making JoseHeaders abstract and its setAlgorithm protected with lots of related changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f82e14c7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f82e14c7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f82e14c7 Branch: refs/heads/3.0.x-fixes Commit: f82e14c710fd90e4c3f70b6568f0631a51b07d27 Parents: 5d02121 Author: Sergey Beryozkin <[email protected]> Authored: Wed Jul 22 22:37:32 2015 +0300 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Jul 22 22:40:32 2015 +0300 ---------------------------------------------------------------------- .../cxf/rs/security/jose/JoseHeaders.java | 6 +- .../security/jose/JoseHeadersReaderWriter.java | 38 ---------- .../jose/jaxrs/AbstractJwsReaderProvider.java | 4 +- .../jose/jaxrs/AbstractJwsWriterProvider.java | 3 +- .../jose/jaxrs/JwsClientResponseFilter.java | 4 +- .../jose/jaxrs/JwsContainerRequestFilter.java | 6 +- .../jose/jaxrs/JwsJsonWriterInterceptor.java | 10 +-- .../jose/jaxrs/JwsWriterInterceptor.java | 6 +- .../jaxrs/JwtAuthenticationClientFilter.java | 4 +- .../jose/jaxrs/JwtJwsAuthenticationFilter.java | 4 +- .../rs/security/jose/jwa/AlgorithmUtils.java | 2 +- .../security/jose/jwa/SignatureAlgorithm.java | 5 +- .../jose/jwe/AbstractJweEncryption.java | 8 +-- .../security/jose/jwe/JweCompactConsumer.java | 10 +-- .../security/jose/jwe/JweCompactProducer.java | 4 +- .../cxf/rs/security/jose/jwe/JweHeaders.java | 4 +- .../rs/security/jose/jwe/JweJsonProducer.java | 4 +- .../jose/jwe/JweJwtCompactProducer.java | 7 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 2 +- .../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 2 +- .../jose/jws/AbstractJwsSignatureProvider.java | 11 ++- .../jose/jws/HmacJwsSignatureProvider.java | 7 +- .../jose/jws/HmacJwsSignatureVerifier.java | 9 ++- .../security/jose/jws/JwsCompactConsumer.java | 20 +++--- .../security/jose/jws/JwsCompactProducer.java | 25 ++++--- .../rs/security/jose/jws/JwsJsonConsumer.java | 9 ++- .../rs/security/jose/jws/JwsJsonProducer.java | 18 ++--- .../jose/jws/JwsJsonSignatureEntry.java | 12 ++-- .../jose/jws/JwsJwtCompactConsumer.java | 10 ++- .../jose/jws/JwsJwtCompactProducer.java | 3 +- .../cxf/rs/security/jose/jws/JwsUtils.java | 19 ++--- .../jose/jws/NoneJwsSignatureProvider.java | 2 +- .../jose/jws/NoneJwsSignatureVerifier.java | 5 +- .../jws/PrivateKeyJwsSignatureProvider.java | 6 +- .../jose/jws/PublicKeyJwsSignatureVerifier.java | 6 +- .../cxf/rs/security/jose/jwt/JwtTokenJson.java | 37 ---------- .../security/jose/jwt/JwtTokenReaderWriter.java | 21 +----- .../jose/cookbook/JwsJoseCookBookTest.java | 75 ++++++++++---------- .../jose/jwe/JwePbeHmacAesWrapTest.java | 3 +- .../security/jose/jws/JwsCompactHeaderTest.java | 21 +++--- .../jose/jws/JwsCompactReaderWriterTest.java | 42 +++++------ .../security/jose/jws/JwsJsonProducerTest.java | 14 ++-- 42 files changed, 209 insertions(+), 299 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java index 66c7863..df7867d 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeaders.java @@ -26,7 +26,7 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.provider.json.JsonMapObject; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -public class JoseHeaders extends JsonMapObject { +public abstract class JoseHeaders extends JsonMapObject { public JoseHeaders() { } @@ -61,11 +61,11 @@ public class JoseHeaders extends JsonMapObject { return (String)getHeader(JoseConstants.HEADER_CONTENT_TYPE); } - public void setAlgorithm(String algo) { + protected void setAlgorithm(String algo) { setHeader(JoseConstants.HEADER_ALGORITHM, algo); } - public String getAlgorithm() { + protected String getAlgorithm() { Object prop = getHeader(JoseConstants.HEADER_ALGORITHM); return prop == null ? null : prop.toString(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeadersReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeadersReaderWriter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeadersReaderWriter.java deleted file mode 100644 index 37a0aa5..0000000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseHeadersReaderWriter.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose; - -import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; - - - - - -public class JoseHeadersReaderWriter extends JsonMapObjectReaderWriter { - public String headersToJson(JoseHeaders headers) { - return toJson(headers); - } - - public JoseHeaders fromJsonHeaders(String headersJson) { - JoseHeaders headers = new JoseHeaders(); - fromJson(headers, headersJson); - return headers; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java index 90d6c74..0e8b0d0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java @@ -18,7 +18,7 @@ */ package org.apache.cxf.rs.security.jose.jaxrs; -import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -30,7 +30,7 @@ public class AbstractJwsReaderProvider { this.sigVerifier = signatureVerifier; } - protected JwsSignatureVerifier getInitializedSigVerifier(JoseHeaders headers) { + protected JwsSignatureVerifier getInitializedSigVerifier(JwsHeaders headers) { if (sigVerifier != null) { return sigVerifier; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java index 02f5390..33ec0b0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java @@ -27,6 +27,7 @@ import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; @@ -37,7 +38,7 @@ public class AbstractJwsWriterProvider { this.sigProvider = signatureProvider; } - protected JwsSignatureProvider getInitializedSigProvider(JoseHeaders headers) { + protected JwsSignatureProvider getInitializedSigProvider(JwsHeaders headers) { setRequestContextProperty(headers); if (sigProvider != null) { return sigProvider; http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java index e70bead..8b811ec 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java @@ -37,14 +37,14 @@ public class JwsClientResponseFilter extends AbstractJwsReaderProvider implement @Override public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException { JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream())); - JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJoseHeaders()); + JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders()); if (!p.verifySignatureWith(theSigVerifier)) { throw new JwsException(JwsException.Error.INVALID_SIGNATURE); } byte[] bytes = p.getDecodedJwsPayloadBytes(); res.setEntityStream(new ByteArrayInputStream(bytes)); res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length)); - String ct = JoseUtils.checkContentType(p.getJoseHeaders().getContentType(), getDefaultMediaType()); + String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType()); if (ct != null) { res.getHeaders().putSingle("Content-Type", ct); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java index 6eb15e4..8a3a069 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java @@ -42,17 +42,17 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider impleme return; } JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream())); - JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJoseHeaders()); + JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders()); if (!p.verifySignatureWith(theSigVerifier)) { context.abortWith(JAXRSUtils.toResponse(400)); return; } - JoseUtils.validateRequestContextProperty(p.getJoseHeaders()); + JoseUtils.validateRequestContextProperty(p.getJwsHeaders()); byte[] bytes = p.getDecodedJwsPayloadBytes(); context.setEntityStream(new ByteArrayInputStream(bytes)); context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length)); - String ct = JoseUtils.checkContentType(p.getJoseHeaders().getContentType(), getDefaultMediaType()); + String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType()); if (ct != null) { context.getHeaders().putSingle("Content-Type", ct); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java index 7f7435d..722ae59 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java @@ -33,10 +33,10 @@ import org.apache.cxf.common.util.Base64UrlOutputStream; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.io.CachedOutputStream; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream; import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer; @@ -45,7 +45,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; @Priority(Priorities.JWS_WRITE_PRIORITY) public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider implements WriterInterceptor { - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); private boolean contentTypeRequired = true; private boolean useJwsOutputStream; @Override @@ -82,7 +82,7 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl ctx.proceed(); JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), "UTF-8")); for (JwsSignatureProvider signer : sigProviders) { - JoseHeaders protectedHeader = prepareProtectedHeader(ctx, signer); + JwsHeaders protectedHeader = prepareProtectedHeader(ctx, signer); p.signWith(signer, protectedHeader, null); } ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON)); @@ -92,9 +92,9 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl } private JwsHeaders prepareProtectedHeader(WriterInterceptorContext ctx, - JwsSignatureProvider signer) { + JwsSignatureProvider signer) { JwsHeaders headers = new JwsHeaders(); - headers.setAlgorithm(signer.getAlgorithm().getJwaName()); + headers.setSignatureAlgorithm(signer.getAlgorithm()); setContentTypeIfNeeded(headers, ctx); return headers; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java index 52a09d1..5deaceb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java @@ -31,10 +31,10 @@ import org.apache.cxf.common.util.Base64UrlOutputStream; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.io.CachedOutputStream; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsOutputStream; @@ -45,7 +45,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor { private boolean contentTypeRequired = true; private boolean useJwsOutputStream; - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); @Override public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException { if (ctx.getEntity() == null) { @@ -59,7 +59,7 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements W if (useJwsOutputStream) { JwsSignature jwsSignature = sigProvider.createJwsSignature(headers); JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature); - byte[] headerBytes = StringUtils.toBytesUTF8(writer.headersToJson(headers)); + byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers)); Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream); jwsStream.write(new byte[]{'.'}); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index 70a1905..a8f6ff0 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java @@ -31,8 +31,8 @@ import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.JoseException; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -54,7 +54,7 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer claims.setSubject(ap.getUserName()); claims.setClaim("password", ap.getPassword()); claims.setIssuedAt(System.currentTimeMillis() / 1000); - jwt = new JwtToken(new JoseHeaders(), claims); + jwt = new JwtToken(new JweHeaders(), claims); jweRequired = true; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java index 63b18a8..e495104 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java @@ -49,7 +49,7 @@ public class JwtJwsAuthenticationFilter extends AbstractJwsReaderProvider implem } JwsJwtCompactConsumer p = new JwsJwtCompactConsumer(schemeData[1]); - JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJoseHeaders()); + JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders()); if (!p.verifySignatureWith(theSigVerifier)) { context.abortWith(JAXRSUtils.toResponse(400)); return; @@ -61,7 +61,7 @@ public class JwtJwsAuthenticationFilter extends AbstractJwsReaderProvider implem } protected void setRequestContextProperty(Message m, JwsCompactConsumer c) { - Object headerContext = c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY); + Object headerContext = c.getJwsHeaders().getHeader(JWS_CONTEXT_PROPERTY); if (headerContext != null) { m.put(JWS_CONTEXT_PROPERTY, headerContext); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java index f505caa..76854ca 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java @@ -79,7 +79,7 @@ public final class AlgorithmUtils { public static final String ES_SHA_256_ALGO = "ES256"; public static final String ES_SHA_384_ALGO = "ES384"; public static final String ES_SHA_512_ALGO = "ES512"; - public static final String PLAIN_TEXT_ALGO = "none"; + public static final String NONE_TEXT_ALGO = "none"; // Java public static final String HMAC_SHA_256_JAVA = "HmacSHA256"; public static final String HMAC_SHA_384_JAVA = "HmacSHA384"; http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java index 1e88df0..fe6418a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java @@ -39,7 +39,7 @@ public enum SignatureAlgorithm { ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384), ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512), - PLAIN(AlgorithmUtils.PLAIN_TEXT_ALGO, null, -1); + NONE(AlgorithmUtils.NONE_TEXT_ALGO, null, -1); private final String jwaName; @@ -72,6 +72,9 @@ public enum SignatureAlgorithm { if (algo == null) { return null; } + if (AlgorithmUtils.NONE_TEXT_ALGO.equals(algo)) { + return NONE; + } return SignatureAlgorithm.valueOf(algo.replace('-', '_') .replace('+', '_')); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 20b8eae..3edaeee 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -27,8 +27,8 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; @@ -40,7 +40,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { protected static final int DEFAULT_AUTH_TAG_LENGTH = 128; private ContentEncryptionProvider contentEncryptionAlgo; private KeyEncryptionProvider keyEncryptionAlgo; - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo, KeyEncryptionProvider keyEncryptionAlgo) { this.keyEncryptionAlgo = keyEncryptionAlgo; @@ -150,7 +150,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { public ContentAlgorithm getContentAlgorithm() { return getContentEncryptionAlgorithm().getAlgorithm(); } - protected JoseHeadersReaderWriter getJwtHeadersWriter() { + protected JsonMapObjectReaderWriter getJwtHeadersWriter() { return writer; } @@ -209,7 +209,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { getEncryptedContentEncryptionKey(theHeaders, theCek); - String protectedHeadersJson = writer.headersToJson(protectedHeaders); + String protectedHeadersJson = writer.toJson(protectedHeaders); byte[] additionalEncryptionParam = getAAD(protectedHeadersJson, jweInput == null ? null : jweInput.getAad()); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java index cd34c7c..9371726 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactConsumer.java @@ -25,9 +25,9 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.jaxrs.provider.json.JsonMapObject; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseException; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.JoseUtils; @@ -46,13 +46,13 @@ public class JweCompactConsumer { byte[] initVector = Base64UrlUtility.decode(parts[2]); byte[] encryptedContent = Base64UrlUtility.decode(parts[3]); byte[] authTag = Base64UrlUtility.decode(parts[4]); - JoseHeadersReaderWriter reader = new JoseHeadersReaderWriter(); - JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson); + JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); + JsonMapObject joseHeaders = reader.fromJsonToJsonObject(headersJson); if (joseHeaders.getUpdateCount() != null) { LOG.warning("Duplicate headers have been detected"); throw new JweException(JweException.Error.INVALID_COMPACT_JWE); } - JweHeaders jweHeaders = new JweHeaders(joseHeaders); + JweHeaders jweHeaders = new JweHeaders(joseHeaders.asMap()); jweDecryptionInput = new JweDecryptionInput(encryptedCEK, initVector, encryptedContent, http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java index a261d54..53e7ec3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java @@ -24,7 +24,7 @@ import java.io.OutputStream; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; public class JweCompactProducer { @@ -85,7 +85,7 @@ public class JweCompactProducer { cipherInitVector); } private static String getHeadersJson(JweHeaders headers) { - return new JoseHeadersReaderWriter().headersToJson(headers); + return new JsonMapObjectReaderWriter().toJson(headers); } public static StringBuilder startJweContent(StringBuilder sb, http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java index b287df5..e276ce2 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweHeaders.java @@ -23,9 +23,9 @@ import java.util.Map; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.JoseType; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; @@ -100,7 +100,7 @@ public class JweHeaders extends JoseHeaders { return (JoseHeaders)super.setHeader(name, value); } public byte[] toCipherAdditionalAuthData() { - return toCipherAdditionalAuthData(new JoseHeadersReaderWriter().headersToJson(this)); + return toCipherAdditionalAuthData(new JsonMapObjectReaderWriter().toJson(this)); } public static byte[] toCipherAdditionalAuthData(String headersJson) { byte[] headerBytes = StringUtils.toBytesUTF8(headersJson); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java index 4fbf737..ba5365e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java @@ -29,12 +29,12 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; public class JweJsonProducer { protected static final Logger LOG = LogUtils.getL7dLogger(JweJsonProducer.class); - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); private JweHeaders protectedHeader; private JweHeaders unprotectedHeader; private byte[] content; http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java index ad4ad08..98702b4 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java @@ -22,7 +22,6 @@ import java.security.interfaces.RSAPublicKey; import javax.crypto.SecretKey; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -33,12 +32,12 @@ public class JweJwtCompactProducer { private JweHeaders headers; private String claimsJson; public JweJwtCompactProducer(JwtToken token) { - this(token.getHeaders(), token.getClaims()); + this(new JweHeaders(token.getHeaders()), token.getClaims()); } public JweJwtCompactProducer(JwtClaims claims) { - this(new JoseHeaders(), claims); + this(new JweHeaders(), claims); } - public JweJwtCompactProducer(JoseHeaders joseHeaders, JwtClaims claims) { + public JweJwtCompactProducer(JweHeaders joseHeaders, JwtClaims claims) { headers = new JweHeaders(joseHeaders); claimsJson = JwtUtils.claimsToJson(claims); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 065091a..5c79dbf 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -541,7 +541,7 @@ public final class JweUtils { String compression) { JweHeaders headers = new JweHeaders(); if (keyEncryptionAlgo != null) { - headers.setAlgorithm(keyEncryptionAlgo); + headers.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(keyEncryptionAlgo)); } headers.setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(contentEncryptionAlgo)); if (compression != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java index 80fd2db..9770ae9 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java @@ -51,7 +51,7 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor JweHeaders jweHeaders = jweDecryptionInput.getJweHeaders(); byte[] saltInput = getDecodedBytes(jweHeaders.getHeader("p2s")); int pbesCount = jweHeaders.getIntegerHeader("p2c"); - String keyAlgoJwt = jweHeaders.getAlgorithm(); + String keyAlgoJwt = jweHeaders.getKeyEncryptionAlgorithm().getJwaName(); int keySize = PbesHmacAesWrapKeyEncryptionAlgorithm.getKeySize(keyAlgoJwt); byte[] derivedKey = PbesHmacAesWrapKeyEncryptionAlgorithm .createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java index 812c037..df400fa 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java @@ -21,7 +21,6 @@ package org.apache.cxf.rs.security.jose.jws; import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; @@ -37,12 +36,12 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid if (headers == null) { headers = new JwsHeaders(); } - String algo = headers.getAlgorithm(); - if (algo != null) { - checkAlgorithm(algo); + SignatureAlgorithm sigAlgo = headers.getSignatureAlgorithm(); + if (sigAlgo != null) { + checkAlgorithm(sigAlgo.getJwaName()); } else { checkAlgorithm(algorithm.getJwaName()); - headers.setAlgorithm(algorithm.getJwaName()); + headers.setSignatureAlgorithm(algorithm); } return headers; } @@ -61,7 +60,7 @@ public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvid return doCreateJwsSignature(prepareHeaders(headers)); } - protected abstract JwsSignature doCreateJwsSignature(JoseHeaders headers); + protected abstract JwsSignature doCreateJwsSignature(JwsHeaders headers); protected void checkAlgorithm(String algo) { if (algo == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java index 0c88113..ce1db97 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java @@ -24,7 +24,6 @@ import javax.crypto.Mac; import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rt.security.crypto.HmacUtils; @@ -51,8 +50,10 @@ public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { } } - protected JwsSignature doCreateJwsSignature(JoseHeaders headers) { - final Mac mac = HmacUtils.getInitializedMac(key, AlgorithmUtils.toJavaName(headers.getAlgorithm()), + protected JwsSignature doCreateJwsSignature(JwsHeaders headers) { + final String sigAlgo = headers.getSignatureAlgorithm().getJwaName(); + final Mac mac = HmacUtils.getInitializedMac(key, + AlgorithmUtils.toJavaName(sigAlgo), hmacSpec); return new JwsSignature() { http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index e0a4c68..69643da 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -57,17 +57,20 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { } private byte[] computeMac(JwsHeaders headers, String text) { + final String sigAlgo = checkAlgorithm(headers.getSignatureAlgorithm()); return HmacUtils.computeHmac(key, - AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(sigAlgo), hmacSpec, text); } - protected String checkAlgorithm(String algo) { - if (algo == null) { + protected String checkAlgorithm(SignatureAlgorithm sigAlgo) { + + if (sigAlgo == null) { LOG.warning("Signature algorithm is not set"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); } + String algo = sigAlgo.getJwaName(); if (!AlgorithmUtils.isHmacSign(algo) || !algo.equals(supportedAlgo.getJwaName())) { LOG.warning("Invalid signature algorithm: " + algo); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java index 2f860e4..4c721c5 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java @@ -24,15 +24,15 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.jaxrs.provider.json.JsonMapObject; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactConsumer { protected static final Logger LOG = LogUtils.getL7dLogger(JwsCompactConsumer.class); - private JoseHeadersReaderWriter reader = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); private String encodedSequence; private String encodedSignature; private String headersJson; @@ -43,7 +43,7 @@ public class JwsCompactConsumer { public JwsCompactConsumer(String encodedJws, String encodedDetachedPayload) { this(encodedJws, encodedDetachedPayload, null); } - protected JwsCompactConsumer(String encodedJws, String encodedDetachedPayload, JoseHeadersReaderWriter r) { + protected JwsCompactConsumer(String encodedJws, String encodedDetachedPayload, JsonMapObjectReaderWriter r) { if (r != null) { this.reader = r; } @@ -88,17 +88,17 @@ public class JwsCompactConsumer { public byte[] getDecodedSignature() { return encodedSignature.isEmpty() ? new byte[]{} : JoseUtils.decode(encodedSignature); } - public JwsHeaders getJoseHeaders() { - JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson); + public JwsHeaders getJwsHeaders() { + JsonMapObject joseHeaders = reader.fromJsonToJsonObject(headersJson); if (joseHeaders.getUpdateCount() != null) { LOG.warning("Duplicate headers have been detected"); throw new JwsException(JwsException.Error.INVALID_COMPACT_JWS); } - return new JwsHeaders(joseHeaders); + return new JwsHeaders(joseHeaders.asMap()); } public boolean verifySignatureWith(JwsSignatureVerifier validator) { try { - if (validator.verify(getJoseHeaders(), getUnsignedEncodedSequence(), getDecodedSignature())) { + if (validator.verify(getJwsHeaders(), getUnsignedEncodedSequence(), getDecodedSignature())) { return true; } } catch (JwsException ex) { @@ -123,9 +123,9 @@ public class JwsCompactConsumer { return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo)); } public boolean validateCriticalHeaders() { - return JwsUtils.validateCriticalHeaders(getJoseHeaders()); + return JwsUtils.validateCriticalHeaders(getJwsHeaders()); } - protected JoseHeadersReaderWriter getReader() { + protected JsonMapObjectReaderWriter getReader() { return reader; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index 6a549aa..20213ea 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -22,13 +22,12 @@ import java.security.PrivateKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; -import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); private JwsHeaders headers; private String plainJwsPayload; private String signature; @@ -38,14 +37,14 @@ public class JwsCompactProducer { public JwsCompactProducer(JwsHeaders headers, String plainJwsPayload) { this(headers, null, plainJwsPayload); } - protected JwsCompactProducer(JwsHeaders headers, JoseHeadersReaderWriter w, String plainJwsPayload) { + protected JwsCompactProducer(JwsHeaders headers, JsonMapObjectReaderWriter w, String plainJwsPayload) { this.headers = headers; if (w != null) { this.writer = w; } this.plainJwsPayload = plainJwsPayload; } - public JwsHeaders getJoseHeaders() { + public JwsHeaders getJwsHeaders() { if (headers == null) { headers = new JwsHeaders(); } @@ -56,7 +55,7 @@ public class JwsCompactProducer { } private String getUnsignedEncodedJws(boolean detached) { checkAlgorithm(); - return Base64UrlUtility.encode(writer.headersToJson(getJoseHeaders())) + return Base64UrlUtility.encode(writer.toJson(getJwsHeaders())) + "." + (detached ? "" : Base64UrlUtility.encode(plainJwsPayload)); } @@ -76,21 +75,21 @@ public class JwsCompactProducer { } public String signWith(JsonWebKey jwk) { return signWith(JwsUtils.getSignatureProvider(jwk, - SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); + headers.getSignatureAlgorithm())); } public String signWith(PrivateKey key) { return signWith(JwsUtils.getPrivateKeySignatureProvider(key, - SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); + headers.getSignatureAlgorithm())); } public String signWith(byte[] key) { return signWith(JwsUtils.getHmacSignatureProvider(key, - SignatureAlgorithm.getAlgorithm(headers.getAlgorithm()))); + headers.getSignatureAlgorithm())); } public String signWith(JwsSignatureProvider signer) { byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws()); - byte[] sig = signer.sign(getJoseHeaders(), bytes); + byte[] sig = signer.sign(getJwsHeaders(), bytes); return setSignatureBytes(sig); } @@ -108,10 +107,10 @@ public class JwsCompactProducer { this.signature = sig; } private boolean isPlainText() { - return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm()); + return SignatureAlgorithm.NONE == getAlgorithm(); } - private String getAlgorithm() { - return getJoseHeaders().getAlgorithm(); + private SignatureAlgorithm getAlgorithm() { + return getJwsHeaders().getSignatureAlgorithm(); } private void checkAlgorithm() { if (getAlgorithm() == null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java index 33dc8bf..bf15ace 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java @@ -32,7 +32,6 @@ import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.provider.json.JsonMapObject; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -97,7 +96,7 @@ public class JwsJsonConsumer { new JwsJsonSignatureEntry(encodedJwsPayload, protectedHeader, signature, - header != null ? new JoseHeaders(header) : null); + header != null ? new JwsHeaders(header) : null); } public String getSignedDocument() { return this.jwsSignedDocument; @@ -114,12 +113,12 @@ public class JwsJsonConsumer { public List<JwsJsonSignatureEntry> getSignatureEntries() { return Collections.unmodifiableList(signatureEntries); } - public MultivaluedMap<String, JwsJsonSignatureEntry> getSignatureEntryMap() { + public MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> getSignatureEntryMap() { return JwsUtils.getJwsJsonSignatureMap(signatureEntries); } public boolean verifySignatureWith(JwsSignatureVerifier validator) { List<JwsJsonSignatureEntry> theSignatureEntries = - getSignatureEntryMap().get(validator.getAlgorithm().getJwaName()); + getSignatureEntryMap().get(validator.getAlgorithm()); if (theSignatureEntries != null) { for (JwsJsonSignatureEntry signatureEntry : theSignatureEntries) { if (signatureEntry.verifySignatureWith(validator)) { @@ -151,7 +150,7 @@ public class JwsJsonConsumer { List<JwsJsonSignatureEntry> validatedSignatures = new LinkedList<JwsJsonSignatureEntry>(); for (JwsSignatureVerifier validator : validators) { List<JwsJsonSignatureEntry> theSignatureEntries = - getSignatureEntryMap().get(validator.getAlgorithm().getJwaName()); + getSignatureEntryMap().get(validator.getAlgorithm()); if (theSignatureEntries != null) { for (JwsJsonSignatureEntry sigEntry : theSignatureEntries) { if (sigEntry.verifySignatureWith(validator)) { http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index 16841b7..4d2a827 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -29,9 +29,9 @@ import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsJsonProducer { @@ -40,7 +40,7 @@ public class JwsJsonProducer { private String plainPayload; private String encodedPayload; private List<JwsJsonSignatureEntry> signatures = new LinkedList<JwsJsonSignatureEntry>(); - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); public JwsJsonProducer(String tbsDocument) { this(tbsDocument, false); } @@ -90,7 +90,7 @@ public class JwsJsonProducer { return signatures; } - public MultivaluedMap<String, JwsJsonSignatureEntry> getSignatureEntryMap() { + public MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> getSignatureEntryMap() { return JwsUtils.getJwsJsonSignatureMap(signatures); } public String signWith(List<JwsSignatureProvider> signers) { @@ -100,12 +100,12 @@ public class JwsJsonProducer { return getJwsJsonSignedDocument(); } public String signWith(JwsSignatureProvider signer) { - JoseHeaders headers = new JoseHeaders(); - headers.setAlgorithm(signer.getAlgorithm().getJwaName()); + JwsHeaders headers = new JwsHeaders(); + headers.setSignatureAlgorithm(signer.getAlgorithm()); return signWith(signer, headers); } public String signWith(JwsSignatureProvider signer, - JoseHeaders protectedHeader) { + JwsHeaders protectedHeader) { return signWith(signer, protectedHeader, null); } public String signWith(JsonWebKey jwk) { @@ -118,8 +118,8 @@ public class JwsJsonProducer { return signWith(JwsUtils.getHmacSignatureProvider(key, algo)); } public String signWith(JwsSignatureProvider signer, - JoseHeaders protectedHeader, - JoseHeaders unprotectedHeader) { + JwsHeaders protectedHeader, + JwsHeaders unprotectedHeader) { JwsHeaders unionHeaders = new JwsHeaders(); if (protectedHeader != null) { @@ -134,7 +134,7 @@ public class JwsJsonProducer { } unionHeaders.asMap().putAll(unprotectedHeader.asMap()); } - if (unionHeaders.getAlgorithm() == null) { + if (unionHeaders.getSignatureAlgorithm() == null) { LOG.warning("Algorithm header is not set"); throw new JwsException(JwsException.Error.INVALID_JSON_JWS); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java index 2238a3b..054c3d3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonSignatureEntry.java @@ -24,9 +24,9 @@ import java.util.logging.Logger; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; @@ -36,15 +36,15 @@ public class JwsJsonSignatureEntry { private String encodedJwsPayload; private String encodedProtectedHeader; private String encodedSignature; - private JoseHeaders protectedHeader; - private JoseHeaders unprotectedHeader; + private JwsHeaders protectedHeader; + private JwsHeaders unprotectedHeader; private JwsHeaders unionHeaders; - private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter(); + private JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); public JwsJsonSignatureEntry(String encodedJwsPayload, String encodedProtectedHeader, String encodedSignature, - JoseHeaders unprotectedHeader) { + JwsHeaders unprotectedHeader) { if (encodedProtectedHeader == null && unprotectedHeader == null || encodedSignature == null) { LOG.warning("Invalid Signature entry"); throw new JwsException(JwsException.Error.INVALID_JSON_JWS); @@ -55,7 +55,7 @@ public class JwsJsonSignatureEntry { this.encodedSignature = encodedSignature; this.unprotectedHeader = unprotectedHeader; if (encodedProtectedHeader != null) { - this.protectedHeader = writer.fromJsonHeaders(JoseUtils.decodeToString(encodedProtectedHeader)); + this.protectedHeader = new JwsHeaders(writer.fromJson(JoseUtils.decodeToString(encodedProtectedHeader))); } prepare(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java index cfa6e39..e2bcfa8 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java @@ -20,7 +20,6 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenJson; import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; public class JwsJwtCompactConsumer extends JwsCompactConsumer { @@ -28,16 +27,15 @@ public class JwsJwtCompactConsumer extends JwsCompactConsumer { public JwsJwtCompactConsumer(String encodedJws) { super(encodedJws, null, new JwtTokenReaderWriter()); } - public JwtTokenJson getDecodedJsonToken() { - return new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload()); - } public JwtClaims getJwtClaims() { return getJwtToken().getClaims(); } public JwtToken getJwtToken() { if (token == null) { - token = ((JwtTokenReaderWriter)getReader()).fromJson( - new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload())); + JwsHeaders theHeaders = super.getJwsHeaders(); + JwtClaims theClaims = + ((JwtTokenReaderWriter)getReader()).fromJsonClaims(getDecodedJwsPayload()); + token = new JwtToken(theHeaders, theClaims); } return token; } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java index 8995cda..aaaa004 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java @@ -36,7 +36,8 @@ public class JwsJwtCompactProducer extends JwsCompactProducer { this(new JwtToken(headers, claims), null); } protected JwsJwtCompactProducer(JwtToken token, JwtTokenReaderWriter w) { - super(new JwsHeaders(token.getHeaders()), w, JwtUtils.claimsToJson(token.getClaims(), w)); + super(new JwsHeaders(token.getHeaders()), w, + JwtUtils.claimsToJson(token.getClaims(), w)); } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 646d33a..011c4e4 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -173,18 +173,19 @@ public final class JwsUtils { } return null; } - public static MultivaluedMap<String, JwsJsonSignatureEntry> getJwsJsonSignatureMap( + public static MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> getJwsJsonSignatureMap( List<JwsJsonSignatureEntry> signatures) { - MultivaluedMap<String, JwsJsonSignatureEntry> map = new MetadataMap<String, JwsJsonSignatureEntry>(); + MultivaluedMap<SignatureAlgorithm, JwsJsonSignatureEntry> map = + new MetadataMap<SignatureAlgorithm, JwsJsonSignatureEntry>(); for (JwsJsonSignatureEntry entry : signatures) { - map.add(entry.getUnionHeader().getAlgorithm(), entry); + map.add(entry.getUnionHeader().getSignatureAlgorithm(), entry); } return map; } public static JwsSignatureProvider loadSignatureProvider(boolean required) { return loadSignatureProvider(null, required); } - public static JwsSignatureProvider loadSignatureProvider(JoseHeaders headers, boolean required) { + public static JwsSignatureProvider loadSignatureProvider(JwsHeaders headers, boolean required) { Message m = JAXRSUtils.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, required, RSSEC_SIGNATURE_OUT_PROPS, RSSEC_SIGNATURE_PROPS); @@ -193,14 +194,14 @@ public final class JwsUtils { } JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, headers, false); if (headers != null) { - headers.setAlgorithm(theSigProvider.getAlgorithm().getJwaName()); + headers.setSignatureAlgorithm(theSigProvider.getAlgorithm()); } return theSigProvider; } public static JwsSignatureVerifier loadSignatureVerifier(boolean required) { return loadSignatureVerifier(null, required); } - public static JwsSignatureVerifier loadSignatureVerifier(JoseHeaders headers, boolean required) { + public static JwsSignatureVerifier loadSignatureVerifier(JwsHeaders headers, boolean required) { Message m = JAXRSUtils.getCurrentMessage(); Properties props = KeyManagementUtils.loadStoreProperties(m, required, RSSEC_SIGNATURE_IN_PROPS, RSSEC_SIGNATURE_PROPS); @@ -297,7 +298,7 @@ public final class JwsUtils { } private static JwsSignatureVerifier loadSignatureVerifier(Message m, Properties props, - JoseHeaders inHeaders, + JwsHeaders inHeaders, boolean ignoreNullVerifier) { JwsSignatureVerifier theVerifier = null; String inHeaderKid = null; @@ -311,12 +312,12 @@ public final class JwsUtils { throw new JwsException(JwsException.Error.INVALID_KEY); } return getSignatureVerifier(publicJwk, - SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm())); + inHeaders.getSignatureAlgorithm()); } else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) { List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain()); KeyManagementUtils.validateCertificateChain(props, chain); return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), - SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm())); + inHeaders.getSignatureAlgorithm()); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java index 3f6a5ca..6ed31fd 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java @@ -24,7 +24,7 @@ public class NoneJwsSignatureProvider implements JwsSignatureProvider { @Override public SignatureAlgorithm getAlgorithm() { - return SignatureAlgorithm.PLAIN; + return SignatureAlgorithm.NONE; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java index 0373bf8..441261b 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java @@ -24,12 +24,13 @@ public class NoneJwsSignatureVerifier implements JwsSignatureVerifier { @Override public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) { - return headers.getAlgorithm().equals(getAlgorithm().getJwaName()) && signature.length == 0; + return headers.getSignatureAlgorithm() == getAlgorithm() + && signature.length == 0; } @Override public SignatureAlgorithm getAlgorithm() { - return SignatureAlgorithm.PLAIN; + return SignatureAlgorithm.NONE; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index 258d5e3..476d90f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -24,7 +24,6 @@ import java.security.Signature; import java.security.SignatureException; import java.security.spec.AlgorithmParameterSpec; -import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rt.security.crypto.CryptoUtils; @@ -47,9 +46,10 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider this.random = random; this.signatureSpec = spec; } - protected JwsSignature doCreateJwsSignature(JoseHeaders headers) { + protected JwsSignature doCreateJwsSignature(JwsHeaders headers) { + final String sigAlgo = headers.getSignatureAlgorithm().getJwaName(); final Signature s = CryptoUtils.getSignature(key, - AlgorithmUtils.toJavaName(headers.getAlgorithm()), + AlgorithmUtils.toJavaName(sigAlgo), random, signatureSpec); return doCreateJwsSignature(s); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 86fabca..917890f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -48,14 +48,16 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { return CryptoUtils.verifySignature(StringUtils.toBytesUTF8(unsignedText), signature, key, - AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(checkAlgorithm( + headers.getSignatureAlgorithm())), signatureSpec); } catch (Exception ex) { LOG.warning("Invalid signature: " + ex.getMessage()); throw new JwsException(JwsException.Error.INVALID_SIGNATURE, ex); } } - protected String checkAlgorithm(String algo) { + protected String checkAlgorithm(SignatureAlgorithm sigAlgo) { + String algo = sigAlgo.getJwaName(); if (algo == null) { LOG.warning("Signature algorithm is not set"); throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET); http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java deleted file mode 100644 index e8e79f0..0000000 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public class JwtTokenJson { - private String headersJson; - private String claimsJson; - public JwtTokenJson(String headersJson, String claimsJson) { - this.headersJson = headersJson; - this.claimsJson = claimsJson; - } - public String getHeadersJson() { - return headersJson; - } - public String getClaimsJson() { - return claimsJson; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/f82e14c7/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java index 42cc004..0ebf8a3 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java @@ -22,13 +22,12 @@ import java.util.Arrays; import java.util.HashSet; import java.util.Set; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; -public class JwtTokenReaderWriter extends JoseHeadersReaderWriter { +public class JwtTokenReaderWriter extends JsonMapObjectReaderWriter { private static final Set<String> DATE_PROPERTIES = new HashSet<String>(Arrays.asList(JwtConstants.CLAIM_EXPIRY, JwtConstants.CLAIM_ISSUED_AT, @@ -38,12 +37,6 @@ public class JwtTokenReaderWriter extends JoseHeadersReaderWriter { return toJson(claims); } - public JwtTokenJson tokenToJson(JwtToken token) { - return new JwtTokenJson(toJson(token.getHeaders()), - toJson(token.getClaims())); - } - - public JwtClaims fromJsonClaims(String claimsJson) { JwtClaims claims = new JwtClaims(); fromJson(claims, claimsJson); @@ -51,16 +44,6 @@ public class JwtTokenReaderWriter extends JoseHeadersReaderWriter { } - private JwtToken fromJson(String headersJson, String claimsJson) { - JoseHeaders headers = fromJsonHeaders(headersJson); - JwtClaims claims = fromJsonClaims(claimsJson); - return new JwtToken(headers, claims); - } - - public JwtToken fromJson(JwtTokenJson pair) { - return fromJson(pair.getHeadersJson(), pair.getClaimsJson()); - } - @Override protected Object readPrimitiveValue(String name, String json, int from, int to) { Object value = super.readPrimitiveValue(name, json, from, to);
