Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 662e4b1ee -> b31b0a77b
[CXF-7420] Aligning JweCompactProducer with other JOSE helpers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b31b0a77 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b31b0a77 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b31b0a77 Branch: refs/heads/3.1.x-fixes Commit: b31b0a77bf45e36c9ff56c500df4c0db844114a0 Parents: 662e4b1 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Wed Jun 21 15:44:40 2017 +0100 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Wed Jun 21 15:51:18 2017 +0100 ---------------------------------------------------------------------- .../jose/jaxrs/JweWriterInterceptor.java | 8 +- .../jose/jwe/AbstractJweEncryption.java | 2 +- .../security/jose/jwe/JweCompactProducer.java | 121 ++++------------- .../jose/jwe/JweCompactProducerBuilder.java | 129 +++++++++++++++++++ .../jose/jwe/JweJwtCompactProducer.java | 29 +---- 5 files changed, 159 insertions(+), 130 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b31b0a77/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java index beb12f1..5f34768 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java @@ -38,7 +38,7 @@ import org.apache.cxf.io.CachedOutputStream; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.common.JoseUtils; -import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; +import org.apache.cxf.rs.security.jose.jwe.JweCompactProducerBuilder; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; @@ -83,9 +83,9 @@ public class JweWriterInterceptor implements WriterInterceptor { theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders)); JoseUtils.traceHeaders(encryption.getHeaders()); try { - JweCompactProducer.startJweContent(actualOs, - encryption.getHeaders(), - encryption.getContentEncryptionKey(), + JweCompactProducerBuilder.startJweContent(actualOs, + encryption.getHeaders(), + encryption.getContentEncryptionKey(), encryption.getIv()); } catch (IOException ex) { LOG.warning("JWE encryption error"); http://git-wip-us.apache.org/repos/asf/cxf/blob/b31b0a77/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java index 1660671..4435fb9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java @@ -76,7 +76,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider { byte[] encryptedContent = encryptInternal(state, content); byte[] cipher = getActualCipher(encryptedContent); byte[] authTag = getAuthenticationTag(state, encryptedContent); - JweCompactProducer producer = new JweCompactProducer(state.protectedHeadersJson, + JweCompactProducerBuilder producer = new JweCompactProducerBuilder(state.protectedHeadersJson, state.jweContentEncryptionKey, state.theIv, cipher, http://git-wip-us.apache.org/repos/asf/cxf/blob/b31b0a77/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java index b7d8e2c..c2aed7f 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java @@ -16,114 +16,39 @@ * specific language governing permissions and limitations * under the License. */ - package org.apache.cxf.rs.security.jose.jwe; +import java.security.PublicKey; -import java.io.IOException; -import java.io.OutputStream; +import javax.crypto.SecretKey; -import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -public class JweCompactProducer { - private StringBuilder jweContentBuilder; - private String encodedEncryptedContent; - private String encodedAuthTag; - public JweCompactProducer(JweHeaders headers, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector, - byte[] encryptedContentNoTag, - byte[] authenticationTag) { - this(getHeadersJson(headers), encryptedContentEncryptionKey, - cipherInitVector, encryptedContentNoTag, authenticationTag); - } - - public JweCompactProducer(String headersJson, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector, - byte[] encryptedContentNoTag, - byte[] authenticationTag) { - jweContentBuilder = startJweContent(new StringBuilder(), headersJson, - encryptedContentEncryptionKey, cipherInitVector); - this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag); - this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag); - - } - - public JweCompactProducer(JweHeaders headers, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector, - byte[] encryptedContentWithTag, - int authTagLengthBits) { - jweContentBuilder = startJweContent(new StringBuilder(), headers, - encryptedContentEncryptionKey, cipherInitVector); - this.encodedEncryptedContent = Base64UrlUtility.encodeChunk( - encryptedContentWithTag, - 0, - encryptedContentWithTag.length - authTagLengthBits / 8); - this.encodedAuthTag = Base64UrlUtility.encodeChunk( - encryptedContentWithTag, - encryptedContentWithTag.length - authTagLengthBits / 8, - authTagLengthBits / 8); - +public class JweCompactProducer { + private JweHeaders headers; + private String data; + public JweCompactProducer(String data) { + this(new JweHeaders(), data); } - public static String startJweContent(JweHeaders headers, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector) { - return startJweContent(new StringBuilder(), - headers, encryptedContentEncryptionKey, cipherInitVector).toString(); + public JweCompactProducer(JweHeaders joseHeaders, String data) { + this.headers = joseHeaders; + this.data = data; } - public static StringBuilder startJweContent(StringBuilder sb, - JweHeaders headers, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector) { - return startJweContent(sb, - getHeadersJson(headers), - encryptedContentEncryptionKey, - cipherInitVector); - } - private static String getHeadersJson(JweHeaders headers) { - return new JsonMapObjectReaderWriter().toJson(headers); - + + public String encryptWith(JsonWebKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); } - public static StringBuilder startJweContent(StringBuilder sb, - String headersJson, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector) { - String encodedHeaders = Base64UrlUtility.encode(headersJson); - String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey); - String encodedInitVector = Base64UrlUtility.encode(cipherInitVector); - sb.append(encodedHeaders) - .append('.') - .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey) - .append('.') - .append(encodedInitVector == null ? "" : encodedInitVector) - .append('.'); - return sb; + public String encryptWith(PublicKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); } - - public static void startJweContent(OutputStream os, - JweHeaders headers, - byte[] encryptedContentEncryptionKey, - byte[] cipherInitVector) throws IOException { - byte[] jsonBytes = StringUtils.toBytesUTF8(getHeadersJson(headers)); - Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os); - byte[] dotBytes = new byte[]{'.'}; - os.write(dotBytes); - Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0, - encryptedContentEncryptionKey.length, os); - os.write(dotBytes); - Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os); - os.write(dotBytes); - os.flush(); + public String encryptWith(SecretKey key) { + JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); + return encryptWith(jwe); } - - public String getJweContent() { - return jweContentBuilder.append(encodedEncryptedContent) - .append('.') - .append(encodedAuthTag) - .toString(); + public String encryptWith(JweEncryptionProvider jwe) { + return jwe.encrypt(StringUtils.toBytesUTF8(data), headers); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/b31b0a77/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java new file mode 100644 index 0000000..93f15bf --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java @@ -0,0 +1,129 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.jose.jwe; + +import java.io.IOException; +import java.io.OutputStream; + +import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; + + +public class JweCompactProducerBuilder { + private StringBuilder jweContentBuilder; + private String encodedEncryptedContent; + private String encodedAuthTag; + public JweCompactProducerBuilder(JweHeaders headers, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector, + byte[] encryptedContentNoTag, + byte[] authenticationTag) { + this(getHeadersJson(headers), encryptedContentEncryptionKey, + cipherInitVector, encryptedContentNoTag, authenticationTag); + } + + public JweCompactProducerBuilder(String headersJson, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector, + byte[] encryptedContentNoTag, + byte[] authenticationTag) { + jweContentBuilder = startJweContent(new StringBuilder(), headersJson, + encryptedContentEncryptionKey, cipherInitVector); + this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag); + this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag); + + } + + public JweCompactProducerBuilder(JweHeaders headers, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector, + byte[] encryptedContentWithTag, + int authTagLengthBits) { + jweContentBuilder = startJweContent(new StringBuilder(), headers, + encryptedContentEncryptionKey, cipherInitVector); + this.encodedEncryptedContent = Base64UrlUtility.encodeChunk( + encryptedContentWithTag, + 0, + encryptedContentWithTag.length - authTagLengthBits / 8); + this.encodedAuthTag = Base64UrlUtility.encodeChunk( + encryptedContentWithTag, + encryptedContentWithTag.length - authTagLengthBits / 8, + authTagLengthBits / 8); + + } + public static String startJweContent(JweHeaders headers, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector) { + return startJweContent(new StringBuilder(), + headers, encryptedContentEncryptionKey, cipherInitVector).toString(); + } + public static StringBuilder startJweContent(StringBuilder sb, + JweHeaders headers, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector) { + return startJweContent(sb, + getHeadersJson(headers), + encryptedContentEncryptionKey, + cipherInitVector); + } + private static String getHeadersJson(JweHeaders headers) { + return new JsonMapObjectReaderWriter().toJson(headers); + + } + public static StringBuilder startJweContent(StringBuilder sb, + String headersJson, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector) { + String encodedHeaders = Base64UrlUtility.encode(headersJson); + String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey); + String encodedInitVector = Base64UrlUtility.encode(cipherInitVector); + sb.append(encodedHeaders) + .append('.') + .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey) + .append('.') + .append(encodedInitVector == null ? "" : encodedInitVector) + .append('.'); + return sb; + } + + public static void startJweContent(OutputStream os, + JweHeaders headers, + byte[] encryptedContentEncryptionKey, + byte[] cipherInitVector) throws IOException { + byte[] jsonBytes = StringUtils.toBytesUTF8(getHeadersJson(headers)); + Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os); + byte[] dotBytes = new byte[]{'.'}; + os.write(dotBytes); + Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0, + encryptedContentEncryptionKey.length, os); + os.write(dotBytes); + Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os); + os.write(dotBytes); + os.flush(); + } + + public String getJweContent() { + return jweContentBuilder.append(encodedEncryptedContent) + .append('.') + .append(encodedAuthTag) + .toString(); + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b31b0a77/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java index d35cd0a..3020d8e 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java @@ -17,20 +17,12 @@ * under the License. */ package org.apache.cxf.rs.security.jose.jwe; -import java.security.PublicKey; - -import javax.crypto.SecretKey; - -import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtUtils; -public class JweJwtCompactProducer { - private JweHeaders headers; - private String claimsJson; +public class JweJwtCompactProducer extends JweCompactProducer { public JweJwtCompactProducer(JwtToken token) { this(new JweHeaders(token.getJweHeaders()), token.getClaims()); } @@ -38,23 +30,6 @@ public class JweJwtCompactProducer { this(new JweHeaders(), claims); } public JweJwtCompactProducer(JweHeaders joseHeaders, JwtClaims claims) { - headers = joseHeaders; - claimsJson = JwtUtils.claimsToJson(claims); - } - - public String encryptWith(JsonWebKey key) { - JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); - return encryptWith(jwe); - } - public String encryptWith(PublicKey key) { - JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); - return encryptWith(jwe); - } - public String encryptWith(SecretKey key) { - JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers); - return encryptWith(jwe); - } - public String encryptWith(JweEncryptionProvider jwe) { - return jwe.encrypt(StringUtils.toBytesUTF8(claimsJson), headers); + super(joseHeaders, JwtUtils.claimsToJson(claims)); } }