http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java index a8b5899..522b479 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java @@ -25,21 +25,21 @@ import java.util.Set; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( - Arrays.asList(Algorithm.A128KW.getJwtName(), - Algorithm.A192KW.getJwtName(), - Algorithm.A256KW.getJwtName())); - public AesWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) { + Arrays.asList(KeyAlgorithm.A128KW.getJwaName(), + KeyAlgorithm.A192KW.getJwaName(), + KeyAlgorithm.A256KW.getJwaName())); + public AesWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) { this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt); } - public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) { - this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.toJavaName(keyAlgoJwt)), + public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) { + this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()), keyAlgoJwt); } - public AesWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) { + public AesWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) { super(key, keyAlgoJwt, SUPPORTED_ALGORITHMS); }
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java deleted file mode 100644 index 6f53f53..0000000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - - - -public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties { - byte[] getInitVector(); - byte[] getContentEncryptionKey(JweHeaders headers); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java index e75eecc..055d602 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java @@ -20,9 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.spec.AlgorithmParameterSpec; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; + public interface ContentEncryptionCipherProperties { - String getAlgorithm(); + ContentAlgorithm getAlgorithm(); byte[] getAdditionalAuthenticationData(String headersJson, byte[] aad); AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java new file mode 100644 index 0000000..940455a --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java @@ -0,0 +1,26 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + + + +public interface ContentEncryptionProvider extends ContentEncryptionCipherProperties { + byte[] getInitVector(); + byte[] getContentEncryptionKey(JweHeaders headers); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java index f7cfcc1..0d08f2d 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java @@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.Key; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { private byte[] contentDecryptionKey; public DirectKeyDecryptionAlgorithm(Key contentDecryptionKey) { @@ -34,7 +36,7 @@ public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { return contentDecryptionKey; } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return null; } protected void validateKeyEncryptionKey(JweDecryptionInput jweDecryptionInput) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java index 3fe8967..e878beb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java @@ -18,7 +18,9 @@ */ package org.apache.cxf.rs.security.jose.jwe; -public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + +public class DirectKeyEncryptionAlgorithm implements KeyEncryptionProvider { public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] theCek) { if (headers.getKeyEncryptionAlgorithm() != null) { throw new SecurityException(); @@ -31,7 +33,7 @@ public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { } } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return null; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java index fd72fa9..1d9741e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java @@ -20,15 +20,16 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.ECPrivateKey; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { private ECPrivateKey key; - private String algo; + private KeyAlgorithm algo; public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key) { - this(key, Algorithm.ECDH_ES_A128KW.getJwtName()); + this(key, KeyAlgorithm.ECDH_ES_A128KW); } - public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key, String algo) { + public EcdhAesWrapKeyDecryptionAlgorithm(ECPrivateKey key, KeyAlgorithm algo) { this.key = key; this.algo = algo; } @@ -39,14 +40,14 @@ public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm jweDecryptionInput.getJweHeaders(), key); KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) { protected boolean isValidAlgorithmFamily(String wrapAlgo) { - return Algorithm.isEcdhEsWrap(wrapAlgo); + return AlgorithmUtils.isEcdhEsWrap(wrapAlgo); } }; return aesWrap.getDecryptedContentEncryptionKey(jweDecryptionInput); } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return algo; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index ecfa68e..c61f102 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -22,49 +22,49 @@ import java.security.interfaces.ECPublicKey; import java.util.HashMap; import java.util.Map; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.EcdhDirectKeyJweEncryption.EcdhHelper; -public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { +public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { private static final Map<String, String> ECDH_AES_MAP; static { ECDH_AES_MAP = new HashMap<String, String>(); - ECDH_AES_MAP.put(Algorithm.ECDH_ES_A128KW.getJwtName(), Algorithm.A128KW.getJwtName()); - ECDH_AES_MAP.put(Algorithm.ECDH_ES_A192KW.getJwtName(), Algorithm.A192KW.getJwtName()); - ECDH_AES_MAP.put(Algorithm.ECDH_ES_A256KW.getJwtName(), Algorithm.A256KW.getJwtName()); + ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A128KW.getJwaName(), KeyAlgorithm.A128KW.getJwaName()); + ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName()); + ECDH_AES_MAP.put(KeyAlgorithm.ECDH_ES_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName()); } - private String keyAlgo; + private KeyAlgorithm keyAlgo; private EcdhHelper helper; public EcdhAesWrapKeyEncryptionAlgorithm(ECPublicKey peerPublicKey, String curve, String apuString, String apvString, - String keyAlgo) { + KeyAlgorithm keyAlgo) { this.keyAlgo = keyAlgo; - helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, keyAlgo); + helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, keyAlgo.getJwaName()); } @Override public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) { final byte[] derivedKey = helper.getDerivedKey(headers); - Algorithm jwtAlgo = Algorithm.valueOf(ECDH_AES_MAP.get(keyAlgo)); - KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, - jwtAlgo.getJwtName()) { + KeyEncryptionProvider aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, + keyAlgo) { protected void checkAlgorithms(JweHeaders headers) { // complete } protected String getKeyEncryptionAlgoJava(JweHeaders headers) { - return Algorithm.AES_WRAP_ALGO_JAVA; + return AlgorithmUtils.AES_WRAP_ALGO_JAVA; } }; return aesWrap.getEncryptedContentEncryptionKey(headers, cek); } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return keyAlgo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java index 7284def..90466c4 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java @@ -21,26 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.ECPrivateKey; import org.apache.cxf.rs.security.jose.JoseUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhDirectKeyJweDecryption extends JweDecryption { - public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, String supportedCtAlgo) { + public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, ContentAlgorithm supportedCtAlgo) { super(new EcdhDirectKeyDecryptionAlgorithm(privateKey), new AesGcmContentDecryptionAlgorithm(supportedCtAlgo)); } protected static byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, ECPrivateKey privateKey) { - Algorithm jwtAlgo = Algorithm.valueOf(headers.getContentEncryptionAlgorithm()); + ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(headers.getContentEncryptionAlgorithm()); JsonWebKey publicJwk = headers.getJsonWebKey("epv"); String apuHeader = (String)headers.getHeader("apu"); byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader); String apvHeader = (String)headers.getHeader("apv"); byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader); return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), - apuBytes, apvBytes, jwtAlgo.getJwtName(), jwtAlgo.getKeySizeBits()); + apuBytes, apvBytes, jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); } protected static class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm { private ECPrivateKey privateKey; http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java index 5264dff..fe01883 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java @@ -25,8 +25,8 @@ import java.security.interfaces.ECPublicKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; @@ -35,7 +35,7 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { String curve, String apuString, String apvString, - String ctAlgo) { + ContentAlgorithm ctAlgo) { super(new EcdhDirectKeyEncryptionAlgorithm(), new EcdhAesGcmContentEncryptionAlgorithm(peerPublicKey, curve, @@ -45,7 +45,7 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { } protected static class EcdhDirectKeyEncryptionAlgorithm extends DirectKeyEncryptionAlgorithm { protected void checkKeyEncryptionAlgorithm(JweHeaders headers) { - headers.setKeyEncryptionAlgorithm(JoseConstants.ECDH_ES_DIRECT_ALGO); + headers.setKeyEncryptionAlgorithm(AlgorithmUtils.ECDH_ES_DIRECT_ALGO); } } protected static class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm { @@ -54,9 +54,9 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { String curve, String apuString, String apvString, - String ctAlgo) { + ContentAlgorithm ctAlgo) { super(ctAlgo); - helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo); + helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo.getJwaName()); } public byte[] getContentEncryptionKey(JweHeaders headers) { return helper.getDerivedKey(headers); @@ -84,14 +84,14 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { KeyPair pair = CryptoUtils.generateECKeyPair(ecurve); ECPublicKey publicKey = (ECPublicKey)pair.getPublic(); ECPrivateKey privateKey = (ECPrivateKey)pair.getPrivate(); - Algorithm jwtAlgo = Algorithm.valueOf(ctAlgo); + ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(ctAlgo); headers.setHeader("apu", Base64UrlUtility.encode(apuBytes)); headers.setHeader("apv", Base64UrlUtility.encode(apvBytes)); headers.setJsonWebKey("epv", JwkUtils.fromECPublicKey(publicKey, ecurve)); return JweUtils.getECDHKey(privateKey, peerPublicKey, apuBytes, apvBytes, - jwtAlgo.getJwtName(), jwtAlgo.getKeySizeBits()); + jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); } private byte[] toBytes(String str) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java index 00d994e..e314515 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryption.java @@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe; public class JweEncryption extends AbstractJweEncryption { - public JweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm, - ContentEncryptionAlgorithm contentEncryptionAlgo) { + public JweEncryption(KeyEncryptionProvider keyEncryptionAlgorithm, + ContentEncryptionProvider contentEncryptionAlgo) { super(contentEncryptionAlgo, keyEncryptionAlgorithm); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java index 23a014f..24ab37a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumer.java @@ -78,7 +78,7 @@ public class JweJsonConsumer { private JweJsonEncryptionEntry getJweDecryptionEntry(JweDecryptionProvider jwe) { for (Map.Entry<JweJsonEncryptionEntry, JweHeaders> entry : recipientsMap.entrySet()) { String keyAlgo = entry.getValue().getKeyEncryptionAlgorithm(); - if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm()) + if (keyAlgo != null && keyAlgo.equals(jwe.getKeyAlgorithm().getJwaName()) || keyAlgo == null && jwe.getKeyAlgorithm() == null) { return entry.getKey(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java index 45d3d47..b722d08 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java @@ -170,7 +170,7 @@ public class JweJsonProducer { private String checkAndGetContentAlgorithm(List<JweEncryptionProvider> encryptors) { Set<String> set = new HashSet<String>(); for (JweEncryptionProvider encryptor : encryptors) { - set.add(encryptor.getContentAlgorithm()); + set.add(encryptor.getContentAlgorithm().getJwaName()); } if (set.size() != 1) { throw new SecurityException("Invalid content encryption algorithm"); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java index 4217525..49d274c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java @@ -18,9 +18,12 @@ */ package org.apache.cxf.rs.security.jose.jwe; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + public interface JweKeyProperties { - String getKeyAlgorithm(); - String getContentAlgorithm(); + KeyAlgorithm getKeyAlgorithm(); + ContentAlgorithm getContentAlgorithm(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index feba8bc..5389205 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -41,7 +41,9 @@ import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; @@ -61,7 +63,7 @@ public final class JweUtils { return encrypt(key, keyAlgo, contentAlgo, content, null); } public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) { - KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, keyAlgo); + KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); } public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content) { @@ -69,14 +71,14 @@ public final class JweUtils { } public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) { if (keyAlgo != null) { - KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); + KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); } else { return encryptDirect(key, contentAlgo, content, ct); } } public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) { - KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); } public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) { @@ -114,14 +116,14 @@ public final class JweUtils { JweDecryptionProvider jwe = getDirectKeyJweDecryption(key); return jwe.decrypt(content).getContent(); } - public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) { - return getKeyEncryptionAlgorithm(jwk, null); + public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk) { + return getKeyEncryptionProvider(jwk, null); } - public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { + public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) { String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - KeyEncryptionAlgorithm keyEncryptionProvider = null; + KeyEncryptionProvider keyEncryptionProvider = null; if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(JwkUtils.toRSAPublicKey(jwk, true), + keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), keyEncryptionAlgo); } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), @@ -131,14 +133,14 @@ public final class JweUtils { } return keyEncryptionProvider; } - public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey key, String algo) { - return new RSAKeyEncryptionAlgorithm(key, algo); + public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, String algo) { + return new RSAKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); } - public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) { - if (Algorithm.isAesKeyWrap(algo)) { - return new AesWrapKeyEncryptionAlgorithm(key, algo); - } else if (Algorithm.isAesGcmKeyWrap(algo)) { - return new AesGcmWrapKeyEncryptionAlgorithm(key, algo); + public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) { + if (AlgorithmUtils.isAesKeyWrap(algo)) { + return new AesWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); + } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) { + return new AesGcmWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); } return null; } @@ -161,43 +163,43 @@ public final class JweUtils { return keyDecryptionProvider; } public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey key, String algo) { - return new RSAKeyDecryptionAlgorithm(key, algo); + return new RSAKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); } public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) { - if (Algorithm.isAesKeyWrap(algo)) { - return new AesWrapKeyDecryptionAlgorithm(key, algo); - } else if (Algorithm.isAesGcmKeyWrap(algo)) { - return new AesGcmWrapKeyDecryptionAlgorithm(key, algo); + if (AlgorithmUtils.isAesKeyWrap(algo)) { + return new AesWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); + } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) { + return new AesGcmWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); } return null; } - public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk) { + public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk) { return getContentEncryptionAlgorithm(jwk, null); } - public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { + public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - ContentEncryptionAlgorithm contentEncryptionProvider = null; + ContentEncryptionProvider contentEncryptionProvider = null; if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), ctEncryptionAlgo); } return contentEncryptionProvider; } - public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(SecretKey key, String algorithm) { - if (Algorithm.isAesGcm(algorithm)) { - return new AesGcmContentEncryptionAlgorithm(key, null, algorithm); + public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, String algorithm) { + if (AlgorithmUtils.isAesGcm(algorithm)) { + return new AesGcmContentEncryptionAlgorithm(key, null, getContentAlgo(algorithm)); } return null; } - public static ContentEncryptionAlgorithm getContentEncryptionAlgorithm(String algorithm) { - if (Algorithm.isAesGcm(algorithm)) { - return new AesGcmContentEncryptionAlgorithm(algorithm); + public static ContentEncryptionProvider getContentEncryptionAlgorithm(String algorithm) { + if (AlgorithmUtils.isAesGcm(algorithm)) { + return new AesGcmContentEncryptionAlgorithm(getContentAlgo(algorithm)); } return null; } public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm) { - if (Algorithm.isAesGcm(algorithm)) { - return new AesGcmContentDecryptionAlgorithm(algorithm); + if (AlgorithmUtils.isAesGcm(algorithm)) { + return new AesGcmContentDecryptionAlgorithm(getContentAlgo(algorithm)); } return null; } @@ -206,14 +208,18 @@ public final class JweUtils { } public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm) { String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && Algorithm.isAesGcm(ctEncryptionAlgo)) { + if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && AlgorithmUtils.isAesGcm(ctEncryptionAlgo)) { return JwkUtils.toSecretKey(jwk); } return null; } + private static ContentAlgorithm getContentAlgo(String algo) { + return ContentAlgorithm.getAlgorithm(algo); + } public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) { - if (Algorithm.isAesCbcHmac(key.getAlgorithm())) { - return new AesCbcHmacJweEncryption(key.getAlgorithm(), JwkUtils.toSecretKey(key).getEncoded(), + if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) { + return new AesCbcHmacJweEncryption(getContentAlgo(key.getAlgorithm()), + JwkUtils.toSecretKey(key).getEncoded(), null, new DirectKeyEncryptionAlgorithm()); } else { return new JweEncryption(new DirectKeyEncryptionAlgorithm(), @@ -221,8 +227,8 @@ public final class JweUtils { } } public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) { - if (Algorithm.isAesCbcHmac(algorithm)) { - return new AesCbcHmacJweEncryption(algorithm, key.getEncoded(), + if (AlgorithmUtils.isAesCbcHmac(algorithm)) { + return new AesCbcHmacJweEncryption(getContentAlgo(algorithm), key.getEncoded(), null, new DirectKeyEncryptionAlgorithm()); } else { return new JweEncryption(new DirectKeyEncryptionAlgorithm(), @@ -230,17 +236,18 @@ public final class JweUtils { } } public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) { - if (Algorithm.isAesCbcHmac(algorithm)) { - return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm); + if (AlgorithmUtils.isAesCbcHmac(algorithm)) { + return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm)); } else { return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentDecryptionAlgorithm(algorithm)); } } public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { - if (Algorithm.isAesCbcHmac(key.getAlgorithm())) { + if (AlgorithmUtils.isAesCbcHmac(key.getAlgorithm())) { return new AesCbcHmacJweDecryption( - new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), key.getAlgorithm()); + new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key).getEncoded()), + getContentAlgo(key.getAlgorithm())); } else { return new JweDecryption(new DirectKeyDecryptionAlgorithm(JwkUtils.toSecretKey(key)), getContentDecryptionAlgorithm(key.getAlgorithm())); @@ -262,10 +269,10 @@ public final class JweUtils { MessageUtils.getContextualProperty(m, RSSEC_ENCRYPTION_REPORT_KEY_PROP, KeyManagementUtils.RSSEC_REPORT_KEY_PROP)); - KeyEncryptionAlgorithm keyEncryptionProvider = null; + KeyEncryptionProvider keyEncryptionProvider = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null); - ContentEncryptionAlgorithm ctEncryptionProvider = null; + ContentEncryptionProvider ctEncryptionProvider = null; if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT); keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), @@ -274,13 +281,13 @@ public final class JweUtils { contentEncryptionAlgo = getContentEncryptionAlgo(m, props, jwk.getAlgorithm()); ctEncryptionProvider = getContentEncryptionAlgorithm(jwk, contentEncryptionAlgo); } else { - keyEncryptionProvider = getKeyEncryptionAlgorithm(jwk, keyEncryptionAlgo); + keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo); if (reportPublicKey) { JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo); } } } else { - keyEncryptionProvider = getRSAKeyEncryptionAlgorithm( + keyEncryptionProvider = getRSAKeyEncryptionProvider( (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), keyEncryptionAlgo); if (reportPublicKey) { @@ -340,11 +347,11 @@ public final class JweUtils { String keyAlgo, String contentEncryptionAlgo, String compression) { - KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, keyAlgo); + KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) { - KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key, + KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, headers.getKeyEncryptionAlgorithm()); return createJweEncryptionProvider(keyEncryptionProvider, headers); } @@ -352,37 +359,37 @@ public final class JweUtils { String keyAlgo, String contentEncryptionAlgo, String compression) { - KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); + KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) { - KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, + KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, headers.getKeyEncryptionAlgorithm()); return createJweEncryptionProvider(keyEncryptionProvider, headers); } public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, String contentEncryptionAlgo, String compression) { - KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers) { - KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key); + KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); return createJweEncryptionProvider(keyEncryptionProvider, headers); } - public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider, + public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, String contentEncryptionAlgo, String compression) { JweHeaders headers = - prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm() : null, + prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null, contentEncryptionAlgo, compression); return createJweEncryptionProvider(keyEncryptionProvider, headers); } - public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider, + public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, JweHeaders headers) { String contentEncryptionAlgo = headers.getContentEncryptionAlgorithm(); - if (Algorithm.isAesCbcHmac(contentEncryptionAlgo)) { - return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider); + if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo)) { + return new AesCbcHmacJweEncryption(getContentAlgo(contentEncryptionAlgo), keyEncryptionProvider); } else { return new JweEncryption(keyEncryptionProvider, getContentEncryptionAlgorithm(contentEncryptionAlgo)); @@ -404,8 +411,8 @@ public final class JweUtils { } public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider, String contentDecryptionAlgo) { - if (Algorithm.isAesCbcHmac(contentDecryptionAlgo)) { - return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo); + if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo)) { + return new AesCbcHmacJweDecryption(keyDecryptionProvider, getContentAlgo(contentDecryptionAlgo)); } else { return new JweDecryption(keyDecryptionProvider, getContentDecryptionAlgorithm(contentDecryptionAlgo)); @@ -517,15 +524,15 @@ public final class JweUtils { } return headers; } - private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm keyEncryptionProvider, - ContentEncryptionAlgorithm ctEncryptionProvider, + private static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, + ContentEncryptionProvider ctEncryptionProvider, String contentEncryptionAlgo, String compression) { if (keyEncryptionProvider == null && ctEncryptionProvider == null) { throw new SecurityException(); } JweHeaders headers = - prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm() : null, + prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null, contentEncryptionAlgo, compression); if (keyEncryptionProvider != null) { return createJweEncryptionProvider(keyEncryptionProvider, headers); @@ -549,7 +556,7 @@ public final class JweUtils { String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { - defaultAlgo = JoseConstants.RSA_OAEP_ALGO; + defaultAlgo = AlgorithmUtils.RSA_OAEP_ALGO; } return KeyManagementUtils.getKeyAlgorithm(m, props, JSON_WEB_ENCRYPTION_KEY_ALGO_PROP, defaultAlgo); @@ -558,19 +565,19 @@ public final class JweUtils { } private static String getDefaultKeyAlgo(JsonWebKey jwk) { if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { - return JoseConstants.A128GCMKW_ALGO; + return AlgorithmUtils.A128GCMKW_ALGO; } else { - return JoseConstants.RSA_OAEP_ALGO; + return AlgorithmUtils.RSA_OAEP_ALGO; } } private static String getContentEncryptionAlgo(Message m, Properties props, String algo) { if (algo == null) { return KeyManagementUtils.getKeyAlgorithm(m, props, - JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, JoseConstants.A128GCM_ALGO); + JSON_WEB_ENCRYPTION_CEK_ALGO_PROP, AlgorithmUtils.A128GCM_ALGO); } return algo; } - private static String encrypt(KeyEncryptionAlgorithm keyEncryptionProvider, + private static String encrypt(KeyEncryptionProvider keyEncryptionProvider, String contentAlgo, byte[] content, String ct) { JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null); return jwe.encrypt(content, toJweHeaders(ct)); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java index f8df934..bccd896 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java @@ -18,8 +18,10 @@ */ package org.apache.cxf.rs.security.jose.jwe; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + public interface KeyDecryptionAlgorithm { - String getAlgorithm(); + KeyAlgorithm getAlgorithm(); byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java deleted file mode 100644 index 3885291..0000000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - - -public interface KeyEncryptionAlgorithm { - String getAlgorithm(); - byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java new file mode 100644 index 0000000..2f5c8db --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + + +public interface KeyEncryptionProvider { + KeyAlgorithm getAlgorithm(); + byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java index 3ab9623..020d9b01 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java @@ -19,28 +19,30 @@ package org.apache.cxf.rs.security.jose.jwe; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { private byte[] password; - private String algo; + private KeyAlgorithm algo; public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); + this(password, KeyAlgorithm.PBES2_HS256_A128KW, false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo, boolean hashLargePasswords) { + public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, KeyAlgorithm algo, boolean hashLargePasswords) { this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo, hashLargePasswords); } public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); + this(password, KeyAlgorithm.PBES2_HS256_A128KW, false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo, boolean hashLargePasswords) { + public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, KeyAlgorithm algo, boolean hashLargePasswords) { this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo, hashLargePasswords); } public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) { - this(password, Algorithm.PBES2_HS256_A128KW.getJwtName(), false); + this(password, KeyAlgorithm.PBES2_HS256_A128KW, false); } - public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo, boolean hashLargePasswords) { - this.password = PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password, algo, hashLargePasswords); + public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, KeyAlgorithm algo, boolean hashLargePasswords) { + this.password = + PbesHmacAesWrapKeyEncryptionAlgorithm.validatePassword(password, algo.getJwaName(), hashLargePasswords); this.algo = algo; } @Override @@ -54,7 +56,7 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount); KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) { protected boolean isValidAlgorithmFamily(String wrapAlgo) { - return Algorithm.isPbesHsWrap(wrapAlgo); + return AlgorithmUtils.isPbesHsWrap(wrapAlgo); } }; return aesWrap.getDecryptedContentEncryptionKey(jweDecryptionInput); @@ -67,7 +69,7 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor } } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return algo; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index ecb9aa0..6e678c7 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -28,7 +28,8 @@ import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.common.util.crypto.MessageDigestUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.SHA384Digest; @@ -36,52 +37,55 @@ import org.bouncycastle.crypto.digests.SHA512Digest; import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; -public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { +public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { private static final Map<String, Integer> PBES_HMAC_MAP; private static final Map<String, String> PBES_AES_MAP; private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP; static { PBES_HMAC_MAP = new HashMap<String, Integer>(); - PBES_HMAC_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 256); - PBES_HMAC_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 384); - PBES_HMAC_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 512); + PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), 256); + PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), 384); + PBES_HMAC_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), 512); PBES_AES_MAP = new HashMap<String, String>(); - PBES_AES_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), Algorithm.A128KW.getJwtName()); - PBES_AES_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), Algorithm.A192KW.getJwtName()); - PBES_AES_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), Algorithm.A256KW.getJwtName()); + PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), KeyAlgorithm.A128KW.getJwaName()); + PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), KeyAlgorithm.A192KW.getJwaName()); + PBES_AES_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), KeyAlgorithm.A256KW.getJwaName()); DERIVED_KEY_SIZE_MAP = new HashMap<String, Integer>(); - DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS256_A128KW.getJwtName(), 16); - DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS384_A192KW.getJwtName(), 24); - DERIVED_KEY_SIZE_MAP.put(Algorithm.PBES2_HS512_A256KW.getJwtName(), 32); + DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), 16); + DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS384_A192KW.getJwaName(), 24); + DERIVED_KEY_SIZE_MAP.put(KeyAlgorithm.PBES2_HS512_A256KW.getJwaName(), 32); } private byte[] password; private int pbesCount; - private String keyAlgoJwt; - public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, String keyAlgoJwt) { + private KeyAlgorithm keyAlgoJwt; + public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, KeyAlgorithm keyAlgoJwt) { this(stringToBytes(password), keyAlgoJwt); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, String keyAlgoJwt, + public PbesHmacAesWrapKeyEncryptionAlgorithm(String password, int pbesCount, + KeyAlgorithm keyAlgoJwt, boolean hashLargePasswords) { this(stringToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, String keyAlgoJwt) { + public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, KeyAlgorithm keyAlgoJwt) { this(password, 4096, keyAlgoJwt, false); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, String keyAlgoJwt, + public PbesHmacAesWrapKeyEncryptionAlgorithm(char[] password, int pbesCount, + KeyAlgorithm keyAlgoJwt, boolean hashLargePasswords) { this(charsToBytes(password), pbesCount, keyAlgoJwt, hashLargePasswords); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, String keyAlgoJwt) { + public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, KeyAlgorithm keyAlgoJwt) { this(password, 4096, keyAlgoJwt, false); } - public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, String keyAlgoJwt, + public PbesHmacAesWrapKeyEncryptionAlgorithm(byte[] password, int pbesCount, + KeyAlgorithm keyAlgoJwt, boolean hashLargePasswords) { this.keyAlgoJwt = validateKeyAlgorithm(keyAlgoJwt); - this.password = validatePassword(password, keyAlgoJwt, hashLargePasswords); + this.password = validatePassword(password, keyAlgoJwt.getJwaName(), hashLargePasswords); this.pbesCount = validatePbesCount(pbesCount); } @@ -102,20 +106,20 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor } @Override public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) { - int keySize = getKeySize(keyAlgoJwt); + int keySize = getKeySize(keyAlgoJwt.getJwaName()); byte[] saltInput = CryptoUtils.generateSecureRandomBytes(keySize); - byte[] derivedKey = createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount); + byte[] derivedKey = createDerivedKey(keyAlgoJwt.getJwaName(), + keySize, password, saltInput, pbesCount); headers.setHeader("p2s", Base64UrlUtility.encode(saltInput)); headers.setIntegerHeader("p2c", pbesCount); - final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt); - KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt) { + KeyEncryptionProvider aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, keyAlgoJwt) { protected void checkAlgorithms(JweHeaders headers) { // complete } protected String getKeyEncryptionAlgoJava(JweHeaders headers) { - return Algorithm.AES_WRAP_ALGO_JAVA; + return AlgorithmUtils.AES_WRAP_ALGO_JAVA; } }; return aesWrap.getEncryptedContentEncryptionKey(headers, cek); @@ -151,8 +155,8 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor System.arraycopy(saltInput, 0, saltValue, algoBytes.length + 1, saltInput.length); return saltValue; } - static String validateKeyAlgorithm(String algo) { - if (!Algorithm.isPbesHsWrap(algo)) { + static KeyAlgorithm validateKeyAlgorithm(KeyAlgorithm algo) { + if (!AlgorithmUtils.isPbesHsWrap(algo.getJwaName())) { throw new SecurityException(); } return algo; @@ -174,7 +178,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor return b; } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return keyAlgoJwt; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java index 5bacb6e..b1809c8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java @@ -20,16 +20,17 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.RSAPrivateKey; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey) { this(privateKey, null); } - public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) { + public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, KeyAlgorithm supportedAlgo) { this(privateKey, supportedAlgo, true); } - public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean unwrap) { + public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, KeyAlgorithm supportedAlgo, boolean unwrap) { super(privateKey, supportedAlgo, unwrap); } protected int getKeyCipherBlockSize() { @@ -38,7 +39,7 @@ public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { @Override protected void validateKeyEncryptionAlgorithm(String keyAlgo) { super.validateKeyEncryptionAlgorithm(keyAlgo); - if (!Algorithm.isRsaKeyWrap(keyAlgo)) { + if (!AlgorithmUtils.isRsaKeyWrap(keyAlgo)) { throw new SecurityException(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java index dee0a2c..b820cdd 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java @@ -20,14 +20,15 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.RSAPublicKey; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class RSAKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { - public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) { + public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, KeyAlgorithm jweAlgo) { this(publicKey, jweAlgo, true); } - public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) { - super(publicKey, jweAlgo, wrap, Algorithm.RSA_CEK_SET); + public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, KeyAlgorithm jweAlgo, boolean wrap) { + super(publicKey, jweAlgo, wrap, AlgorithmUtils.RSA_CEK_SET); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java index 2980dcc..4e5f74e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java @@ -23,16 +23,17 @@ import java.security.spec.AlgorithmParameterSpec; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.common.util.crypto.KeyProperties; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { private Key cekDecryptionKey; private boolean unwrap; - private String supportedAlgo; - public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo) { + private KeyAlgorithm supportedAlgo; + public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, KeyAlgorithm supportedAlgo) { this(cekDecryptionKey, supportedAlgo, true); } - public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo, boolean unwrap) { + public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, KeyAlgorithm supportedAlgo, boolean unwrap) { this.cekDecryptionKey = cekDecryptionKey; this.supportedAlgo = supportedAlgo; this.unwrap = unwrap; @@ -64,15 +65,15 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { protected String getKeyEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) { String keyAlgo = jweDecryptionInput.getJweHeaders().getKeyEncryptionAlgorithm(); validateKeyEncryptionAlgorithm(keyAlgo); - return Algorithm.toJavaName(keyAlgo); + return AlgorithmUtils.toJavaName(keyAlgo); } protected void validateKeyEncryptionAlgorithm(String keyAlgo) { - if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.equals(keyAlgo)) { + if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.getJwaName().equals(keyAlgo)) { throw new SecurityException(); } } protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) { - return Algorithm.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm()); + return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm()); } protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweDecryptionInput jweDecryptionInput) { return null; @@ -81,7 +82,7 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { return jweDecryptionInput.getEncryptedCEK(); } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return supportedAlgo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 911ddda..201d418 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -47,7 +47,9 @@ import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; @@ -55,7 +57,7 @@ import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -395,10 +397,10 @@ public final class JwkUtils { public static SecretKey toSecretKey(JsonWebKey jwk) { return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), - Algorithm.toJavaName(jwk.getAlgorithm())); + AlgorithmUtils.toJavaName(jwk.getAlgorithm())); } public static JsonWebKey fromSecretKey(SecretKey secretKey, String algo) { - if (!Algorithm.isOctet(algo)) { + if (!AlgorithmUtils.isOctet(algo)) { throw new SecurityException("Invalid algorithm"); } JsonWebKey jwk = new JsonWebKey(); @@ -411,16 +413,16 @@ public final class JwkUtils { private static JweEncryptionProvider createDefaultEncryption(char[] password) { - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); - return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption); + KeyEncryptionProvider keyEncryption = + new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW); + return new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, keyEncryption); } private static JweDecryptionProvider createDefaultDecryption(char[] password) { KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); return new AesCbcHmacJweDecryption(keyDecryption); } private static JsonWebKey prepareRSAJwk(BigInteger modulus, String algo) { - if (!Algorithm.isRsa(algo)) { + if (!AlgorithmUtils.isRsa(algo)) { throw new SecurityException("Invalid algorithm"); } JsonWebKey jwk = new JsonWebKey(); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index e2ebda5..dd2defc 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -19,12 +19,13 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider { - private String algorithm; + private SignatureAlgorithm algorithm; - protected AbstractJwsSignatureProvider(String algo) { + protected AbstractJwsSignatureProvider(SignatureAlgorithm algo) { this.algorithm = algo; } @@ -36,13 +37,13 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid if (algo != null) { checkAlgorithm(algo); } else { - checkAlgorithm(algorithm); - headers.setAlgorithm(algorithm); + checkAlgorithm(algorithm.getJwaName()); + headers.setAlgorithm(algorithm.getJwaName()); } return headers; } @Override - public String getAlgorithm() { + public SignatureAlgorithm getAlgorithm() { return algorithm; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java index 431c211..3bb92b9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java @@ -23,27 +23,28 @@ import java.security.Signature; import java.security.interfaces.ECPrivateKey; import java.security.spec.AlgorithmParameterSpec; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider { - public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) { + public EcDsaJwsSignatureProvider(ECPrivateKey key, SignatureAlgorithm algo) { this(key, null, algo); } - public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String algo) { + public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) { this(key, null, spec, algo); } public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, - String algo) { + SignatureAlgorithm algo) { super(key, random, spec, algo); } @Override protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isEcDsaSign(algo); + return AlgorithmUtils.isEcDsaSign(algo); } @Override protected JwsSignature doCreateJwsSignature(Signature s) { return new EcDsaPrivateKeyJwsSignature(s, - EcDsaJwsSignatureVerifier.SIGNATURE_LENGTH_MAP.get(super.getAlgorithm())); + EcDsaJwsSignatureVerifier.SIGNATURE_LENGTH_MAP.get(super.getAlgorithm().getJwaName())); } protected static class EcDsaPrivateKeyJwsSignature extends PrivateKeyJwsSignature { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java index 8c788bc..b0bdae4 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureVerifier.java @@ -24,25 +24,26 @@ import java.util.HashMap; import java.util.Map; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier { static final Map<String, Integer> SIGNATURE_LENGTH_MAP; static { SIGNATURE_LENGTH_MAP = new HashMap<String, Integer>(); - SIGNATURE_LENGTH_MAP.put(Algorithm.SHA256withECDSA.getJwtName(), 64); - SIGNATURE_LENGTH_MAP.put(Algorithm.SHA384withECDSA.getJwtName(), 96); - SIGNATURE_LENGTH_MAP.put(Algorithm.SHA512withECDSA.getJwtName(), 132); + SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES256.getJwaName(), 64); + SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES384.getJwaName(), 96); + SIGNATURE_LENGTH_MAP.put(SignatureAlgorithm.ES512.getJwaName(), 132); } - public EcDsaJwsSignatureVerifier(PublicKey key, String supportedAlgo) { + public EcDsaJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgo) { this(key, null, supportedAlgo); } - public EcDsaJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) { + public EcDsaJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { super(key, spec, supportedAlgo); } @Override public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) { - if (SIGNATURE_LENGTH_MAP.get(super.getAlgorithm()) != signature.length) { + if (SIGNATURE_LENGTH_MAP.get(super.getAlgorithm().getJwaName()) != signature.length) { throw new SecurityException(); } byte[] der = signatureToDer(signature); @@ -50,7 +51,7 @@ public class EcDsaJwsSignatureVerifier extends PublicKeyJwsSignatureVerifier { } @Override protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isEcDsaSign(algo); + return AlgorithmUtils.isEcDsaSign(algo); } private static byte[] signatureToDer(byte joseSig[]) { int partLen = joseSig.length / 2; http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java index 81db7d6..f272dad 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java @@ -26,21 +26,22 @@ import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { private byte[] key; private AlgorithmParameterSpec hmacSpec; - public HmacJwsSignatureProvider(byte[] key, String algo) { + public HmacJwsSignatureProvider(byte[] key, SignatureAlgorithm algo) { this(key, null, algo); } - public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo) { + public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) { super(algo); this.key = key; this.hmacSpec = spec; } - public HmacJwsSignatureProvider(String encodedKey, String algo) { + public HmacJwsSignatureProvider(String encodedKey, SignatureAlgorithm algo) { super(algo); try { this.key = Base64UrlUtility.decode(encodedKey); @@ -50,7 +51,7 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { } protected JwsSignature doCreateJwsSignature(JoseHeaders headers) { - final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()), + final Mac mac = HmacUtils.getInitializedMac(key, AlgorithmUtils.toJavaName(headers.getAlgorithm()), hmacSpec); return new JwsSignature() { @@ -69,7 +70,7 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { @Override protected void checkAlgorithm(String algo) { super.checkAlgorithm(algo); - if (!Algorithm.isHmacSign(algo)) { + if (!AlgorithmUtils.isHmacSign(algo)) { throw new SecurityException(); } }
