { @@ -39,13 +39,8 @@ public class JwsJwtCompactProducer extends JwsCompactProducer { this(new JwtToken(headers, claims), w); } public JwsJwtCompactProducer(JwtToken token, JwtTokenWriter w) { - super(token.getHeaders(), w, serializeClaims(token.getClaims(), w)); + super(token.getHeaders(), w, JwtUtils.claimsToJson(token.getClaims(), w)); } - private static String serializeClaims(JwtClaims claims, JwtTokenWriter writer) { - if (writer == null) { - writer = new JwtTokenReaderWriter(); - } - return writer.claimsToJson(claims); - } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java new file mode 100644 index 0000000..30d365b --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java @@ -0,0 +1,44 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt; + + +public final class JwtUtils { + private JwtUtils() { + + } + public static String claimsToJson(JwtClaims claims) { + return claimsToJson(claims); + } + public static String claimsToJson(JwtClaims claims, JwtTokenWriter writer) { + if (writer == null) { + writer = new JwtTokenReaderWriter(); + } + return writer.claimsToJson(claims); + } + public static JwtClaims jsonToClaims(String json) { + return jsonToClaims(json, null); + } + public static JwtClaims jsonToClaims(String json, JwtTokenReader reader) { + if (reader == null) { + reader = new JwtTokenReaderWriter(); + } + return reader.fromJsonClaims(json); + } +}
