Updating Jose utils to use enums were possible
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e92477bc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e92477bc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e92477bc Branch: refs/heads/master Commit: e92477bc8d0a0a00eb5afca6fb5ee5a85718672b Parents: e545379 Author: Sergey Beryozkin <[email protected]> Authored: Mon Jul 6 21:36:12 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Mon Jul 6 21:36:12 2015 +0100 ---------------------------------------------------------------------- .../jose/jwe/JweJwtCompactConsumer.java | 10 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 169 ++++++++++--------- .../cxf/rs/security/jose/jwk/JwkUtils.java | 33 ++-- .../security/jose/jws/JwsCompactConsumer.java | 9 +- .../security/jose/jws/JwsCompactProducer.java | 10 +- .../rs/security/jose/jws/JwsJsonConsumer.java | 7 +- .../rs/security/jose/jws/JwsJsonProducer.java | 5 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 77 +++++---- .../jose/cookbook/JwsJoseCookBookTest.java | 72 ++++---- .../security/jose/jwe/JweJsonConsumerTest.java | 29 ++-- .../security/jose/jwe/JweJsonProducerTest.java | 10 +- .../grants/code/JwtRequestCodeFilter.java | 9 +- .../oauth2/grants/code/JwtRequestCodeGrant.java | 7 +- .../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 11 +- .../oidc/idp/AbstractJwsJweProducer.java | 12 +- 15 files changed, 260 insertions(+), 210 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java index 09e491b..d7a76b9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java @@ -36,17 +36,17 @@ public class JweJwtCompactConsumer { } public JwtToken decryptWith(JsonWebKey key) { return decryptWith(JweUtils.createJweDecryptionProvider(key, - headers.getContentEncryptionAlgorithm().getJwaName())); + headers.getContentEncryptionAlgorithm())); } public JwtToken decryptWith(RSAPrivateKey key) { return decryptWith(JweUtils.createJweDecryptionProvider(key, - headers.getKeyEncryptionAlgorithm().getJwaName(), - headers.getContentEncryptionAlgorithm().getJwaName())); + headers.getKeyEncryptionAlgorithm(), + headers.getContentEncryptionAlgorithm())); } public JwtToken decryptWith(SecretKey key) { return decryptWith(JweUtils.createJweDecryptionProvider(key, - headers.getKeyEncryptionAlgorithm().getJwaName(), - headers.getContentEncryptionAlgorithm().getJwaName())); + headers.getKeyEncryptionAlgorithm(), + headers.getContentEncryptionAlgorithm())); } public JwtToken decryptWith(JweDecryptionProvider jwe) { byte[] bytes = jwe.decrypt(jweConsumer.getJweDecryptionInput()); http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index c0b7317..bac9ba7 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -66,17 +66,21 @@ public final class JweUtils { private JweUtils() { } - public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content) { + public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, + byte[] content) { return encrypt(key, keyAlgo, contentAlgo, content, null); } - public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) { + public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo, + ContentAlgorithm contentAlgo, byte[] content, String ct) { KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); } - public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content) { + public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, + byte[] content) { return encrypt(key, keyAlgo, contentAlgo, content, null); } - public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) { + public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, + byte[] content, String ct) { if (keyAlgo != null) { KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); @@ -84,14 +88,14 @@ public final class JweUtils { return encryptDirect(key, contentAlgo, content, ct); } } - public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) { + public static String encrypt(JsonWebKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) { KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); return encrypt(keyEncryptionProvider, contentAlgo, content, ct); } - public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) { + public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content) { return encryptDirect(key, contentAlgo, content, null); } - public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content, String ct) { + public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) { JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo); return jwe.encrypt(content, toJweHeaders(ct)); } @@ -99,11 +103,11 @@ public final class JweUtils { JweEncryptionProvider jwe = getDirectKeyJweEncryption(key); return jwe.encrypt(content, toJweHeaders(ct)); } - public static byte[] decrypt(PrivateKey key, String keyAlgo, String contentAlgo, String content) { + public static byte[] decrypt(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) { KeyDecryptionAlgorithm keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(key, keyAlgo); return decrypt(keyDecryptionProvider, contentAlgo, content); } - public static byte[] decrypt(SecretKey key, String keyAlgo, String contentAlgo, String content) { + public static byte[] decrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) { if (keyAlgo != null) { KeyDecryptionAlgorithm keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(key, keyAlgo); return decrypt(keyDecryptionProvider, contentAlgo, content); @@ -111,11 +115,11 @@ public final class JweUtils { return decryptDirect(key, contentAlgo, content); } } - public static byte[] decrypt(JsonWebKey key, String contentAlgo, String content) { + public static byte[] decrypt(JsonWebKey key, ContentAlgorithm contentAlgo, String content) { KeyDecryptionAlgorithm keyDecryptionProvider = getKeyDecryptionAlgorithm(key); return decrypt(keyDecryptionProvider, contentAlgo, content); } - public static byte[] decryptDirect(SecretKey key, String contentAlgo, String content) { + public static byte[] decryptDirect(SecretKey key, ContentAlgorithm contentAlgo, String content) { JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo); return jwe.decrypt(content).getContent(); } @@ -126,31 +130,32 @@ public final class JweUtils { public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk) { return getKeyEncryptionProvider(jwk, null); } - public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) { - String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); + public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) { + KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm + : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()); KeyEncryptionProvider keyEncryptionProvider = null; KeyType keyType = jwk.getKeyType(); if (KeyType.RSA == keyType) { keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), - keyEncryptionAlgo); + keyAlgo); } else if (KeyType.OCTET == keyType) { keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), - keyEncryptionAlgo); + keyAlgo); } else { keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk), jwk.getStringProperty(JsonWebKey.EC_CURVE), - KeyAlgorithm.getAlgorithm(keyEncryptionAlgo)); + keyAlgo); } return keyEncryptionProvider; } - public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, String algo) { - return new RSAKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); + public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, KeyAlgorithm algo) { + return new RSAKeyEncryptionAlgorithm(key, algo); } - public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) { - if (AlgorithmUtils.isAesKeyWrap(algo)) { - return new AesWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); - } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) { - return new AesGcmWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); + public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm algo) { + if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) { + return new AesWrapKeyEncryptionAlgorithm(key, algo); + } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) { + return new AesGcmWrapKeyEncryptionAlgorithm(key, algo); } return null; } @@ -158,34 +163,35 @@ public final class JweUtils { return getKeyDecryptionAlgorithm(jwk, null); } - public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) { - String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); + public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) { + KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm + : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()); KeyDecryptionAlgorithm keyDecryptionProvider = null; KeyType keyType = jwk.getKeyType(); if (KeyType.RSA == keyType) { keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk), - keyEncryptionAlgo); + keyAlgo); } else if (KeyType.OCTET == keyType) { keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jwk), - keyEncryptionAlgo); + keyAlgo); } else { keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toECPrivateKey(jwk), - keyEncryptionAlgo); + keyAlgo); } return keyDecryptionProvider; } - public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, String algo) { + public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, KeyAlgorithm algo) { if (key instanceof RSAPrivateKey) { - return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, KeyAlgorithm.getAlgorithm(algo)); + return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, algo); } else { - return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, KeyAlgorithm.getAlgorithm(algo)); + return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, algo); } } - public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) { - if (AlgorithmUtils.isAesKeyWrap(algo)) { - return new AesWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); - } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) { - return new AesGcmWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo)); + public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, KeyAlgorithm algo) { + if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) { + return new AesWrapKeyDecryptionAlgorithm(key, algo); + } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) { + return new AesGcmWrapKeyDecryptionAlgorithm(key, algo); } return null; } @@ -198,13 +204,14 @@ public final class JweUtils { KeyType keyType = jwk.getKeyType(); if (KeyType.OCTET == keyType) { return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), - ctEncryptionAlgo); + getContentAlgo(ctEncryptionAlgo)); } return contentEncryptionProvider; } - public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, String algorithm) { - if (AlgorithmUtils.isAesGcm(algorithm)) { - return new AesGcmContentEncryptionAlgorithm(key, null, getContentAlgo(algorithm)); + public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, + ContentAlgorithm algorithm) { + if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { + return new AesGcmContentEncryptionAlgorithm(key, null, algorithm); } return null; } @@ -214,9 +221,9 @@ public final class JweUtils { } return null; } - public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm) { - if (AlgorithmUtils.isAesGcm(algorithm)) { - return new AesGcmContentDecryptionAlgorithm(getContentAlgo(algorithm)); + public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(ContentAlgorithm algorithm) { + if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { + return new AesGcmContentDecryptionAlgorithm(algorithm); } return null; } @@ -235,23 +242,24 @@ public final class JweUtils { return ContentAlgorithm.getAlgorithm(algo); } public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) { - return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), key.getAlgorithm()); + return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), + getContentAlgo(key.getAlgorithm())); } - public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) { - if (AlgorithmUtils.isAesCbcHmac(algorithm)) { - return new AesCbcHmacJweEncryption(getContentAlgo(algorithm), key.getEncoded(), + public static JweEncryption getDirectKeyJweEncryption(SecretKey key, ContentAlgorithm algo) { + if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) { + return new AesCbcHmacJweEncryption(algo, key.getEncoded(), null, new DirectKeyEncryptionAlgorithm()); } else { return new JweEncryption(new DirectKeyEncryptionAlgorithm(), - getContentEncryptionAlgorithm(key, algorithm)); + getContentEncryptionAlgorithm(key, algo)); } } public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) { - return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), key.getAlgorithm()); + return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } - public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) { - if (AlgorithmUtils.isAesCbcHmac(algorithm)) { - return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm)); + public static JweDecryption getDirectKeyJweDecryption(SecretKey key, ContentAlgorithm algorithm) { + if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) { + return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm); } else { return new JweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentDecryptionAlgorithm(algorithm)); @@ -279,6 +287,7 @@ public final class JweUtils { KeyEncryptionProvider keyEncryptionProvider = null; String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null); + KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo); String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null); ContentEncryptionProvider ctEncryptionProvider = null; if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { @@ -289,7 +298,7 @@ public final class JweUtils { } else { keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); - keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo); + keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo); if (reportPublicKey || reportPublicKeyId) { JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo, reportPublicKey, reportPublicKeyId); @@ -298,7 +307,7 @@ public final class JweUtils { } else { keyEncryptionProvider = getRSAKeyEncryptionProvider( (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props), - keyEncryptionAlgo); + keyAlgo); if (reportPublicKey) { headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props)); } @@ -334,7 +343,7 @@ public final class JweUtils { KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT); contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName(); keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(privateKey, - inHeaders.getKeyEncryptionAlgorithm().getJwaName()); + inHeaders.getKeyEncryptionAlgorithm()); } else { if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT); @@ -344,41 +353,44 @@ public final class JweUtils { } else { keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); - keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo); + keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, + KeyAlgorithm.getAlgorithm(keyEncryptionAlgo)); } } else { keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm( - KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), keyEncryptionAlgo); + KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), + KeyAlgorithm.getAlgorithm(keyEncryptionAlgo)); } } - return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo); + return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, + getContentAlgo(contentEncryptionAlgo)); } public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, - String keyAlgo, - String contentEncryptionAlgo, + KeyAlgorithm keyAlgo, + ContentAlgorithm contentEncryptionAlgo, String compression) { KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) { KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, - headers.getKeyEncryptionAlgorithm().getJwaName()); + headers.getKeyEncryptionAlgorithm()); return createJweEncryptionProvider(keyEncryptionProvider, headers); } public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, - String keyAlgo, - String contentEncryptionAlgo, + KeyAlgorithm keyAlgo, + ContentAlgorithm contentEncryptionAlgo, String compression) { KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) { KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, - headers.getKeyEncryptionAlgorithm().getJwaName()); + headers.getKeyEncryptionAlgorithm()); return createJweEncryptionProvider(keyEncryptionProvider, headers); } public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, - String contentEncryptionAlgo, + ContentAlgorithm contentEncryptionAlgo, String compression) { KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); @@ -388,11 +400,11 @@ public final class JweUtils { return createJweEncryptionProvider(keyEncryptionProvider, headers); } public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, - String contentEncryptionAlgo, + ContentAlgorithm contentEncryptionAlgo, String compression) { JweHeaders headers = prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null, - contentEncryptionAlgo, compression); + contentEncryptionAlgo.getJwaName(), compression); return createJweEncryptionProvider(keyEncryptionProvider, headers); } public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, @@ -406,23 +418,23 @@ public final class JweUtils { } } public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey key, - String keyAlgo, - String contentDecryptionAlgo) { + KeyAlgorithm keyAlgo, + ContentAlgorithm contentDecryptionAlgo) { return createJweDecryptionProvider(getPrivateKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo); } public static JweDecryptionProvider createJweDecryptionProvider(SecretKey key, - String keyAlgo, - String contentDecryptionAlgo) { + KeyAlgorithm keyAlgo, + ContentAlgorithm contentDecryptionAlgo) { return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo); } public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey key, - String contentDecryptionAlgo) { + ContentAlgorithm contentDecryptionAlgo) { return createJweDecryptionProvider(getKeyDecryptionAlgorithm(key), contentDecryptionAlgo); } public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider, - String contentDecryptionAlgo) { - if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo)) { - return new AesCbcHmacJweDecryption(keyDecryptionProvider, getContentAlgo(contentDecryptionAlgo)); + ContentAlgorithm contentDecryptionAlgo) { + if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo.getJwaName())) { + return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo); } else { return new JweDecryption(keyDecryptionProvider, getContentDecryptionAlgorithm(contentDecryptionAlgo)); @@ -556,7 +568,7 @@ public final class JweUtils { } private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider, SecretKey ctDecryptionKey, - String contentDecryptionAlgo) { + ContentAlgorithm contentDecryptionAlgo) { if (keyDecryptionProvider == null && ctDecryptionKey == null) { LOG.warning("Key or content encryptor is not available"); throw new JweException(JweException.Error.NO_ENCRYPTOR); @@ -594,11 +606,12 @@ public final class JweUtils { return algo; } private static String encrypt(KeyEncryptionProvider keyEncryptionProvider, - String contentAlgo, byte[] content, String ct) { + ContentAlgorithm contentAlgo, byte[] content, String ct) { JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null); return jwe.encrypt(content, toJweHeaders(ct)); } - private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo, String content) { + private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, ContentAlgorithm contentAlgo, + String content) { JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo); return jwe.decrypt(content).getContent(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 511bf9b..608c4f5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -51,6 +51,7 @@ import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; @@ -117,14 +118,16 @@ public final class JwkUtils { return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), toJweHeaders("jwk-set+json")); } - public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, String keyAlgo, String contentAlgo) { + public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, KeyAlgorithm keyAlgo, + ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)), "jwk-set+json"); } - public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, String algo) { + public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, SignatureAlgorithm algo) { return JwsUtils.sign(key, algo, jwkSetToJson(jwkSet), "jwk-set+json"); } - public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, String keyAlgo, String contentAlgo) { + public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo, + ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)), "jwk-set+json"); } @@ -137,13 +140,15 @@ public final class JwkUtils { public static JsonWebKeys decryptJwkSet(String jsonJwkSet, JweDecryptionProvider jwe, JwkReaderWriter reader) { return reader.jsonToJwkSet(jwe.decrypt(jsonJwkSet).getContentText()); } - public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) { + public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, + String jsonJwkSet) { return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet))); } - public static JsonWebKeys verifyJwkSet(RSAPublicKey key, String keyAlgo, String jsonJwk) { + public static JsonWebKeys verifyJwkSet(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) { return readJwkSet(JwsUtils.verify(key, keyAlgo, jsonJwk)); } - public static JsonWebKeys decryptJwkSet(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) { + public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, + String jsonJwkSet) { return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet))); } public static JsonWebKeys decryptJwkSet(InputStream is, char[] password) throws IOException { @@ -167,15 +172,17 @@ public final class JwkUtils { return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), toJweHeaders("jwk+json")); } - public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, String keyAlgo, String contentAlgo) { + public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, KeyAlgorithm keyAlgo, + ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)), "jwk+json"); } - public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, String keyAlgo, String contentAlgo) { + public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo, + ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)), "jwk+json"); } - public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, String algo) { + public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, SignatureAlgorithm algo) { return JwsUtils.sign(key, algo, jwkKeyToJson(jwkKey), "jwk+json"); } public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) { @@ -184,13 +191,15 @@ public final class JwkUtils { public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password, JwkReaderWriter reader) { return decryptJwkKey(jsonJwkKey, createDefaultDecryption(password), reader); } - public static JsonWebKey decryptJwkKey(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwk) { + public static JsonWebKey decryptJwkKey(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, + String jsonJwk) { return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk))); } - public static JsonWebKey verifyJwkKey(RSAPublicKey key, String keyAlgo, String jsonJwk) { + public static JsonWebKey verifyJwkKey(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) { return readJwkKey(JwsUtils.verify(key, keyAlgo, jsonJwk)); } - public static JsonWebKey decryptJwkKey(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwk) { + public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, + String jsonJwk) { return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk))); } public static JsonWebKey decryptJwkKey(String jsonJwkKey, JweDecryptionProvider jwe, JwkReaderWriter reader) { http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index edd2560..62975a6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -27,6 +27,7 @@ import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.JoseUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactConsumer { @@ -112,16 +113,16 @@ public class JwsCompactConsumer { public boolean verifySignatureWith(JsonWebKey key) { return verifySignatureWith(JwsUtils.getSignatureVerifier(key)); } - public boolean verifySignatureWith(JsonWebKey key, String algo) { + public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo)); } - public boolean verifySignatureWith(X509Certificate cert, String algo) { + public boolean verifySignatureWith(X509Certificate cert, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(cert, algo)); } - public boolean verifySignatureWith(PublicKey key, String algo) { + public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo)); } - public boolean verifySignatureWith(byte[] key, String algo) { + public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo)); } public boolean validateCriticalHeaders() { http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index fc13844..6a549aa 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -24,6 +24,7 @@ import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { @@ -74,14 +75,17 @@ public class JwsCompactProducer { return getUnsignedEncodedJws(detached) + "." + (noSignature ? "" : signature); } public String signWith(JsonWebKey jwk) { - return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm())); + return signWith(JwsUtils.getSignatureProvider(jwk, + SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); } public String signWith(PrivateKey key) { - return signWith(JwsUtils.getPrivateKeySignatureProvider(key, headers.getAlgorithm())); + return signWith(JwsUtils.getPrivateKeySignatureProvider(key, + SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); } public String signWith(byte[] key) { - return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm())); + return signWith(JwsUtils.getHmacSignatureProvider(key, + SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); } public String signWith(JwsSignatureProvider signer) { http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java index a7cb20a..33dc8bf 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java @@ -34,6 +34,7 @@ import org.apache.cxf.jaxrs.provider.json.JsonMapObject; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsJsonConsumer { @@ -128,10 +129,10 @@ public class JwsJsonConsumer { } return false; } - public boolean verifySignatureWith(PublicKey key, String algo) { + public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo)); } - public boolean verifySignatureWith(byte[] key, String algo) { + public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo)); } public boolean verifySignatureWith(List<JwsSignatureVerifier> validators) { @@ -172,7 +173,7 @@ public class JwsJsonConsumer { public boolean verifySignatureWith(JsonWebKey key) { return verifySignatureWith(JwsUtils.getSignatureVerifier(key)); } - public boolean verifySignatureWith(JsonWebKey key, String algo) { + public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) { return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo)); } public JwsJsonProducer toProducer() { http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index 9bac5b8..16841b7 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -32,6 +32,7 @@ import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsJsonProducer { protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonProducer.class); @@ -110,10 +111,10 @@ public class JwsJsonProducer { public String signWith(JsonWebKey jwk) { return signWith(JwsUtils.getSignatureProvider(jwk)); } - public String signWith(PrivateKey key, String algo) { + public String signWith(PrivateKey key, SignatureAlgorithm algo) { return signWith(JwsUtils.getPrivateKeySignatureProvider(key, algo)); } - public String signWith(byte[] key, String algo) { + public String signWith(byte[] key, SignatureAlgorithm algo) { return signWith(JwsUtils.getHmacSignatureProvider(key, algo)); } public String signWith(JwsSignatureProvider signer, http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index f8073cd..d0b5b6e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -61,112 +61,115 @@ public final class JwsUtils { private JwsUtils() { } - public static String sign(PrivateKey key, String algo, String content) { + public static String sign(PrivateKey key, SignatureAlgorithm algo, String content) { return sign(key, algo, content, null); } - public static String sign(PrivateKey key, String algo, String content, String ct) { + public static String sign(PrivateKey key, SignatureAlgorithm algo, String content, String ct) { return sign(getPrivateKeySignatureProvider(key, algo), content, ct); } - public static String sign(byte[] key, String algo, String content) { + public static String sign(byte[] key, SignatureAlgorithm algo, String content) { return sign(key, algo, content, null); } - public static String sign(byte[] key, String algo, String content, String ct) { + public static String sign(byte[] key, SignatureAlgorithm algo, String content, String ct) { return sign(getHmacSignatureProvider(key, algo), content, ct); } - public static String verify(PublicKey key, String algo, String content) { + public static String verify(PublicKey key, SignatureAlgorithm algo, String content) { JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content); return jws.getDecodedJwsPayload(); } - public static String verify(byte[] key, String algo, String content) { + public static String verify(byte[] key, SignatureAlgorithm algo, String content) { JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content); return jws.getDecodedJwsPayload(); } public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) { return getSignatureProvider(jwk, null); } - public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) { - String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); + public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, + SignatureAlgorithm defaultAlgorithm) { + SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm + : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()); JwsSignatureProvider theSigProvider = null; KeyType keyType = jwk.getKeyType(); if (KeyType.RSA == keyType) { theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk), - signatureAlgo); + sigAlgo); } else if (KeyType.OCTET == keyType) { byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - theSigProvider = getHmacSignatureProvider(key, signatureAlgo); + theSigProvider = getHmacSignatureProvider(key, sigAlgo); } else if (KeyType.EC == jwk.getKeyType()) { theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk), - signatureAlgo); + sigAlgo); } return theSigProvider; } - public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, String algo) { + public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) { if (algo == null) { LOG.warning("No signature algorithm was defined"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); } if (key instanceof ECPrivateKey) { - return new EcDsaJwsSignatureProvider((ECPrivateKey)key, SignatureAlgorithm.getAlgorithm(algo)); + return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo); } else if (key instanceof RSAPrivateKey) { - return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo)); + return new PrivateKeyJwsSignatureProvider(key, algo); } return null; } - public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) { + public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, SignatureAlgorithm algo) { if (algo == null) { LOG.warning("No signature algorithm was defined"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); } - if (AlgorithmUtils.isHmacSign(algo)) { - return new HmacJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo)); + if (AlgorithmUtils.isHmacSign(algo.getJwaName())) { + return new HmacJwsSignatureProvider(key, algo); } return null; } public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) { return getSignatureVerifier(jwk, null); } - public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) { - String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); + public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) { + SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm + : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm()); JwsSignatureVerifier theVerifier = null; KeyType keyType = jwk.getKeyType(); if (KeyType.RSA == keyType) { - theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), signatureAlgo); + theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), sigAlgo); } else if (KeyType.OCTET == keyType) { byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - theVerifier = getHmacSignatureVerifier(key, signatureAlgo); + theVerifier = getHmacSignatureVerifier(key, sigAlgo); } else if (KeyType.EC == keyType) { - theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo); + theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), sigAlgo); } return theVerifier; } - public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, String algo) { + public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, SignatureAlgorithm algo) { return getPublicKeySignatureVerifier(cert.getPublicKey(), algo); } - public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, String algo) { + public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, SignatureAlgorithm algo) { if (algo == null) { LOG.warning("No signature algorithm was defined"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); } if (key instanceof RSAPublicKey) { - return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo)); + return new PublicKeyJwsSignatureVerifier(key, algo); } else if (key instanceof ECPublicKey) { - return new EcDsaJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo)); + return new EcDsaJwsSignatureVerifier(key, algo); } return null; } - public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) { + public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm algo) { if (algo == null) { LOG.warning("No signature algorithm was defined"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); } - if (AlgorithmUtils.isHmacSign(algo)) { - return new HmacJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo)); + if (AlgorithmUtils.isHmacSign(algo.getJwaName())) { + return new HmacJwsSignatureVerifier(key, algo); } return null; } @@ -272,7 +275,7 @@ public final class JwsUtils { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); - theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo); + theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo)); if (reportPublicKey || reportPublicKeyId) { JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey, reportPublicKeyId); } @@ -280,7 +283,8 @@ public final class JwsUtils { } else { String signatureAlgo = getSignatureAlgo(m, props, null, null); PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN); - theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo); + theSigProvider = getPrivateKeySignatureProvider(pk, + SignatureAlgorithm.getAlgorithm(signatureAlgo)); if (reportPublicKey) { headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props)); } @@ -306,11 +310,13 @@ public final class JwsUtils { || !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) { throw new JwsException(JwsException.Error.INVALID_KEY); } - return getSignatureVerifier(publicJwk, inHeaders.getAlgorithm()); + return getSignatureVerifier(publicJwk, + SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm())); } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); - return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), inHeaders.getAlgorithm()); + return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), + SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm())); } } @@ -318,13 +324,14 @@ public final class JwsUtils { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid); if (jwk != null) { String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk)); - theVerifier = getSignatureVerifier(jwk, signatureAlgo); + theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo)); } } else { String signatureAlgo = getSignatureAlgo(m, props, null, null); theVerifier = getPublicKeySignatureVerifier( - KeyManagementUtils.loadPublicKey(m, props), signatureAlgo); + KeyManagementUtils.loadPublicKey(m, props), + SignatureAlgorithm.getAlgorithm(signatureAlgo)); } if (theVerifier == null && !ignoreNullVerifier) { LOG.warning("Verifier is not available"); http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java index c31ba44..2c2435d 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java @@ -370,7 +370,8 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); - assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, + SignatureAlgorithm.RS256)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); @@ -378,16 +379,17 @@ public class JwsJoseCookBookTest { JoseHeaders protectedHeader = new JoseHeaders(); protectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO); protectedHeader.setKeyId(RSA_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, + SignatureAlgorithm.RS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256)); } @Test public void testRSAPSSSignature() throws Exception { @@ -414,7 +416,7 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); - assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); @@ -422,16 +424,16 @@ public class JwsJoseCookBookTest { JoseHeaders protectedHeader = new JoseHeaders(); protectedHeader.setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO); protectedHeader.setKeyId(RSA_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length()); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length()); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384)); Security.removeProvider(BouncyCastleProvider.class.getName()); } @@ -465,7 +467,7 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey ecPublicKey = publicKeys.get(0); - assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); } @@ -486,7 +488,7 @@ public class JwsJoseCookBookTest { assertEquals(compactProducer.getSignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE); JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws()); - assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); @@ -494,16 +496,16 @@ public class JwsJoseCookBookTest { JoseHeaders protectedHeader = new JoseHeaders(); protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); protectedHeader.setKeyId(HMAC_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); } @Test public void testDetachedHMACSignature() throws Exception { @@ -521,7 +523,7 @@ public class JwsJoseCookBookTest { assertEquals(compactProducer.getSignedEncodedJws(true), DETACHED_HMAC_JWS); JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(true), ENCODED_PAYLOAD); - assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); @@ -529,17 +531,17 @@ public class JwsJoseCookBookTest { JoseHeaders protectedHeader = new JoseHeaders(); protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); protectedHeader.setKeyId(HMAC_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); } @Test public void testProtectingSpecificHeaderFieldsSignature() throws Exception { @@ -553,21 +555,21 @@ public class JwsJoseCookBookTest { JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey key = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); } @Test public void testProtectingContentOnlySignature() throws Exception { @@ -580,21 +582,21 @@ public class JwsJoseCookBookTest { JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey key = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), null, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), null, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256)); } @Test public void testMultipleSignatures() throws Exception { @@ -614,7 +616,7 @@ public class JwsJoseCookBookTest { JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey rsaKey = keys.get(1); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), firstSignerProtectedHeader, firstSignerUnprotectedHeader); assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(), FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES); @@ -623,7 +625,7 @@ public class JwsJoseCookBookTest { secondSignerUnprotectedHeader.setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO); secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE); JsonWebKey ecKey = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, AlgorithmUtils.ES_SHA_512_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, SignatureAlgorithm.ES512), null, secondSignerUnprotectedHeader); assertEquals(new JoseHeadersReaderWriter().toJson( jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()), @@ -637,7 +639,7 @@ public class JwsJoseCookBookTest { JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> secretKeys = secretJwks.getKeys(); JsonWebKey hmacKey = secretKeys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, SignatureAlgorithm.HS256), thirdSignerProtectedHeader); assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(), THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES); @@ -649,9 +651,9 @@ public class JwsJoseCookBookTest { List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); JsonWebKey ecPublicKey = publicKeys.get(0); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); - assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO)); - assertTrue(jsonConsumer.verifySignatureWith(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256)); + assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512)); + assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256)); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java index a243aca..a5c178c 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java @@ -25,8 +25,11 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; + import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -70,7 +73,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT, - AlgorithmUtils.A128GCM_ALGO, + ContentAlgorithm.A128GCM, JweJsonProducerTest.WRAPPER_BYTES1, null); } @@ -79,7 +82,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT, - AlgorithmUtils.A128GCM_ALGO, + ContentAlgorithm.A128GCM, JweJsonProducerTest.WRAPPER_BYTES1, null); } @@ -88,7 +91,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT, - AlgorithmUtils.A128GCM_ALGO, + ContentAlgorithm.A128GCM, null, JweJsonProducerTest.CEK_BYTES); } @@ -97,7 +100,7 @@ public class JweJsonConsumerTest extends Assert { String text = "Live long and prosper."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, - AlgorithmUtils.A128CBC_HS256_ALGO, + ContentAlgorithm.A128CBC_HS256, null, JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3); } @@ -106,7 +109,7 @@ public class JweJsonConsumerTest extends Assert { String text = "Live long and prosper."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, - AlgorithmUtils.A128CBC_HS256_ALGO, + ContentAlgorithm.A128CBC_HS256, Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3), null); } @@ -116,8 +119,9 @@ public class JweJsonConsumerTest extends Assert { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES"); - JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, - AlgorithmUtils.A128GCM_ALGO); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, + KeyAlgorithm.A128KW, + ContentAlgorithm.A128GCM); JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT); JweDecryptionOutput out = consumer.decryptWith(jwe); assertEquals(text, out.getContentText()); @@ -127,8 +131,9 @@ public class JweJsonConsumerTest extends Assert { public void testSingleRecipientAllTypeOfHeadersAndAadModified() { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES"); - JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, - AlgorithmUtils.A128GCM_ALGO); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, + KeyAlgorithm.A128KW, + ContentAlgorithm.A128GCM); JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT); try { consumer.decryptWith(jwe); @@ -140,13 +145,15 @@ public class JweJsonConsumerTest extends Assert { } private void doTestSingleRecipient(String text, String input, - String contentEncryptionAlgo, + ContentAlgorithm contentEncryptionAlgo, final byte[] wrapperKeyBytes, final byte[] cek) throws Exception { JweDecryptionProvider jwe = null; if (wrapperKeyBytes != null) { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES"); - jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo); + jwe = JweUtils.createJweDecryptionProvider(wrapperKey, + KeyAlgorithm.A128KW, + contentEncryptionAlgo); } else { SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES"); jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo); http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index ed18b96..bc5f556 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -219,7 +219,7 @@ public class JweJsonProducerTest extends Assert { if (wrapperKeyBytes == null) { headers.asMap().remove("alg"); SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES"); - jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo.getJwaName()); + jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo); } else { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES"); jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers); @@ -246,8 +246,8 @@ public class JweJsonProducerTest extends Assert { sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks";); JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, - AlgorithmUtils.A128KW_ALGO, - AlgorithmUtils.A128GCM_ALGO, + KeyAlgorithm.A128KW, + ContentAlgorithm.A128GCM, null); JweJsonProducer p = new JweJsonProducer(protectedHeaders, sharedUnprotectedHeaders, @@ -280,12 +280,12 @@ public class JweJsonProducerTest extends Assert { List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>(); KeyEncryptionProvider keyEncryption1 = - JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, AlgorithmUtils.A128KW_ALGO); + JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW); ContentEncryptionProvider contentEncryption = JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO); JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption); KeyEncryptionProvider keyEncryption2 = - JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, AlgorithmUtils.A128KW_ALGO); + JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW); JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption); jweList.add(jwe1); jweList.add(jwe2); http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java index cdbf2e1..4920af0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java @@ -28,7 +28,8 @@ import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; -import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; @@ -105,7 +106,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { } if (decryptWithClientSecret) { SecretKey key = CryptoUtils.decodeSecretKey(c.getClientSecret()); - return JweUtils.getDirectKeyJweDecryption(key, AlgorithmUtils.A128GCM_ALGO); + return JweUtils.getDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM); } return JweUtils.loadDecryptionProvider(false); } @@ -115,11 +116,11 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { } if (verifyWithClientSecret) { byte[] hmac = CryptoUtils.decodeSequence(c.getClientSecret()); - return JwsUtils.getHmacSignatureVerifier(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO); + return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256); } else if (verifyWithClientCertificates) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); - return JwsUtils.getPublicKeySignatureVerifier(cert, AlgorithmUtils.RS_SHA_256_ALGO); + return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256); } return JwsUtils.loadSignatureVerifier(true); }
