Introducing few more JWK related enums
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/106ffec4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/106ffec4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/106ffec4 Branch: refs/heads/3.0.x-fixes Commit: 106ffec44da536f4d505c912bff86ae137ce2ca8 Parents: bf04ea0 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Wed Jun 10 17:37:14 2015 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Wed Jun 10 17:39:33 2015 +0100 ---------------------------------------------------------------------- .../json/JsonMapObjectReaderWriter.java | 5 ++- .../cxf/rs/security/jose/JoseHeaders.java | 3 +- .../security/jose/jaxrs/KeyManagementUtils.java | 29 +++++++------ .../rs/security/jose/jwa/ContentAlgorithm.java | 3 ++ .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 3 ++ .../security/jose/jwa/SignatureAlgorithm.java | 3 ++ .../cxf/rs/security/jose/jwe/JweHeaders.java | 9 ++-- .../cxf/rs/security/jose/jwe/JweUtils.java | 29 ++++++++----- .../cxf/rs/security/jose/jwk/JsonWebKey.java | 45 ++++++++++++++------ .../cxf/rs/security/jose/jwk/JsonWebKeys.java | 27 +++++------- .../cxf/rs/security/jose/jwk/JwkUtils.java | 23 +++++----- .../cxf/rs/security/jose/jws/JwsHeaders.java | 15 +++++++ .../cxf/rs/security/jose/jws/JwsUtils.java | 33 +++++++------- .../jose/cookbook/JwkJoseCookBookTest.java | 18 ++++---- .../rs/security/jose/jwk/JsonWebKeyTest.java | 10 ++--- .../jose/jws/JwsCompactReaderWriterTest.java | 17 +++++--- 16 files changed, 165 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java index ca8741f..71fae6c 100644 --- a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java +++ b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java @@ -102,11 +102,12 @@ public class JsonMapObjectReaderWriter { } else if (Map.class.isAssignableFrom(value.getClass())) { toJsonInternal(out, (Map<String, Object>)value); } else { - if (value.getClass() == String.class) { + boolean stringOrEnum = value.getClass() == String.class || value.getClass().isEnum(); + if (stringOrEnum) { out.append("\""); } out.append(value.toString()); - if (value.getClass() == String.class) { + if (stringOrEnum) { out.append("\""); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java index a73e7b0..9f787b5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java @@ -59,7 +59,8 @@ public class JoseHeaders extends JsonMapObject { } public String getAlgorithm() { - return (String)getHeader(JoseConstants.HEADER_ALGORITHM); + Object prop = getHeader(JoseConstants.HEADER_ALGORITHM); + return prop == null ? null : prop.toString(); } public void setKeyId(String kid) { http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java index 4bbc43e..1a8b1e8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java @@ -49,7 +49,7 @@ import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.JoseException; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwk.KeyOperation; import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.security.SecurityContext; @@ -132,7 +132,7 @@ public final class KeyManagementUtils { Properties props, Bus bus, PrivateKeyPasswordProvider provider, - String keyOper, + KeyOperation keyOper, String alias) { String keyPswd = props.getProperty(RSSEC_KEY_PSWD); @@ -142,11 +142,11 @@ public final class KeyManagementUtils { return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, theAlias); } - public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String keyOper) { + public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, KeyOperation keyOper) { return loadPrivateKey(m, keyStoreLocProp, null, keyOper); } public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred, - String keyStoreLocPropDefault, String keyOper) { + String keyStoreLocPropDefault, KeyOperation keyOper) { String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault); Bus bus = m.getExchange().getBus(); try { @@ -157,13 +157,15 @@ public final class KeyManagementUtils { } } - public static String getKeyId(Message m, Properties props, String preferredPropertyName, String keyOper) { + public static String getKeyId(Message m, Properties props, + String preferredPropertyName, + KeyOperation keyOper) { String kid = null; String altPropertyName = null; if (keyOper != null) { - if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) || keyOper.equals(JsonWebKey.KEY_OPER_DECRYPT)) { + if (keyOper == KeyOperation.ENCRYPT || keyOper == KeyOperation.DECRYPT) { altPropertyName = preferredPropertyName + ".jwe"; - } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN) || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) { + } else if (keyOper == KeyOperation.SIGN || keyOper == KeyOperation.VERIFY) { altPropertyName = preferredPropertyName + ".jws"; } String direction = m.getExchange().getOutMessage() == m ? ".out" : ".in"; @@ -182,12 +184,12 @@ public final class KeyManagementUtils { } return kid; } - public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, String keyOper) { + public static PrivateKeyPasswordProvider loadPasswordProvider(Message m, Properties props, KeyOperation keyOper) { PrivateKeyPasswordProvider cb = (PrivateKeyPasswordProvider)m.getContextualProperty(RSSEC_KEY_PSWD_PROVIDER); if (cb == null && keyOper != null) { - String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? RSSEC_SIG_KEY_PSWD_PROVIDER - : keyOper.equals(JsonWebKey.KEY_OPER_DECRYPT) + String propName = keyOper == KeyOperation.SIGN ? RSSEC_SIG_KEY_PSWD_PROVIDER + : keyOper == KeyOperation.DECRYPT ? RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null; if (propName != null) { cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName); @@ -196,11 +198,11 @@ public final class KeyManagementUtils { return cb; } - public static PrivateKey loadPrivateKey(Message m, Properties props, String keyOper) { + public static PrivateKey loadPrivateKey(Message m, Properties props, KeyOperation keyOper) { KeyStore keyStore = loadPersistKeyStore(m, props); return loadPrivateKey(keyStore, m, props, keyOper, null); } - private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, String keyOper, + private static PrivateKey loadPrivateKey(KeyStore keyStore, Message m, Properties props, KeyOperation keyOper, String alias) { Bus bus = m.getExchange().getBus(); PrivateKeyPasswordProvider cb = loadPasswordProvider(m, props, keyOper); @@ -361,7 +363,8 @@ public final class KeyManagementUtils { return props; } public static PrivateKey loadPrivateKey(Message m, Properties props, - List<X509Certificate> inCerts, String keyOper) { + List<X509Certificate> inCerts, + KeyOperation keyOper) { KeyStore ks = loadPersistKeyStore(m, props); try { http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java index 5f9e158..1a8b9bc 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java @@ -59,6 +59,9 @@ public enum ContentAlgorithm { } public static ContentAlgorithm getAlgorithm(String algo) { + if (algo == null) { + return null; + } return ContentAlgorithm.valueOf(algo.replace('-', '_') .replace('+', '_')); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java index d5b03fb..6fe6bf4 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java @@ -65,6 +65,9 @@ public enum KeyAlgorithm { return keySizeBits; } public static KeyAlgorithm getAlgorithm(String algo) { + if (algo == null) { + return null; + } return KeyAlgorithm.valueOf(algo.replace('-', '_') .replace('+', '_')); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java index 79f41a5..1e88df0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java @@ -69,6 +69,9 @@ public enum SignatureAlgorithm { } public static SignatureAlgorithm getAlgorithm(String algo) { + if (algo == null) { + return null; + } return SignatureAlgorithm.valueOf(algo.replace('-', '_') .replace('+', '_')); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java index b0bd902..51ca4d7 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java @@ -77,8 +77,7 @@ public class JweHeaders extends JoseHeaders { return super.getAlgorithm(); } public KeyAlgorithm getKeyEncryptionAlgorithmEnum() { - String algo = getKeyEncryptionAlgorithm(); - return algo == null ? null : KeyAlgorithm.getAlgorithm(algo); + return KeyAlgorithm.getAlgorithm(getKeyEncryptionAlgorithm()); } public void setContentEncryptionAlgorithm(String type) { @@ -90,11 +89,11 @@ public class JweHeaders extends JoseHeaders { } public String getContentEncryptionAlgorithm() { - return (String)getHeader(JoseConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM); + Object prop = getHeader(JoseConstants.JWE_HEADER_CONTENT_ENC_ALGORITHM); + return prop == null ? null : prop.toString(); } public ContentAlgorithm getContentEncryptionAlgorithmEnum() { - String algo = getContentEncryptionAlgorithm(); - return algo == null ? null : ContentAlgorithm.getAlgorithm(algo); + return ContentAlgorithm.getAlgorithm(getContentEncryptionAlgorithm()); } public void setZipAlgorithm(String type) { setHeader(JoseConstants.JWE_HEADER_ZIP_ALGORITHM, type); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 1c2c9d6..a6b4b1f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -48,6 +48,8 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rs.security.jose.jwk.KeyOperation; +import org.apache.cxf.rs.security.jose.jwk.KeyType; import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class JweUtils { @@ -127,10 +129,11 @@ public final class JweUtils { public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) { String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); KeyEncryptionProvider keyEncryptionProvider = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.RSA == keyType) { keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), keyEncryptionAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + } else if (KeyType.OCTET == keyType) { keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), keyEncryptionAlgo); } else { @@ -158,10 +161,11 @@ public final class JweUtils { public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); KeyDecryptionAlgorithm keyDecryptionProvider = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.RSA == keyType) { keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk), keyEncryptionAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + } else if (KeyType.OCTET == keyType) { keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jwk), keyEncryptionAlgo); } else { @@ -191,7 +195,8 @@ public final class JweUtils { public static ContentEncryptionProvider getContentEncryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); ContentEncryptionProvider contentEncryptionProvider = null; - if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.OCTET == keyType) { return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), ctEncryptionAlgo); } @@ -220,7 +225,8 @@ public final class JweUtils { } public static SecretKey getContentDecryptionSecretKey(JsonWebKey jwk, String defaultAlgorithm) { String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) && AlgorithmUtils.isAesGcm(ctEncryptionAlgo)) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.RSA == keyType && AlgorithmUtils.isAesGcm(ctEncryptionAlgo)) { return JwkUtils.toSecretKey(jwk); } return null; @@ -276,7 +282,7 @@ public final class JweUtils { String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null); ContentEncryptionProvider ctEncryptionProvider = null; if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT); + JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT); keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); if ("direct".equals(keyEncryptionAlgo)) { @@ -325,13 +331,13 @@ public final class JweUtils { List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); PrivateKey privateKey = - KeyManagementUtils.loadPrivateKey(m, props, chain, JsonWebKey.KEY_OPER_DECRYPT); + KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT); contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm(); keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(privateKey, inHeaders.getKeyEncryptionAlgorithm()); } else { if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_DECRYPT); + JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT); keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); if ("direct".equals(keyEncryptionAlgo)) { @@ -342,7 +348,7 @@ public final class JweUtils { } } else { keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm( - KeyManagementUtils.loadPrivateKey(m, props, JsonWebKey.KEY_OPER_DECRYPT), keyEncryptionAlgo); + KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), keyEncryptionAlgo); } } return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo); @@ -573,7 +579,8 @@ public final class JweUtils { return algo; } private static String getDefaultKeyAlgo(JsonWebKey jwk) { - if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.OCTET == keyType) { return AlgorithmUtils.A128GCMKW_ALGO; } else { return AlgorithmUtils.RSA_OAEP_ALGO; http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java index 4252add..a5479d0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.jose.jwk; +import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -67,6 +68,10 @@ public class JsonWebKey extends JsonMapObject { public static final String KEY_OPER_VERIFY = "verify"; public static final String KEY_OPER_ENCRYPT = "encrypt"; public static final String KEY_OPER_DECRYPT = "decrypt"; + public static final String KEY_OPER_WRAP_KEY = "wrapKey"; + public static final String KEY_OPER_UNWRAP_KEY = "unwrapKey"; + public static final String KEY_OPER_DERIVE_KEY = "deriveKey"; + public static final String KEY_OPER_DERIVE_BITS = "deriveBits"; public JsonWebKey() { @@ -76,28 +81,42 @@ public class JsonWebKey extends JsonMapObject { super(values); } - public void setKeyType(String keyType) { - setProperty(KEY_TYPE, keyType); + public void setKeyType(KeyType keyType) { + setProperty(KEY_TYPE, keyType.toString()); } - - public String getKeyType() { - return (String)getProperty(KEY_TYPE); + + public KeyType getKeyType() { + Object prop = getProperty(KEY_TYPE); + return prop == null ? null : KeyType.getKeyType(prop.toString()); } - public void setPublicKeyUse(String use) { - setProperty(PUBLIC_KEY_USE, use); + public void setPublicKeyUse(PublicKeyUse use) { + setProperty(PUBLIC_KEY_USE, use.toString()); } - public String getPublicKeyUse() { - return (String)getProperty(PUBLIC_KEY_USE); + public PublicKeyUse getPublicKeyUse() { + Object prop = getProperty(PUBLIC_KEY_USE); + return prop == null ? null : PublicKeyUse.getPublicKeyUse(prop.toString()); } - public void setKeyOperation(List<String> keyOperation) { - setProperty(KEY_OPERATIONS, keyOperation); + public void setKeyOperation(List<KeyOperation> keyOperation) { + List<String> ops = new ArrayList<String>(keyOperation.size()); + for (KeyOperation op : keyOperation) { + ops.add(op.toString()); + } + setProperty(KEY_OPERATIONS, ops); } - public List<String> getKeyOperation() { - return CastUtils.cast((List<?>)getProperty(KEY_OPERATIONS)); + public List<KeyOperation> getKeyOperation() { + List<Object> ops = CastUtils.cast((List<?>)getProperty(KEY_OPERATIONS)); + if (ops == null) { + return null; + } + List<KeyOperation> keyOps = new ArrayList<KeyOperation>(ops.size()); + for (Object op : ops) { + keyOps.add(KeyOperation.getKeyOperation(op.toString())); + } + return keyOps; } public void setAlgorithm(String algorithm) { http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java index e7410ae..1ca3ca8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java @@ -70,41 +70,36 @@ public class JsonWebKeys extends JsonMapObject { public JsonWebKey getKey(String kid) { return getKeyIdMap().get(kid); } - public Map<String, List<JsonWebKey>> getKeyTypeMap() { - return getKeyPropertyMap(JsonWebKey.KEY_TYPE); - } - public Map<String, List<JsonWebKey>> getKeyUseMap() { - return getKeyPropertyMap(JsonWebKey.PUBLIC_KEY_USE); - } - private Map<String, List<JsonWebKey>> getKeyPropertyMap(String propertyName) { + public Map<KeyType, List<JsonWebKey>> getKeyTypeMap() { List<JsonWebKey> keys = getKeys(); if (keys == null) { return Collections.emptyMap(); } - Map<String, List<JsonWebKey>> map = new LinkedHashMap<String, List<JsonWebKey>>(); + Map<KeyType, List<JsonWebKey>> map = new LinkedHashMap<KeyType, List<JsonWebKey>>(); for (JsonWebKey key : keys) { - String propValue = (String)key.getProperty(propertyName); - if (propValue != null) { - List<JsonWebKey> list = map.get(propValue); + KeyType type = key.getKeyType(); + if (type != null) { + List<JsonWebKey> list = map.get(type); if (list == null) { list = new LinkedList<JsonWebKey>(); - map.put(propValue, list); + map.put(type, list); } list.add(key); } } return map; } - public Map<String, List<JsonWebKey>> getKeyOperationMap() { + + public Map<KeyOperation, List<JsonWebKey>> getKeyOperationMap() { List<JsonWebKey> keys = getKeys(); if (keys == null) { return Collections.emptyMap(); } - Map<String, List<JsonWebKey>> map = new LinkedHashMap<String, List<JsonWebKey>>(); + Map<KeyOperation, List<JsonWebKey>> map = new LinkedHashMap<KeyOperation, List<JsonWebKey>>(); for (JsonWebKey key : keys) { - List<String> ops = key.getKeyOperation(); + List<KeyOperation> ops = key.getKeyOperation(); if (ops != null) { - for (String op : ops) { + for (KeyOperation op : ops) { List<JsonWebKey> list = map.get(op); if (list == null) { list = new LinkedList<JsonWebKey>(); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 3544779..511bf9b 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -262,13 +262,13 @@ public final class JwkUtils { return keys; } } - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper) { + public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper) { return loadJsonWebKey(m, props, keyOper, null); } - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, String inHeaderKid) { + public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid) { return loadJsonWebKey(m, props, keyOper, inHeaderKid, new DefaultJwkReaderWriter()); } - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, String inHeaderKid, + public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid, JwkReaderWriter reader) { PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper); JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); @@ -282,18 +282,19 @@ public final class JwkUtils { if (kid != null) { return jwkSet.getKey(kid); } else if (keyOper != null) { - List<JsonWebKey> keys = jwkSet.getKeyUseMap().get(keyOper); + List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper); if (keys != null && keys.size() == 1) { return keys.get(0); } } return null; } - public static List<JsonWebKey> loadJsonWebKeys(Message m, Properties props, String keyOper) { + public static List<JsonWebKey> loadJsonWebKeys(Message m, Properties props, KeyOperation keyOper) { return loadJsonWebKeys(m, props, keyOper, new DefaultJwkReaderWriter()); } - public static List<JsonWebKey> loadJsonWebKeys(Message m, Properties props, String keyOper, + public static List<JsonWebKey> loadJsonWebKeys(Message m, Properties props, + KeyOperation keyOper, JwkReaderWriter reader) { PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper); JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); @@ -311,7 +312,7 @@ public final class JwkUtils { return keys; } if (keyOper != null) { - List<JsonWebKey> keys = jwkSet.getKeyUseMap().get(keyOper); + List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper); if (keys != null && keys.size() == 1) { return Collections.singletonList(keys.get(0)); } @@ -338,7 +339,7 @@ public final class JwkUtils { } public static JsonWebKey fromECPublicKey(ECPublicKey pk, String curve) { JsonWebKey jwk = new JsonWebKey(); - jwk.setKeyType(JsonWebKey.KEY_TYPE_ELLIPTIC); + jwk.setKeyType(KeyType.EC); jwk.setProperty(JsonWebKey.EC_CURVE, curve); jwk.setProperty(JsonWebKey.EC_X_COORDINATE, Base64UrlUtility.encode(pk.getW().getAffineX().toByteArray())); @@ -348,7 +349,7 @@ public final class JwkUtils { } public static JsonWebKey fromECPrivateKey(ECPrivateKey pk, String curve) { JsonWebKey jwk = new JsonWebKey(); - jwk.setKeyType(JsonWebKey.KEY_TYPE_ELLIPTIC); + jwk.setKeyType(KeyType.EC); jwk.setProperty(JsonWebKey.EC_CURVE, curve); jwk.setProperty(JsonWebKey.EC_PRIVATE_KEY, Base64UrlUtility.encode(pk.getS().toByteArray())); @@ -431,7 +432,7 @@ public final class JwkUtils { throw new SecurityException("Invalid algorithm"); } JsonWebKey jwk = new JsonWebKey(); - jwk.setKeyType(JsonWebKey.KEY_TYPE_OCTET); + jwk.setKeyType(KeyType.OCTET); jwk.setAlgorithm(algo); String encodedSecretKey = Base64UrlUtility.encode(secretKey.getEncoded()); jwk.setProperty(JsonWebKey.OCTET_KEY_VALUE, encodedSecretKey); @@ -453,7 +454,7 @@ public final class JwkUtils { throw new SecurityException("Invalid algorithm"); } JsonWebKey jwk = new JsonWebKey(); - jwk.setKeyType(JsonWebKey.KEY_TYPE_RSA); + jwk.setKeyType(KeyType.RSA); jwk.setAlgorithm(algo); String encodedModulus = Base64UrlUtility.encode(modulus.toByteArray()); jwk.setProperty(JsonWebKey.RSA_MODULUS, encodedModulus); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java index 8d56763..2477f1a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.Map; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class JwsHeaders extends JoseHeaders { public JwsHeaders() { @@ -40,4 +41,18 @@ public class JwsHeaders extends JoseHeaders { setAlgorithm(sigAlgo); } + public void setSignatureAlgorithm(String type) { + setAlgorithm(type); + } + + public void setSignatureAlgorithm(SignatureAlgorithm algo) { + this.setSignatureAlgorithm(algo.getJwaName()); + } + + public String getSignatureAlgorithm() { + return super.getAlgorithm(); + } + public SignatureAlgorithm getSignatureAlgorithmEnum() { + return SignatureAlgorithm.getAlgorithm(getSignatureAlgorithm()); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 0b8f1ca..e2cac2f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -47,6 +47,8 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rs.security.jose.jwk.KeyOperation; +import org.apache.cxf.rs.security.jose.jwk.KeyType; public final class JwsUtils { private static final Logger LOG = LogUtils.getL7dLogger(JwsUtils.class); @@ -87,15 +89,14 @@ public final class JwsUtils { public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) { String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); JwsSignatureProvider theSigProvider = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.RSA == keyType) { theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk), signatureAlgo); - - - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + } else if (KeyType.OCTET == keyType) { byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); theSigProvider = getHmacSignatureProvider(key, signatureAlgo); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { + } else if (KeyType.EC == jwk.getKeyType()) { theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk), signatureAlgo); } @@ -130,12 +131,13 @@ public final class JwsUtils { public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) { String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); JwsSignatureVerifier theVerifier = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.RSA == keyType) { theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), signatureAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + } else if (KeyType.OCTET == keyType) { byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); theVerifier = getHmacSignatureVerifier(key, signatureAlgo); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { + } else if (KeyType.EC == keyType) { theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo); } return theVerifier; @@ -212,7 +214,7 @@ public final class JwsUtils { } List<JwsSignatureProvider> theSigProviders = null; if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, JsonWebKey.KEY_OPER_SIGN); + List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN); if (jwks != null) { theSigProviders = new ArrayList<JwsSignatureProvider>(jwks.size()); for (JsonWebKey jwk : jwks) { @@ -235,7 +237,7 @@ public final class JwsUtils { } List<JwsSignatureVerifier> theVerifiers = null; if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, JsonWebKey.KEY_OPER_VERIFY); + List<JsonWebKey> jwks = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.VERIFY); if (jwks != null) { theVerifiers = new ArrayList<JwsSignatureVerifier>(jwks.size()); for (JsonWebKey jwk : jwks) { @@ -267,7 +269,7 @@ public final class JwsUtils { MessageUtils.getContextualProperty(m, RSSEC_REPORT_KEY_ID_PROP, KeyManagementUtils.RSSEC_REPORT_KEY_ID_PROP)); if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN); + JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo); @@ -277,7 +279,7 @@ public final class JwsUtils { } } else { String signatureAlgo = getSignatureAlgo(m, props, null, null); - PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, JsonWebKey.KEY_OPER_SIGN); + PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN); theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo); if (reportPublicKey) { headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props)); @@ -313,7 +315,7 @@ public final class JwsUtils { } if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { - JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY, inHeaderKid); + JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); theVerifier = getSignatureVerifier(jwk, signatureAlgo); @@ -348,9 +350,10 @@ public final class JwsUtils { return algo; } private static String getDefaultKeyAlgo(JsonWebKey jwk) { - if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { + KeyType keyType = jwk.getKeyType(); + if (KeyType.OCTET == keyType) { return AlgorithmUtils.HMAC_SHA_256_ALGO; - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { + } else if (KeyType.EC == keyType) { return AlgorithmUtils.ES_SHA_256_ALGO; } else { return AlgorithmUtils.RS_SHA_256_ALGO; http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java index 223e68c..b9cb8bf 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java @@ -27,6 +27,8 @@ import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rs.security.jose.jwk.KeyType; +import org.apache.cxf.rs.security.jose.jwk.PublicKeyUse; import org.junit.Assert; import org.junit.Test; @@ -97,13 +99,13 @@ public class JwkJoseCookBookTest extends Assert { @Test public void testPublicSetAsMap() throws Exception { JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt"); - Map<String, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap(); + Map<KeyType, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap(); assertEquals(2, keysMap.size()); - List<JsonWebKey> rsaKeys = keysMap.get("RSA"); + List<JsonWebKey> rsaKeys = keysMap.get(KeyType.RSA); assertEquals(1, rsaKeys.size()); assertEquals(5, rsaKeys.get(0).asMap().size()); validatePublicRsaKey(rsaKeys.get(0)); - List<JsonWebKey> ecKeys = keysMap.get("EC"); + List<JsonWebKey> ecKeys = keysMap.get(KeyType.EC); assertEquals(1, ecKeys.size()); assertEquals(6, ecKeys.get(0).asMap().size()); validatePublicEcKey(ecKeys.get(0)); @@ -138,20 +140,20 @@ public class JwkJoseCookBookTest extends Assert { private void validateSecretSignKey(JsonWebKey key) { assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(SIGN_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); + assertEquals(KeyType.OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } private void validateSecretEncKey(JsonWebKey key) { assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(ENCRYPTION_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); + assertEquals(KeyType.OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm()); } private void validatePublicRsaKey(JsonWebKey key) { assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertEquals(RSA_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); + assertEquals(KeyType.RSA, key.getKeyType()); } private void validatePrivateRsaKey(JsonWebKey key) { validatePublicRsaKey(key); @@ -166,9 +168,9 @@ public class JwkJoseCookBookTest extends Assert { assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); assertEquals(EC_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); + assertEquals(KeyType.EC, key.getKeyType()); assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); - assertEquals(JsonWebKey.PUBLIC_KEY_USE_SIGN, key.getPublicKeyUse()); + assertEquals(PublicKeyUse.SIGN, key.getPublicKeyUse()); } private void validatePrivateEcKey(JsonWebKey key) { validatePublicEcKey(key); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java index f33ecbb..8ecabd7 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java @@ -183,13 +183,13 @@ public class JsonWebKeyTest extends Assert { private void validateSecretAesKey(JsonWebKey key) { assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(AES_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); + assertEquals(KeyType.OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm()); } private void validateSecretHmacKey(JsonWebKey key) { assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(HMAC_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); + assertEquals(KeyType.OCTET, key.getKeyType()); assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } @@ -197,7 +197,7 @@ public class JsonWebKeyTest extends Assert { assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertEquals(RSA_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); + assertEquals(KeyType.RSA, key.getKeyType()); assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm()); } private void validatePrivateRsaKey(JsonWebKey key) { @@ -213,9 +213,9 @@ public class JsonWebKeyTest extends Assert { assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); assertEquals(EC_KID_VALUE, key.getKeyId()); - assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); + assertEquals(KeyType.EC, key.getKeyType()); assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); - assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse()); + assertEquals(PublicKeyUse.ENCRYPT, key.getPublicKeyUse()); } private void validatePrivateEcKey(JsonWebKey key) { validatePublicEcKey(key); http://git-wip-us.apache.org/repos/asf/cxf/blob/106ffec4/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index 8f65be7..c215e56 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -33,11 +33,14 @@ import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwk.KeyOperation; +import org.apache.cxf.rs.security.jose.jwk.KeyType; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; + import org.junit.Assert; import org.junit.Test; @@ -142,9 +145,9 @@ public class JwsCompactReaderWriterTest extends Assert { @Test public void testWriteJwsWithJwkSignedByMac() throws Exception { JsonWebKey key = new JsonWebKey(); - key.setKeyType(JsonWebKey.KEY_TYPE_OCTET); + key.setKeyType(KeyType.OCTET); key.setKeyOperation(Arrays.asList( - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY})); + new KeyOperation[]{KeyOperation.SIGN, KeyOperation.VERIFY})); doTestWriteJwsWithJwkSignedByMac(key); } @@ -153,7 +156,7 @@ public class JwsCompactReaderWriterTest extends Assert { Map<String, Object> map = new LinkedHashMap<String, Object>(); map.put(JsonWebKey.KEY_TYPE, JsonWebKey.KEY_TYPE_OCTET); map.put(JsonWebKey.KEY_OPERATIONS, - new String[]{JsonWebKey.KEY_OPER_SIGN, JsonWebKey.KEY_OPER_VERIFY}); + new KeyOperation[]{KeyOperation.SIGN, KeyOperation.VERIFY}); doTestWriteJwsWithJwkSignedByMac(map); } @@ -186,11 +189,11 @@ public class JwsCompactReaderWriterTest extends Assert { assertEquals(SignatureAlgorithm.HS256.getJwaName(), headers.getAlgorithm()); JsonWebKey key = headers.getJsonWebKey(); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - List<String> keyOps = key.getKeyOperation(); + assertEquals(KeyType.OCTET, key.getKeyType()); + List<KeyOperation> keyOps = key.getKeyOperation(); assertEquals(2, keyOps.size()); - assertEquals(JsonWebKey.KEY_OPER_SIGN, keyOps.get(0)); - assertEquals(JsonWebKey.KEY_OPER_VERIFY, keyOps.get(1)); + assertEquals(KeyOperation.SIGN, keyOps.get(0)); + assertEquals(KeyOperation.VERIFY, keyOps.get(1)); validateSpecClaim(token.getClaims()); }