Repository: cxf Updated Branches: refs/heads/master b08a6ba02 -> b9e4fcf44
http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java index 9c5d233..cdbf2e1 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java @@ -25,7 +25,6 @@ import java.util.Map; import javax.crypto.SecretKey; import javax.ws.rs.core.MultivaluedMap; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; @@ -40,6 +39,7 @@ import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { private static final String REQUEST_PARAM = "request"; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java index 77a63b9..7fb8e1a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java @@ -24,7 +24,6 @@ import javax.crypto.SecretKey; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; @@ -33,6 +32,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; +import org.apache.cxf.rt.security.crypto.CryptoUtils; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java index 428a818..951e92d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ClientSecretHashVerifier.java @@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.oauth2.provider; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; /** * ClientSecretVerifier which checks the passwords against hashes http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java index f139632..5750a3e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java @@ -27,12 +27,12 @@ import java.util.concurrent.ConcurrentHashMap; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; import org.apache.cxf.rs.security.oauth2.utils.crypto.ModelEncryptionSupport; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvider implements ClientRegistrationProvider { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index 9a2e25d..d9d70a5 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -29,7 +29,6 @@ import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; @@ -37,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rt.security.crypto.HmacUtils; public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator { protected static final String HTTP_VERB = "http.verb"; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java index c711092..65a86a4 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessToken.java @@ -18,12 +18,12 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; +import org.apache.cxf.rt.security.crypto.HmacUtils; //https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 //-> http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java index 64c7959..ce02419 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAuthorizationScheme.java @@ -23,10 +23,10 @@ import java.util.Map; import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.HmacUtils; import org.apache.cxf.rs.security.oauth2.client.HttpRequestProperties; import org.apache.cxf.rs.security.oauth2.common.AccessToken; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; +import org.apache.cxf.rt.security.crypto.HmacUtils; // https://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 // -> // https://github.com/hueniverse/hawk/blob/master/README.md http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index c28da43..9752974 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -29,7 +29,6 @@ import javax.servlet.http.HttpSession; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.model.URITemplate; @@ -39,6 +38,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.security.LoginSecurityContext; import org.apache.cxf.security.SecurityContext; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java index 8990255..5eb8990 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java @@ -29,8 +29,6 @@ import java.util.Map; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -38,6 +36,8 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; /** http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java index 72dede2..d1bb6e6 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtilsTest.java @@ -31,8 +31,6 @@ import java.util.List; import javax.crypto.SecretKey; import javax.ws.rs.core.MediaType; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.common.util.crypto.KeyProperties; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.provider.json.JSONProvider; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; @@ -44,7 +42,8 @@ import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistrati import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; - +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.KeyProperties; import org.junit.After; import org.junit.Assert; import org.junit.Before; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java index fdd3f1b..0fd6179 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java @@ -27,7 +27,6 @@ import java.util.Set; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; @@ -38,6 +37,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class EncryptingDataProvider implements OAuthDataProvider { http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java index 5f8bd8c..d6f0b68 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/AbstractJwsJweProducer.java @@ -23,13 +23,13 @@ import java.security.interfaces.RSAPublicKey; import javax.crypto.SecretKey; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public abstract class AbstractJwsJweProducer { private JwsSignatureProvider sigProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java index 42e94da..1a0c3de 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java @@ -26,10 +26,10 @@ import java.util.Map; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.common.util.crypto.MessageDigestUtils; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oidc.common.UserInfo; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class OidcUtils { public static final String ID_TOKEN = "id_token"; http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java new file mode 100644 index 0000000..f75b41f --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/CryptoUtils.java @@ -0,0 +1,708 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rt.security.crypto; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.math.BigInteger; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Signature; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.common.util.CompressionUtils; +import org.apache.cxf.helpers.IOUtils; + + +/** + * Encryption helpers + */ +public final class CryptoUtils { + + private CryptoUtils() { + } + + public static String encodeSecretKey(SecretKey key) throws SecurityException { + return encodeBytes(key.getEncoded()); + } + + public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) + throws SecurityException { + KeyProperties props = new KeyProperties(publicKey.getAlgorithm()); + return encryptSecretKey(secretKey, publicKey, props); + } + + public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey, + KeyProperties props) throws SecurityException { + byte[] encryptedBytes = wrapSecretKey(secretKey, publicKey, props); + return encodeBytes(encryptedBytes); + } + + public static byte[] generateSecureRandomBytes(int size) { + SecureRandom sr = new SecureRandom(); + byte[] bytes = new byte[size]; + sr.nextBytes(bytes); + return bytes; + } + + public static RSAPublicKey getRSAPublicKey(String encodedModulus, + String encodedPublicExponent) { + try { + return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus), + CryptoUtils.decodeSequence(encodedPublicExponent)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes, + byte[] publicExponentBytes) { + try { + return getRSAPublicKey(KeyFactory.getInstance("RSA"), + modulusBytes, + publicExponentBytes); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static RSAPublicKey getRSAPublicKey(KeyFactory factory, + byte[] modulusBytes, + byte[] publicExponentBytes) { + BigInteger modulus = toBigInteger(modulusBytes); + BigInteger publicExponent = toBigInteger(publicExponentBytes); + try { + return (RSAPublicKey)factory.generatePublic( + new RSAPublicKeySpec(modulus, publicExponent)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, + String encodedPrivateExponent) { + try { + return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus), + CryptoUtils.decodeSequence(encodedPrivateExponent)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, + byte[] privateExponentBytes) { + BigInteger modulus = toBigInteger(modulusBytes); + BigInteger privateExponent = toBigInteger(privateExponentBytes); + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + return (RSAPrivateKey)factory.generatePrivate( + new RSAPrivateKeySpec(modulus, privateExponent)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + //CHECKSTYLE:OFF + public static RSAPrivateKey getRSAPrivateKey(String encodedModulus, + String encodedPublicExponent, + String encodedPrivateExponent, + String encodedPrimeP, + String encodedPrimeQ, + String encodedPrimeExpP, + String encodedPrimeExpQ, + String encodedCrtCoefficient) { + //CHECKSTYLE:ON + try { + return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus), + CryptoUtils.decodeSequence(encodedPublicExponent), + CryptoUtils.decodeSequence(encodedPrivateExponent), + CryptoUtils.decodeSequence(encodedPrimeP), + CryptoUtils.decodeSequence(encodedPrimeQ), + CryptoUtils.decodeSequence(encodedPrimeExpP), + CryptoUtils.decodeSequence(encodedPrimeExpQ), + CryptoUtils.decodeSequence(encodedCrtCoefficient)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + //CHECKSTYLE:OFF + public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes, + byte[] publicExponentBytes, + byte[] privateExponentBytes, + byte[] primePBytes, + byte[] primeQBytes, + byte[] primeExpPBytes, + byte[] primeExpQBytes, + byte[] crtCoefficientBytes) { + //CHECKSTYLE:ON + BigInteger modulus = toBigInteger(modulusBytes); + BigInteger publicExponent = toBigInteger(publicExponentBytes); + BigInteger privateExponent = toBigInteger(privateExponentBytes); + BigInteger primeP = toBigInteger(primePBytes); + BigInteger primeQ = toBigInteger(primeQBytes); + BigInteger primeExpP = toBigInteger(primeExpPBytes); + BigInteger primeExpQ = toBigInteger(primeExpQBytes); + BigInteger crtCoefficient = toBigInteger(crtCoefficientBytes); + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + return (RSAPrivateKey)factory.generatePrivate( + new RSAPrivateCrtKeySpec(modulus, + publicExponent, + privateExponent, + primeP, + primeQ, + primeExpP, + primeExpQ, + crtCoefficient)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) { + try { + return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) { + try { + ECParameterSpec params = getECParameterSpec(curve, true); + ECPrivateKeySpec keySpec = new ECPrivateKeySpec( + toBigInteger(privateKey), params); + KeyFactory kf = KeyFactory.getInstance("EC"); + return (ECPrivateKey) kf.generatePrivate(keySpec); + + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate) + throws Exception { + KeyPair pair = generateECKeyPair(curve); + return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams() + : ((ECPrivateKey) pair.getPrivate()).getParams(); + } + + public static KeyPair generateECKeyPair(String curve) { + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); + ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec" + + curve.toLowerCase().replace("-", "") + + "r1"); + kpg.initialize(kpgparams); + return kpg.generateKeyPair(); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) { + try { + return getECPublicKey(curve, + CryptoUtils.decodeSequence(encodedXPoint), + CryptoUtils.decodeSequence(encodedYPoint)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) { + try { + ECParameterSpec params = getECParameterSpec(curve, false); + + ECPoint ecPoint = new ECPoint(toBigInteger(xPoint), + toBigInteger(yPoint)); + ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params); + KeyFactory kf = KeyFactory.getInstance("EC"); + return (ECPublicKey) kf.generatePublic(keySpec); + + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + private static BigInteger toBigInteger(byte[] bytes) { + if (bytes[0] == -128) { + return new BigInteger(bytes); + } else { + return new BigInteger(1, bytes); + } + } + public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) { + if (authTagLength > 0) { + return CryptoUtils.getGCMParameterSpec(authTagLength, iv); + } else if (iv.length > 0) { + return new IvParameterSpec(iv); + } else { + return null; + } + } + + public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) { + return new GCMParameterSpec(authTagLength, iv); + } + + public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) { + return signData(data, key, signAlgo, null, null); + } + + public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random, + AlgorithmParameterSpec params) { + try { + Signature s = getSignature(key, signAlgo, random, params); + s.update(data); + return s.sign(); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random, + AlgorithmParameterSpec params) { + try { + Signature s = Signature.getInstance(signAlgo); + if (random == null) { + s.initSign(key); + } else { + s.initSign(key, random); + } + if (params != null) { + s.setParameter(params); + } + return s; + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) { + return verifySignature(data, signature, key, signAlgo, null); + } + + public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo, + AlgorithmParameterSpec params) { + try { + Signature s = Signature.getInstance(signAlgo); + s.initVerify(key); + if (params != null) { + s.setParameter(params); + } + s.update(data); + return s.verify(signature); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException { + return getSecretKey(new KeyProperties(symEncAlgo)); + } + + public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException { + return getSecretKey(new KeyProperties(symEncAlgo, keySize)); + } + + public static SecretKey getSecretKey(KeyProperties props) throws SecurityException { + try { + KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo()); + AlgorithmParameterSpec algoSpec = props.getAlgoSpec(); + SecureRandom random = props.getSecureRandom(); + if (algoSpec != null) { + if (random != null) { + keyGen.init(algoSpec, random); + } else { + keyGen.init(algoSpec); + } + } else { + int keySize = props.getKeySize(); + if (keySize == -1) { + keySize = 128; + } + if (random != null) { + keyGen.init(keySize, random); + } else { + keyGen.init(keySize); + } + } + + return keyGen.generateKey(); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static String decryptSequence(String encodedToken, String encodedSecretKey) + throws SecurityException { + return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES")); + } + + public static String decryptSequence(String encodedData, String encodedSecretKey, + KeyProperties props) throws SecurityException { + SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo()); + return decryptSequence(encodedData, key, props); + } + + public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException { + return decryptSequence(encodedData, secretKey, null); + } + + public static String decryptSequence(String encodedData, Key secretKey, + KeyProperties props) throws SecurityException { + byte[] encryptedBytes = decodeSequence(encodedData); + byte[] bytes = decryptBytes(encryptedBytes, secretKey, props); + try { + return new String(bytes, "UTF-8"); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static String encryptSequence(String sequence, Key secretKey) throws SecurityException { + return encryptSequence(sequence, secretKey, null); + } + + public static String encryptSequence(String sequence, Key secretKey, + KeyProperties keyProps) throws SecurityException { + try { + byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps); + return encodeBytes(bytes); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static String encodeBytes(byte[] bytes) throws SecurityException { + try { + return Base64UrlUtility.encode(bytes); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException { + return encryptBytes(bytes, secretKey, null); + } + + public static byte[] encryptBytes(byte[] bytes, Key secretKey, + KeyProperties keyProps) throws SecurityException { + return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE); + } + + public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException { + return decryptBytes(bytes, secretKey, null); + } + + public static byte[] decryptBytes(byte[] bytes, Key secretKey, + KeyProperties keyProps) throws SecurityException { + return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE); + } + + public static byte[] wrapSecretKey(byte[] keyBytes, + String keyAlgo, + Key wrapperKey, + KeyProperties wrapperKeyProps) throws SecurityException { + return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)), + wrapperKey, + wrapperKeyProps); + } + + public static byte[] wrapSecretKey(Key secretKey, + Key wrapperKey, + KeyProperties keyProps) throws SecurityException { + try { + Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE); + return c.wrap(secretKey); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static SecretKey unwrapSecretKey(byte[] wrappedBytes, + String wrappedKeyAlgo, + Key unwrapperKey, + String unwrapperKeyAlgo) throws SecurityException { + return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, + new KeyProperties(unwrapperKeyAlgo)); + } + + public static SecretKey unwrapSecretKey(byte[] wrappedBytes, + String wrappedKeyAlgo, + Key unwrapperKey, + KeyProperties keyProps) throws SecurityException { + return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY); + } + + public static Key unwrapKey(byte[] wrappedBytes, + String wrappedKeyAlgo, + Key unwrapperKey, + KeyProperties keyProps, + int wrappedKeyType) throws SecurityException { + try { + Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE); + return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + private static byte[] processBytes(byte[] bytes, + Key secretKey, + KeyProperties keyProps, + int mode) throws SecurityException { + boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported(); + if (compressionSupported && mode == Cipher.ENCRYPT_MODE) { + bytes = CompressionUtils.deflate(bytes, false); + } + try { + Cipher c = initCipher(secretKey, keyProps, mode); + byte[] result = new byte[0]; + int blockSize = keyProps != null ? keyProps.getBlockSize() : -1; + if (secretKey instanceof SecretKey && blockSize == -1) { + result = c.doFinal(bytes); + } else { + if (blockSize == -1) { + blockSize = secretKey instanceof PublicKey ? 117 : 128; + } + boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null; + int offset = 0; + for (; offset + blockSize < bytes.length; offset += blockSize) { + byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize) + : c.update(bytes, offset, blockSize); + result = addToResult(result, next); + } + if (offset < bytes.length) { + result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset)); + } else { + result = addToResult(result, c.doFinal()); + } + } + if (compressionSupported && mode == Cipher.DECRYPT_MODE) { + result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false)); + } + return result; + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException { + try { + String algorithm = keyProps != null && keyProps.getKeyAlgo() != null + ? keyProps.getKeyAlgo() : secretKey.getAlgorithm(); + Cipher c = Cipher.getInstance(algorithm); + if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) { + c.init(mode, secretKey); + } else { + AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec(); + SecureRandom random = keyProps.getSecureRandom(); + if (algoSpec == null) { + c.init(mode, secretKey, random); + } else if (random == null) { + c.init(mode, secretKey, algoSpec); + } else { + c.init(mode, secretKey, algoSpec, random); + } + } + if (keyProps != null && keyProps.getAdditionalData() != null) { + c.updateAAD(keyProps.getAdditionalData()); + } + return c; + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + private static byte[] addToResult(byte[] prefix, byte[] suffix) { + if (suffix == null || suffix.length == 0) { + return prefix; + } else if (prefix.length == 0) { + return suffix; + } else { + byte[] result = new byte[prefix.length + suffix.length]; + System.arraycopy(prefix, 0, result, 0, prefix.length); + System.arraycopy(suffix, 0, result, prefix.length, suffix.length); + return result; + } + } + + public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException { + return decodeSecretKey(encodedSecretKey, "AES"); + } + + public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo) + throws SecurityException { + byte[] secretKeyBytes = decodeSequence(encodedSecretKey); + return createSecretKeySpec(secretKeyBytes, secretKeyAlgo); + } + + public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, + PrivateKey privateKey) { + return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey); + } + + + public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, + String secretKeyAlgo, + PrivateKey privateKey) + throws SecurityException { + KeyProperties props = new KeyProperties(privateKey.getAlgorithm()); + return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey); + } + + public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, + String secretKeyAlgo, + KeyProperties props, + PrivateKey privateKey) throws SecurityException { + byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey); + return unwrapSecretKey(encryptedBytes, secretKeyAlgo, privateKey, props); + } + + public static SecretKey createSecretKeySpec(String encodedBytes, String algo) { + return new SecretKeySpec(decodeSequence(encodedBytes), algo); + } + public static SecretKey createSecretKeySpec(byte[] bytes, String algo) { + return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo)); + } + public static byte[] decodeSequence(String encodedSequence) throws SecurityException { + try { + return Base64UrlUtility.decode(encodedSequence); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + + private static String convertJCECipherToSecretKeyName(String jceCipherName) { + if (jceCipherName != null) { + if (jceCipherName.startsWith("AES")) { + return "AES"; + } else if (jceCipherName.startsWith("DESede")) { + return "DESede"; + } else if (jceCipherName.startsWith("SEED")) { + return "SEED"; + } else if (jceCipherName.startsWith("Camellia")) { + return "Camellia"; + } + } + return null; + } + public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias, + String storeType) { + KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); + return loadCertificate(keyStore, alias); + } + public static Certificate loadCertificate(KeyStore keyStore, String alias) { + try { + if (alias == null) { + throw new SecurityException("No keystore alias was defined"); + } + if (!keyStore.containsAlias(alias)) { + throw new SecurityException("No alias exists in the keystore for: " + alias); + } + return keyStore.getCertificate(alias); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static String encodeCertificate(Certificate cert) { + try { + return Base64Utility.encode(cert.getEncoded()); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static Certificate decodeCertificate(String encodedCert) { + try { + byte[] decoded = Base64Utility.decode(encodedCert); + return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded)); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias, + String storeType) { + return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey(); + } + public static PublicKey loadPublicKey(KeyStore keyStore, String alias) { + return loadCertificate(keyStore, alias).getPublicKey(); + } + public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) { + try { + KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type); + ks.load(storeLocation, storePassword); + return ks; + } catch (Exception ex) { + throw new SecurityException(ex); + } + } + public static PrivateKey loadPrivateKey(InputStream storeLocation, + char[] storePassword, + char[] keyPassword, + String alias, + String storeType) { + KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType); + return loadPrivateKey(keyStore, keyPassword, alias); + } + + public static PrivateKey loadPrivateKey(KeyStore keyStore, + char[] keyPassword, + String alias) { + try { + if (alias == null) { + throw new SecurityException("No keystore alias was defined"); + } + if (!keyStore.containsAlias(alias)) { + throw new SecurityException("No alias exists in the keystore for: " + alias); + } + KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) + keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword)); + return pkEntry.getPrivateKey(); + } catch (Exception ex) { + throw new SecurityException(ex); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java new file mode 100644 index 0000000..bf50224 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/HmacUtils.java @@ -0,0 +1,145 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.crypto; + +import java.io.UnsupportedEncodingException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.spec.AlgorithmParameterSpec; + +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.Base64Utility; + +public final class HmacUtils { + + private HmacUtils() { + + } + + public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) { + return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data)); + } + + public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) { + byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data); + return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes); + } + + public static Mac getMac(String macAlgoJavaName) { + return getMac(macAlgoJavaName, (String)null); + } + + public static Mac getMac(String macAlgoJavaName, String provider) { + try { + return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException(e); + } catch (NoSuchProviderException e) { + throw new SecurityException(e); + } + } + + public static Mac getMac(String macAlgoJavaName, Provider provider) { + try { + return Mac.getInstance(macAlgoJavaName, provider); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException(e); + } + } + + public static byte[] computeHmac(String key, String macAlgoJavaName, String data) { + Mac mac = getMac(macAlgoJavaName); + return computeHmac(key, mac, data); + } + + public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) { + return computeHmac(key, macAlgoJavaName, null, data); + } + public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec, + String data) { + Mac mac = getMac(macAlgoJavaName); + return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data); + } + + public static byte[] computeHmac(String key, Mac hmac, String data) { + try { + return computeHmac(key.getBytes("UTF-8"), hmac, data); + } catch (UnsupportedEncodingException e) { + throw new SecurityException(e); + } + } + + public static byte[] computeHmac(byte[] key, Mac hmac, String data) { + SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm()); + return computeHmac(secretKey, hmac, data); + } + + public static byte[] computeHmac(Key secretKey, Mac hmac, String data) { + return computeHmac(secretKey, hmac, null, data); + } + + public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) { + initMac(hmac, secretKey, spec); + return hmac.doFinal(data.getBytes()); + } + + public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) { + Mac hmac = getMac(algo); + initMac(hmac, key, spec); + return hmac; + } + + private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) { + initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec); + + } + private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) { + try { + if (spec == null) { + hmac.init(secretKey); + } else { + hmac.init(secretKey, spec); + } + } catch (InvalidKeyException e) { + throw new SecurityException(e); + } catch (InvalidAlgorithmParameterException e) { + throw new SecurityException(e); + } + } + + public static String generateKey(String algo) { + try { + KeyGenerator keyGen = KeyGenerator.getInstance(algo); + return Base64Utility.encode(keyGen.generateKey().getEncoded()); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException(e); + } + } + + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java new file mode 100644 index 0000000..45ca188 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/KeyProperties.java @@ -0,0 +1,88 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.crypto; + +import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; + +public class KeyProperties { + private String keyAlgo; + private int keySize; + private int blockSize = -1; + private byte[] additionalData; + private SecureRandom secureRandom; + private AlgorithmParameterSpec algoSpec; + private boolean compressionSupported; + + public KeyProperties() { + } + + public KeyProperties(String keyAlgo) { + this(keyAlgo, -1); + } + public KeyProperties(String keyAlgo, int keySize) { + this.keyAlgo = keyAlgo; + this.keySize = keySize; + } + public String getKeyAlgo() { + return keyAlgo; + } + public void setKeyAlgo(String keyAlgo) { + this.keyAlgo = keyAlgo; + } + public int getKeySize() { + return keySize; + } + public void setKeySize(int keySize) { + this.keySize = keySize; + } + public SecureRandom getSecureRandom() { + return secureRandom; + } + public void setSecureRandom(SecureRandom secureRandom) { + this.secureRandom = secureRandom; + } + public AlgorithmParameterSpec getAlgoSpec() { + return algoSpec; + } + public void setAlgoSpec(AlgorithmParameterSpec algoSpec) { + this.algoSpec = algoSpec; + } + public int getBlockSize() { + return blockSize; + } + public void setBlockSize(int blockSize) { + this.blockSize = blockSize; + } + public boolean isCompressionSupported() { + return compressionSupported; + } + public void setCompressionSupported(boolean compressionSupported) { + this.compressionSupported = compressionSupported; + } + public byte[] getAdditionalData() { + return additionalData; + } + public void setAdditionalData(byte[] additionalData) { + this.additionalData = additionalData; + } + + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java new file mode 100644 index 0000000..1c18df2 --- /dev/null +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/crypto/MessageDigestUtils.java @@ -0,0 +1,69 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.crypto; + +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import org.apache.cxf.common.util.StringUtils; + +/** + * The utility Message Digest generator which can be used for generating + * random values + */ +public final class MessageDigestUtils { + + public static final String ALGO_SHA_1 = "SHA-1"; + public static final String ALGO_SHA_256 = "SHA-256"; + public static final String ALGO_MD5 = "MD5"; + + private MessageDigestUtils() { + + } + + public static String generate(byte[] input) { + return generate(input, ALGO_SHA_256); + } + + public static String generate(byte[] input, String algo) { + try { + byte[] messageDigest = createDigest(input, algo); + return StringUtils.toHexString(messageDigest); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException(e); + } + } + + public static byte[] createDigest(String input, String algo) { + try { + return createDigest(input.getBytes("UTF-8"), algo); + } catch (UnsupportedEncodingException e) { + throw new SecurityException(e); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException(e); + } + } + + public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException { + MessageDigest md = MessageDigest.getInstance(algo); + return md.digest(input); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b9e4fcf4/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java index ed78743..ce89320 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java @@ -26,7 +26,6 @@ import java.util.List; import java.util.Map; import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; @@ -36,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.saml.Constants; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; +import org.apache.cxf.rt.security.crypto.CryptoUtils; public class OAuthDataProviderImpl implements OAuthDataProvider {
