Move CryptoUtils into rt-security
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b9e4fcf4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b9e4fcf4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b9e4fcf4 Branch: refs/heads/master Commit: b9e4fcf44fc690c328afbfa166acca26ecb4c16a Parents: b08a6ba Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Apr 29 20:56:10 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Apr 29 20:56:29 2015 +0100 ---------------------------------------------------------------------- .../common/util/MessageDigestInputStream.java | 6 +- .../cxf/common/util/crypto/CryptoUtils.java | 708 ------------------- .../cxf/common/util/crypto/HmacUtils.java | 145 ---- .../cxf/common/util/crypto/KeyProperties.java | 88 --- .../common/util/crypto/MessageDigestUtils.java | 69 -- .../features/src/main/resources/features.xml | 1 + rt/rs/security/jose/pom.xml | 5 + .../apache/cxf/rs/security/jose/JoseUtils.java | 2 +- .../jaxrs/JwtAuthenticationClientFilter.java | 2 +- .../security/jose/jaxrs/KeyManagementUtils.java | 2 +- .../jwe/AbstractContentEncryptionAlgorithm.java | 2 +- ...stractContentEncryptionCipherProperties.java | 2 +- .../jose/jwe/AbstractJweDecryption.java | 4 +- .../jose/jwe/AbstractJweEncryption.java | 4 +- .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 4 +- .../jose/jwe/AesCbcHmacJweEncryption.java | 2 +- .../jwe/AesGcmContentEncryptionAlgorithm.java | 2 +- .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 2 +- .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 2 +- .../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 2 +- .../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 2 +- .../jose/jwe/EcdhDirectKeyJweEncryption.java | 2 +- .../security/jose/jwe/JweEncryptionOutput.java | 2 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 2 +- .../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 4 +- .../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 4 +- .../cxf/rs/security/jose/jwk/JwkUtils.java | 2 +- .../jose/jws/HmacJwsSignatureProvider.java | 2 +- .../jose/jws/HmacJwsSignatureVerifier.java | 2 +- .../jws/PrivateKeyJwsSignatureProvider.java | 2 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 2 +- .../jose/jwe/JweCompactReaderWriterTest.java | 3 +- .../security/jose/jwe/JweJsonConsumerTest.java | 3 +- .../security/jose/jwe/JweJsonProducerTest.java | 3 +- .../jose/jws/JwsCompactReaderWriterTest.java | 3 +- .../code/DefaultEncryptingCodeDataProvider.java | 2 +- .../oauth2/grants/code/DigestCodeVerifier.java | 2 +- .../grants/code/JwtRequestCodeFilter.java | 2 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 2 +- .../provider/ClientSecretHashVerifier.java | 2 +- .../DefaultEncryptingOAuthDataProvider.java | 4 +- .../hawk/AbstractHawkAccessTokenValidator.java | 2 +- .../oauth2/tokens/hawk/HawkAccessToken.java | 2 +- .../tokens/hawk/HawkAuthorizationScheme.java | 2 +- .../rs/security/oauth2/utils/OAuthUtils.java | 2 +- .../utils/crypto/ModelEncryptionSupport.java | 4 +- .../oauth2/utils/crypto/CryptoUtilsTest.java | 5 +- .../utils/crypto/EncryptingDataProvider.java | 2 +- .../oidc/idp/AbstractJwsJweProducer.java | 2 +- .../cxf/rs/security/oidc/utils/OidcUtils.java | 2 +- .../cxf/rt/security/crypto/CryptoUtils.java | 708 +++++++++++++++++++ .../cxf/rt/security/crypto/HmacUtils.java | 145 ++++ .../cxf/rt/security/crypto/KeyProperties.java | 88 +++ .../rt/security/crypto/MessageDigestUtils.java | 69 ++ .../security/oauth2/OAuthDataProviderImpl.java | 2 +- 55 files changed, 1071 insertions(+), 1070 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java index 0237b8d..d089403 100644 --- a/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java +++ b/core/src/main/java/org/apache/cxf/common/util/MessageDigestInputStream.java @@ -22,11 +22,11 @@ import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; - public class MessageDigestInputStream extends java.security.DigestInputStream { + public static final String ALGO_SHA_256 = "SHA-256"; + public MessageDigestInputStream(InputStream is) { - super(is, getDigestInstance(MessageDigestUtils.ALGO_SHA_256)); + super(is, getDigestInstance(ALGO_SHA_256)); } private static MessageDigest getDigestInstance(String algo) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java deleted file mode 100644 index 7cbda36..0000000 --- a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java +++ /dev/null @@ -1,708 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.common.util.crypto; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.common.util.CompressionUtils; -import org.apache.cxf.helpers.IOUtils; - - -/** - * Encryption helpers - */ -public final class CryptoUtils { - - private CryptoUtils() { - } - - public static String encodeSecretKey(SecretKey key) throws SecurityException { - return encodeBytes(key.getEncoded()); - } - - public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) - throws SecurityException { - KeyProperties props = new KeyProperties(publicKey.getAlgorithm()); - return encryptSecretKey(secretKey, publicKey, props); - } - - public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey, - KeyProperties props) throws SecurityException { - byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props); - return encodeBytes(encryptedBytes); - } - - public static byte[] generateSecureRandomBytes(int size) { - SecureRandom sr = new SecureRandom(); - byte[] bytes = new byte[size]; - sr.nextBytes(bytes); - return bytes; - } - - public static RSAPublicKey getRSAPublicKey(String encodedModulus, - String encodedPublicExponent) { - try { - return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus), - CryptoUtils.decodeSequence(encodedPublicExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes, - byte[] publicExponentBytes) { - try { - return getRSAPublicKey(KeyFactory.getInstance("RSA"), - modulusBytes, - publicExponentBytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPublicKey getRSAPublicKey(KeyFactory factory, - byte[] modulusBytes, - byte[] publicExponentBytes) { - BigInteger modulus = toBigInteger(modulusBytes); - BigInteger publicExponent = toBigInteger(publicExponentBytes); - try { - return (RSAPublicKey)factory.generatePublic( - new RSAPublicKeySpec(modulus, publicExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, - String encodedPrivateExponent) { - try { - return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus), - CryptoUtils.decodeSequence(encodedPrivateExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, - byte[] privateExponentBytes) { - BigInteger modulus = toBigInteger(modulusBytes); - BigInteger privateExponent = toBigInteger(privateExponentBytes); - try { - KeyFactory factory = KeyFactory.getInstance("RSA"); - return (RSAPrivateKey)factory.generatePrivate( - new RSAPrivateKeySpec(modulus, privateExponent)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - //CHECKSTYLE:OFF - public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, - String encodedPublicExponent, - String encodedPrivateExponent, - String encodedPrimeP, - String encodedPrimeQ, - String encodedPrimeExpP, - String encodedPrimeExpQ, - String encodedCrtCoefficient) { - //CHECKSTYLE:ON - try { - return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus), - CryptoUtils.decodeSequence(encodedPublicExponent), - CryptoUtils.decodeSequence(encodedPrivateExponent), - CryptoUtils.decodeSequence(encodedPrimeP), - CryptoUtils.decodeSequence(encodedPrimeQ), - CryptoUtils.decodeSequence(encodedPrimeExpP), - CryptoUtils.decodeSequence(encodedPrimeExpQ), - CryptoUtils.decodeSequence(encodedCrtCoefficient)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - //CHECKSTYLE:OFF - public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, - byte[] publicExponentBytes, - byte[] privateExponentBytes, - byte[] primePBytes, - byte[] primeQBytes, - byte[] primeExpPBytes, - byte[] primeExpQBytes, - byte[] crtCoefficientBytes) { - //CHECKSTYLE:ON - BigInteger modulus = toBigInteger(modulusBytes); - BigInteger publicExponent = toBigInteger(publicExponentBytes); - BigInteger privateExponent = toBigInteger(privateExponentBytes); - BigInteger primeP = toBigInteger(primePBytes); - BigInteger primeQ = toBigInteger(primeQBytes); - BigInteger primeExpP = toBigInteger(primeExpPBytes); - BigInteger primeExpQ = toBigInteger(primeExpQBytes); - BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes); - try { - KeyFactory factory = KeyFactory.getInstance("RSA"); - return (RSAPrivateKey)factory.generatePrivate( - new RSAPrivateCrtKeySpec(modulus, - publicExponent, - privateExponent, - primeP, - primeQ, - primeExpP, - primeExpQ, - crtCoefficient)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) { - try { - return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) { - try { - ECParameterSpec params = getECParameterSpec(curve, true); - ECPrivateKeySpec keySpec = new ECPrivateKeySpec( - toBigInteger(privateKey), params); - KeyFactory kf = KeyFactory.getInstance("EC"); - return (ECPrivateKey) kf.generatePrivate(keySpec); - - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate) - throws Exception { - KeyPair pair = generateECKeyPair(curve); - return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams() - : ((ECPrivateKey) pair.getPrivate()).getParams(); - } - - public static KeyPair generateECKeyPair(String curve) { - try { - KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); - ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec" - + curve.toLowerCase().replace("-", "") - + "r1"); - kpg.initialize(kpgparams); - return kpg.generateKeyPair(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) { - try { - return getECPublicKey(curve, - CryptoUtils.decodeSequence(encodedXPoint), - CryptoUtils.decodeSequence(encodedYPoint)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) { - try { - ECParameterSpec params = getECParameterSpec(curve, false); - - ECPoint ecPoint = new ECPoint(toBigInteger(xPoint), - toBigInteger(yPoint)); - ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params); - KeyFactory kf = KeyFactory.getInstance("EC"); - return (ECPublicKey) kf.generatePublic(keySpec); - - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - private static BigInteger toBigInteger(byte[] bytes) { - if (bytes[0] == -128) { - return new BigInteger(bytes); - } else { - return new BigInteger(1, bytes); - } - } - public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) { - if (authTagLength > 0) { - return CryptoUtils.getGCMParameterSpec(authTagLength, iv); - } else if (iv.length > 0) { - return new IvParameterSpec(iv); - } else { - return null; - } - } - - public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) { - return new GCMParameterSpec(authTagLength, iv); - } - - public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) { - return signData(data, key, signAlgo, null, null); - } - - public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random, - AlgorithmParameterSpec params) { - try { - Signature s = getSignature(key, signAlgo, random, params); - s.update(data); - return s.sign(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random, - AlgorithmParameterSpec params) { - try { - Signature s = Signature.getInstance(signAlgo); - if (random == null) { - s.initSign(key); - } else { - s.initSign(key, random); - } - if (params != null) { - s.setParameter(params); - } - return s; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) { - return verifySignature(data, signature, key, signAlgo, null); - } - - public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, - AlgorithmParameterSpec params) { - try { - Signature s = Signature.getInstance(signAlgo); - s.initVerify(key); - if (params != null) { - s.setParameter(params); - } - s.update(data); - return s.verify(signature); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException { - return getSecretKey(new KeyProperties(symEncAlgo)); - } - - public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException { - return getSecretKey(new KeyProperties(symEncAlgo, keySize)); - } - - public static SecretKey getSecretKey(KeyProperties props) throws SecurityException { - try { - KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo()); - AlgorithmParameterSpec algoSpec = props.getAlgoSpec(); - SecureRandom random = props.getSecureRandom(); - if (algoSpec != null) { - if (random != null) { - keyGen.init(algoSpec, random); - } else { - keyGen.init(algoSpec); - } - } else { - int keySize = props.getKeySize(); - if (keySize == -1) { - keySize = 128; - } - if (random != null) { - keyGen.init(keySize, random); - } else { - keyGen.init(keySize); - } - } - - return keyGen.generateKey(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String decryptSequence(String encodedToken, String encodedSecretKey) - throws SecurityException { - return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES")); - } - - public static String decryptSequence(String encodedData, String encodedSecretKey, - KeyProperties props) throws SecurityException { - SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo()); - return decryptSequence(encodedData, key, props); - } - - public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException { - return decryptSequence(encodedData, secretKey, null); - } - - public static String decryptSequence(String encodedData, Key secretKey, - KeyProperties props) throws SecurityException { - byte[] encryptedBytes = decodeSequence(encodedData); - byte[] bytes = decryptBytes(encryptedBytes, secretKey, props); - try { - return new String(bytes, "UTF-8"); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String encryptSequence(String sequence, Key secretKey) throws SecurityException { - return encryptSequence(sequence, secretKey, null); - } - - public static String encryptSequence(String sequence, Key secretKey, - KeyProperties keyProps) throws SecurityException { - try { - byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps); - return encodeBytes(bytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static String encodeBytes(byte[] bytes) throws SecurityException { - try { - return Base64UrlUtility.encode(bytes); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException { - return encryptBytes(bytes, secretKey, null); - } - - public static byte[] encryptBytes(byte[] bytes, Key secretKey, - KeyProperties keyProps) throws SecurityException { - return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE); - } - - public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException { - return decryptBytes(bytes, secretKey, null); - } - - public static byte[] decryptBytes(byte[] bytes, Key secretKey, - KeyProperties keyProps) throws SecurityException { - return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE); - } - - public static byte[] wrapSecretKey(byte[] keyBytes, - String keyAlgo, - Key wrapperKey, - KeyProperties wrapperKeyProps) throws SecurityException { - return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)), - wrapperKey, - wrapperKeyProps); - } - - public static byte[] wrapSecretKey(Key secretKey, - Key wrapperKey, - KeyProperties keyProps) throws SecurityException { - try { - Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE); - return c.wrap(secretKey); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static SecretKey unwrapSecretKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - String unwrapperKeyAlgo) throws SecurityException { - return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, - new KeyProperties(unwrapperKeyAlgo)); - } - - public static SecretKey unwrapSecretKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - KeyProperties keyProps) throws SecurityException { - return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY); - } - - public static Key unwrapKey(byte[] wrappedBytes, - String wrappedKeyAlgo, - Key unwrapperKey, - KeyProperties keyProps, - int wrappedKeyType) throws SecurityException { - try { - Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE); - return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static byte[] processBytes(byte[] bytes, - Key secretKey, - KeyProperties keyProps, - int mode) throws SecurityException { - boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported(); - if (compressionSupported && mode == Cipher.ENCRYPT_MODE) { - bytes = CompressionUtils.deflate(bytes, false); - } - try { - Cipher c = initCipher(secretKey, keyProps, mode); - byte[] result = new byte[0]; - int blockSize = keyProps != null ? keyProps.getBlockSize() : -1; - if (secretKey instanceof SecretKey && blockSize == -1) { - result = c.doFinal(bytes); - } else { - if (blockSize == -1) { - blockSize = secretKey instanceof PublicKey ? 117 : 128; - } - boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null; - int offset = 0; - for (; offset + blockSize < bytes.length; offset += blockSize) { - byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize) - : c.update(bytes, offset, blockSize); - result = addToResult(result, next); - } - if (offset < bytes.length) { - result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset)); - } else { - result = addToResult(result, c.doFinal()); - } - } - if (compressionSupported && mode == Cipher.DECRYPT_MODE) { - result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false)); - } - return result; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException { - try { - String algorithm = keyProps != null && keyProps.getKeyAlgo() != null - ? keyProps.getKeyAlgo() : secretKey.getAlgorithm(); - Cipher c = Cipher.getInstance(algorithm); - if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) { - c.init(mode, secretKey); - } else { - AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec(); - SecureRandom random = keyProps.getSecureRandom(); - if (algoSpec == null) { - c.init(mode, secretKey, random); - } else if (random == null) { - c.init(mode, secretKey, algoSpec); - } else { - c.init(mode, secretKey, algoSpec, random); - } - } - if (keyProps != null && keyProps.getAdditionalData() != null) { - c.updateAAD(keyProps.getAdditionalData()); - } - return c; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static byte[] addToResult(byte[] prefix, byte[] suffix) { - if (suffix == null || suffix.length == 0) { - return prefix; - } else if (prefix.length == 0) { - return suffix; - } else { - byte[] result = new byte[prefix.length + suffix.length]; - System.arraycopy(prefix, 0, result, 0, prefix.length); - System.arraycopy(suffix, 0, result, prefix.length, suffix.length); - return result; - } - } - - public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException { - return decodeSecretKey(encodedSecretKey, "AES"); - } - - public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) - throws SecurityException { - byte[] secretKeyBytes = decodeSequence(encodedSecretKey); - return createSecretKeySpec(secretKeyBytes, secretKeyAlgo); - } - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - PrivateKey privateKey) { - return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey); - } - - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - String secretKeyAlgo, - PrivateKey privateKey) - throws SecurityException { - KeyProperties props = new KeyProperties(privateKey.getAlgorithm()); - return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey); - } - - public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, - String secretKeyAlgo, - KeyProperties props, - PrivateKey privateKey) throws SecurityException { - byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey); - return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props); - } - - public static SecretKey createSecretKeySpec(String encodedBytes, String algo) { - return new SecretKeySpec(decodeSequence(encodedBytes), algo); - } - public static SecretKey createSecretKeySpec(byte[] bytes, String algo) { - return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo)); - } - public static byte[] decodeSequence(String encodedSequence) throws SecurityException { - try { - return Base64UrlUtility.decode(encodedSequence); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - private static String convertJCECipherToSecretKeyName(String jceCipherName) { - if (jceCipherName != null) { - if (jceCipherName.startsWith("AES")) { - return "AES"; - } else if (jceCipherName.startsWith("DESede")) { - return "DESede"; - } else if (jceCipherName.startsWith("SEED")) { - return "SEED"; - } else if (jceCipherName.startsWith("Camellia")) { - return "Camellia"; - } - } - return null; - } - public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias, - String storeType) { - KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); - return loadCertificate(keyStore, alias); - } - public static Certificate loadCertificate(KeyStore keyStore, String alias) { - try { - if (alias == null) { - throw new SecurityException("No keystore alias was defined"); - } - if (!keyStore.containsAlias(alias)) { - throw new SecurityException("No alias exists in the keystore for: " + alias); - } - return keyStore.getCertificate(alias); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static String encodeCertificate(Certificate cert) { - try { - return Base64Utility.encode(cert.getEncoded()); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static Certificate decodeCertificate(String encodedCert) { - try { - byte[] decoded = Base64Utility.decode(encodedCert); - return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded)); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias, - String storeType) { - return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey(); - } - public static PublicKey loadPublicKey(KeyStore keyStore, String alias) { - return loadCertificate(keyStore, alias).getPublicKey(); - } - public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) { - try { - KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type); - ks.load(storeLocation, storePassword); - return ks; - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - public static PrivateKey loadPrivateKey(InputStream storeLocation, - char[] storePassword, - char[] keyPassword, - String alias, - String storeType) { - KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); - return loadPrivateKey(keyStore, keyPassword, alias); - } - - public static PrivateKey loadPrivateKey(KeyStore keyStore, - char[] keyPassword, - String alias) { - try { - if (alias == null) { - throw new SecurityException("No keystore alias was defined"); - } - if (!keyStore.containsAlias(alias)) { - throw new SecurityException("No alias exists in the keystore for: " + alias); - } - KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) - keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); - return pkEntry.getPrivateKey(); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java deleted file mode 100644 index 4a07edc..0000000 --- a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java +++ /dev/null @@ -1,145 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.common.util.crypto; - -import java.io.UnsupportedEncodingException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.Base64Utility; - -public final class HmacUtils { - - private HmacUtils() { - - } - - public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) { - return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data)); - } - - public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) { - byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data); - return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes); - } - - public static Mac getMac(String macAlgoJavaName) { - return getMac(macAlgoJavaName, (String)null); - } - - public static Mac getMac(String macAlgoJavaName, String provider) { - try { - return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e); - } catch (NoSuchProviderException e) { - throw new SecurityException(e); - } - } - - public static Mac getMac(String macAlgoJavaName, Provider provider) { - try { - return Mac.getInstance(macAlgoJavaName, provider); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e); - } - } - - public static byte[] computeHmac(String key, String macAlgoJavaName, String data) { - Mac mac = getMac(macAlgoJavaName); - return computeHmac(key, mac, data); - } - - public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) { - return computeHmac(key, macAlgoJavaName, null, data); - } - public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec, - String data) { - Mac mac = getMac(macAlgoJavaName); - return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data); - } - - public static byte[] computeHmac(String key, Mac hmac, String data) { - try { - return computeHmac(key.getBytes("UTF-8"), hmac, data); - } catch (UnsupportedEncodingException e) { - throw new SecurityException(e); - } - } - - public static byte[] computeHmac(byte[] key, Mac hmac, String data) { - SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm()); - return computeHmac(secretKey, hmac, data); - } - - public static byte[] computeHmac(Key secretKey, Mac hmac, String data) { - return computeHmac(secretKey, hmac, null, data); - } - - public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) { - initMac(hmac, secretKey, spec); - return hmac.doFinal(data.getBytes()); - } - - public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) { - Mac hmac = getMac(algo); - initMac(hmac, key, spec); - return hmac; - } - - private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) { - initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec); - - } - private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) { - try { - if (spec == null) { - hmac.init(secretKey); - } else { - hmac.init(secretKey, spec); - } - } catch (InvalidKeyException e) { - throw new SecurityException(e); - } catch (InvalidAlgorithmParameterException e) { - throw new SecurityException(e); - } - } - - public static String generateKey(String algo) { - try { - KeyGenerator keyGen = KeyGenerator.getInstance(algo); - return Base64Utility.encode(keyGen.generateKey().getEncoded()); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e); - } - } - - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java b/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java deleted file mode 100644 index 1d4f75c..0000000 --- a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java +++ /dev/null @@ -1,88 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.common.util.crypto; - -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -public class KeyProperties { - private String keyAlgo; - private int keySize; - private int blockSize = -1; - private byte[] additionalData; - private SecureRandom secureRandom; - private AlgorithmParameterSpec algoSpec; - private boolean compressionSupported; - - public KeyProperties() { - } - - public KeyProperties(String keyAlgo) { - this(keyAlgo, -1); - } - public KeyProperties(String keyAlgo, int keySize) { - this.keyAlgo = keyAlgo; - this.keySize = keySize; - } - public String getKeyAlgo() { - return keyAlgo; - } - public void setKeyAlgo(String keyAlgo) { - this.keyAlgo = keyAlgo; - } - public int getKeySize() { - return keySize; - } - public void setKeySize(int keySize) { - this.keySize = keySize; - } - public SecureRandom getSecureRandom() { - return secureRandom; - } - public void setSecureRandom(SecureRandom secureRandom) { - this.secureRandom = secureRandom; - } - public AlgorithmParameterSpec getAlgoSpec() { - return algoSpec; - } - public void setAlgoSpec(AlgorithmParameterSpec algoSpec) { - this.algoSpec = algoSpec; - } - public int getBlockSize() { - return blockSize; - } - public void setBlockSize(int blockSize) { - this.blockSize = blockSize; - } - public boolean isCompressionSupported() { - return compressionSupported; - } - public void setCompressionSupported(boolean compressionSupported) { - this.compressionSupported = compressionSupported; - } - public byte[] getAdditionalData() { - return additionalData; - } - public void setAdditionalData(byte[] additionalData) { - this.additionalData = additionalData; - } - - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java deleted file mode 100644 index b8e84e2..0000000 --- a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java +++ /dev/null @@ -1,69 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.common.util.crypto; - -import java.io.UnsupportedEncodingException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -import org.apache.cxf.common.util.StringUtils; - -/** - * The utility Message Digest generator which can be used for generating - * random values - */ -public final class MessageDigestUtils { - - public static final String ALGO_SHA_1 = "SHA-1"; - public static final String ALGO_SHA_256 = "SHA-256"; - public static final String ALGO_MD5 = "MD5"; - - private MessageDigestUtils() { - - } - - public static String generate(byte[] input) { - return generate(input, ALGO_SHA_256); - } - - public static String generate(byte[] input, String algo) { - try { - byte[] messageDigest = createDigest(input, algo); - return StringUtils.toHexString(messageDigest); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e); - } - } - - public static byte[] createDigest(String input, String algo) { - try { - return createDigest(input.getBytes("UTF-8"), algo); - } catch (UnsupportedEncodingException e) { - throw new SecurityException(e); - } catch (NoSuchAlgorithmException e) { - throw new SecurityException(e); - } - } - - public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { - MessageDigest md = MessageDigest.getInstance(algo); - return md.digest(input); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/osgi/karaf/features/src/main/resources/features.xml ---------------------------------------------------------------------- diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml index 7f92b13..8f132ce 100644 --- a/osgi/karaf/features/src/main/resources/features.xml +++ b/osgi/karaf/features/src/main/resources/features.xml @@ -212,6 +212,7 @@ </feature> <feature name="cxf-rs-security-jose" version="${project.version}" resolver="(obr)"> <feature version="${project.version}">cxf-jaxrs</feature> + <feature version="${project.version}">cxf-rt-security</feature> <bundle start-level="40">mvn:org.apache.cxf/cxf-rt-rs-security-jose/${project.version}</bundle> </feature> <feature name="cxf-rs-security-oauth2" version="${project.version}" resolver="(obr)"> http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/pom.xml ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/pom.xml b/rt/rs/security/jose/pom.xml index 11d693b..e3a6622 100644 --- a/rt/rs/security/jose/pom.xml +++ b/rt/rs/security/jose/pom.xml @@ -38,6 +38,11 @@ </dependency> <dependency> <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-security</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-frontend-jaxrs</artifactId> <version>${project.version}</version> </dependency> http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java index f3e25c1..635ca76 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseUtils.java @@ -25,8 +25,8 @@ import java.util.Set; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public final class JoseUtils { private static final Logger LOG = LogUtils.getL7dLogger(JoseUtils.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index 821a36a..70a1905 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java @@ -27,7 +27,6 @@ import javax.ws.rs.client.ClientRequestFilter; import javax.ws.rs.core.HttpHeaders; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.jaxrs.utils.JAXRSUtils; @@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; +import org.apache.cxf.rt.security.crypto.CryptoUtils; @Priority(Priorities.AUTHENTICATION) public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java index 499e4f6..9a4078e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java @@ -44,13 +44,13 @@ import java.util.logging.Logger; import org.apache.cxf.Bus; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.PropertyUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.JoseException; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.security.SecurityContext; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java index bf7a68c..355a21b 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java @@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe; import java.util.concurrent.atomic.AtomicInteger; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java index 4f9eecd..b683c77 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java @@ -22,8 +22,8 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java index 88cde87..dbae000 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java @@ -23,13 +23,13 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractJweDecryption implements JweDecryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 171ecc6..6d4c0cb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -26,13 +26,13 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractJweEncryption implements JweEncryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(AbstractJweEncryption.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java index 642fcf6..7e94cd6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java @@ -24,10 +24,10 @@ import java.util.Set; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { protected static final Logger LOG = LogUtils.getL7dLogger(AbstractWrapKeyEncryptionAlgorithm.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java index 8ac33e4..36d21e8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java @@ -26,9 +26,9 @@ import java.util.Map; import javax.crypto.Mac; import javax.crypto.spec.IvParameterSpec; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rt.security.crypto.HmacUtils; public class AesCbcHmacJweEncryption extends JweEncryption { private static final Map<String, String> AES_HMAC_MAP; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java index 0b4dd1e..1c53a82 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java @@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java index f0529f2..dda527e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java @@ -25,10 +25,10 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseException; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { protected static final Logger LOG = LogUtils.getL7dLogger(AesGcmWrapKeyDecryptionAlgorithm.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java index 584d48f..6349b7d 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java @@ -26,9 +26,9 @@ import java.util.Set; import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java index 2ef461f..11350a2 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java @@ -20,9 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { public AesWrapKeyDecryptionAlgorithm(String encodedKey) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java index 522b479..3fe85e3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java @@ -24,8 +24,8 @@ import java.util.Set; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm { private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java index 210c597..95aa6dc 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java @@ -24,10 +24,10 @@ import java.security.interfaces.ECPublicKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class EcdhDirectKeyJweEncryption extends JweEncryption { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java index 918ef5a..5036887 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionOutput.java @@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe; import javax.crypto.Cipher; -import org.apache.cxf.common.util.crypto.KeyProperties; +import org.apache.cxf.rt.security.crypto.KeyProperties; public class JweEncryptionOutput { private Cipher cipher; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index f8e2f20..fd837d8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -36,7 +36,6 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; @@ -49,6 +48,7 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class JweUtils { private static final Logger LOG = LogUtils.getL7dLogger(JweUtils.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java index d2d4ff4..0a17be5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java @@ -28,10 +28,10 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA256Digest; import org.bouncycastle.crypto.digests.SHA384Digest; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java index 6414461..7def0ce 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java @@ -23,10 +23,10 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm { protected static final Logger LOG = LogUtils.getL7dLogger(WrappedKeyDecryptionAlgorithm.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 241fe6b..9dcd0fe 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -38,7 +38,6 @@ import javax.crypto.SecretKey; import org.apache.cxf.Bus; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.utils.ResourceUtils; @@ -62,6 +61,7 @@ import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm; import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public final class JwkUtils { public static final String JWK_KEY_STORE_TYPE = "jwk"; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java index d904de9..0c88113 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java @@ -24,10 +24,10 @@ import javax.crypto.Mac; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rt.security.crypto.HmacUtils; public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { private byte[] key; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 984eb32..e0a4c68 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -23,10 +23,10 @@ import java.util.Arrays; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rt.security.crypto.HmacUtils; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { protected static final Logger LOG = LogUtils.getL7dLogger(HmacJwsSignatureVerifier.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index cb7b5ab..258d5e3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -24,10 +24,10 @@ import java.security.Signature; import java.security.SignatureException; import java.security.spec.AlgorithmParameterSpec; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { private PrivateKey key; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index d40e66d..86fabca 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -24,9 +24,9 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { protected static final Logger LOG = LogUtils.getL7dLogger(PublicKeyJwsSignatureVerifier.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java index 21a45ae..ff01a24 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java @@ -28,14 +28,13 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; - import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java index 5b1c9f3..a243aca 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java @@ -24,10 +24,9 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; - import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index 5e11159..d3e9136 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -27,10 +27,9 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; - import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index 285705b..8f65be7 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -28,7 +28,6 @@ import java.util.LinkedHashMap; import java.util.List; import java.util.Map; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; @@ -37,8 +36,8 @@ import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; - import org.junit.Assert; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java index 64e6276..a7f58c9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java @@ -25,11 +25,11 @@ import java.util.Set; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport; +import org.apache.cxf.rt.security.crypto.KeyProperties; public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDataProvider implements AuthorizationCodeDataProvider { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java index 61661e9..9dc64e8 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DigestCodeVerifier.java @@ -19,7 +19,7 @@ package org.apache.cxf.rs.security.oauth2.grants.code; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public class DigestCodeVerifier implements CodeVerifierTransformer {
