[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d2b0180 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d2b0180 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d2b0180 Branch: refs/heads/master Commit: 8d2b0180518fcec6274ac2f288e74ed1ff5ce76a Parents: 85fdb62 Author: Sergey Beryozkin <[email protected]> Authored: Fri Feb 27 13:55:04 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Fri Feb 27 13:55:04 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/jose/JoseConstants.java | 42 --- .../jose/jaxrs/JwsJsonWriterInterceptor.java | 2 +- .../cxf/rs/security/jose/jwa/Algorithm.java | 291 ------------------- .../rs/security/jose/jwa/AlgorithmUtils.java | 268 +++++++++++++++++ .../rs/security/jose/jwa/ContentAlgorithm.java | 67 +++++ .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 +++++ .../security/jose/jwa/SignatureAlgorithm.java | 77 +++++ .../jwe/AbstractContentEncryptionAlgorithm.java | 13 +- ...stractContentEncryptionCipherProperties.java | 7 +- .../jose/jwe/AbstractJweDecryption.java | 10 +- .../jose/jwe/AbstractJweEncryption.java | 41 +-- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +- .../jose/jwe/AesCbcHmacJweDecryption.java | 11 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++- .../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +- .../jose/jwe/ContentEncryptionAlgorithm.java | 26 -- .../jwe/ContentEncryptionCipherProperties.java | 4 +- .../jose/jwe/ContentEncryptionProvider.java | 26 ++ .../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +- .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +- .../jose/jwe/EcdhDirectKeyJweDecryption.java | 8 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java | 16 +- .../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +- .../rs/security/jose/jwe/JweJsonConsumer.java | 2 +- .../rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../rs/security/jose/jwe/JweKeyProperties.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 139 ++++----- .../jose/jwe/KeyDecryptionAlgorithm.java | 4 +- .../jose/jwe/KeyEncryptionAlgorithm.java | 25 -- .../jose/jwe/KeyEncryptionProvider.java | 27 ++ .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++-- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +- .../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 +- .../jose/jws/EcDsaJwsSignatureProvider.java | 13 +- .../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +- .../jose/jws/HmacJwsSignatureProvider.java | 13 +- .../jose/jws/HmacJwsSignatureVerifier.java | 22 +- .../security/jose/jws/JwsCompactProducer.java | 4 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 4 +- .../rs/security/jose/jws/JwsJsonProducer.java | 2 +- .../security/jose/jws/JwsSignatureProvider.java | 3 +- .../security/jose/jws/JwsSignatureVerifier.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 30 +- .../jose/jws/NoneJwsSignatureProvider.java | 5 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 13 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +- .../jose/cookbook/JwkJoseCookBookTest.java | 7 +- .../jose/cookbook/JwsJoseCookBookTest.java | 110 +++---- .../jose/jwe/JweCompactReaderWriterTest.java | 50 ++-- .../security/jose/jwe/JweJsonConsumerTest.java | 27 +- .../security/jose/jwe/JweJsonProducerTest.java | 45 ++- .../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +- .../rs/security/jose/jwk/JsonWebKeyTest.java | 21 +- .../security/jose/jws/JwsCompactHeaderTest.java | 26 +- .../jose/jws/JwsCompactReaderWriterTest.java | 47 ++- .../security/jose/jws/JwsJsonProducerTest.java | 21 +- .../grants/code/JwtRequestCodeFilter.java | 8 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +- .../oidc/idp/AbstractJwsJweProducer.java | 10 +- .../apache/cxf/systest/jaxrs/BookServer.java | 3 +- .../jaxrs/JAXRSClientServerBookTest.java | 1 + .../jaxrs/security/jwt/JAXRSJweJwsTest.java | 15 +- .../jaxrs/security/jwt/JAXRSJwsJsonTest.java | 4 +- .../cxf/systest/jaxrs/security/jwt/server.xml | 4 +- 77 files changed, 1168 insertions(+), 949 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java index e131147..c5f3e03 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java @@ -44,48 +44,6 @@ public final class JoseConstants { public static final String MEDIA_TYPE_JOSE = "application/jose"; public static final String MEDIA_TYPE_JOSE_JSON = "application/jose+json"; - public static final String PLAIN_TEXT_ALGO = "none"; - public static final String HMAC_SHA_256_ALGO = "HS256"; - public static final String HMAC_SHA_384_ALGO = "HS384"; - public static final String HMAC_SHA_512_ALGO = "HS512"; - public static final String RS_SHA_256_ALGO = "RS256"; - public static final String RS_SHA_384_ALGO = "RS384"; - public static final String RS_SHA_512_ALGO = "RS512"; - public static final String PS_SHA_256_ALGO = "PS256"; - public static final String PS_SHA_384_ALGO = "PS384"; - public static final String PS_SHA_512_ALGO = "PS512"; - public static final String ES_SHA_256_ALGO = "ES256"; - public static final String ES_SHA_384_ALGO = "ES384"; - public static final String ES_SHA_512_ALGO = "ES512"; - - // Key Encryption - public static final String RSA_OAEP_ALGO = "RSA-OAEP"; - public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256"; - public static final String RSA_1_5_ALGO = "RSA1_5"; - public static final String A128KW_ALGO = "A128KW"; - public static final String A192KW_ALGO = "A192KW"; - public static final String A256KW_ALGO = "A256KW"; - public static final String A128GCMKW_ALGO = "A128GCMKW"; - public static final String A192GCMKW_ALGO = "A192GCMKW"; - public static final String A256GCMKW_ALGO = "A256GCMKW"; - - public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES"; - - public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW"; - public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW"; - public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW"; - - public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW"; - public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW"; - public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW"; - // Content Encryption - public static final String A128CBC_HS256_ALGO = "A128CBC-HS256"; - public static final String A192CBC_HS384_ALGO = "A192CBC-HS384"; - public static final String A256CBC_HS512_ALGO = "A256CBC-HS512"; - public static final String A128GCM_ALGO = "A128GCM"; - public static final String A192GCM_ALGO = "A192GCM"; - public static final String A256GCM_ALGO = "A256GCM"; - public static final String JOSE_CONTEXT_PROPERTY = "org.apache.cxf.jose.context"; private JoseConstants() { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java index c5159a1..069279b 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java @@ -93,7 +93,7 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl private JoseHeaders prepareProtectedHeader(WriterInterceptorContext ctx, JwsSignatureProvider signer) { JoseHeaders headers = new JoseHeaders(); - headers.setAlgorithm(signer.getAlgorithm()); + headers.setAlgorithm(signer.getAlgorithm().getJwaName()); setContentTypeIfNeeded(headers, ctx); return headers; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java deleted file mode 100644 index f6e167e..0000000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java +++ /dev/null @@ -1,291 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwa; - -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.apache.cxf.rs.security.jose.JoseConstants; - - - -public enum Algorithm { - // Signature - HmacSHA256(JoseConstants.HMAC_SHA_256_ALGO, 256), - HmacSHA384(JoseConstants.HMAC_SHA_384_ALGO, 384), - HmacSHA512(JoseConstants.HMAC_SHA_512_ALGO, 512), - - SHA256withRSA(JoseConstants.RS_SHA_256_ALGO, 256), - SHA384withRSA(JoseConstants.RS_SHA_384_ALGO, 384), - SHA512withRSA(JoseConstants.RS_SHA_512_ALGO, 512), - - SHA256withECDSA(JoseConstants.ES_SHA_256_ALGO, 256), - SHA384withECDSA(JoseConstants.ES_SHA_384_ALGO, 384), - SHA512withECDSA(JoseConstants.ES_SHA_512_ALGO, 512), - - // Key Encryption - RSA_OAEP(JoseConstants.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1), - RSA_OAEP_256(JoseConstants.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1), - RSA_1_5(JoseConstants.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1), - A128KW(JoseConstants.A128KW_ALGO, "AESWrap", 128), - A192KW(JoseConstants.A192KW_ALGO, "AESWrap", 192), - A256KW(JoseConstants.A256KW_ALGO, "AESWrap", 256), - A128GCMKW(JoseConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128), - A192GCMKW(JoseConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192), - A256GCMKW(JoseConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256), - PBES2_HS256_A128KW(JoseConstants.PBES2_HS256_A128KW_ALGO, "AESWrap", 128), - PBES2_HS384_A192KW(JoseConstants.PBES2_HS384_A192KW_ALGO, "AESWrap", 192), - PBES2_HS512_A256KW(JoseConstants.PBES2_HS512_A256KW_ALGO, "AESWrap", 256), - ECDH_ES_A128KW(JoseConstants.ECDH_ES_A128KW_ALGO, "AESWrap", 128), - ECDH_ES_A192KW(JoseConstants.ECDH_ES_A192KW_ALGO, "AESWrap", 192), - ECDH_ES_A256KW(JoseConstants.ECDH_ES_A256KW_ALGO, "AESWrap", 256), - // Content Encryption - A128GCM(JoseConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128), - A192GCM(JoseConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192), - A256GCM(JoseConstants.A256GCM_ALGO, "AES/GCM/NoPadding", 256), - //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding" - // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only - A128CBC_HS256(JoseConstants.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128), - A192CBC_HS384(JoseConstants.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192), - A256CBC_HS512(JoseConstants.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256); - - public static final String HMAC_SHA_256_JAVA = "HmacSHA256"; - public static final String HMAC_SHA_384_JAVA = "HmacSHA384"; - public static final String HMAC_SHA_512_JAVA = "HmacSHA512"; - public static final String RS_SHA_256_JAVA = "SHA256withRSA"; - public static final String RS_SHA_384_JAVA = "SHA384withRSA"; - public static final String RS_SHA_512_JAVA = "SHA512withRSA"; - public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1"; - public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1"; - public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1"; - public static final String ES_SHA_256_JAVA = "SHA256withECDSA"; - public static final String ES_SHA_384_JAVA = "SHA384withECDSA"; - public static final String ES_SHA_512_JAVA = "SHA512withECDSA"; - public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; - public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"; - public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding"; - public static final String AES_ALGO_JAVA = "AES"; - public static final String AES_WRAP_ALGO_JAVA = "AESWrap"; - public static final String AES_GCM_ALGO_JAVA = "AES/GCM/NoPadding"; - public static final String AES_CBC_ALGO_JAVA = "AES/CBC/PKCS7Padding"; - - public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.HMAC_SHA_256_ALGO, - JoseConstants.HMAC_SHA_384_ALGO, - JoseConstants.HMAC_SHA_512_ALGO)); - public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.RS_SHA_256_ALGO, - JoseConstants.RS_SHA_384_ALGO, - JoseConstants.RS_SHA_512_ALGO)); - public static final Set<String> RSA_SHA_PS_SIGN_SET = - new HashSet<String>(Arrays.asList(JoseConstants.PS_SHA_256_ALGO, - JoseConstants.PS_SHA_384_ALGO, - JoseConstants.PS_SHA_512_ALGO)); - public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO, - JoseConstants.ES_SHA_384_ALGO, - JoseConstants.ES_SHA_512_ALGO)); - public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO, - JoseConstants.RSA_OAEP_256_ALGO, - JoseConstants.RSA_1_5_ALGO)); - public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO, - JoseConstants.A192GCM_ALGO, - JoseConstants.A256GCM_ALGO)); - public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCMKW_ALGO, - JoseConstants.A192GCMKW_ALGO, - JoseConstants.A256GCMKW_ALGO)); - public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO, - JoseConstants.A192KW_ALGO, - JoseConstants.A256KW_ALGO)); - public static final Set<String> ACBC_HS_SET = - new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO, - JoseConstants.A192CBC_HS384_ALGO, - JoseConstants.A256CBC_HS512_ALGO)); - public static final Set<String> PBES_HS_SET = - new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW.getJwtName(), - PBES2_HS384_A192KW.getJwtName(), - PBES2_HS512_A256KW.getJwtName())); - public static final Set<String> ECDH_ES_SET = - new HashSet<String>(Arrays.asList(ECDH_ES_A128KW.getJwtName(), - ECDH_ES_A192KW.getJwtName(), - ECDH_ES_A256KW.getJwtName())); - - private static final Map<String, String> JAVA_TO_JWT_NAMES; - private static final Map<String, String> JWT_TO_JAVA_NAMES; - static { - JAVA_TO_JWT_NAMES = new HashMap<String, String>(); - JAVA_TO_JWT_NAMES.put(HMAC_SHA_256_JAVA, JoseConstants.HMAC_SHA_256_ALGO); - JAVA_TO_JWT_NAMES.put(HMAC_SHA_384_JAVA, JoseConstants.HMAC_SHA_384_ALGO); - JAVA_TO_JWT_NAMES.put(HMAC_SHA_512_JAVA, JoseConstants.HMAC_SHA_512_ALGO); - JAVA_TO_JWT_NAMES.put(RS_SHA_256_JAVA, JoseConstants.RS_SHA_256_ALGO); - JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JoseConstants.RS_SHA_384_ALGO); - JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JoseConstants.RS_SHA_512_ALGO); - JAVA_TO_JWT_NAMES.put(PS_SHA_256_JAVA, JoseConstants.PS_SHA_256_ALGO); - JAVA_TO_JWT_NAMES.put(PS_SHA_384_JAVA, JoseConstants.PS_SHA_384_ALGO); - JAVA_TO_JWT_NAMES.put(PS_SHA_512_JAVA, JoseConstants.PS_SHA_512_ALGO); - JAVA_TO_JWT_NAMES.put(ES_SHA_256_JAVA, JoseConstants.ES_SHA_256_ALGO); - JAVA_TO_JWT_NAMES.put(ES_SHA_384_JAVA, JoseConstants.ES_SHA_384_ALGO); - JAVA_TO_JWT_NAMES.put(ES_SHA_512_JAVA, JoseConstants.ES_SHA_512_ALGO); - JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JoseConstants.RSA_OAEP_ALGO); - JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JoseConstants.RSA_OAEP_256_ALGO); - JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JoseConstants.RSA_1_5_ALGO); - JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A256GCM_ALGO); - JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A192GCM_ALGO); - JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A128GCM_ALGO); - JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A128KW_ALGO); - JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A192KW_ALGO); - JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A256KW_ALGO); - JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A128CBC_HS256_ALGO); - JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A192CBC_HS384_ALGO); - JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A256CBC_HS512_ALGO); - JWT_TO_JAVA_NAMES = new HashMap<String, String>(); - JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_256_ALGO, RS_SHA_256_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_256_ALGO, PS_SHA_256_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_384_ALGO, PS_SHA_384_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_512_ALGO, PS_SHA_512_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_256_ALGO, ES_SHA_256_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_384_ALGO, ES_SHA_384_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_512_ALGO, ES_SHA_512_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A128KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A192KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A256KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA); - JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA); - } - private final String jwtName; - private final String javaName; - private final int keySizeBits; - - private Algorithm(String jwtName, int keySizeBits) { - this(jwtName, null, keySizeBits); - } - private Algorithm(String jwtName, String javaName, int keySizeBits) { - this.jwtName = jwtName; - this.javaName = javaName; - this.keySizeBits = keySizeBits; - } - - public String getJwtName() { - return jwtName; - } - - public String getJavaName() { - return javaName == null ? name() : javaName; - } - - public String getJavaAlgoName() { - return stripAlgoProperties(getJavaName()); - } - - public int getKeySizeBits() { - return keySizeBits; - } - - public static String toJwtName(String javaName, int keyBitSize) { - //TODO: perhaps a key should be a name+keysize pair - String name = JAVA_TO_JWT_NAMES.get(javaName); - if (name == null && javaName.startsWith(AES_ALGO_JAVA)) { - name = "A" + keyBitSize + "GCM"; - } - return name; - } - public static String toJavaName(String jwtName) { - return JWT_TO_JAVA_NAMES.get(jwtName); - } - public static String toJavaAlgoNameOnly(String jwtName) { - return stripAlgoProperties(toJavaName(jwtName)); - } - public static String stripAlgoProperties(String javaName) { - if (javaName != null) { - int index = javaName.indexOf('/'); - if (index != -1) { - javaName = javaName.substring(0, index); - } - } - return javaName; - } - public static boolean isRsa(String algo) { - return isRsaKeyWrap(algo) || isRsaSign(algo); - } - public static boolean isRsaKeyWrap(String algo) { - return RSA_CEK_SET.contains(algo); - } - public static boolean isAesKeyWrap(String algo) { - return AES_KW_SET.contains(algo); - } - public static boolean isAesGcmKeyWrap(String algo) { - return AES_GCM_KW_SET.contains(algo); - } - public static boolean isPbesHsWrap(String algo) { - return PBES_HS_SET.contains(algo); - } - public static boolean isEcdhEsWrap(String algo) { - return ECDH_ES_SET.contains(algo); - } - public static boolean isAesGcm(String algo) { - return AES_GCM_CEK_SET.contains(algo); - } - public static boolean isAesCbcHmac(String algo) { - return ACBC_HS_SET.contains(algo); - } - public static boolean isHmacSign(String algo) { - return HMAC_SIGN_SET.contains(algo); - } - public static boolean isOctet(String algo) { - return isHmacSign(algo) - || isAesCbcHmac(algo) - || isAesGcm(algo) - || isAesGcmKeyWrap(algo) - || isAesKeyWrap(algo); - } - public static boolean isRsaSign(String algo) { - return isRsaShaSign(algo) || isRsaShaPsSign(algo); - } - public static boolean isRsaShaSign(String algo) { - return RSA_SHA_SIGN_SET.contains(algo); - } - public static boolean isRsaShaPsSign(String algo) { - return RSA_SHA_PS_SIGN_SET.contains(algo); - } - public static boolean isEcDsaSign(String algo) { - return EC_SHA_SIGN_SET.contains(algo); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java new file mode 100644 index 0000000..22d7908 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java @@ -0,0 +1,268 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.jose.jwa; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + + + + +public final class AlgorithmUtils { + public static final String AES = "AES"; + + // Key Encryption + // JWA + public static final String RSA_OAEP_ALGO = "RSA-OAEP"; + public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256"; + public static final String RSA_1_5_ALGO = "RSA1_5"; + public static final String A128KW_ALGO = "A128KW"; + public static final String A192KW_ALGO = "A192KW"; + public static final String A256KW_ALGO = "A256KW"; + public static final String A128GCMKW_ALGO = "A128GCMKW"; + public static final String A192GCMKW_ALGO = "A192GCMKW"; + public static final String A256GCMKW_ALGO = "A256GCMKW"; + public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW"; + public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW"; + public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW"; + public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW"; + public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW"; + public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW"; + public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES"; + // Java + public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"; + public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"; + public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding"; + public static final String AES_WRAP_ALGO_JAVA = AES + "Wrap"; + // Content Encryption + // JWA + public static final String A128CBC_HS256_ALGO = "A128CBC-HS256"; + public static final String A192CBC_HS384_ALGO = "A192CBC-HS384"; + public static final String A256CBC_HS512_ALGO = "A256CBC-HS512"; + public static final String A128GCM_ALGO = "A128GCM"; + public static final String A192GCM_ALGO = "A192GCM"; + public static final String A256GCM_ALGO = "A256GCM"; + // Java + public static final String AES_GCM_ALGO_JAVA = AES + "/GCM/NoPadding"; + public static final String AES_CBC_ALGO_JAVA = AES + "/CBC/PKCS7Padding"; + // Signature + // JWA + public static final String HMAC_SHA_256_ALGO = "HS256"; + public static final String HMAC_SHA_384_ALGO = "HS384"; + public static final String HMAC_SHA_512_ALGO = "HS512"; + public static final String RS_SHA_256_ALGO = "RS256"; + public static final String RS_SHA_384_ALGO = "RS384"; + public static final String RS_SHA_512_ALGO = "RS512"; + public static final String PS_SHA_256_ALGO = "PS256"; + public static final String PS_SHA_384_ALGO = "PS384"; + public static final String PS_SHA_512_ALGO = "PS512"; + public static final String ES_SHA_256_ALGO = "ES256"; + public static final String ES_SHA_384_ALGO = "ES384"; + public static final String ES_SHA_512_ALGO = "ES512"; + public static final String PLAIN_TEXT_ALGO = "none"; + // Java + public static final String HMAC_SHA_256_JAVA = "HmacSHA256"; + public static final String HMAC_SHA_384_JAVA = "HmacSHA384"; + public static final String HMAC_SHA_512_JAVA = "HmacSHA512"; + public static final String RS_SHA_256_JAVA = "SHA256withRSA"; + public static final String RS_SHA_384_JAVA = "SHA384withRSA"; + public static final String RS_SHA_512_JAVA = "SHA512withRSA"; + public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1"; + public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1"; + public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1"; + public static final String ES_SHA_256_JAVA = "SHA256withECDSA"; + public static final String ES_SHA_384_JAVA = "SHA384withECDSA"; + public static final String ES_SHA_512_JAVA = "SHA512withECDSA"; + + public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(HMAC_SHA_256_ALGO, + HMAC_SHA_384_ALGO, + HMAC_SHA_512_ALGO)); + public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(RS_SHA_256_ALGO, + RS_SHA_384_ALGO, + RS_SHA_512_ALGO)); + public static final Set<String> RSA_SHA_PS_SIGN_SET = new HashSet<String>(Arrays.asList(PS_SHA_256_ALGO, + PS_SHA_384_ALGO, + PS_SHA_512_ALGO)); + public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(ES_SHA_256_ALGO, + ES_SHA_384_ALGO, + ES_SHA_512_ALGO)); + public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(RSA_OAEP_ALGO, + RSA_OAEP_256_ALGO, + RSA_1_5_ALGO)); + public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(A128GCM_ALGO, + A192GCM_ALGO, + A256GCM_ALGO)); + public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(A128GCMKW_ALGO, + A192GCMKW_ALGO, + A256GCMKW_ALGO)); + public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(A128KW_ALGO, + A192KW_ALGO, + A256KW_ALGO)); + public static final Set<String> ACBC_HS_SET = new HashSet<String>(Arrays.asList(A128CBC_HS256_ALGO, + A192CBC_HS384_ALGO, + A256CBC_HS512_ALGO)); + public static final Set<String> PBES_HS_SET = new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW_ALGO, + PBES2_HS384_A192KW_ALGO, + PBES2_HS512_A256KW_ALGO)); + public static final Set<String> ECDH_ES_SET = new HashSet<String>(Arrays.asList(ECDH_ES_A128KW_ALGO, + ECDH_ES_A192KW_ALGO, + ECDH_ES_A256KW_ALGO)); + + private static final Map<String, String> JAVA_TO_JWA_NAMES; + private static final Map<String, String> JWA_TO_JAVA_NAMES; + static { + JAVA_TO_JWA_NAMES = new HashMap<String, String>(); + JAVA_TO_JWA_NAMES.put(HMAC_SHA_256_JAVA, HMAC_SHA_256_ALGO); + JAVA_TO_JWA_NAMES.put(HMAC_SHA_384_JAVA, HMAC_SHA_384_ALGO); + JAVA_TO_JWA_NAMES.put(HMAC_SHA_512_JAVA, HMAC_SHA_512_ALGO); + JAVA_TO_JWA_NAMES.put(RS_SHA_256_JAVA, RS_SHA_256_ALGO); + JAVA_TO_JWA_NAMES.put(RS_SHA_384_JAVA, RS_SHA_384_ALGO); + JAVA_TO_JWA_NAMES.put(RS_SHA_512_JAVA, RS_SHA_512_ALGO); + JAVA_TO_JWA_NAMES.put(PS_SHA_256_JAVA, PS_SHA_256_ALGO); + JAVA_TO_JWA_NAMES.put(PS_SHA_384_JAVA, PS_SHA_384_ALGO); + JAVA_TO_JWA_NAMES.put(PS_SHA_512_JAVA, PS_SHA_512_ALGO); + JAVA_TO_JWA_NAMES.put(ES_SHA_256_JAVA, ES_SHA_256_ALGO); + JAVA_TO_JWA_NAMES.put(ES_SHA_384_JAVA, ES_SHA_384_ALGO); + JAVA_TO_JWA_NAMES.put(ES_SHA_512_JAVA, ES_SHA_512_ALGO); + JAVA_TO_JWA_NAMES.put(RSA_OAEP_ALGO_JAVA, RSA_OAEP_ALGO); + JAVA_TO_JWA_NAMES.put(RSA_OAEP_256_ALGO_JAVA, RSA_OAEP_256_ALGO); + JAVA_TO_JWA_NAMES.put(RSA_1_5_ALGO_JAVA, RSA_1_5_ALGO); + JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A256GCM_ALGO); + JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A192GCM_ALGO); + JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A128GCM_ALGO); + JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A128KW_ALGO); + JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A192KW_ALGO); + JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A256KW_ALGO); + JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A128CBC_HS256_ALGO); + JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A192CBC_HS384_ALGO); + JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A256CBC_HS512_ALGO); + JWA_TO_JAVA_NAMES = new HashMap<String, String>(); + JWA_TO_JAVA_NAMES.put(HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA); + JWA_TO_JAVA_NAMES.put(HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA); + JWA_TO_JAVA_NAMES.put(HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA); + JWA_TO_JAVA_NAMES.put(RS_SHA_256_ALGO, RS_SHA_256_JAVA); + JWA_TO_JAVA_NAMES.put(RS_SHA_384_ALGO, RS_SHA_384_JAVA); + JWA_TO_JAVA_NAMES.put(RS_SHA_512_ALGO, RS_SHA_512_JAVA); + JWA_TO_JAVA_NAMES.put(PS_SHA_256_ALGO, PS_SHA_256_JAVA); + JWA_TO_JAVA_NAMES.put(PS_SHA_384_ALGO, PS_SHA_384_JAVA); + JWA_TO_JAVA_NAMES.put(PS_SHA_512_ALGO, PS_SHA_512_JAVA); + JWA_TO_JAVA_NAMES.put(ES_SHA_256_ALGO, ES_SHA_256_JAVA); + JWA_TO_JAVA_NAMES.put(ES_SHA_384_ALGO, ES_SHA_384_JAVA); + JWA_TO_JAVA_NAMES.put(ES_SHA_512_ALGO, ES_SHA_512_JAVA); + JWA_TO_JAVA_NAMES.put(RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A128KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A192KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A256KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A256GCM_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A192GCM_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A128GCM_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A256GCMKW_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A192GCMKW_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A128GCMKW_ALGO, AES_GCM_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA); + JWA_TO_JAVA_NAMES.put(ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA); + } + + private AlgorithmUtils() { + } + public static boolean isRsa(String algo) { + return isRsaKeyWrap(algo) || isRsaSign(algo); + } + public static boolean isRsaKeyWrap(String algo) { + return RSA_CEK_SET.contains(algo); + } + public static boolean isAesKeyWrap(String algo) { + return AES_KW_SET.contains(algo); + } + public static boolean isAesGcmKeyWrap(String algo) { + return AES_GCM_KW_SET.contains(algo); + } + public static boolean isPbesHsWrap(String algo) { + return PBES_HS_SET.contains(algo); + } + public static boolean isEcdhEsWrap(String algo) { + return ECDH_ES_SET.contains(algo); + } + public static boolean isAesGcm(String algo) { + return AES_GCM_CEK_SET.contains(algo); + } + public static boolean isAesCbcHmac(String algo) { + return ACBC_HS_SET.contains(algo); + } + public static boolean isHmacSign(String algo) { + return HMAC_SIGN_SET.contains(algo); + } + public static boolean isOctet(String algo) { + return isHmacSign(algo) + || isAesCbcHmac(algo) + || isAesGcm(algo) + || isAesGcmKeyWrap(algo) + || isAesKeyWrap(algo); + } + public static boolean isRsaSign(String algo) { + return isRsaShaSign(algo) || isRsaShaPsSign(algo); + } + public static boolean isRsaShaSign(String algo) { + return RSA_SHA_SIGN_SET.contains(algo); + } + public static boolean isRsaShaPsSign(String algo) { + return RSA_SHA_PS_SIGN_SET.contains(algo); + } + public static boolean isEcDsaSign(String algo) { + return EC_SHA_SIGN_SET.contains(algo); + } + + public static String toJwaName(String javaName, int keyBitSize) { + //TODO: perhaps a key should be a name+keysize pair + String name = JAVA_TO_JWA_NAMES.get(javaName); + if (name == null && javaName.startsWith(AES)) { + name = "A" + keyBitSize + "GCM"; + } + return name; + } + public static String toJavaName(String jwtName) { + return JWA_TO_JAVA_NAMES.get(jwtName); + } + public static String toJavaAlgoNameOnly(String jwtName) { + return stripAlgoProperties(toJavaName(jwtName)); + } + public static String stripAlgoProperties(String javaName) { + if (javaName != null) { + int index = javaName.indexOf('/'); + if (index != -1) { + javaName = javaName.substring(0, index); + } + } + return javaName; + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java new file mode 100644 index 0000000..5f9e158 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java @@ -0,0 +1,67 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.jose.jwa; + + + + +public enum ContentAlgorithm { + A128GCM(AlgorithmUtils.A128GCM_ALGO, "AES/GCM/NoPadding", 128), + A192GCM(AlgorithmUtils.A192GCM_ALGO, "AES/GCM/NoPadding", 192), + A256GCM(AlgorithmUtils.A256GCM_ALGO, "AES/GCM/NoPadding", 256), + //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding" + // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only + A128CBC_HS256(AlgorithmUtils.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128), + A192CBC_HS384(AlgorithmUtils.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192), + A256CBC_HS512(AlgorithmUtils.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256); + + private final String jwaName; + private final String javaName; + private final int keySizeBits; + + private ContentAlgorithm(String jwaName, String javaName, int keySizeBits) { + this.jwaName = jwaName; + this.javaName = javaName; + this.keySizeBits = keySizeBits; + } + + public String getJwaName() { + return jwaName; + } + + public String getJavaName() { + return javaName == null ? name() : javaName; + } + + public String getJavaAlgoName() { + return AlgorithmUtils.stripAlgoProperties(getJavaName()); + } + + public int getKeySizeBits() { + return keySizeBits; + } + + public static ContentAlgorithm getAlgorithm(String algo) { + return ContentAlgorithm.valueOf(algo.replace('-', '_') + .replace('+', '_')); + + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java new file mode 100644 index 0000000..d5b03fb --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java @@ -0,0 +1,74 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.jose.jwa; + + + + +public enum KeyAlgorithm { + RSA_OAEP(AlgorithmUtils.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1), + RSA_OAEP_256(AlgorithmUtils.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1), + RSA_1_5(AlgorithmUtils.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1), + A128KW(AlgorithmUtils.A128KW_ALGO, "AESWrap", 128), + A192KW(AlgorithmUtils.A192KW_ALGO, "AESWrap", 192), + A256KW(AlgorithmUtils.A256KW_ALGO, "AESWrap", 256), + A128GCMKW(AlgorithmUtils.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128), + A192GCMKW(AlgorithmUtils.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192), + A256GCMKW(AlgorithmUtils.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256), + PBES2_HS256_A128KW(AlgorithmUtils.PBES2_HS256_A128KW_ALGO, "AESWrap", 128), + PBES2_HS384_A192KW(AlgorithmUtils.PBES2_HS384_A192KW_ALGO, "AESWrap", 192), + PBES2_HS512_A256KW(AlgorithmUtils.PBES2_HS512_A256KW_ALGO, "AESWrap", 256), + ECDH_ES_A128KW(AlgorithmUtils.ECDH_ES_A128KW_ALGO, "AESWrap", 128), + ECDH_ES_A192KW(AlgorithmUtils.ECDH_ES_A192KW_ALGO, "AESWrap", 192), + ECDH_ES_A256KW(AlgorithmUtils.ECDH_ES_A256KW_ALGO, "AESWrap", 256); + + private final String jwaName; + private final String javaName; + private final int keySizeBits; + + private KeyAlgorithm(String jwaName, String javaName, int keySizeBits) { + this.jwaName = jwaName; + this.javaName = javaName; + this.keySizeBits = keySizeBits; + } + + public String getJwaName() { + return jwaName; + } + + public String getJavaName() { + return javaName == null ? name() : javaName; + } + + public String getJavaAlgoName() { + return AlgorithmUtils.stripAlgoProperties(getJavaName()); + } + + public int getKeySizeBits() { + return keySizeBits; + } + public static KeyAlgorithm getAlgorithm(String algo) { + return KeyAlgorithm.valueOf(algo.replace('-', '_') + .replace('+', '_')); + + } + + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java new file mode 100644 index 0000000..79f41a5 --- /dev/null +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.jose.jwa; + + + + +public enum SignatureAlgorithm { + HS256(AlgorithmUtils.HMAC_SHA_256_ALGO, AlgorithmUtils.HMAC_SHA_256_JAVA, 256), + HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384), + HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512), + + RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256), + RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384), + RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512), + + PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256), + PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384), + PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512), + + ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256), + ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384), + ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512), + + PLAIN(AlgorithmUtils.PLAIN_TEXT_ALGO, null, -1); + + + private final String jwaName; + private final String javaName; + private final int keySizeBits; + + private SignatureAlgorithm(String jwaName, String javaName, int keySizeBits) { + this.jwaName = jwaName; + this.javaName = javaName; + this.keySizeBits = keySizeBits; + } + + public String getJwaName() { + return jwaName; + } + + public String getJavaName() { + return javaName == null ? name() : javaName; + } + + public String getJavaAlgoName() { + return AlgorithmUtils.stripAlgoProperties(getJavaName()); + } + + public int getKeySizeBits() { + return keySizeBits; + } + + public static SignatureAlgorithm getAlgorithm(String algo) { + return SignatureAlgorithm.valueOf(algo.replace('-', '_') + .replace('+', '_')); + + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java index 5edf9fa..7627b94 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java @@ -21,29 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe; import java.util.concurrent.atomic.AtomicInteger; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties - implements ContentEncryptionAlgorithm { + implements ContentEncryptionProvider { private static final int DEFAULT_IV_SIZE = 128; private byte[] cek; private byte[] iv; private AtomicInteger providedIvUsageCount; - private String algorithm; - protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { + + protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { super(algo); this.cek = cek; this.iv = iv; if (iv != null && iv.length > 0) { providedIvUsageCount = new AtomicInteger(); } - this.algorithm = algo; - } - @Override - public String getAlgorithm() { - return algorithm; } + public byte[] getContentEncryptionKey(JweHeaders headers) { return cek; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java index e9fc794..f7eb38c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java @@ -21,13 +21,14 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.spec.AlgorithmParameterSpec; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties { private static final int DEFAULT_AUTH_TAG_LENGTH = 128; private int authTagLen = DEFAULT_AUTH_TAG_LENGTH; - private String algo; - public AbstractContentEncryptionCipherProperties(String algo) { + private ContentAlgorithm algo; + public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) { this.algo = algo; } public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) { @@ -40,7 +41,7 @@ public abstract class AbstractContentEncryptionCipherProperties implements Conte return authTagLen; } @Override - public String getAlgorithm() { + public ContentAlgorithm getAlgorithm() { return algo; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java index ad4fd8e..d49359c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java @@ -24,7 +24,9 @@ import java.security.spec.AlgorithmParameterSpec; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public abstract class AbstractJweDecryption implements JweDecryptionProvider { private KeyDecryptionAlgorithm keyDecryptionAlgo; @@ -70,7 +72,7 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider { getContentEncryptionCipherInitVector(jweDecryptionInput)); } protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) { - return Algorithm.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm()); + return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm()); } protected byte[] getContentEncryptionCipherAAD(JweDecryptionInput jweDecryptionInput) { return contentDecryptionAlgo.getAdditionalAuthenticationData( @@ -94,11 +96,11 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider { return theCek; } @Override - public String getKeyAlgorithm() { + public KeyAlgorithm getKeyAlgorithm() { return keyDecryptionAlgo.getAlgorithm(); } @Override - public String getContentAlgorithm() { + public ContentAlgorithm getContentAlgorithm() { return contentDecryptionAlgo.getAlgorithm(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 6f47018..613dd2c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -28,19 +28,21 @@ import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public abstract class AbstractJweEncryption implements JweEncryptionProvider { protected static final int DEFAULT_AUTH_TAG_LENGTH = 128; - private ContentEncryptionAlgorithm contentEncryptionAlgo; - private KeyEncryptionAlgorithm keyEncryptionAlgo; + private ContentEncryptionProvider contentEncryptionAlgo; + private KeyEncryptionProvider keyEncryptionAlgo; private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); - protected AbstractJweEncryption(ContentEncryptionAlgorithm contentEncryptionAlgo, - KeyEncryptionAlgorithm keyEncryptionAlgo) { + protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo, + KeyEncryptionProvider keyEncryptionAlgo) { this.keyEncryptionAlgo = keyEncryptionAlgo; this.contentEncryptionAlgo = contentEncryptionAlgo; } - protected ContentEncryptionAlgorithm getContentEncryptionAlgorithm() { + protected ContentEncryptionProvider getContentEncryptionAlgorithm() { return contentEncryptionAlgo; } protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) { @@ -52,14 +54,14 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { if (cek == null) { String algoJava = getContentEncryptionAlgoJava(); String algoJwt = getContentEncryptionAlgoJwt(); - cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava), + cek = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava), getCekSize(algoJwt)).getEncoded(); } return cek; } protected int getCekSize(String algoJwt) { - return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits(); + return ContentAlgorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits(); } protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) { @@ -71,10 +73,10 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { } protected String getContentEncryptionAlgoJwt() { - return getContentEncryptionAlgorithm().getAlgorithm(); + return getContentEncryptionAlgorithm().getAlgorithm().getJwaName(); } protected String getContentEncryptionAlgoJava() { - return Algorithm.toJavaName(getContentEncryptionAlgoJwt()); + return getContentEncryptionAlgorithm().getAlgorithm().getJavaName(); } protected byte[] getAAD(String protectedHeaders, byte[] aad) { return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(protectedHeaders, aad); @@ -128,11 +130,12 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { return Arrays.copyOfRange(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8, cipher.length); } @Override - public String getKeyAlgorithm() { - return getKeyEncryptionAlgo().getAlgorithm(); + public KeyAlgorithm getKeyAlgorithm() { + KeyAlgorithm keyAlgo = getKeyEncryptionAlgo().getAlgorithm(); + return keyAlgo != null ? keyAlgo : null; } @Override - public String getContentAlgorithm() { + public ContentAlgorithm getContentAlgorithm() { return getContentEncryptionAlgorithm().getAlgorithm(); } protected JoseHeadersReaderWriter getJwtHeadersWriter() { @@ -154,17 +157,17 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { private JweEncryptionInternal getInternalState(JweHeaders jweInHeaders, JweEncryptionInput jweInput) { JweHeaders theHeaders = new JweHeaders(); if (getKeyAlgorithm() != null) { - theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm()); + theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm().getJwaName()); } - theHeaders.setContentEncryptionAlgorithm(getContentAlgorithm()); + theHeaders.setContentEncryptionAlgorithm(getContentEncryptionAlgoJwt()); JweHeaders protectedHeaders = null; if (jweInHeaders != null) { if (jweInHeaders.getKeyEncryptionAlgorithm() != null && (getKeyAlgorithm() == null - || !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm())) + || !getKeyAlgorithm().getJwaName().equals(jweInHeaders.getKeyEncryptionAlgorithm())) || jweInHeaders.getContentEncryptionAlgorithm() != null - && !getContentAlgorithm().equals(jweInHeaders.getContentEncryptionAlgorithm())) { + && !getContentEncryptionAlgoJwt().equals(jweInHeaders.getContentEncryptionAlgorithm())) { throw new SecurityException(); } theHeaders.asMap().putAll(jweInHeaders.asMap()); @@ -178,7 +181,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { byte[] theCek = jweInput != null && jweInput.getCek() != null ? jweInput.getCek() : getContentEncryptionKey(theHeaders); - String contentEncryptionAlgoJavaName = Algorithm.toJavaName(getContentEncryptionAlgoJwt()); + String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava(); KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName); keyProps.setCompressionSupported(compressionRequired(theHeaders)); @@ -209,7 +212,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { private boolean compressionRequired(JweHeaders theHeaders) { return JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm()); } - protected KeyEncryptionAlgorithm getKeyEncryptionAlgo() { + protected KeyEncryptionProvider getKeyEncryptionAlgo() { return keyEncryptionAlgo; } protected static class JweEncryptionInternal { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java index ed35eab..3797b64 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java @@ -24,12 +24,13 @@ import java.util.Set; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.common.util.crypto.KeyProperties; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; -public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm { +public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { private Key keyEncryptionKey; private boolean wrap; - private String algorithm; + private KeyAlgorithm algorithm; private Set<String> supportedAlgorithms; protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) { this(key, null, true, supportedAlgorithms); @@ -37,10 +38,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) { this(key, null, wrap, supportedAlgorithms); } - protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) { + protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, Set<String> supportedAlgorithms) { this(key, jweAlgo, true, supportedAlgorithms); } - protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap, + protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, boolean wrap, Set<String> supportedAlgorithms) { this.keyEncryptionKey = key; this.algorithm = jweAlgo; @@ -48,7 +49,7 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio this.supportedAlgorithms = supportedAlgorithms; } @Override - public String getAlgorithm() { + public KeyAlgorithm getAlgorithm() { return algorithm; } @Override @@ -69,10 +70,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio } } protected String getKeyEncryptionAlgoJava(JweHeaders headers) { - return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm()); + return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm()); } protected String getContentEncryptionAlgoJava(JweHeaders headers) { - return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm()); + return AlgorithmUtils.toJavaName(headers.getContentEncryptionAlgorithm()); } protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) { return null; @@ -86,14 +87,14 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio protected void checkAlgorithms(JweHeaders headers) { String providedAlgo = headers.getKeyEncryptionAlgorithm(); if ((providedAlgo == null && algorithm == null) - || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) { + || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm.getJwaName()))) { throw new SecurityException(); } if (providedAlgo != null) { checkAlgorithm(providedAlgo); } else if (algorithm != null) { - headers.setKeyEncryptionAlgorithm(algorithm); - checkAlgorithm(algorithm); + headers.setKeyEncryptionAlgorithm(algorithm.getJwaName()); + checkAlgorithm(algorithm.getJwaName()); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java index 68c558f..b39b787 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java @@ -23,7 +23,8 @@ import java.util.Arrays; import javax.crypto.spec.IvParameterSpec; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class AesCbcHmacJweDecryption extends JweDecryption { private String supportedAlgo; @@ -31,9 +32,9 @@ public class AesCbcHmacJweDecryption extends JweDecryption { this(keyDecryptionAlgo, null); } public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo, - String supportedAlgo) { + ContentAlgorithm supportedAlgo) { super(keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo)); - this.supportedAlgo = supportedAlgo; + this.supportedAlgo = supportedAlgo == null ? null : supportedAlgo.getJwaName(); } protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) { validateAuthenticationTag(jweDecryptionInput, cek); @@ -62,7 +63,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption { } private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties implements ContentDecryptionAlgorithm { - public AesCbcContentDecryptionAlgorithm(String supportedAlgo) { + public AesCbcContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) { super(supportedAlgo); } @Override @@ -79,7 +80,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption { } } private String validateCekAlgorithm(String cekAlgo) { - if (!Algorithm.isAesCbcHmac(cekAlgo) + if (!AlgorithmUtils.isAesCbcHmac(cekAlgo) || supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) { throw new SecurityException(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java index a6a0dd2..d3de1c7 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java @@ -27,28 +27,33 @@ import javax.crypto.Mac; import javax.crypto.spec.IvParameterSpec; import org.apache.cxf.common.util.crypto.HmacUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class AesCbcHmacJweEncryption extends JweEncryption { private static final Map<String, String> AES_HMAC_MAP; private static final Map<String, Integer> AES_CEK_SIZE_MAP; static { AES_HMAC_MAP = new HashMap<String, String>(); - AES_HMAC_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), Algorithm.HMAC_SHA_256_JAVA); - AES_HMAC_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), Algorithm.HMAC_SHA_384_JAVA); - AES_HMAC_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), Algorithm.HMAC_SHA_512_JAVA); + AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA); + AES_HMAC_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), AlgorithmUtils.HMAC_SHA_384_JAVA); + AES_HMAC_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), AlgorithmUtils.HMAC_SHA_512_JAVA); AES_CEK_SIZE_MAP = new HashMap<String, Integer>(); - AES_CEK_SIZE_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), 32); - AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48); - AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 32); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64); } - public AesCbcHmacJweEncryption(String cekAlgoJwt, - KeyEncryptionAlgorithm keyEncryptionAlgorithm) { + public AesCbcHmacJweEncryption(String cekAlgo, + KeyEncryptionProvider keyEncryptionAlgorithm) { + this(ContentAlgorithm.getAlgorithm(cekAlgo), keyEncryptionAlgorithm); + } + public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, + KeyEncryptionProvider keyEncryptionAlgorithm) { this(cekAlgoJwt, null, null, keyEncryptionAlgorithm); } - public AesCbcHmacJweEncryption(String cekAlgoJwt, byte[] cek, - byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) { + public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek, + byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) { super(keyEncryptionAlgorithm, new AesCbcContentEncryptionAlgorithm(cek, iv, validateCekAlgorithm(cekAlgoJwt))); @@ -142,7 +147,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption { } private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { - public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { + public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { super(cek, iv, algo); } @Override @@ -160,8 +165,8 @@ public class AesCbcHmacJweEncryption extends JweEncryption { private byte[] al; } - private static String validateCekAlgorithm(String cekAlgo) { - if (!Algorithm.isAesCbcHmac(cekAlgo)) { + private static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) { + if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) { throw new SecurityException(); } return cekAlgo; http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java index f1f3388..f1a75ea 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java @@ -18,20 +18,21 @@ */ package org.apache.cxf.rs.security.jose.jwe; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties implements ContentDecryptionAlgorithm { - public AesGcmContentDecryptionAlgorithm(String supportedAlgo) { + public AesGcmContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) { super(supportedAlgo); } @Override public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) { String algo = headers.getContentEncryptionAlgorithm(); - if (!Algorithm.isAesGcm(algo) || !getAlgorithm().equals(algo)) { + if (!AlgorithmUtils.isAesGcm(algo) || !getAlgorithm().getJwaName().equals(algo)) { throw new SecurityException(); } return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java index bcd0fb3..f5788d9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java @@ -21,28 +21,29 @@ package org.apache.cxf.rs.security.jose.jwe; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { private static final int DEFAULT_IV_SIZE = 96; - public AesGcmContentEncryptionAlgorithm(String algo) { + public AesGcmContentEncryptionAlgorithm(ContentAlgorithm algo) { this((byte[])null, null, algo); } - public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) { + public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, ContentAlgorithm algo) { this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo); } - public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { + public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) { this(key.getEncoded(), iv, algo); } - public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { + public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) { super(cek, iv, checkAlgorithm(algo)); } protected int getIvSize() { return DEFAULT_IV_SIZE; } - private static String checkAlgorithm(String algo) { - if (Algorithm.isAesGcm(algo)) { + private static ContentAlgorithm checkAlgorithm(ContentAlgorithm algo) { + if (AlgorithmUtils.isAesGcm(algo.getJwaName())) { return algo; } throw new SecurityException(); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java index 6180014..8d8ec23 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java @@ -24,25 +24,26 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) { this(encodedKey, null); } - public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) { + public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) { this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo); } public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) { this(secretKey, null); } - public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) { - this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA), supportedAlgo); + public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) { + this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo); } public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) { this(secretKey, null); } - public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) { + public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) { super(secretKey, supportedAlgo); } @Override @@ -65,7 +66,7 @@ public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgori } protected void validateKeyEncryptionAlgorithm(String keyAlgo) { super.validateKeyEncryptionAlgorithm(keyAlgo); - if (!Algorithm.isAesGcmKeyWrap(keyAlgo)) { + if (!AlgorithmUtils.isAesGcmKeyWrap(keyAlgo)) { throw new SecurityException(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java index e230470..584d48f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java @@ -27,21 +27,22 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( - Arrays.asList(Algorithm.A128GCMKW.getJwtName(), - Algorithm.A192GCMKW.getJwtName(), - Algorithm.A256GCMKW.getJwtName())); - public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) { + Arrays.asList(KeyAlgorithm.A128GCMKW.getJwaName(), + KeyAlgorithm.A192GCMKW.getJwaName(), + KeyAlgorithm.A256GCMKW.getJwaName())); + public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) { this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt); } - public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) { - this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA), + public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) { + this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES), keyAlgoJwt); } - public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) { + public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) { super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java index 8871f06..7cfe880 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java @@ -21,25 +21,27 @@ package org.apache.cxf.rs.security.jose.jwe; import javax.crypto.SecretKey; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { public AesWrapKeyDecryptionAlgorithm(String encodedKey) { this(encodedKey, null); } - public AesWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) { + public AesWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) { this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo); } public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) { this(secretKey, null); } - public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) { - this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA), supportedAlgo); + public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) { + this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA), + supportedAlgo); } public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) { this(secretKey, null); } - public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) { + public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) { super(secretKey, supportedAlgo); } @Override @@ -51,7 +53,7 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm } protected boolean isValidAlgorithmFamily(String keyAlgo) { - return Algorithm.isAesKeyWrap(keyAlgo); + return AlgorithmUtils.isAesKeyWrap(keyAlgo); } }
