Repository: cxf Updated Branches: refs/heads/master 710bf9a1e -> 808a1a778
Making it easier to plugin jose4j/etc into CXF JOSE filters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/808a1a77 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/808a1a77 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/808a1a77 Branch: refs/heads/master Commit: 808a1a778c419840b26fcf79f33f0d0bf2936e40 Parents: 710bf9a Author: Sergey Beryozkin <[email protected]> Authored: Mon Nov 24 17:38:12 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Mon Nov 24 17:38:12 2014 +0000 ---------------------------------------------------------------------- .../jose/jaxrs/AbstractJweDecryptingFilter.java | 5 ++++ .../jose/jaxrs/AbstractJwsReaderProvider.java | 5 ++++ .../jose/jaxrs/AbstractJwsWriterProvider.java | 5 ++++ .../jose/jaxrs/JweWriterInterceptor.java | 5 ++++ .../jose/jwe/JweEncryptionProvider.java | 3 +++ .../cxf/rs/security/jose/jwe/JweFactory.java | 25 ++++++++++++++++++++ .../jose/jws/AbstractJwsSignatureProvider.java | 6 +++++ .../security/jose/jws/JwsCompactProducer.java | 8 +++---- .../cxf/rs/security/jose/jws/JwsFactory.java | 25 ++++++++++++++++++++ .../rs/security/jose/jws/JwsJsonProducer.java | 6 ++--- .../security/jose/jws/JwsSignatureProvider.java | 4 ++++ .../utils/crypto/JwtAccessTokenUtils.java | 6 +++++ 12 files changed, 95 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java index 83e00e1..f46d523 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java @@ -27,6 +27,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweFactory; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -53,6 +54,10 @@ public class AbstractJweDecryptingFilter { return decryption; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JweFactory.class.getName()); + if (factory != null) { + return ((JweFactory)factory).getJweDecryptionProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_IN_PROPS, RSSEC_ENCRYPTION_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java index 6027e60..eb6b300 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; +import org.apache.cxf.rs.security.jose.jws.JwsFactory; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -41,6 +42,10 @@ public class AbstractJwsReaderProvider { } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JwsFactory.class.getName()); + if (factory != null) { + return ((JwsFactory)factory).getJwsSignatureVerifier(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java index 139f20f..fbc7b79 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java @@ -29,6 +29,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsFactory; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -47,6 +48,10 @@ public class AbstractJwsWriterProvider { return sigProvider; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JwsFactory.class.getName()); + if (factory != null) { + return ((JwsFactory)factory).getJwsSignatureProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java index a80ac67..e98c56f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java @@ -42,6 +42,7 @@ import org.apache.cxf.rs.security.jose.JoseHeadersWriter; import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState; +import org.apache.cxf.rs.security.jose.jwe.JweFactory; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweOutputStream; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -119,6 +120,10 @@ public class JweWriterInterceptor implements WriterInterceptor { return encryptionProvider; } Message m = JAXRSUtils.getCurrentMessage(); + Object factory = m.getContextualProperty(JweFactory.class.getName()); + if (factory != null) { + return ((JweFactory)factory).getJweEncryptionProvider(); + } String propLoc = (String)MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_OUT_PROPS, RSSEC_ENCRYPTION_PROPS); if (propLoc == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java index b685a29..addc7b6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java @@ -22,5 +22,8 @@ package org.apache.cxf.rs.security.jose.jwe; public interface JweEncryptionProvider extends JweKeyProperties { String encrypt(byte[] jweContent, JweHeaders jweHeaders); + /** + * Prepare JWE state (optional operation) + */ JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders); } http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java new file mode 100644 index 0000000..16100ef --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweFactory.java @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + + +public interface JweFactory { + JweEncryptionProvider getJweEncryptionProvider(); + JweDecryptionProvider getJweDecryptionProvider(); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 4bbc22a..e2ebda5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -46,6 +46,12 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid return algorithm; } @Override + public byte[] sign(JoseHeaders headers, byte[] content) { + JwsSignature sig = createJwsSignature(headers); + sig.update(content, 0, content.length); + return sig.sign(); + } + @Override public JwsSignature createJwsSignature(JoseHeaders headers) { return doCreateJwsSignature(prepareHeaders(headers)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b033afd..b8aee4a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -83,12 +83,10 @@ public class JwsCompactProducer { return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm())); } - public String signWith(JwsSignatureProvider signer) { - JwsSignature worker = signer.createJwsSignature(getJoseHeaders()); - + public String signWith(JwsSignatureProvider signer) { byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws()); - worker.update(bytes, 0, bytes.length); - return setSignatureBytes(worker.sign()); + byte[] sig = signer.sign(getJoseHeaders(), bytes); + return setSignatureBytes(sig); } public String setSignatureText(String signatureText) { http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java new file mode 100644 index 0000000..f810660 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsFactory.java @@ -0,0 +1,25 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jws; + + +public interface JwsFactory { + JwsSignatureProvider getJwsSignatureProvider(); + JwsSignatureVerifier getJwsSignatureVerifier(); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index 5aaee71..c9c2387 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -106,12 +106,12 @@ public class JwsJsonProducer { if (unionHeaders.getAlgorithm() == null) { throw new SecurityException("Algorithm header is not set"); } - JwsSignature worker = signer.createJwsSignature(unionHeaders); String sequenceToBeSigned = protectedHeader.getEncodedHeaderEntries() + "." + getUnsignedEncodedPayload(); byte[] bytesToBeSigned = StringUtils.toBytesUTF8(sequenceToBeSigned); - worker.update(bytesToBeSigned, 0, bytesToBeSigned.length); - byte[] signatureBytes = worker.sign(); + + byte[] signatureBytes = signer.sign(unionHeaders, bytesToBeSigned); + String encodedSignatureBytes = Base64UrlUtility.encode(signatureBytes); JwsJsonSignatureEntry signature = new JwsJsonSignatureEntry(encodedPayload, http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java index 7dd9a0a..c6f60b9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java @@ -23,5 +23,9 @@ import org.apache.cxf.rs.security.jose.JoseHeaders; public interface JwsSignatureProvider { String getAlgorithm(); + byte[] sign(JoseHeaders headers, byte[] content); + /** + * Create a signature handler capable of updating the signature input (optional operation) + */ JwsSignature createJwsSignature(JoseHeaders headers); } http://git-wip-us.apache.org/repos/asf/cxf/blob/808a1a77/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java index 84be13a..d31e9f2 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/JwtAccessTokenUtils.java @@ -126,6 +126,12 @@ public final class JwtAccessTokenUtils { public JwsSignature createJwsSignature(JoseHeaders headers) { return new NoneJwsSignature(); } + + @Override + public byte[] sign(JoseHeaders headers, byte[] content) { + // TODO Auto-generated method stub + return null; + } } private static class NoneJwsSignature implements JwsSignature {
