Repository: cxf Updated Branches: refs/heads/master a15cf6003 -> a40ffd06e
[CXF-6487] Basic JWK Thumprint implementation Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a40ffd06 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a40ffd06 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a40ffd06 Branch: refs/heads/master Commit: a40ffd06e0ae0afa53ceebfb56a580eaaa522a97 Parents: a15cf60 Author: Sergey Beryozkin <[email protected]> Authored: Tue Jul 28 13:15:33 2015 +0300 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Jul 28 13:15:33 2015 +0300 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jwk/JwkUtils.java | 31 ++++++++++++++ .../cxf/rs/security/jose/jwk/JwkUtilsTest.java | 43 ++++++++++++++++++++ 2 files changed, 74 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 608c4f5..b70a01c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -29,8 +29,11 @@ import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Properties; import javax.crypto.SecretKey; @@ -40,6 +43,7 @@ import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.IOUtils; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.jaxrs.utils.ResourceUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; @@ -64,14 +68,41 @@ import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public final class JwkUtils { public static final String JWK_KEY_STORE_TYPE = "jwk"; public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset"; public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey"; + private static final Map<KeyType, List<String>> JWK_REQUIRED_FIELDS_MAP; + static { + JWK_REQUIRED_FIELDS_MAP = new HashMap<KeyType, List<String>>(); + JWK_REQUIRED_FIELDS_MAP.put(KeyType.RSA, Arrays.asList( + JsonWebKey.RSA_PUBLIC_EXP, JsonWebKey.KEY_TYPE, JsonWebKey.RSA_MODULUS)); + JWK_REQUIRED_FIELDS_MAP.put(KeyType.EC, Arrays.asList( + JsonWebKey.EC_CURVE, JsonWebKey.KEY_TYPE, JsonWebKey.EC_X_COORDINATE, JsonWebKey.EC_Y_COORDINATE)); + JWK_REQUIRED_FIELDS_MAP.put(KeyType.OCTET, Arrays.asList( + JsonWebKey.OCTET_KEY_VALUE, JsonWebKey.KEY_TYPE)); + } private JwkUtils() { } + public static String getThumbprint(String keySequence) { + return getThumbprint(readJwkKey(keySequence)); + } + public static String getThumbprint(JsonWebKey key) { + List<String> fields = getRequiredFields(key.getKeyType()); + JsonWebKey thumbprintKey = new JsonWebKey(); + for (String f : fields) { + thumbprintKey.setProperty(f, key.getProperty(f)); + } + String json = new JsonMapObjectReaderWriter().toJson(thumbprintKey); + byte[] digest = MessageDigestUtils.createDigest(json, MessageDigestUtils.ALGO_SHA_256); + return Base64UrlUtility.encode(digest); + } + public static List<String> getRequiredFields(KeyType keyType) { + return JWK_REQUIRED_FIELDS_MAP.get(keyType); + } public static JsonWebKey readJwkKey(URI uri) throws IOException { return readJwkKey(uri.toURL().openStream()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java new file mode 100644 index 0000000..34d3183 --- /dev/null +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwk; + +import org.junit.Assert; +import org.junit.Test; + +public class JwkUtilsTest extends Assert { + private static final String RSA_KEY = "{" + + "\"kty\": \"RSA\"," + + "\"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" + + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6" + + "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD" + + "W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9" + + "1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH" + + "aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\"," + + "\"e\": \"AQAB\"," + + "\"alg\": \"RS256\"," + + "\"kid\": \"2011-04-29\"" + + "}\""; + @Test + public void testRsaKeyThumbprint() throws Exception { + String thumbprint = JwkUtils.getThumbprint(RSA_KEY); + assertEquals("NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs", thumbprint); + } + +}
