This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4af5cf5cc3a066c976bb99126eb38b9a797248f4 Author: frelibert <[email protected]> AuthorDate: Fri Dec 20 11:58:50 2019 +0100 CXF-8177 CXF-8178 ECDH Algorithm Fixes (#612) * CXF-8177 JWE API does not support ECDH Direct Encryption/Decryption * CXF-8178 ECDH KeyAgreement with Key Wrapping is not in line with the specification (cherry picked from commit 19d3b3f701c9fdc1c78fe5733a2aa00e09367d4a) --- .../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 6 + .../jwe/EcdhAesGcmContentEncryptionAlgorithm.java | 39 +++++ .../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 19 ++- .../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 1 - ....java => EcdhDirectKeyDecryptionAlgorithm.java} | 43 +++-- .../jose/jwe/EcdhDirectKeyEncryptionAlgorithm.java | 34 ++++ .../jose/jwe/EcdhDirectKeyJweDecryption.java | 27 --- .../jose/jwe/EcdhDirectKeyJweEncryption.java | 74 --------- .../cxf/rs/security/jose/jwe/EcdhHelper.java | 83 ++++++++++ .../cxf/rs/security/jose/jwe/JweJsonProducer.java | 2 +- .../apache/cxf/rs/security/jose/jwe/JweUtils.java | 73 +++++++- .../apache/cxf/rs/security/jose/jwk/JwkUtils.java | 4 + .../rs/security/jose/jwa/AbstractDecryptTest.java | 41 +++++ .../rs/security/jose/jwa/AbstractEncryptTest.java | 50 ++++++ .../cxf/rs/security/jose/jwa/AbstractJwaTest.java | 54 ++++++ .../cxf/rs/security/jose/jwa/AbstractSignTest.java | 42 +++++ .../jose/jwa/AbstractVerifySignatureTest.java | 37 +++++ .../rs/security/jose/jwa/CxfDecryptRfcTest.java | 33 ++++ .../rs/security/jose/jwa/CxfEncryptRfcTest.java | 36 ++++ .../cxf/rs/security/jose/jwa/CxfSignRfcTest.java | 35 ++++ .../jose/jwa/CxfVerifySignatureRfcTest.java | 33 ++++ .../jose/jwa/JwaDecryptRfcConformanceTest.java | 145 ++++++++++++++++ .../jose/jwa/JwaEncryptRfcConformanceTest.java | 147 ++++++++++++++++ .../jose/jwa/JwaSignRfcConformanceTest.java | 57 +++++++ .../jwa/JwaVerifySignatureRfcConformanceTest.java | 56 +++++++ .../security/jose/support/ApacheCXFConsumer.java | 184 +++++++++++++++++++++ .../security/jose/support/ApacheCXFProducer.java | 171 +++++++++++++++++++ .../cxf/rs/security/jose/support/Crypto.java | 136 +++++++++++++++ .../rs/security/jose/support/Serialization.java | 26 +++ ....p-256.ecdh-es+a128kw.a128cbc-hs256.compact.jwe | 1 + ...ecdh-es+a128kw.a128cbc-hs256.json.flattened.jwe | 7 + .../ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.jwe | 15 ++ .../ec.p-256.ecdh-es+a128kw.a128gcm.compact.jwe | 1 + ...p-256.ecdh-es+a128kw.a128gcm.json.flattened.jwe | 7 + .../jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.jwe | 15 ++ ....p-256.ecdh-es+a256kw.a128cbc-hs256.compact.jwe | 1 + ...ecdh-es+a256kw.a128cbc-hs256.json.flattened.jwe | 7 + .../ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.jwe | 15 ++ .../ec.p-256.ecdh-es+a256kw.a128gcm.compact.jwe | 1 + ...p-256.ecdh-es+a256kw.a128gcm.json.flattened.jwe | 7 + .../jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.jwe | 15 ++ .../jwe/ec.p-256.ecdh-es.a128cbc-hs256.compact.jwe | 1 + ....p-256.ecdh-es.a128cbc-hs256.json.flattened.jwe | 6 + .../jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.jwe | 14 ++ .../jwe/ec.p-256.ecdh-es.a128gcm.compact.jwe | 1 + .../ec.p-256.ecdh-es.a128gcm.json.flattened.jwe | 6 + .../jwe/ec.p-256.ecdh-es.a128gcm.json.jwe | 14 ++ .../jwe/oct.128.a128kw.a128cbc-hs256.compact.jwe | 1 + ...oct.128.a128kw.a128cbc-hs256.json.flattened.jwe | 7 + .../jwe/oct.128.a128kw.a128cbc-hs256.json.jwe | 15 ++ .../jwe/oct.128.a128kw.a128gcm.compact.jwe | 1 + .../jwe/oct.128.a128kw.a128gcm.json.flattened.jwe | 7 + .../resources/jwe/oct.128.a128kw.a128gcm.json.jwe | 15 ++ .../rsa.2048.rsa-oaep.a128cbc-hs256.compact.jwe | 1 + ....2048.rsa-oaep.a128cbc-hs256.json.flattened.jwe | 7 + .../jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.jwe | 16 ++ .../jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe | 1 + .../rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe | 7 + .../jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe | 16 ++ .../jwe/rsa.2048.rsa1_5.a128cbc-hs256.compact.jwe | 1 + ...sa.2048.rsa1_5.a128cbc-hs256.json.flattened.jwe | 7 + .../jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.jwe | 16 ++ .../jwe/rsa.2048.rsa1_5.a128gcm.compact.jwe | 1 + .../jwe/rsa.2048.rsa1_5.a128gcm.json.flattened.jwe | 7 + .../resources/jwe/rsa.2048.rsa1_5.a128gcm.json.jwe | 16 ++ .../jose/src/test/resources/jwk/priKeys.jwks | 104 ++++++++++++ .../jose/src/test/resources/jwk/pubKeys.jwks | 74 +++++++++ .../test/resources/jws/ec.p-256.es256.compact.jws | 1 + .../jws/ec.p-256.es256.json.flattened.jws | 5 + .../src/test/resources/jws/ec.p-256.es256.json.jws | 12 ++ .../test/resources/jws/rsa.2048.ps256.compact.jws | 1 + .../jws/rsa.2048.ps256.json.flattened.jws | 5 + .../src/test/resources/jws/rsa.2048.ps256.json.jws | 12 ++ .../test/resources/jws/rsa.2048.rs256.compact.jws | 1 + .../jws/rsa.2048.rs256.json.flattened.jws | 5 + .../src/test/resources/jws/rsa.2048.rs256.json.jws | 12 ++ 76 files changed, 2062 insertions(+), 134 deletions(-) diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java index 460696d..7519921 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java @@ -74,10 +74,16 @@ public enum KeyAlgorithm { if (KeyAlgorithm.DIRECT.getJwaName().equals(algo)) { return KeyAlgorithm.DIRECT; } + if (KeyAlgorithm.ECDH_ES_DIRECT.getJwaName().equals(algo)) { + return KeyAlgorithm.ECDH_ES_DIRECT; + } return KeyAlgorithm.valueOf(algo.replace('-', '_') .replace('+', '_')); } + public static boolean isDirect(KeyAlgorithm algo) { + return algo == DIRECT || algo == ECDH_ES_DIRECT; + } } \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java new file mode 100644 index 0000000..12d62aa --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesGcmContentEncryptionAlgorithm.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import java.security.interfaces.ECPublicKey; + +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; + +public class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm { + private EcdhHelper helper; + public EcdhAesGcmContentEncryptionAlgorithm(ECPublicKey peerPublicKey, + String curve, + String apuString, + String apvString, + ContentAlgorithm ctAlgo) { + super(ctAlgo); + helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo.getJwaName()); + } + public byte[] getContentEncryptionKey(JweHeaders headers) { + return helper.getDerivedKey(headers); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java index 636058b..d78d6fa 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyDecryptionAlgorithm.java @@ -20,8 +20,11 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.ECPrivateKey; +import org.apache.cxf.rs.security.jose.common.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider { private ECPrivateKey key; @@ -35,10 +38,9 @@ public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider } @Override public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) { - byte[] derivedKey = - EcdhDirectKeyJweDecryption.getDecryptedContentEncryptionKeyFromHeaders( + byte[] derivedKey = getDecryptedContentEncryptionKeyFromHeaders( jweDecryptionInput.getJweHeaders(), key); - KeyDecryptionProvider aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) { + KeyDecryptionProvider aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey, KeyAlgorithm.ECDH_ES_A128KW) { protected boolean isValidAlgorithmFamily(String wrapAlgo) { return AlgorithmUtils.isEcdhEsWrap(wrapAlgo); } @@ -50,5 +52,16 @@ public class EcdhAesWrapKeyDecryptionAlgorithm implements KeyDecryptionProvider public KeyAlgorithm getAlgorithm() { return algo; } + + protected byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, ECPrivateKey privateKey) { + KeyAlgorithm jwtAlgo = headers.getKeyEncryptionAlgorithm(); + JsonWebKey publicJwk = headers.getJsonWebKey("epk"); + String apuHeader = (String) headers.getHeader("apu"); + byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader); + String apvHeader = (String) headers.getHeader("apv"); + byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader); + return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), apuBytes, apvBytes, + jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); + } } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java index f90fb33..2589eb8 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhAesWrapKeyEncryptionAlgorithm.java @@ -25,7 +25,6 @@ import java.util.Map; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.EcdhDirectKeyJweEncryption.EcdhHelper; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class EcdhAesWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider { diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java similarity index 50% copy from rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java copy to rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java index c802b11..daab2e9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyDecryptionAlgorithm.java @@ -25,34 +25,31 @@ import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +public class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm { -public class EcdhDirectKeyJweDecryption extends JweDecryption { - public EcdhDirectKeyJweDecryption(ECPrivateKey privateKey, ContentAlgorithm supportedCtAlgo) { - super(new EcdhDirectKeyDecryptionAlgorithm(privateKey), - new AesGcmContentDecryptionAlgorithm(supportedCtAlgo)); + private ECPrivateKey privateKey; + + public EcdhDirectKeyDecryptionAlgorithm(ECPrivateKey privateKey) { + super((byte[]) null); + this.privateKey = privateKey; + } + + @Override + public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) { + super.validateKeyEncryptionKey(jweDecryptionInput); + + return getDecryptedContentEncryptionKeyFromHeaders(jweDecryptionInput.getJweHeaders(), privateKey); } - protected static byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, - ECPrivateKey privateKey) { + + protected byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, ECPrivateKey key) { ContentAlgorithm jwtAlgo = headers.getContentEncryptionAlgorithm(); JsonWebKey publicJwk = headers.getJsonWebKey("epk"); - String apuHeader = (String)headers.getHeader("apu"); + String apuHeader = (String) headers.getHeader("apu"); byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader); - String apvHeader = (String)headers.getHeader("apv"); + String apvHeader = (String) headers.getHeader("apv"); byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader); - return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), - apuBytes, apvBytes, jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); - } - protected static class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm { - private ECPrivateKey privateKey; - public EcdhDirectKeyDecryptionAlgorithm(ECPrivateKey privateKey) { - super((byte[])null); - this.privateKey = privateKey; - } - @Override - public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) { - super.validateKeyEncryptionKey(jweDecryptionInput); - - return getDecryptedContentEncryptionKeyFromHeaders(jweDecryptionInput.getJweHeaders(), privateKey); - } + return JweUtils.getECDHKey(key, JwkUtils.toECPublicKey(publicJwk), apuBytes, apvBytes, + jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); } + } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyEncryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyEncryptionAlgorithm.java new file mode 100644 index 0000000..6acf9c3 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyEncryptionAlgorithm.java @@ -0,0 +1,34 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; + +public class EcdhDirectKeyEncryptionAlgorithm extends DirectKeyEncryptionAlgorithm { + + protected void checkKeyEncryptionAlgorithm(JweHeaders headers) { + headers.setKeyEncryptionAlgorithm(KeyAlgorithm.ECDH_ES_DIRECT); + } + + @Override + public KeyAlgorithm getAlgorithm() { + return KeyAlgorithm.ECDH_ES_DIRECT; + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java index c802b11..ff81f56 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweDecryption.java @@ -20,10 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.interfaces.ECPrivateKey; -import org.apache.cxf.rs.security.jose.common.JoseUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwk.JwkUtils; public class EcdhDirectKeyJweDecryption extends JweDecryption { @@ -31,28 +28,4 @@ public class EcdhDirectKeyJweDecryption extends JweDecryption { super(new EcdhDirectKeyDecryptionAlgorithm(privateKey), new AesGcmContentDecryptionAlgorithm(supportedCtAlgo)); } - protected static byte[] getDecryptedContentEncryptionKeyFromHeaders(JweHeaders headers, - ECPrivateKey privateKey) { - ContentAlgorithm jwtAlgo = headers.getContentEncryptionAlgorithm(); - JsonWebKey publicJwk = headers.getJsonWebKey("epk"); - String apuHeader = (String)headers.getHeader("apu"); - byte[] apuBytes = apuHeader == null ? null : JoseUtils.decode(apuHeader); - String apvHeader = (String)headers.getHeader("apv"); - byte[] apvBytes = apvHeader == null ? null : JoseUtils.decode(apvHeader); - return JweUtils.getECDHKey(privateKey, JwkUtils.toECPublicKey(publicJwk), - apuBytes, apvBytes, jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); - } - protected static class EcdhDirectKeyDecryptionAlgorithm extends DirectKeyDecryptionAlgorithm { - private ECPrivateKey privateKey; - public EcdhDirectKeyDecryptionAlgorithm(ECPrivateKey privateKey) { - super((byte[])null); - this.privateKey = privateKey; - } - @Override - public byte[] getDecryptedContentEncryptionKey(JweDecryptionInput jweDecryptionInput) { - super.validateKeyEncryptionKey(jweDecryptionInput); - - return getDecryptedContentEncryptionKeyFromHeaders(jweDecryptionInput.getJweHeaders(), privateKey); - } - } } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java index 3eab1ff..a5f3339 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhDirectKeyJweEncryption.java @@ -18,17 +18,9 @@ */ package org.apache.cxf.rs.security.jose.jwe; -import java.security.KeyPair; -import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; -import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; -import org.apache.cxf.rs.security.jose.jwk.JwkUtils; -import org.apache.cxf.rt.security.crypto.CryptoUtils; - public class EcdhDirectKeyJweEncryption extends JweEncryption { public EcdhDirectKeyJweEncryption(ECPublicKey peerPublicKey, @@ -48,70 +40,4 @@ public class EcdhDirectKeyJweEncryption extends JweEncryption { apvString, ctAlgo)); } - protected static class EcdhDirectKeyEncryptionAlgorithm extends DirectKeyEncryptionAlgorithm { - protected void checkKeyEncryptionAlgorithm(JweHeaders headers) { - headers.setKeyEncryptionAlgorithm(KeyAlgorithm.ECDH_ES_DIRECT); - } - } - protected static class EcdhAesGcmContentEncryptionAlgorithm extends AesGcmContentEncryptionAlgorithm { - private EcdhHelper helper; - public EcdhAesGcmContentEncryptionAlgorithm(ECPublicKey peerPublicKey, - String curve, - String apuString, - String apvString, - ContentAlgorithm ctAlgo) { - super(ctAlgo); - helper = new EcdhHelper(peerPublicKey, curve, apuString, apvString, ctAlgo.getJwaName()); - } - public byte[] getContentEncryptionKey(JweHeaders headers) { - return helper.getDerivedKey(headers); - } - } - - protected static class EcdhHelper { - private ECPublicKey peerPublicKey; - private String ecurve; - private byte[] apuBytes; - private byte[] apvBytes; - private String ctAlgo; - public EcdhHelper(ECPublicKey peerPublicKey, - String curve, - String apuString, - String apvString, - String ctAlgo) { - this.ctAlgo = ctAlgo; - this.peerPublicKey = peerPublicKey; - this.ecurve = curve; - // JWA spec suggests the "apu" field MAY either be omitted or - // represent a random 512-bit value (...) and the "apv" field SHOULD NOT be present." - this.apuBytes = toApuBytes(apuString); - this.apvBytes = toBytes(apvString); - } - public byte[] getDerivedKey(JweHeaders headers) { - KeyPair pair = CryptoUtils.generateECKeyPair(ecurve); - ECPublicKey publicKey = (ECPublicKey)pair.getPublic(); - ECPrivateKey privateKey = (ECPrivateKey)pair.getPrivate(); - ContentAlgorithm jwtAlgo = ContentAlgorithm.valueOf(ctAlgo); - - headers.setHeader("apu", Base64UrlUtility.encode(apuBytes)); - headers.setHeader("apv", Base64UrlUtility.encode(apvBytes)); - headers.setJsonWebKey("epk", JwkUtils.fromECPublicKey(publicKey, ecurve)); - - return JweUtils.getECDHKey(privateKey, peerPublicKey, apuBytes, apvBytes, - jwtAlgo.getJwaName(), jwtAlgo.getKeySizeBits()); - - } - private byte[] toApuBytes(String apuString) { - if (apuString != null) { - return toBytes(apuString); - } - return CryptoUtils.generateSecureRandomBytes(512 / 8); - - } - private byte[] toBytes(String str) { - return str == null ? null : StringUtils.toBytesUTF8(str); - } - - } - } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java new file mode 100644 index 0000000..20801d1 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/EcdhHelper.java @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwe; + +import java.security.KeyPair; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; + +import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; + +class EcdhHelper { + + private ECPublicKey peerPublicKey; + private String ecurve; + private byte[] apuBytes; + private byte[] apvBytes; + private String ctAlgo; + EcdhHelper(ECPublicKey peerPublicKey, + String curve, + String apuString, + String apvString, + String ctAlgo) { + this.ctAlgo = ctAlgo; + this.peerPublicKey = peerPublicKey; + this.ecurve = curve; + // JWA spec suggests the "apu" field MAY either be omitted or + // represent a random 512-bit value (...) and the "apv" field SHOULD NOT be present." + this.apuBytes = toApuBytes(apuString); + this.apvBytes = toBytes(apvString); + } + public byte[] getDerivedKey(JweHeaders headers) { + KeyPair pair = CryptoUtils.generateECKeyPair(ecurve); + ECPublicKey publicKey = (ECPublicKey)pair.getPublic(); + ECPrivateKey privateKey = (ECPrivateKey)pair.getPrivate(); + KeyAlgorithm keyAlgo = headers.getKeyEncryptionAlgorithm(); + ContentAlgorithm contentAlgo = ContentAlgorithm.valueOf(ctAlgo); + String algorithm = (KeyAlgorithm.isDirect(keyAlgo)) ? contentAlgo.getJwaName() : keyAlgo.getJwaName(); + int keySizeBits = (KeyAlgorithm.isDirect(keyAlgo)) ? contentAlgo.getKeySizeBits() : keyAlgo.getKeySizeBits(); + + if (apuBytes != null) { + headers.setHeader("apu", Base64UrlUtility.encode(apuBytes)); + } + if (apvBytes != null) { + headers.setHeader("apv", Base64UrlUtility.encode(apvBytes)); + } + headers.setJsonWebKey("epk", JwkUtils.fromECPublicKey(publicKey, ecurve)); + + return JweUtils.getECDHKey(privateKey, peerPublicKey, apuBytes, apvBytes, + algorithm, keySizeBits); + } + private byte[] toApuBytes(String apuString) { + if (apuString != null) { + return toBytes(apuString); + } + return CryptoUtils.generateSecureRandomBytes(512 / 8); + + } + private byte[] toBytes(String str) { + return str == null ? null : StringUtils.toBytesUTF8(str); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java index 146529a..486cc40 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java @@ -143,7 +143,7 @@ public class JweJsonProducer { byte[] encryptedCek = state.getEncryptedContentEncryptionKey(); if (encryptedCek.length == 0 && encryptor.getKeyAlgorithm() != null - && !KeyAlgorithm.DIRECT.equals(encryptor.getKeyAlgorithm())) { + && !KeyAlgorithm.isDirect(encryptor.getKeyAlgorithm())) { LOG.warning("Unexpected key encryption algorithm"); throw new JweException(JweException.Error.INVALID_JSON_JWE); } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 32696b0..5c3fe83 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -53,6 +53,7 @@ import org.apache.cxf.rs.security.jose.common.KeyManagementUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.JweException.Error; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; @@ -138,8 +139,10 @@ public final class JweUtils { keyEncryptionProvider = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), keyAlgo); } else if (KeyType.OCTET == keyType) { - keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk), + keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk, keyAlgo), keyAlgo); + } else if (keyAlgo == KeyAlgorithm.ECDH_ES_DIRECT) { + return new EcdhDirectKeyEncryptionAlgorithm(); } else { ContentAlgorithm ctAlgo = null; Message m = PhaseInterceptorChain.getCurrentMessage(); @@ -232,7 +235,11 @@ public final class JweUtils { if (key instanceof RSAPrivateKey) { return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, algo); } else if (key instanceof ECPrivateKey) { - return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, algo); + if (AlgorithmUtils.isEcdhEsWrap(algo.getJwaName())) { + return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, algo); + } else { + return new EcdhDirectKeyDecryptionAlgorithm((ECPrivateKey)key); + } } return null; @@ -280,7 +287,7 @@ public final class JweUtils { if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { return new AesGcmContentEncryptionAlgorithm(algorithm, generateCekOnce); } - return null; + return new AesCbcContentEncryptionAlgorithm(algorithm, generateCekOnce); } public static ContentDecryptionProvider getContentDecryptionProvider(ContentAlgorithm algorithm) { if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { @@ -619,8 +626,64 @@ public final class JweUtils { return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression); } public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers) { - KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key); - return createJweEncryptionProvider(keyEncryptionProvider, headers); + return createJweEncryptionProvider(key, headers, false); + } + public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers, + ContentEncryptionProvider contentEncryptionProvider) { + if (contentEncryptionProvider == null) { + return createJweEncryptionProvider(key, headers, false); + } + KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key, + headers.getKeyEncryptionAlgorithm()); + ContentAlgorithm contentEncryptionAlgo = headers.getContentEncryptionAlgorithm(); + if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo.getJwaName())) { + if (!(contentEncryptionProvider instanceof AesCbcContentEncryptionAlgorithm)) { + throw new JweException(Error.INVALID_CONTENT_ALGORITHM); + } + return new AesCbcHmacJweEncryption(keyEncryptionProvider, + (AesCbcContentEncryptionAlgorithm) contentEncryptionProvider); + } + if (AlgorithmUtils.isAesGcm(contentEncryptionAlgo.getJwaName())) { + if (AlgorithmUtils.isEcdhEsDirect(keyEncryptionProvider.getAlgorithm().getJwaName())) { + return new JweEncryption(keyEncryptionProvider, + getEcdhDirectContentEncryptionProvider(key, headers)); + } else { + if (!(contentEncryptionProvider instanceof AesGcmContentEncryptionAlgorithm)) { + throw new JweException(Error.INVALID_CONTENT_ALGORITHM); + } + return new JweEncryption(keyEncryptionProvider, contentEncryptionProvider); + } + } + return new JweEncryption(keyEncryptionProvider, contentEncryptionProvider); + } + public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders headers, + boolean generateCekOnce) { + KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key, + headers.getKeyEncryptionAlgorithm()); + ContentAlgorithm contentEncryptionAlgo = headers.getContentEncryptionAlgorithm(); + if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo.getJwaName())) { + return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider, generateCekOnce); + } + if (AlgorithmUtils.isAesGcm(contentEncryptionAlgo.getJwaName())) { + if (AlgorithmUtils.isEcdhEsDirect(keyEncryptionProvider.getAlgorithm().getJwaName())) { + return new JweEncryption(keyEncryptionProvider, + getEcdhDirectContentEncryptionProvider(key, headers)); + } else { + return new JweEncryption(keyEncryptionProvider, + new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo, generateCekOnce)); + } + } + return new JweEncryption(keyEncryptionProvider, + new AesCbcContentEncryptionAlgorithm(contentEncryptionAlgo, generateCekOnce)); + } + public static ContentEncryptionProvider getEcdhDirectContentEncryptionProvider(JsonWebKey key, JweHeaders headers) { + String curve = key.getStringProperty(JsonWebKey.EC_CURVE); + if (curve == null) { + curve = JsonWebKey.EC_CURVE_P256; + } + ECPublicKey ecKey = JwkUtils.toECPublicKey(key); + return new EcdhAesGcmContentEncryptionAlgorithm(ecKey, curve, null, null, + headers.getContentEncryptionAlgorithm()); } public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, ContentAlgorithm contentEncryptionAlgo, diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java index 6aedef4..3635909 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java @@ -492,6 +492,10 @@ public final class JwkUtils { return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), AlgorithmUtils.toJavaName(jwk.getAlgorithm())); } + public static SecretKey toSecretKey(JsonWebKey jwk, KeyAlgorithm algorithm) { + return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), + algorithm.getJavaName()); + } public static JsonWebKey fromSecretKey(SecretKey secretKey, String algo) { return fromSecretKey(secretKey, algo, null); } diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractDecryptTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractDecryptTest.java new file mode 100644 index 0000000..3a54191 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractDecryptTest.java @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +public abstract class AbstractDecryptTest extends AbstractJwaTest { + + protected static final String JWKS_PRIVATE_KEYS = "/jwk/priKeys.jwks"; + + protected static final String PLAIN_TEXT = "Live long and prosper."; + + protected final void test(String encryptedDataFile) { + test(encryptedDataFile, PLAIN_TEXT); + } + + protected final void test(String encryptedDataFile, String plainText) { + test(encryptedDataFile, plainText, JWKS_PRIVATE_KEYS); + } + + protected final void test(String encryptedDataFile, String plainText, String jwksURI) { + decrypt(loadResource(encryptedDataFile), plainText, loadResource(jwksURI)); + } + + protected abstract void decrypt(String encryptedData, String plainText, String jwksJson); + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractEncryptTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractEncryptTest.java new file mode 100644 index 0000000..948e957 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractEncryptTest.java @@ -0,0 +1,50 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.Serialization; + +public abstract class AbstractEncryptTest extends AbstractJwaTest { + + protected static final String JWKS_PUBLIC_KEYS = "/jwk/pubKeys.jwks"; + + protected static final String JWKS_PRIVATE_KEYS = "/jwk/priKeys.jwks"; + + protected static final String PLAIN_TEXT = "Live long and prosper."; + + protected final void test(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization) { + test(keyType, keyEncryptionAlgorithm, contentEncryptionAlgorithm, serialization, PLAIN_TEXT); + } + + protected final void test(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization, String plainText) { + test(keyType, keyEncryptionAlgorithm, contentEncryptionAlgorithm, serialization, plainText, JWKS_PUBLIC_KEYS); + } + + protected final void test(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization, String plainText, String jwksURI) { + encrypt(keyType, keyEncryptionAlgorithm, contentEncryptionAlgorithm, serialization, plainText, + loadResource(jwksURI)); + } + + protected abstract void encrypt(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization, String plainText, String jwksJson); + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractJwaTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractJwaTest.java new file mode 100644 index 0000000..faa2cbf --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractJwaTest.java @@ -0,0 +1,54 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import java.io.BufferedReader; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.security.Provider; +import java.security.Security; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; + +public class AbstractJwaTest { + + @BeforeClass + public static void installBouncyCastleProvider() throws Exception { + final String bcClassName = "org.bouncycastle.jce.provider.BouncyCastleProvider"; + if (Security.getProvider(bcClassName) == null) { + Security.addProvider((Provider) Class.forName(bcClassName).newInstance()); + } + } + + @AfterClass + public static void removeBouncyCastleProvider() { + Security.removeProvider("org.bouncycastle.jce.provider.BouncyCastleProvider"); + } + + protected String loadResource(String resource) { + StringBuilder input = new StringBuilder(); + InputStream stream = AbstractDecryptTest.class.getResourceAsStream(resource); + Assert.assertNotNull("Resource " + resource + " could not be loaded", stream); + new BufferedReader(new InputStreamReader(stream)).lines().forEach(line -> input.append(line)); + return input.toString(); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractSignTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractSignTest.java new file mode 100644 index 0000000..d38c177 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractSignTest.java @@ -0,0 +1,42 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.Serialization; + +public abstract class AbstractSignTest extends AbstractJwaTest { + + protected final void test(String keyType, String signatureAlgorithm, Serialization serialization) { + test(keyType, signatureAlgorithm, serialization, "Live long and prosper."); + } + + protected final void test(String keyType, String signatureAlgorithm, Serialization serialization, + String plainText) { + test(keyType, signatureAlgorithm, serialization, plainText, "/jwk/priKeys.jwks"); + } + + protected final void test(String keyType, String signatureAlgorithm, Serialization serialization, String plainText, + String jwksURI) { + sign(keyType, signatureAlgorithm, serialization, plainText, loadResource(jwksURI)); + } + + protected abstract void sign(String keyType, String signatureAlgorithm, Serialization serialization, + String plainText, String jwksJson); + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractVerifySignatureTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractVerifySignatureTest.java new file mode 100644 index 0000000..eb8baa9 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/AbstractVerifySignatureTest.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +public abstract class AbstractVerifySignatureTest extends AbstractJwaTest { + + protected final void test(String signedDataFile) { + test(signedDataFile, "Live long and prosper."); + } + + protected final void test(String signedDataFile, String plainText) { + test(signedDataFile, plainText, "/jwk/pubKeys.jwks"); + } + + protected final void test(String signedDataFile, String plainText, String jwksURI) { + validateSignature(loadResource(signedDataFile), plainText, loadResource(jwksURI)); + } + + protected abstract void validateSignature(String encryptedData, String plainText, String jwksJson); + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfDecryptRfcTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfDecryptRfcTest.java new file mode 100644 index 0000000..fdb4e84 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfDecryptRfcTest.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.ApacheCXFConsumer; + +public class CxfDecryptRfcTest extends JwaDecryptRfcConformanceTest { + + private ApacheCXFConsumer consumer = new ApacheCXFConsumer(); + + @Override + protected void decrypt(String encryptedData, String plainText, String jwksJson) { + consumer.consumeJWE(encryptedData, plainText, jwksJson); + + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfEncryptRfcTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfEncryptRfcTest.java new file mode 100644 index 0000000..bd4c691 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfEncryptRfcTest.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.ApacheCXFProducer; +import org.apache.cxf.rs.security.jose.support.Serialization; + +public class CxfEncryptRfcTest extends JwaEncryptRfcConformanceTest { + + private ApacheCXFProducer producer = new ApacheCXFProducer(); + + @Override + protected void encrypt(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization, String plainText, String jwksJson) { + producer.produceJWE(keyType, keyEncryptionAlgorithm, contentEncryptionAlgorithm, serialization, plainText, + jwksJson); + } + + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfSignRfcTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfSignRfcTest.java new file mode 100644 index 0000000..9d64c4a --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfSignRfcTest.java @@ -0,0 +1,35 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.ApacheCXFProducer; +import org.apache.cxf.rs.security.jose.support.Serialization; + +public class CxfSignRfcTest extends JwaSignRfcConformanceTest { + + private ApacheCXFProducer producer = new ApacheCXFProducer(); + + @Override + protected void sign(String keyType, String signatureAlgorithm, Serialization serialization, String plainText, + String jwksJson) { + producer.produceJWS(keyType, signatureAlgorithm, serialization, plainText, jwksJson); + } + + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfVerifySignatureRfcTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfVerifySignatureRfcTest.java new file mode 100644 index 0000000..2a1766c --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/CxfVerifySignatureRfcTest.java @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.ApacheCXFConsumer; + +public class CxfVerifySignatureRfcTest extends JwaVerifySignatureRfcConformanceTest { + + private ApacheCXFConsumer validator = new ApacheCXFConsumer(); + + @Override + protected void validateSignature(String signedData, String plainText, String jwksJson) { + validator.consumeJWS(signedData, plainText, jwksJson); + } + + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java new file mode 100644 index 0000000..2a3f69d --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java @@ -0,0 +1,145 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.junit.Test; + +public abstract class JwaDecryptRfcConformanceTest extends AbstractDecryptTest { + + @Test + public void testOctA128GcmJweCompact() throws Exception { + test("/jwe/oct.128.a128kw.a128gcm.compact.jwe"); + } + + @Test + public void testOctA128GcmJweJsonFlattened() throws Exception { + test("/jwe/oct.128.a128kw.a128gcm.json.flattened.jwe"); + } + + @Test + public void testOctA128GcmJweJson() throws Exception { + test("/jwe/oct.128.a128kw.a128gcm.json.jwe"); + } + + @Test + public void testRsaOaepA128GcmJweCompact() throws Exception { + test("/jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe"); + } + + @Test + public void testRsaOaepA128GcmJweJsonFlattened() throws Exception { + test("/jwe/rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe"); + } + + @Test + public void testRsaOaepA128GcmJweJson() throws Exception { + test("/jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe"); + } + + @Test + public void testEcdhDirectA128GcmJweCompact() throws Exception { + test("/jwe/ec.p-256.ecdh-es.a128gcm.compact.jwe"); + } + + @Test + public void testEcdhDirectA128GcmJweJsonFlattened() throws Exception { + test("/jwe/ec.p-256.ecdh-es.a128gcm.json.flattened.jwe"); + } + + @Test + public void testEcdhDirectA128GcmJweJson() throws Exception { + test("/jwe/ec.p-256.ecdh-es.a128gcm.json.jwe"); + } + + @Test + public void testEcdhA128KwA128GcmJweCompact() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.compact.jwe"); + } + + @Test + public void testEcdhA128KwA128GcmJweJsonFlattened() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.flattened.jwe"); + } + + @Test + public void testEcdhA128KwA128GcmJweJson() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.jwe"); + } + + @Test + public void testEcdhA128KwA128CbcJweCompact() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.compact.jwe"); + } + + @Test + public void testEcdhA128KwA128CbcJweJsonFlattened() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.flattened.jwe"); + } + + @Test + public void testEcdhA128KwA128CbcJweJson() throws Exception { + test("/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.jwe"); + } + + @Test + public void testRsa15A128GcmCompact() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128gcm.compact.jwe"); + } + + @Test + public void testRsa15A128GcmJsonFlattened() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128gcm.json.flattened.jwe"); + } + + @Test + public void testRsa15A128GcmJson() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128gcm.json.jwe"); + } + + @Test + public void testRsa15A128CbcJweCompact() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128cbc-hs256.compact.jwe"); + } + + @Test + public void testRsa15A128CbcJweJsonFlattened() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.flattened.jwe"); + } + + @Test + public void testRsa15A128CbcJweJson() throws Exception { + test("/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.jwe"); + } + + @Test + public void testOctA128CbcJweCompact() throws Exception { + test("/jwe/oct.128.a128kw.a128cbc-hs256.compact.jwe"); + } + + @Test + public void testOctA128CbcJweJsonFlattened() throws Exception { + test("/jwe/oct.128.a128kw.a128cbc-hs256.json.flattened.jwe"); + } + + @Test + public void testOctA128CbcJweJson() throws Exception { + test("/jwe/oct.128.a128kw.a128cbc-hs256.json.jwe"); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java new file mode 100644 index 0000000..92f3219 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java @@ -0,0 +1,147 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.Serialization; + +import org.junit.Test; + +public abstract class JwaEncryptRfcConformanceTest extends AbstractEncryptTest { + + @Test + public void testOctA128GcmJweCompact() throws Exception { + test("OCTET", "A128KW", "A128GCM", Serialization.COMPACT, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + + @Test + public void testOctA128GcmJweJsonFlattened() throws Exception { + test("OCTET", "A128KW", "A128GCM", Serialization.FLATTENED, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + + @Test + public void testOctA128GcmJweJson() throws Exception { + test("OCTET", "A128KW", "A128GCM", Serialization.JSON, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + + @Test + public void testRsaOaepA128GcmJweCompact() throws Exception { + test("RSA", "RSA-OAEP", "A128GCM", Serialization.COMPACT); + } + + @Test + public void testRsaOaepA128GcmJweJsonFlattened() throws Exception { + test("RSA", "RSA-OAEP", "A128GCM", Serialization.FLATTENED); + } + + @Test + public void testRsaOaepA128GcmJweJson() throws Exception { + test("RSA", "RSA-OAEP", "A128GCM", Serialization.JSON); + } + + @Test + public void testEcdhDirectA128GcmJweCompact() throws Exception { + test("EC", "ECDH-ES", "A128GCM", Serialization.COMPACT); + } + + @Test + public void testEcdhDirectA128GcmJweJsonFlattened() throws Exception { + test("EC", "ECDH-ES", "A128GCM", Serialization.FLATTENED); + } + + @Test + public void testEcdhDirectA128GcmJweJson() throws Exception { + test("EC", "ECDH-ES", "A128GCM", Serialization.JSON); + } + + @Test + public void testEcdhA128KwA128GcmJweCompact() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128GCM", Serialization.COMPACT); + } + + @Test + public void testEcdhA128KwA128GcmJweJsonFlattened() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128GCM", Serialization.FLATTENED); + } + + @Test + public void testEcdhA128KwA128GcmJweJson() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128GCM", Serialization.JSON); + } + + @Test + public void testEcdhA128KwA128CbcJweCompact() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128CBC-HS256", Serialization.COMPACT); + } + + @Test + public void testEcdhA128KwA128CbcJweJsonFlattened() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128CBC-HS256", Serialization.FLATTENED); + } + + @Test + public void testEcdhA128KwA128CbcJweJson() throws Exception { + test("EC", "ECDH-ES+A128KW", "A128CBC-HS256", Serialization.JSON); + } + + @Test + public void testRsa15A128GcmCompact() throws Exception { + test("RSA", "RSA1_5", "A128GCM", Serialization.COMPACT); + } + + @Test + public void testRsa15A128GcmJsonFlattened() throws Exception { + test("RSA", "RSA1_5", "A128GCM", Serialization.FLATTENED); + } + + @Test + public void testRsa15A128GcmJson() throws Exception { + test("RSA", "RSA1_5", "A128GCM", Serialization.JSON); + } + + @Test + public void testRsa15A128CbcJweCompact() throws Exception { + test("RSA", "RSA1_5", "A128CBC-HS256", Serialization.COMPACT); + } + + @Test + public void testRsa15A128CbcJweJsonFlattened() throws Exception { + test("RSA", "RSA1_5", "A128CBC-HS256", Serialization.FLATTENED); + } + + @Test + public void testRsa15A128CbcJweJson() throws Exception { + test("RSA", "RSA1_5", "A128CBC-HS256", Serialization.JSON); + } + + @Test + public void testOctA128CbcJweCompact() throws Exception { + test("OCTET", "A128KW", "A128CBC-HS256", Serialization.COMPACT, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + + @Test + public void testOctA128CbcJweJsonFlattened() throws Exception { + test("OCTET", "A128KW", "A128CBC-HS256", Serialization.FLATTENED, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + + @Test + public void testOctA128CbcJweJson() throws Exception { + test("OCTET", "A128KW", "A128CBC-HS256", Serialization.JSON, PLAIN_TEXT, JWKS_PRIVATE_KEYS); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaSignRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaSignRfcConformanceTest.java new file mode 100644 index 0000000..b616a6f --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaSignRfcConformanceTest.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.apache.cxf.rs.security.jose.support.Serialization; + +import org.junit.Test; + +public abstract class JwaSignRfcConformanceTest extends AbstractSignTest { + + @Test + public void testRsaRs256JwsCompact() throws Exception { + test("RSA", "RS256", Serialization.COMPACT); + } + + @Test + public void testRsaRs256JwsJsonFlattened() throws Exception { + test("RSA", "RS256", Serialization.FLATTENED); + } + + @Test + public void testRsaRs256JwsJson() throws Exception { + test("RSA", "RS256", Serialization.JSON); + } + + @Test + public void testEcEs256JwsCompact() throws Exception { + test("EC", "ES256", Serialization.COMPACT); + } + + @Test + public void testEcEs256JwsJsonFlattened() throws Exception { + test("EC", "ES256", Serialization.FLATTENED); + } + + @Test + public void testEcEs256JwsJson() throws Exception { + test("EC", "ES256", Serialization.JSON); + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaVerifySignatureRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaVerifySignatureRfcConformanceTest.java new file mode 100644 index 0000000..a0dc079 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaVerifySignatureRfcConformanceTest.java @@ -0,0 +1,56 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwa; + +import org.junit.Test; + +public abstract class JwaVerifySignatureRfcConformanceTest extends AbstractVerifySignatureTest { + + @Test + public void testRsaRs256JwsCompact() throws Exception { + test("/jws/rsa.2048.rs256.compact.jws"); + } + + @Test + public void testRsaRs256JwsJsonFlattened() throws Exception { + test("/jws/rsa.2048.rs256.json.flattened.jws"); + } + + @Test + public void testRsaRs256JwsJson() throws Exception { + test("/jws/rsa.2048.rs256.json.jws"); + } + + @Test + public void testEcEs256JwsCompact() throws Exception { + test("/jws/ec.p-256.es256.compact.jws"); + } + + @Test + public void testEcEs256JwsJsonFlattened() throws Exception { + test("/jws/ec.p-256.es256.json.flattened.jws"); + } + + @Test + public void testEcEs256JwsJson() throws Exception { + test("/jws/ec.p-256.es256.json.jws"); + } + + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFConsumer.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFConsumer.java new file mode 100644 index 0000000..e36bdc9 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFConsumer.java @@ -0,0 +1,184 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.support; + +import javax.crypto.SecretKey; + +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; +import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; + +import org.junit.Assert; + +public class ApacheCXFConsumer { + + public void consumeJWS(String signedData, String plainText, String jwks) { + JsonWebKeys keys = JwkUtils.readJwkSet(jwks); + if (signedData.startsWith("{")) { + consumeJsonJWS(signedData, plainText, keys); + } else { + consumeCompactJWS(signedData, plainText, keys); + } + } + + public void consumeJWE(String encryptedData, String plainText, String jwks) { + JsonWebKeys keys = JwkUtils.readJwkSet(jwks); + if (encryptedData.startsWith("{")) { + consumeJsonJWE(encryptedData, plainText, keys); + } else { + consumeCompactJWE(encryptedData, plainText, keys); + } + } + + protected void consumeCompactJWS(String signedData, String plainText, JsonWebKeys keys) { + + // Validate Signature + + // 1. Read data to get key id (only need to do this if you don't know the key) + JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(signedData); + String kid = jwsConsumer.getJwsHeaders().getKeyId(); + + Assert.assertNotNull("Data does not contain kid header.", kid); + + // 2. Get key + JsonWebKey key = keys.getKey(kid); + Assert.assertNotNull("Data signed with unknown key", key); + + // 3. Verify + SignatureAlgorithm signAlgo = jwsConsumer.getJwsHeaders().getSignatureAlgorithm(); + Assert.assertNotNull("Signed data does not define algorithm used", signAlgo); + JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo); + Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier)); + + // Validate plain text + Assert.assertEquals(plainText, jwsConsumer.getDecodedJwsPayload()); + } + + protected void consumeJsonJWS(String signedData, String plainText, JsonWebKeys keys) { + + // Validate signature + + // 1. Read data + JwsJsonConsumer jwsConsumer = new JwsJsonConsumer(signedData); + jwsConsumer.getSignatureEntries().forEach(signature -> { + String kid = signature.getKeyId(); + Assert.assertNotNull("Signature does not contain kid.", kid); + + // 2. Get Key + JsonWebKey key = keys.getKey(kid); + Assert.assertNotNull("Data signed with unknown key", key); + + // 3. Verify + SignatureAlgorithm signAlgo = signature.getUnionHeader().getSignatureAlgorithm(); + Assert.assertNotNull("Signed data does not define algorithm used", signAlgo); + JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo); + Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier)); + + // Validate plain text + Assert.assertEquals(plainText, signature.getDecodedJwsPayload()); + }); + } + + protected void consumeCompactJWE(String encryptedData, String plainText, JsonWebKeys keys) { + + // Decrypt + + // 1. Read data to get key id (only need to do this if you don't know the key) + JweCompactConsumer jweConsumer = new JweCompactConsumer(encryptedData); + String kid = jweConsumer.getJweHeaders().getKeyId(); + + Assert.assertNotNull("Data does not contain kid header.", kid); + + // 2. Get key + JsonWebKey key = keys.getKey(kid); + Assert.assertNotNull("Data encrypted with unknown key", key); + + // 3. decrypt + JweDecryptionProvider decryptor = getJweDecryptionProvider(key, + jweConsumer.getJweHeaders().getKeyEncryptionAlgorithm(), + jweConsumer.getJweHeaders().getContentEncryptionAlgorithm()); + String decryptedText = decryptor.decrypt(encryptedData).getContentText(); + + // Validate plain text + Assert.assertEquals(plainText, decryptedText); + } + + protected void consumeJsonJWE(String encryptedData, String plainText, JsonWebKeys keys) { + + // Decrypt + + // 1. Read data + JweJsonConsumer jweConsumer = new JweJsonConsumer(encryptedData); + jweConsumer.getRecipients().forEach(encryptionBlock -> { + String kid = Crypto.findKeyId(jweConsumer, encryptionBlock); + Assert.assertNotNull("Data does not contain kid header.", kid); + + // 2. Get Key + JsonWebKey key = keys.getKey(kid); + Assert.assertNotNull("Data encrypted with unknown key", key); + + // 3. Decrypt + KeyAlgorithm keyAlgo = Crypto.findKeyAlgorithm(jweConsumer, encryptionBlock); + ContentAlgorithm contentAlgo = Crypto.findContentAlgorithm(jweConsumer, encryptionBlock); + Assert.assertNotNull("Encrypted data does not define algorithm used", contentAlgo); + JweDecryptionProvider decryptor = getJweDecryptionProvider(key, keyAlgo, contentAlgo); + JweDecryptionOutput output = jweConsumer.decryptWith(decryptor, encryptionBlock); + + // Validate plain text + String payload = output.getContentText(); + Assert.assertEquals(plainText, payload); + }); + } + + private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm, + ContentAlgorithm contentEncryptionAlgorithm) { + if (key.getAlgorithm() != null) { + return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm); + } + switch (key.getKeyType()) { + case EC: + return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm, + contentEncryptionAlgorithm); + case RSA: + return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm, + contentEncryptionAlgorithm); + case OCTET: + SecretKey secretKey = CryptoUtils.createSecretKeySpec( + (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName()); + return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm, + contentEncryptionAlgorithm); + default: + throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType()); + } + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFProducer.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFProducer.java new file mode 100644 index 0000000..70e69c2 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/ApacheCXFProducer.java @@ -0,0 +1,171 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.support; + +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; +import java.util.Optional; + +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer; +import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; +import org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweJsonProducer; +import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; +import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; +import org.apache.cxf.rs.security.jose.jwk.JwkUtils; +import org.apache.cxf.rs.security.jose.jwk.KeyType; +import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; +import org.apache.cxf.rs.security.jose.jws.JwsJsonProducer; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; +import org.apache.cxf.rs.security.jose.jws.JwsUtils; + +import org.junit.Assert; + +public class ApacheCXFProducer { + + public void produceJWS(String keyType, String signatureAlgorithm, Serialization serialization, String plainText, + String jwksJson) { + JsonWebKeys keys = JwkUtils.readJwkSet(jwksJson); + JsonWebKey key = getRequestedKeyType(keyType, keys).orElseThrow(IllegalArgumentException::new); + + // Sign + JwsHeaders jwsHeaders = new JwsHeaders(); + jwsHeaders.setKeyId(key.getKeyId()); + jwsHeaders.setAlgorithm(signatureAlgorithm); + switch (serialization) { + case COMPACT: + produceCompactJWS(plainText, key, jwsHeaders); + break; + case FLATTENED: + produceJsonJWS(plainText, key, jwsHeaders, true); + break; + case JSON: + produceJsonJWS(plainText, key, jwsHeaders, false); + break; + default: + throw new IllegalArgumentException("Serialization not supported: " + serialization); + } + + } + + private void produceCompactJWS(String plainText, JsonWebKey key, JwsHeaders jwsHeaders) { + JwsCompactProducer jwsProducer = new JwsCompactProducer(jwsHeaders, plainText); + jwsProducer.signWith(key); + } + + private void produceJsonJWS(String plainText, JsonWebKey key, JwsHeaders jwsHeaders, boolean flattened) { + JwsJsonProducer jwsProducer = new JwsJsonProducer(plainText, flattened); + JwsSignatureProvider jwsSignatureProvider = JwsUtils.getSignatureProvider(key, + jwsHeaders.getSignatureAlgorithm()); + jwsProducer.signWith(jwsSignatureProvider, null, jwsHeaders); + } + + public void produceJWE(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, + Serialization serialization, String plainText, String jwksJson) { + JsonWebKeys keys = JwkUtils.readJwkSet(jwksJson); + JsonWebKey key = getRequestedKeyType(keyType, keys).orElseThrow(IllegalArgumentException::new); + + // Encrypt + switch (serialization) { + case COMPACT: + JweHeaders headers = new JweHeaders(); + headers.setKeyId(key.getKeyId()); + headers.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(keyEncryptionAlgorithm)); + headers.setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(contentEncryptionAlgorithm)); + produceCompactJWE(plainText, key, headers); + break; + case FLATTENED: + produceJsonJWE(keyEncryptionAlgorithm, contentEncryptionAlgorithm, plainText, key, true); + break; + case JSON: + produceJsonJWE(keyEncryptionAlgorithm, contentEncryptionAlgorithm, plainText, key, false); + break; + default: + throw new IllegalArgumentException("Serialization not supported: " + serialization); + } + + } + + private void produceJsonJWE(String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, String plainText, + JsonWebKey key, boolean flattened) { + JweHeaders protectedHeaders = new JweHeaders(); + protectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(keyEncryptionAlgorithm)); + protectedHeaders + .setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(contentEncryptionAlgorithm)); + JweHeaders recipientHeaders = new JweHeaders(key.getKeyId()); + produceJsonJWE(plainText, key, protectedHeaders, null, recipientHeaders, flattened); + } + + private void produceCompactJWE(String plainText, JsonWebKey key, JweHeaders headers) { + JweCompactProducer jweProducer = new JweCompactProducer(headers, plainText); + JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, headers); + String encryptedData = jweProducer.encryptWith(jweEncryptionProvider); + JweCompactConsumer validator = new JweCompactConsumer(encryptedData); + Assert.assertEquals(headers.getKeyEncryptionAlgorithm(), validator.getJweHeaders().getKeyEncryptionAlgorithm()); + Assert.assertEquals(headers.getContentEncryptionAlgorithm(), + validator.getJweHeaders().getContentEncryptionAlgorithm()); + Assert.assertEquals(headers.getKeyId(), validator.getJweHeaders().getKeyId()); + } + + private void produceJsonJWE(String plainText, JsonWebKey key, JweHeaders protectedHeaders, + JweHeaders unprotectedJweHeaders, JweHeaders recipientHeaders, boolean flattened) { + JweJsonProducer jweProducer = new JweJsonProducer(protectedHeaders, unprotectedJweHeaders, + plainText.getBytes(StandardCharsets.UTF_8), null, flattened); + Map<String, Object> union = new HashMap<>(); + if (protectedHeaders != null) { + union.putAll(protectedHeaders.asMap()); + } + if (unprotectedJweHeaders != null) { + union.putAll(unprotectedJweHeaders.asMap()); + } + JweHeaders unionHeaders = new JweHeaders(union); + JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, unionHeaders); + String encryptedData = jweProducer.encryptWith(jweEncryptionProvider, recipientHeaders); + JweJsonConsumer validator = new JweJsonConsumer(encryptedData); + Assert.assertEquals(protectedHeaders.getKeyEncryptionAlgorithm(), + validator.getProtectedHeader().getKeyEncryptionAlgorithm()); + Assert.assertEquals(protectedHeaders.getContentEncryptionAlgorithm(), + validator.getProtectedHeader().getContentEncryptionAlgorithm()); + Assert.assertEquals(1, validator.getRecipients().size()); + Assert.assertEquals(recipientHeaders.getKeyId(), + validator.getRecipients().get(0).getUnprotectedHeader().getKeyId()); + } + + protected Optional<JsonWebKey> getRequestedKeyType(String keyType, JsonWebKeys keys) { + KeyType kty = KeyType.valueOf(keyType); + switch (kty) { + case EC: + return keys.getEllipticKeys().stream().findFirst(); + case RSA: + return keys.getRsaKeys().stream().findFirst(); + case OCTET: + return keys.getSecretKeys().stream().findFirst(); + default: + throw new IllegalArgumentException("KeyType not supported: " + kty); + } + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Crypto.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Crypto.java new file mode 100644 index 0000000..2778842 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Crypto.java @@ -0,0 +1,136 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.support; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.Map; + +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.JweJsonConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweJsonEncryptionEntry; +import org.apache.cxf.rt.security.crypto.CryptoUtils; + +public final class Crypto { + + private static final Map<String, String> AES_HMAC_MAP; + + private static final Map<String, Integer> AES_CEK_SIZE_MAP; + + static { + AES_HMAC_MAP = new HashMap<>(); + AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA); + AES_HMAC_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), AlgorithmUtils.HMAC_SHA_384_JAVA); + AES_HMAC_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), AlgorithmUtils.HMAC_SHA_512_JAVA); + + AES_CEK_SIZE_MAP = new HashMap<>(); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 32); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48); + AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64); + } + + private Crypto() { + + } + + public static SecretKey generateKey(String algo, int size) { + try { + KeyGenerator keyGenerator = KeyGenerator.getInstance(algo); + keyGenerator.init(size); + return keyGenerator.generateKey(); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException("Illegal algorithm", e); + } + } + + public static KeyPair generateKeyPair(String algo, int size) { + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo); + kpg.initialize(size); + return kpg.generateKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new IllegalArgumentException("Illegal algorithm", e); + } + } + + public static SecretKey generateCek(ContentAlgorithm algo) { + if (!AES_CEK_SIZE_MAP.containsKey(algo.getJwaName())) { + throw new IllegalArgumentException("Content algorithm [" + algo.getJwaName() + "] not supported"); + } + return CryptoUtils.getSecretKey(algo.getJavaAlgoName(), AES_CEK_SIZE_MAP.get(algo.getJwaName()) * 8); + } + + public static KeyAlgorithm findKeyAlgorithm(JweJsonConsumer jweConsumer, JweJsonEncryptionEntry encryptionBlock) { + KeyAlgorithm algo = jweConsumer.getProtectedHeader() != null + ? jweConsumer.getProtectedHeader().getKeyEncryptionAlgorithm() + : null; + if (algo == null) { + algo = jweConsumer.getSharedUnprotectedHeader() != null + ? jweConsumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm() + : null; + if (algo == null) { + algo = encryptionBlock.getUnprotectedHeader() != null + ? encryptionBlock.getUnprotectedHeader().getKeyEncryptionAlgorithm() + : null; + } + } + return algo; + } + + public static ContentAlgorithm findContentAlgorithm(JweJsonConsumer jweConsumer, + JweJsonEncryptionEntry encryptionBlock) { + ContentAlgorithm algo = jweConsumer.getProtectedHeader() != null + ? jweConsumer.getProtectedHeader().getContentEncryptionAlgorithm() + : null; + if (algo == null) { + algo = jweConsumer.getSharedUnprotectedHeader() != null + ? jweConsumer.getSharedUnprotectedHeader().getContentEncryptionAlgorithm() + : null; + if (algo == null) { + algo = encryptionBlock.getUnprotectedHeader() != null + ? encryptionBlock.getUnprotectedHeader().getContentEncryptionAlgorithm() + : null; + } + } + return algo; + } + + public static String findKeyId(JweJsonConsumer jweConsumer, JweJsonEncryptionEntry encryptionBlock) { + String kid = jweConsumer.getProtectedHeader() != null ? jweConsumer.getProtectedHeader().getKeyId() : null; + if (kid == null) { + kid = jweConsumer.getSharedUnprotectedHeader() != null + ? jweConsumer.getSharedUnprotectedHeader().getKeyId() + : null; + if (kid == null) { + kid = encryptionBlock.getUnprotectedHeader() != null + ? encryptionBlock.getUnprotectedHeader().getKeyId() + : null; + } + } + return kid; + } + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Serialization.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Serialization.java new file mode 100644 index 0000000..b7ee667 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/support/Serialization.java @@ -0,0 +1,26 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.support; + + +public enum Serialization { + + COMPACT, FLATTENED, JSON; + +} diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..a84c3eb --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIzcGJrUXBOWXktRWVKaHJyN2F5ZGM3UGdyWHIydl9SN0ktZlN3QWZRUFVzIiwieSI6ImVCZFRoQVRUdVJNdGdMb1V1VjE1dGRrR21haUl3OXg2ZEoxOGJLaFlObG8ifX0.dcOAzx9SPKvB_Khf2aCwsO4Mjgi7624ZUfuBeh8y9-qf9zE8rqTnYg.6wPN1HPX02EmWyrThEQ2OQ.PTZ0EE3Wu7eiAgi8vyDY9BvdZpMCfLzHU4bU4e68wTg.Q-pYqtjokTeXLYXvBEALvw \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..23b829f --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJ2Rl9MTnoybWVsbzVDdDRQNTc3Qy1CNzVnNHBGS2hFRFFuSlVKRUhzQlFBIiwieSI6IkFTQTQtNU9Wejd3SGtIRjVLejlWbW1VejdFMVpXeUVoeEpXZTdnMXJPdG8ifX0", + "encrypted_key": "nHjSWaGL93xmUMtDeohVVwmVxeAqFwL2g2GcChWtrDfOt2N9pxoNPg", + "iv": "0dZUi18gc1ms-3oZLtBAxw", + "ciphertext": "sQOnIJctvvW2PM1mHcQNac9RqN5maFfyHp8cZwHvNSE", + "tag": "wJWtmLIMX3WMtnMUCbvgog" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..0f7fec8 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128cbc-hs256.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4Ijoiam8xS3U3SFBfeHdRdXJCZFlwR3BWT2dlbG5IVmpmdmJ1dVZXdkloQXgwZyIsInkiOiI1VTdneURYclREUTlHQmVieWZQZVkyZVJOeVBzVkV4eVRCVEVKenJOS1FZIn19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES+A128KW", + "kid": "ece001" + }, + "encrypted_key": "7CW3BIXee9Kd3sWHrZATLzFMcbw_Ju7GQ2JMZIL0kpGQZUn_EtJGkg" + } + ], + "iv": "51jNqts38Ij0LXVlZzToWw", + "ciphertext": "gr_d2VUGoGGbZJZiZMfyFFxVpyM1b1pD9KJLv-DPENY", + "tag": "mN9Ugy4M78wbpLoPxLAyEg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.compact.jwe new file mode 100644 index 0000000..83fce5e --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJnUW94R3NoLVVtVUpkWk9vaWdUWVMwU3p2cDhDRmZKRTk2VDVlR29KR0Q0IiwieSI6IllwdW9wOXVLTXVwWGhrV3R0ckh2eUgwSVNOZF9xUjI1b2JVWFhBeF9SQUUifX0.tcuMxvFT6BlmT6MCv_oI0SUMJRQwLLtJ.gk5rLWO0RVOaPRtm.Z7iA-zjtbmwnHaWRjnpThvtOK5dbnw.Vcs9qbsFsSO1jL1zejfWhQ \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..ab1acd8 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJBTFh3dk9PYWc0VkZDNDg3a2R1eFV5LWxiMVZnclR4QVJ0elQ1Sk1jV3RzIiwieSI6Ik5RTGZyZlZUU2ljZDg5NGtfNXVDUVJPallVUGtfWWRTU0hySlM1dDZIaGcifX0", + "encrypted_key": "4jegbBG56fLOB42yOsS_Rm8T79HH6Ubx", + "iv": "Shqv41AqNnhlfBAl", + "ciphertext": "MrXK15Dk_W2ACkEuAMaHeOYCjUcnMQ", + "tag": "aBd6yWodi8A9h5saoHgqug" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.jwe new file mode 100644 index 0000000..aee408c --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a128kw.a128gcm.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiVFhDdEg3TXNtVkU1dWJJVE5lajc2Y2ttQU12TmtnLVBNZVRpanRZNFZlZyIsInkiOiJqak5EczJiN1I3aXktcWpBWlpDdFNFVnNJU3FnUGxJNGVmZ2ljU0FYREd3In19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES+A128KW", + "kid": "ece001" + }, + "encrypted_key": "EB2CMRANIl0kFvvQmTaqxE8e7FjPwQpq" + } + ], + "iv": "Lcs1Al8NisDRzBpa", + "ciphertext": "7U0qAy_0U_U8x-ci6Rv7dHRQ8fWevw", + "tag": "uFjtSRomU8g_j8aOtplmxg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..13c7ba6 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJobVBpV3ZfMVpiYXlERjljMDJtblAwd1NjMFpXVkJYS0lXRDRGN01TdVl3IiwieSI6ImhyUktKTkNiMUZYTWVOT0prRmNVRk50SzB1cjlSa3BkR1ItMlpFRGVPbTQifX0.O8gaqLuPy-r6K1P9Bcb82Q4IInn_uLJLd3buljiSneS_nilSZLyaSg.pOPGBUx1Zd-XMFtN6G2MZw.i_Vsdphz4NRAUQzMRx3keuFPJXVGCcbx1GvEU4_ALgQ.w4-Gt0RJGIOYcUxDIH9gfA \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..e89b446 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJ0TDNjazBuZVRMeVVEU182Z005UGVxUUhBYlJmeS1hMHFqZklfREdOdGd3IiwieSI6IkpxNGZJSFMyZmhjZFhBclhBMmtNS0hNQnVvNUZqbnduaUNGcjVGaUFXc0UifX0", + "encrypted_key": "azz42j4U9zhBDw99GatGTXQBKaoIcuS0E63ARdsQrslaDCFLDqnEdg", + "iv": "aSz7xc_SDbXlN6wKlvDhmw", + "ciphertext": "7XHIirqCQfdtSnQ_NTtNWwNY8VgiIopPtELZ8tUJYNw", + "tag": "UfWpc5jTWCO_CDNtNxjkjg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..ea25e1f --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128cbc-hs256.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4Ijoiek1fdXFfLU9MTWVwU2c4TVRfcEFIdGM3T1JYaHYyQXUtdnFtUXVBQVpORSIsInkiOiJpR0dBQ2RtUUhUMy1ZS1VsMGpZVnJNNTJZTlY0bXRxeEpWLTZROXNDLUNBIn19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES+A256KW", + "kid": "ece001" + }, + "encrypted_key": "e5C8yw8oU8rZUq514lrXSMkc8glsP_RNEgG6zthmRcqX7fNlUHzvcw" + } + ], + "iv": "53tGCTb2nGiB-8UwfE6Hxw", + "ciphertext": "XT2vGsTJjGm9fo8GwUuSIZVMvyrtN7FKvshDaPfEQgg", + "tag": "fJQd4iiWvpBjUkuk1t6G8w" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.compact.jwe new file mode 100644 index 0000000..c8f0e1f --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJlalRpb2owVmtYR0hJUmwydDhwX3dGX3BXb2VBVDBpbTc1X3ZxNjFlZlBJIiwieSI6IlhXSTI3VHh4TUV0WGoxSWRzTmNPdzRCX3NHUFYwSzJmU3k3Xy1MQTJkVzAifX0.f-OQEHIWG2daqU_yathh-m5DMX_DgM5R.jZ5cjZRHu8jkM2p0.XjN6Dy6hmofaY7BmsL5rkZyyciEkCg.P12ouIdvCkMalu-tE5fZjw \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..a7d0f99 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJlY2UwMDEiLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIzWUVwc0FKeVpoWnVQQUlfbjJFYjcxYWQxZWF4S0t5NDBwSjdvc0NrYWpnIiwieSI6ImdQbGhBRUJJanpyTXRzOXVEaXVxRlY1TFJYNmVkb1ZKSFY2eDVvY0xNMVEifX0", + "encrypted_key": "Czj_pbFKU0LJ24-xCwrGGJaY4xw9UV7Y", + "iv": "djhHPH6v6z6dPq0J", + "ciphertext": "qjWwUa850D3iqMiwLERLlBbuZuJ8YA", + "tag": "SHItSZWJeHzf2y5iv6v3yg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.jwe new file mode 100644 index 0000000..07b0fa0 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es+a256kw.a128gcm.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiaXZ2NGw4N1d1dXdQU1doWVRQRVZHSmFMVlF0MmZYOG9WWC1RMGI3MEN1cyIsInkiOiJFbEN3Ymtwem1iWk82WDZ1LUhWMi04eS1Ha0ZNZTlKQktiMml2TXRUeGg0In19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES+A256KW", + "kid": "ece001" + }, + "encrypted_key": "lyKrA48aD6pFlx_sxwEkxU8-XMXTThXG" + } + ], + "iv": "7HWe_pwp83qz2Bpb", + "ciphertext": "9yt2-bdhstTIY4v_3WYWODCpcdZOQg", + "tag": "h2EHJmMSp6N26F32KiDWIQ" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..8dba7f7 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImtpZCI6ImVjZTAwMSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6ImllV2F2Y2JBVE03VmwzbDllQXRzRjJIaFpmdWZiYXh4VGV5NWJEcXdDQ0kiLCJ5IjoiTFFjOWIxMHhTdklBMjFueGN4Uy1MbmtOb0d5QW5aOVJjVHJ0dHdON3Y4USJ9fQ..5GDEHQGe8h8a-OmL--1diA.7MA6to8GTRaRJzmlt5Kwye8x1lQq4VQYr0z_oumiu9Q.ZxJqorn4EKnlf-t0qixNuA \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..5386c0c --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,6 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImtpZCI6ImVjZTAwMSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJXbXVmUUViQlNENHRfR0dOd1RVakkxUTNyVTVpNS1xSjZibW9pQnlOcmsiLCJ5IjoiN0lxWXJqczNWVE1XYjhKOVAyMEU0aGEyWVFUN1NtbmpZaUpkcjdDX1R5QSJ9fQ", + "iv": "dW8ZNP9r_YDFOAhwkdcKPQ", + "ciphertext": "aSwybHf9c0mLmwp2KwlUdyFT8tnDdW5pDwDP1VcVgRk", + "tag": "VwjTKbbCK_3_uEk1gKtTnQ" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..2109cc7 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128cbc-hs256.json.jwe @@ -0,0 +1,14 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4Ijoic0N1SVFkVEhlZjNtVklKOVkwOEVoMXE0WTdJU1pnaEthVUM5TXZZaEItVSIsInkiOiJTUGNac015cE5FNnRsM1hlWm1mbHd1OE8yY3dMU3dMXzRpQXgzYjBiOE9vIn19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES", + "kid": "ece001" + } + } + ], + "iv": "D607QFPXIuxwC_UAXZNn0g", + "ciphertext": "bqBaOLGRISgQxgqbraEOWZGkPJlsQW0Z7fDpRVH3ov0", + "tag": "alb_2BcOzf93gOHBIGa-cg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.compact.jwe new file mode 100644 index 0000000..39ec235 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTEyOEdDTSIsImtpZCI6ImVjZTAwMSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6Ik5UVkkwNklxamdXOVBnVFBmeTFnR0NsSnNKWEtkcklLVTNnRjhkWUFpaWsiLCJ5IjoiMnRxb3lzVldQU1NlR2puTl9rczhJVDVjX2xtc0JyY0hZTEVkbHdWbjJoZyJ9fQ..Z5lCQXkHMRCs1nBy.ZLUUGV4Hyqjcamn0QteQ7XNfUC1z2w.x2Lg_ff5aG5Vxf14rUPFbg \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..c6259e2 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.flattened.jwe @@ -0,0 +1,6 @@ +{ + "protected": "eyJhbGciOiJFQ0RILUVTIiwiZW5jIjoiQTEyOEdDTSIsImtpZCI6ImVjZTAwMSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IjRIZ2FvVldzN0pBOTI5ODJyWUtibWdtaWduUGVtS1QwcC1YN2ZXaF8yclEiLCJ5IjoiN0JBSVJsT1h2VW9ydGQzZklyWWRPaWprb09GVklsbzlKYmxwNnNiWXhFbyJ9fQ", + "iv": "GJXoWZREUsnXz2Mk", + "ciphertext": "tFtk8WJJok6dcoiKg0nKV9v44EffRg", + "tag": "4twLga_z8y9yBZfy0wdNYA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.jwe new file mode 100644 index 0000000..86860be --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/ec.p-256.ecdh-es.a128gcm.json.jwe @@ -0,0 +1,14 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoicXQwMVVTS2d5eTlsU0RuVEc2bDNlZVhJcmZvaUwybjVzQ1ZTWGI1ZWt1dyIsInkiOiJEVW41RGZFUFRIN0NWdkxtdGRDTzVjMWp5NENxQl9vUkZJVGUwZzVzR2FnIn19", + "recipients": [ + { + "header": { + "alg": "ECDH-ES", + "kid": "ece001" + } + } + ], + "iv": "00QmQz7xQI4y-Hq5", + "ciphertext": "uHBPUSrqIAlC5O3YfcDyRUxyBUcslg", + "tag": "UjKZrhrS-ID0d7VTXLaluw" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..7b3dcf5 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoib2N0ZTAwMSJ9.poRoHbBlwLcwbCsoXjM7bM18a297asZ4AUpR38LPRb2dXJviQj5qoQ.0fAwK_0lxdknw3RwV0Wkww.XvAh2rWClPIln8-3vs4kG3BAU9xaA4iMkknvtlMNcfA.VVepTL6nIBoScsYG1Uk7ug \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..c5f7bb1 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoib2N0ZTAwMSJ9", + "encrypted_key": "0Z7KyhfmzYq3sG3YVJ5ZNplL2PNj4KseS1TOpiMhW93Vygehc2ngMA", + "iv": "LUH78Nt3O-ckAmMDORkFHQ", + "ciphertext": "2oDMtpvjyuIb4p6oMa5ICUVKb1IQTWyEVnEwfEldJ2E", + "tag": "fV-LJOgJzdDMHhIvOBb3aA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..115df02 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128cbc-hs256.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", + "recipients": [ + { + "header": { + "alg": "A128KW", + "kid": "octe001" + }, + "encrypted_key": "IivBEVLczSHKqRpRHnZqVoqIgV5J3gi9C6D_3uqEycCnydugWqQl0w" + } + ], + "iv": "0nMV-sUGbF7HYas0CMFneA", + "ciphertext": "y1Kvof6YUmGzAG2jPxUI7a2wj9FZ6StmhJYWO4G7rg0", + "tag": "PkqXzJNQhP3_UWTOAnhUJA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.compact.jwe new file mode 100644 index 0000000..c3f1fa3 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoib2N0ZTAwMSJ9.c5URorYIKlTKwCtETKnJenkfNlDHhY8K.1mv4VT4OIMdBpq35.UlDLWm0oJef6VVXWB0trxgNFIEr8eA.CtwWtf06uFawtSoxiaMNCg \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..c555ba2 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoib2N0ZTAwMSJ9", + "encrypted_key": "7mwjGGEBcIbxSgnmd04CQruTZ6-_LbRL", + "iv": "rH604JIuCyw-1KTI", + "ciphertext": "Xc3McFYZAINBSfSjtWT4I6F15dbdqA", + "tag": "h8i5Y3G-a45PyLVRVwb0Ng" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.jwe new file mode 100644 index 0000000..b856c8d --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/oct.128.a128kw.a128gcm.json.jwe @@ -0,0 +1,15 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIn0", + "recipients": [ + { + "header": { + "alg": "A128KW", + "kid": "octe001" + }, + "encrypted_key": "IVbYg91lB_2V_g4t7YTXQVuXBpdZu4B8" + } + ], + "iv": "K5ua_33odSQDJuXe", + "ciphertext": "j6dNIYKYkn1EiS3pKwWpIShPhZ7JQw", + "tag": "0GoMvhNrrWu3_O3kIAhndA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..3899b56 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJyc2FlMDAxIn0.RClVx03XyOZF0bC1EVBnOrwXLsB5XPOKNPb1qOQTp-h0mTPeFLjB0G0GNuspqRYuqBKaZXOaLWMRkJL0p2JFYMPLhQxalIvZnoefnO1wwODC1RoH7o_x-Xbh7cmTAxNa8X3xWYVDdK4W38iWiEsMa_1q2F_YkmocaBbQx3Of8SCfSizBnee89U4lhmIyFFuPS6OxFh83e4HfQGNDslNto9xrE7kCutA21EXcXgOrV2dsHX_N5HO6fhr-coJcqXdhD8ijjutr2P_24JNcubewYaQjawnJ_9RJZW-dYcSIAXfWqBQHTogZkbTm9EcZFjs7KaaVYqbk0_mbeYfQluEf0w.g2BoPriKX8DC3vK19Baoeg.rX7pKXTGnZdBBypxJfyzaeWu5HM0C4FeYJOVRzrLG3U.ube0Ze [...] \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..049ce04 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJraWQiOiJyc2FlMDAxIn0", + "encrypted_key": "OxxFzz83L2uixz_gMqY2hkDK1MmDq2yYnm_AXpTehShOcSPXH8mbYNInNvg1EWbRb6UUgDAtXETRYR_4Ye7ZA7LflRJajsgieZOQFIPqFedtUWA56EgIZmNXOSdELHLXFweRGOE_4n6_yHSCLR-7rJZPMk8zyUN0bhJ_ikkxg277Seh8ZPm151FqO_H-tf8OVKBJNOLUj5eNBDtPwmCB3xnyrYAgD5B4YQZ94VSfzYJ6lR4o33NE4hrUGKsQKNjSL8j4FKKq5on6GTg4IgENZPHT04XoWx2yhGmEVA-tO9e73ue_nu15qeQG3ry3PnVtRKSHfBY5kzzSkqbaA3iLLQ", + "iv": "5paYstZMphyHwhBBup0zJA", + "ciphertext": "e1a3JISFCjFL7fKhpxhK1wW-9JfnCOdY_LWI7K-036c", + "tag": "UZlDalxikyNUejhHTEv-HQ" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..60cebc4 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128cbc-hs256.json.jwe @@ -0,0 +1,16 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", + "unprotected": {}, + "recipients": [ + { + "header": { + "alg": "RSA-OAEP", + "kid": "rsae001" + }, + "encrypted_key": "pshapaTU5tHsuTp-Ku1jMXIj5X5diA0TerQ-VYj6d6RfIZ7WsC1ANlRk-_JSM38Go3BAwUP0JXcx5LWQlWf_30QYGYhmaCkhmEvuFLZPerZl9dV4Esjb1wSc7rTYDGsIUFSFfZ2vCTNn57Wvkl9_b1pTEoE3boS4m6ZT0ncvgAWMn2uY1rsyshbUfUyO-iIn6L66o3QIsf3JB5OCf4whxCGGN6ZBok4w07DKB2hMzkynPyATFIhjKWkND3chLeXxv-MEbScgWSCFsrwbZJ0I563hWNz1imYutEX01jWvDQk1vebBXpcTYgLy9Bh7s8II7vlEeBeEXntI0JuJLs4iIQ" + } + ], + "iv": "PxljoyviXgcCNmeKSh6vKg", + "ciphertext": "0u79-fk-qB2ahMSoKAx_xZ7UjQ0QKAAtmtIOSK-Q5Vc", + "tag": "l0TeWTaeyPCkzfX8e91_qA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe new file mode 100644 index 0000000..4bdcbc0 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJyc2FlMDAxIn0.h2DjUVZr-SuUYlxyJVCNhq_y5LIwBaE3b1paOoutfVFDzCYucN8kr1lMbpAloln4PAmiTZorwNd_wiMPBSSuhkcVY1mgxyorvvh9j9XboP7qgpI6GsIpQNbfJiU4nT_bYzvQm7H-UnxJBDu5qsUI851FgFCE0FD7rKhNd87tddb6zPa5dkYPMq7UlH-6ddWsptAPTwPVunanJBToVRAZrAGdPoO5i7WXLfP2acQzPSPxL6VgGrLOwOuXkc74hlmeLcRLxpBFFG-ZnQXrgMnazEqW77a3s8wYCTIbC9wyxbKOLmRhFzEl8uNcGo1BB_FzQ896c6b7mhz9o39uhxheIA.nfWIrCO0AotTzpIo.Fh9weICjnM810QkYtf53oEa9J5rKpQ.XHk1aavHIYT0WvYiCHjgOg \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..b5b0ce7 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00iLCJraWQiOiJyc2FlMDAxIn0", + "encrypted_key": "z_6rand_itIW7VjkqN5zPccYmNycAd1VN1cSf9P62Ws7iN7mdyeWUjo8je7WykNcxDZ7Gb2u8VN1dvN99lA4g_l0Q2-YE544Qoh6pc1-1PFS8qTRQJjbkcHORISAFIkhNfaQzOT-Shldg6mR_9OLsZ6GZ_iWNhQVJUklNakmB-GStLgH80vIfI3RR4ZeSiWDkWkY0lz-gS7K9aymueNd0cbBC7Pra4-Ow49yfxPh0rFn9J5k03Ni76zZg7dPeELG_M_ufdg942bf1yXKiIJc_l0UK7309k4ovdOd7hiBycaggRZHxYb-61X-lxi3KnVL_LoBn_sYYxXl6BBKHywGzA", + "iv": "dDd-PT-IFhqYJx_w", + "ciphertext": "Z6qrvxlZKfEyQPOAnxDl6umfRaeN5w", + "tag": "bu2_8pIXIZvIvb1yi2neDg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe new file mode 100644 index 0000000..a0bc376 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe @@ -0,0 +1,16 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIn0", + "unprotected": {}, + "recipients": [ + { + "header": { + "alg": "RSA-OAEP", + "kid": "rsae001" + }, + "encrypted_key": "w73s5p-D_8eOm2WHxKgw286wGmD8f_MXMVSwWN6MSv10_QALsCpf-5XQeCXfgKsyGKeEl3Fs37riys93OlMocvHVgqr9Nb5uRLgs4TIfVAxF_hDGHklZH88mMwOZ239Z0zI7kvfWzGUDPUMZFEnDmFC0fwcpmsla5aJDYr9I1CakPIdQjYoc3dsdPQyjxeZil5iaVBx37QonTN-U2dwL5Vg3DISWoOCxkvKK230b1si8OG9RhtETDDsVGyD49IxGKMXPw_qZ734ZOeTDL1XLo2kWfKL5wL7KjgLbSxZfVoS7dyuLsjhZecyXU1GOCedOfGh3TESBfqmW9bUa6zqy_A" + } + ], + "iv": "3VDpyNO9OKtmTy7D", + "ciphertext": "jJa60_wrrVS3kyxL38VlIFVtH53Ylg", + "tag": "6rJXDDtHgCFtvBMog_MiRQ" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.compact.jwe new file mode 100644 index 0000000..cad1819 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoicnNhZTAwMSJ9.az5TZX8VL-kbZibwboRlmx6yNoBiXdazUCru23r9EvXPZTDDVM_mYUt9PRqMhjPbzlOCNX5nmg_3EZrK-GkCv-CWqzzlQmkgXApSTzsyhOQrGYr5ZRwEIXcxF7QoxO2grTSYrn71udTrdhD9V-lwZl74q9fxGJPhNUz2G4vtOezCRWsnJvbCGBaSN-fnP9b249ogDC39u1yIUWGR-pB4uS_PUSL59bzrcfwFgTxKMbobLaPODdKqKBho-iTomFZ-9mjwTvtBNFLoElfQmAbFWusjeB7H2n8czC58BcAp90LIl4JMtN57Q41VFVwLpNO2gvhuLOY9t8PNh0dOrjQkmA.a2EcPwUtv_tnBB-Rpu98hw.LjZS2wlHt5XAIdSumfqpDXpoMkHj9z_bSbvJlXeYtVs.zhdQxKZ77 [...] \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.flattened.jwe new file mode 100644 index 0000000..0084501 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoicnNhZTAwMSJ9", + "encrypted_key": "Rdam7i_zM63avIZOMs09MKkTIhGb8z4GrCtXVcsIsEjnRJ5j_McnThbxdNK5E9OkrGnsTQHGFnFCkogC52266Zp1U8hrv_oebWBPP7pRFvpZxFwNS4dMytfvVjI3VEYww-8sj16iHls1sVmXUb6EbxThHgXBD9IOh0yAAxKnUHJVBTgrbMbzlE8TKSU8uaPtqMYfRTfYNNrFn55GNgIK9yE2KctYleJ2MfhdJgSVAN4kS9fSR_OIA066RQxS-qbLWOXb7r0rG7wUQYG1cskG5K18_xwrCbV9dWdyKAvf7DMhvDj2Ww1O-kheOetI7UVFG2SGgSwKVk6MVTTTkeqr2w", + "iv": "J9UEMAFvNBWUAxg6VGwG8Q", + "ciphertext": "2oupp03TBIzxzd7SjhfdObpHYnlBNXjZXebVi4HnU9g", + "tag": "hZmY_cuHPGCeOYfmUfEImA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.jwe new file mode 100644 index 0000000..009d609 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128cbc-hs256.json.jwe @@ -0,0 +1,16 @@ +{ + "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", + "unprotected": {}, + "recipients": [ + { + "header": { + "alg": "RSA1_5", + "kid": "rsae001" + }, + "encrypted_key": "XG0e3jjeLjGrE-Be-BIWZ6wG_lP9WMif22sIt17n6-Skoxd-yoSetpiQNzlOC9H4PJnzgzasYE0M68IacK79fvt9EwNflEGbvpqW4m62Bmt9tA9itagOycflbZesz8VnvYAxiacSJi2qigJLPwNZGrE_B_UGHReglcQsvTOy6k9MkaqDlhiGgJbsJLVh-vSFVqlxHk61X21Nu3mQVm8jFkMt8xgZIpSnXxJwLlMkFkuZ5RZJcu1YRz_c_ZobarcmxTEtTZj81rkgVDmpH5RC7GVrmSsMaCUCnrmkxL-a4iF_smZ0KVj9BNfPpUSBtbv6hG1RyVeHsbFxPG_lZmtliw" + } + ], + "iv": "rwvdXFCel0weTNFp94fgrw", + "ciphertext": "DdWrZrCYXukjxiTwtLE9aV6YhMpaf1nyWDoB-D9CPhI", + "tag": "yfWO0dbyVEFwREo3U9fKZA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.compact.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.compact.jwe new file mode 100644 index 0000000..fdcdf1e --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.compact.jwe @@ -0,0 +1 @@ +eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoicnNhZTAwMSJ9.esf6xZgJVEAOzst0K9RNS1LrmsIhD9fz3mx4c0SP9LLwpUAXYNp2cepV3zQv2OXZ31YUuhrPngCUD82cIvcVyqGZzw7kzbXiEePLufYcyHXeMB9wd3cTUZDcIg9ZfFvxPPsIVmbUor4-bMKtGpxV4hCL72JCpun05N5wkURVatrgASBZ25NS8ZF5DWfFwOVmnhGjcLQrjfNXBmTbB5J0X2CMt7tfY0zAijwgW9NCFjUMZvh-PmxQSBNaaQTo-LFf7njF-8m8amJUBD3QWmK5uEGehm7ovg9WZ4qRfB92z_icUHumDiq9XJp-WwVjYPhK9L56SIHscZdC16dBcu85Cw.EqSHdshdj-kZrFYb.Vf04d_44FzmXpdcYfQai_MtMblVmpA.1OJ9QwYw2VjXT_aAicX1EQ \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.flattened.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.flattened.jwe new file mode 100644 index 0000000..2c38010 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.flattened.jwe @@ -0,0 +1,7 @@ +{ + "protected": "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoicnNhZTAwMSJ9", + "encrypted_key": "tE2lK6q7FDs5bA3t1FhZ89mv1BIGHsI5Sr9LR3bykmH_M1c_EBC3Oc5xrnPjC3Q2EAJcaajH9RNWoZgT7PBEFCy1_RFDqvkXerXQZvhXbn6IciECdUJUgOK6bsmhuPJ6xHv20dhbC8HyjiNwdw_8xEBqPcNj9i5BzCs2ZdYLt6agNU_gg29nxe1pojiHkG1zYlZpdYRqgXXyMO0SHlaJCkvqPNyYa2gWcYbt1VHPwBFpm24JN2YcPXSsYV7BWxvGB70h9m1i6vJzD3_RgJ2HTZbOZg9N_cjmCjC98L51bllTyq9fhPGtGJvfBzZuytQ_2QdhqdrlPbZVt0emSgj-Jw", + "iv": "qXEOJdZHeSfqxC4N", + "ciphertext": "ibeaS8GLz9cpbp1eNqvP_oOOJRTtBw", + "tag": "kFBM7AOBtwW1Xa8tqK_K1Q" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.jwe b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.jwe new file mode 100644 index 0000000..bf6a825 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwe/rsa.2048.rsa1_5.a128gcm.json.jwe @@ -0,0 +1,16 @@ +{ + "protected": "eyJlbmMiOiJBMTI4R0NNIn0", + "unprotected": {}, + "recipients": [ + { + "header": { + "alg": "RSA1_5", + "kid": "rsae001" + }, + "encrypted_key": "Pe8G7kMRRYWhaciYuuq0al1Q1gHIEPNEk7diOB8Kf5Aw-cJTV2Mmq0l9cOxNwWm7D0YjsXcCa2cMGoxQGqv5Gwlc8x7O1YdsgWXZ9RkctqnaIHF70NldINyH1UuWILVsi_Tfu4DJwhAGwzIEQe6ditmfI5EGuD-asZGbVGR9eH--XLQBC82K8TuXpnr7i10jG-FVu6wJ6JPeVNOn2g3ajxTusGg75JQVgPi2WRlrWQixiJMocI8H_JVjJmxZyckOc6Au07LYui0bQYnudvTtM897A39a8qeav4TPM973Zywpdx5SG3mytBaaHWEqv3x0pNMBihNuc8Gejo6kOvNn7Q" + } + ], + "iv": "9m-Ccxyn_RNjTC3W", + "ciphertext": "notoX2gM0JVwHDyQdw8bCZ2Ba80bZg", + "tag": "Gu0LLq30d8WkpSz5oidC8A" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwk/priKeys.jwks b/rt/rs/security/jose-parent/jose/src/test/resources/jwk/priKeys.jwks new file mode 100644 index 0000000..bfaeccf --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwk/priKeys.jwks @@ -0,0 +1,104 @@ +{ + "keys": [ + { + "k": "6m8QV4Pno6XctwHvuMsfnA", + "kty": "oct", + "kid": "octe001", + "use": "enc" + }, + { + "k": "FAVxcYgqA5D7Jfwq72OnOS72dhvGvGxYtVHNkUCSr_A", + "kty": "oct", + "kid": "octe002", + "use": "enc" + }, + { + "e": "AQAB", + "n": "22P3naTVr8k3JVV8XlcidBZaFrZl7JMSsmCHI_D8Ruu9pymSwfIy0RPLUdxTsqI9jX9Ar4a_2euzKkOCaHBLoI5e4vcWQEqAhzc2OvssHRLe0ukQXTZFUvo2AfWRErfZAV1jimugtQ_uDdWuEMV8A_WqADv9hb8r_Ct4HOid-_F7LzlfUGBycLO_bV-YYoaJQ3e0iKG3QSJe8uxXHa7H8zjT1YXTNXH7M2A7Ut1bjMjR7t0dRl0b2Z00Bh2cxDbxKmkj0inOyOTxE5xKKc4YxIQRneJsMpAR5AI7fL5-NE-YmJuxGA866oX0k6-wP3cQa1DAmScDO2_q_CGE6xljqQ", + "d": "JjMCw0UXG9NqMarvy7FaQ2I872V027tD7yEVhrGIC4UycW-wqOpV5MeQiEFXpWvQUdnNVoKc1wHOIVa91xduY5dGeDhTfIA8Xs7DN4PSS4GkoI6KFeDEM01zp-WtC9hNBYrQMSLKSZxrc6c39p2cGUhmAEJxwx7lNrQO5uGt2FcB9eNI3YMf1pkLhfDwvgLc_Obv9NE_0pBsCp2T_aChv94MhRjCmWRexUfpDLfDFzsRGCiQUK1Dv1Owxq5FpNoPaGttJjrFwx2pGO6qTgAnJLeHKdJbevQPYy6ROOJjfECneku84E2CKux-sYSIq_mmARgcxwLHDAYZ06FECMzfsQ", + "p": "8AkK29d4ReDLPxsUoaDw45MrxG28kl44NOVgSwlPT6Ky6_YZZQciumLRoY5MhZK_naZmxdRbRGl1WS-UR1qm8XhXXjpIykHq5rmgc9sv7vXO4BFoFr-xM9NV808AuWCmTNJeeWLCtEN_zG_JdBnES7buQCYgPmYQaQY7qHTyoJ0", + "q": "6ftqgkmuu-FCH9S9L1wIT1fzhtkRU1_1hmR3gYq-65gdthZb_iO-Xhl57lqt3tDo9WTk-lY4ZImtIsbxgxvPqX3SvZeFkysTV32MOGAyOky6zgs-VlESdYmSz0qfipKNo-utbluTI6OqnDdM0tnLlNXPPp-uWm5ffRNra9bBo30", + "dp": "Fx1XzVnPfDMsf1Q1RWdBKzkV4uGKYjHuibF492DbIVkSj8RwJ5lrT7WKaFtSpR4_k4fdp7lOXKUnJsJ9Le3d26zyBOHp9ogofbVsbRuzXviOxmcGtgIZp1r3kOmPsUpMWWN8s4W-KCvD18UACk0c6Qmhoc3KFxgvBl4SSqOQZcU", + "dq": "V2rEJzsqGi2Vi9jqeZgzzpj4dggBThoK3BQLBg31OIYTi6Uc530pMXTpNiEQ1q9MaeoxFkpCNWWultCnCKnKUvOcWZMTp6EvT7-rNKDUAy4JmNNgjdUqRVmJzQJ_SsFoQ7bYi-OQvH74TfbnL9uJEOk0zZvRAx47dLpdpuOMYu0", + "qi": "YsIS42J6MaNNxoekr5wDHKS7aMtY0aQMkDZUcjydoabU64AIKAzGU5kBRqrAnNlCdOP8GbBm73IIQb_nZoSzCpoBB2nv2PilLYJPC3Ik-ZnSaj7FkIJTCRhPD1pwFZQA0uHs8stuF2SstxWV4WN8DxknkApTMKelwZEjMjqhR64", + "kty": "RSA", + "kid": "rsas001", + "use": "sig" + }, + { + "e": "AQAB", + "n": "tvuCi7UYNqxaz9_-HkOIhwSuyRpESyzcPgWoxgEowRAFe11XiyDMUrCCVXHhlCwio7JQ-8QdZonSlhFIaI110vUG-dP7oD38VPeQKzxNgThIUiLN3RIlZECf4D_5wWHB4UOmpPm54PfTepkhtcePaE500xCjUkYOcC80xj1Y-gVr9WzOlh3Alc2EQjnxRZ9djYAaJPRzSmlfL3KocqZouwRd_0TJV-RuYgf79KHqSByKIAxw1Lkm4E7Hi4pb8B0X5rMHP1nxaCF_Gh0ItgYDBawcn09Ve0RUnMkQFMVkPZq8Il7ZwSsiz1SK6KlGgV14gvef6qHO2SqXl8Ppj5Yd8Q", + "d": "neyABPetCDLExbg6aAA9Ktp9x47l9kOnadgUi5-gfs_HC2vKDIeoEI3KTthUqj9VPha-Eix2e3LjzyTna2T7lbBn7uJnvysARozLXqVS9v2OXWUwa2Yn41hrI23TrnUikbqDbsshA-qgGKVlFLBBMvLTnP41FuLjvyrez2FPE6h4cgdgQyh6qLLZ3Jn0etN9IbY0PdsjSQP7SSPjruhxY4R3QHTW3pB6B6dTNjaHhE4m62KCB37PRQ6TLCrJo_3Lg3MAFVzTqS51Gl42Lc1E84BTgV9HvKxwAnV13OoSL0VFtl2mDL4wFUfwubdqFB4JuFQO0xgFscg3Egu-OWLxqQ", + "p": "37k0cy8HaLjjyVe8c6qqLl5PymJM3NV0Ug1_Eo9eg7gwdzwXyCXI9JqS-3umAaqtegnTWTfdmrdAfFefwc4cCzRPOXj9GA_BL0MauOlDHmQtqA-4XLbLAxCzz-s_loU59a8nsVSAjwZuabo-4bH0qEfQvs0zd9kdWSYkYQNQ3HM", + "q": "0WGdZPDrP1XwzmhOEkECDnSzvzxTWDJIjgToRptOxdO4wo8pmqqQwDr5AzMH_otSf4mMWvWuZIENGQ0g84SXljo9es1tniUfiMzrTIzUVTmwUXxXcuEdGkMy1xgB3-P-OwO043SV8_ugVqvUo2E8oZo8OAJTUOZoZNK9EaK0hws", + "dp": "nWpyVk2T-AKH_GaoafZ-sguYNv39uTDUHNv0Onn4ddQG_g6haSn1AO82Vo8FGo0ebQ020cL2QWOJkzQQa8x7fQK8b-MKqoCDXJ7p0YwHtv2kBmmxPkM8CxcYfka3wlBRnOY2lpavsnNDA0-R6TpOvI1zep1mBoEVHmIxHLW5krM", + "dq": "nBM7lAbSFQAm5HVz3L-AnO35HtAFAHVbCCI4UolqiqRr0PuOc7A4_lH3VJ8xkligQllxukvwlxJrhQT4Tw3DQURgl62RzJS3kO3PZ9yCWpUKDXO2a_fKDc2RlCxdGVuGIs98gyBgtuIWfwTPGIpe-8dQpB93o5Jctusv7HlwQEk", + "qi": "DVwuDxOEbwxP2WdaEQyJX9EjmfND7jUMjk4yf2m_MGoYGFbNwWWx3ujCA8_qba4qMA399sKWlEgU9ozCS_M3bH1s5ZaP4bS1T88YTYeOrqwRSlUxj57hcZFkvVmHQ7Q_vlanRWeXzfWrVTagFcVkX5qvar1s4CSCYInWe5JQUOs", + "kty": "RSA", + "kid": "rsas002", + "use": "sig" + }, + { + "e": "AQAB", + "n": "5GAtkejk9hEAtgV0oRGGTSoZUDh4DgKxDxqslNfodOM8MiHl_lcLLqCsaUcriXeUDwgaM9AgUYCTyfCej6Mruvqm-CcArnbnJLQs3X9MHBtKqO9WFhXf7gG5fXvn-IuercqNwVmIbfQkuouarVdafCdtXNstZjuYQb8dM9bxidOoZY24IHSoVqzLQfP3FM47FseKfrB1A1QnModhf2D6vUafgmVPXNvClPMswEpynJmodl9jZsqfOF9S04qd6KaBV1vBUG3YxJiUNG9MW5qRQBGlR5YopzRGWzCCSXQ00dyU76EFRG2ha5gKrhFfXi_op6_QwxZJdpSrYtnNo6Cs9w", + "d": "ONeXgBGvq29f9e41sUFjZCFuW4EyoIoa999zxThYK3_Do9a8ICoaJmjngOyt8XFJ8NPbcboD0UVng4PYc3fxkoCAvpM2oDYIIiKWaCsfDn_cfV_U1XpsWhkjyg_lFP_rZuZbkhxu0K9L1QKaZTqw0uYdWldTXXbH1tVyt0xwohUMGsr8aeBX9b0TzQdfYlBlosZDHhkqWUJanE7r7e_OEH_7Ym2kawZ19Nw5ET3gTj_5MVN2tH3zP3csbxntiY0h4CQYXeoXaurF9Uo5nHgNOJIfr-eHTkTe8MViUMo5GFBpwrLrFz51UTEE3ojp2UetzRx8i5CZFBX393U-EUgUAQ", + "p": "9gK9NhLBbHnZxCKzZfPrgn-0f7cbKFDtqlyUQMJryD8aqc4uSDXj9s37y4C-2zMzQjrz5IUYaFILi7QW2ozkXBZRxZ46UTbMAjYM6OmMNv5KtlPQ1AgIrXa2eZ6CAUlcvS7NWK17ijY0nSqY-w4WzAT37ekCxgMEdLh0YjtktTc", + "q": "7aYf3oJDVqKdZKAEvCqOegP9-4T5O1UqyjJU7dA78hR84TOCIECJC0EYDkxePjSJ0E2NRMB6OPL4UKEMHDHIPmg-NGn4b777IuEgvf0kLAtMQ-s-4IVd3JoVCrSK17cOL5cyH6_H1WzIZt3G2wznaGTJD4wnRxzylR7ztWFbpkE", + "dp": "qQVawGMEd6YEQyhgP2Tl4yQgfDrusrVfhNPUm-W4Lb2FcTMSQ1SbSj9dhwTunCXCSve8B76V9V6hRhu2M_PnFYnUJsU-ZfwTEFXYatHDHyl5ZWmSqYrXg25zkn2f7ohb6jLUrN-MaHozjePtdVfJu-SR_ug_mpIKJrNwaulJmOM", + "dq": "nJbc4vG0Sy6lRPuHgzELZmyg-w04aBcLNeYKPhT6mt1TF9SnxnaflnHS1wENDDH0KPQgxI-LOWEnq4EiiKVoy25GpqS41XDi662ptGZLYlYjb5FfgfN-0HAas04ZOmBdEZCvr19U7lVaiyVQ9V9AT3IxZXQ1IU96rDWT4gz_pcE", + "qi": "ZQbxBhB7OyCaDOPGoUWMj-LHAHp603eVeSbN6oNojhwN_PE8QEdTqt633TTjxdNhn7Mn140DmSv_vDNrhZpp4mNa9dMQdvKY_YClXj-lt918WnQyJYOWARRFvE40FDGMwbqo-74Vj7uw4yVN07pLae1KKT9WgodaxIYYGi9v0NE", + "kty": "RSA", + "kid": "rsae001", + "use": "enc" + }, + { + "e": "AQAB", + "n": "4ZAWi4b3WldbYacSYfzwUgdSLQRaGYygbPVsM1VbNQu5zhwnPdeqviouGKEIJ_lCMvGy-Jahaav-nI7fMzPdtIUFEYViQkeJh_Ld8TzJXnu1V_5KlazaeNmcsiz5PXxlFUctWS41hY2JcV_wto22Fjqw5zP7_3OFbYV4BpBJXR_s9YeiID_Cc76-Tkg4IzFU6uTiCl97XdUfgsAWm68CIYKpzmW8ZrzVsfyXHcHYObTAsQQoTvCIQ6KaKmfqhN24KBkFn97v7h1lfu2tY4mJA9HVQw_xSfh767Z8wk15bf6tPBuKpWjzNRE_xQ50hqO_Bnf96rClIRcLDhrMJ6zUmQ", + "d": "2vG_0IObiaeN3gYMA-0_YIAWtfepdW9ZMSowcsuBksXk_zm4pYC4DYpn4CQ_BH4gUc7miAG-gBIhPNo5sTvBEj6kItO0At3pk3qdEFKOrBWsetMsloiIMBIa1aBt9c7PV44VaKE_9njiVphn0OtROdaSbHm7O8RoWVzampRngelu1mE7Zor_ZJR19aG5RpsU_F81l821-NZV3fTYU1PIDzGTXewh2TdqJ437du7mlKDEujcCCMW-GXnBW7RfMH1AZ5gTuQIZg1aKmKZ7SfALrpW0UzEt9ARXwRmLTQSTjOs2xGQeUQQZd1QI3SFqaGCiuqDe0QqTlDj3TfE_yjyxAQ", + "p": "8hna-Cg6fYSHcGzxYa3tJy_j_vuRoSSVo5P_WrSkAh3poM0B56CVSxMmpiyd_cKUdfi44lCUPD2XbfjlK0oF3ixdcwfXxAJcE7bY9fUVdxxGNhUB_fdKzeFC41BTEeZmWo4bk1dIIvzc8iKSV0rzsXHXra6NIQ_io9gYgO7YXGk", + "q": "7oMsIzy0iusQRlBxTDT5HpwGGkArKwt9o-JpXa1yeX6tdcqjQzwf-neXKI_Ou-QMuGz18yacuNfSSkwQX6RTWlBehrOozODAqOTqHaeBD9NOR7qXk3Gj1l_TRVPgiLtgUo1woG7Fef9woFY7V2SLxAkz8zfgHWmyPGnIczWPcLE", + "dp": "E3basPrjAPZnwTUxDu5h07W4-eYV5kO_uCAM9qjxSq5G-0OgNJQnjJqkj9WkeiNrtjRiAOgDkvhMtW2-VwWjhSJB_R6TTVH3PyqDNPsYV7QxPOXhfB6mp_jFXOs3UogYkI0-UFFDHnT_-oOnClefUhPaCD-xXwgc65lTFwKc6Ik", + "dq": "DFv3uYu3v0sW-M3KUSydjByBpHKWyhA6XnepBhWqzOjnjCcH9r_y2EPCLXPmPo4-qn_a7tKdZGaqmvb-EjatqwxnGYvNv3AWC6pxB0Bay7sjX0wn9pf46W7lv73s8KjlAOIbZ_TVftDhwS02vfyT0YC4lG3cyyli9wZ0QKQR3sE", + "qi": "U8KOWFA9zrF0hLassPaz11XD1kFUSyS81kd5GjhxHP_HswZed8_ZOQ3pFNCYMh3CsXMdUVI_a_Nqcn3XXneB5kCl920GZ6-vvbxhwhzJavRa6XQPR68O7yGoxACGKUlih3MxORrL-wJXO6it3qo4dDfDWHccmoMeOH39-Hhz1rU", + "kty": "RSA", + "kid": "rsae002", + "use": "enc" + }, + { + "crv": "P-256", + "x": "7DgmIpzwaVYAY0tn2xeQcuWc326cxWwjgEkOrXeR_ko", + "y": "rRCxcdt_Fs9hFefnPmeJ997wbolgguQDBDbkpOdLxIQ", + "d": "lp0XqhO9PegbSAUCo2LnnKhvTZhW27xMHQTehzEFvPM", + "kty": "EC", + "kid": "ecs001", + "use": "sig" + }, + { + "crv": "P-256", + "x": "bNTKTTkLCa2jGvKS--_LXlSoaEgHvBDoEHRln5IW-5A", + "y": "bKPxEQlmr8Hn7OdJXD7i_LbK0HBbzrd8uGqai0LYUX8", + "d": "hMx_tfGkvgQ025uSttpwyZdOgOt6z0EPEtXVgolu1Ek", + "kty": "EC", + "kid": "ecs002", + "use": "sig" + }, + { + "crv": "P-256", + "x": "1DnVId88Hyv02bhEYpoQ2iARL1WlqBSiJYf08to3L0E", + "y": "uxhUp0Ievosxz_eioLXZ3KVsGYwipaZuuRoMx8SJTt0", + "d": "AK0K_kYmxxPzkYfgNN79Z2kb4WUdLiHq8JrWDa1fBOs", + "kty": "EC", + "kid": "ece001", + "use": "enc" + }, + { + "crv": "P-256", + "x": "SYL8D7NL03zVegmtnNEeLtJBczOoSthZrZVJ7GAluak", + "y": "PvXky5SMvVWNao37RqKaLK0Tr3xNe8uiwm6Tf0xJxcE", + "d": "piCoaNg0N5ORM_apWnnYZpm6LdMRfUpm7UOg68Ej1i0", + "kty": "EC", + "kid": "ece002", + "use": "enc" + } + ] +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jwk/pubKeys.jwks b/rt/rs/security/jose-parent/jose/src/test/resources/jwk/pubKeys.jwks new file mode 100644 index 0000000..9c521ca --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jwk/pubKeys.jwks @@ -0,0 +1,74 @@ +{ + "keys": [ + { + "kty": "oct", + "kid": "octe001", + "use": "enc" + }, + { + "kty": "oct", + "kid": "octe002", + "use": "enc" + }, + { + "e": "AQAB", + "n": "22P3naTVr8k3JVV8XlcidBZaFrZl7JMSsmCHI_D8Ruu9pymSwfIy0RPLUdxTsqI9jX9Ar4a_2euzKkOCaHBLoI5e4vcWQEqAhzc2OvssHRLe0ukQXTZFUvo2AfWRErfZAV1jimugtQ_uDdWuEMV8A_WqADv9hb8r_Ct4HOid-_F7LzlfUGBycLO_bV-YYoaJQ3e0iKG3QSJe8uxXHa7H8zjT1YXTNXH7M2A7Ut1bjMjR7t0dRl0b2Z00Bh2cxDbxKmkj0inOyOTxE5xKKc4YxIQRneJsMpAR5AI7fL5-NE-YmJuxGA866oX0k6-wP3cQa1DAmScDO2_q_CGE6xljqQ", + "kty": "RSA", + "kid": "rsas001", + "use": "sig" + }, + { + "e": "AQAB", + "n": "tvuCi7UYNqxaz9_-HkOIhwSuyRpESyzcPgWoxgEowRAFe11XiyDMUrCCVXHhlCwio7JQ-8QdZonSlhFIaI110vUG-dP7oD38VPeQKzxNgThIUiLN3RIlZECf4D_5wWHB4UOmpPm54PfTepkhtcePaE500xCjUkYOcC80xj1Y-gVr9WzOlh3Alc2EQjnxRZ9djYAaJPRzSmlfL3KocqZouwRd_0TJV-RuYgf79KHqSByKIAxw1Lkm4E7Hi4pb8B0X5rMHP1nxaCF_Gh0ItgYDBawcn09Ve0RUnMkQFMVkPZq8Il7ZwSsiz1SK6KlGgV14gvef6qHO2SqXl8Ppj5Yd8Q", + "kty": "RSA", + "kid": "rsas002", + "use": "sig" + }, + { + "e": "AQAB", + "n": "5GAtkejk9hEAtgV0oRGGTSoZUDh4DgKxDxqslNfodOM8MiHl_lcLLqCsaUcriXeUDwgaM9AgUYCTyfCej6Mruvqm-CcArnbnJLQs3X9MHBtKqO9WFhXf7gG5fXvn-IuercqNwVmIbfQkuouarVdafCdtXNstZjuYQb8dM9bxidOoZY24IHSoVqzLQfP3FM47FseKfrB1A1QnModhf2D6vUafgmVPXNvClPMswEpynJmodl9jZsqfOF9S04qd6KaBV1vBUG3YxJiUNG9MW5qRQBGlR5YopzRGWzCCSXQ00dyU76EFRG2ha5gKrhFfXi_op6_QwxZJdpSrYtnNo6Cs9w", + "kty": "RSA", + "kid": "rsae001", + "use": "enc" + }, + { + "e": "AQAB", + "n": "4ZAWi4b3WldbYacSYfzwUgdSLQRaGYygbPVsM1VbNQu5zhwnPdeqviouGKEIJ_lCMvGy-Jahaav-nI7fMzPdtIUFEYViQkeJh_Ld8TzJXnu1V_5KlazaeNmcsiz5PXxlFUctWS41hY2JcV_wto22Fjqw5zP7_3OFbYV4BpBJXR_s9YeiID_Cc76-Tkg4IzFU6uTiCl97XdUfgsAWm68CIYKpzmW8ZrzVsfyXHcHYObTAsQQoTvCIQ6KaKmfqhN24KBkFn97v7h1lfu2tY4mJA9HVQw_xSfh767Z8wk15bf6tPBuKpWjzNRE_xQ50hqO_Bnf96rClIRcLDhrMJ6zUmQ", + "kty": "RSA", + "kid": "rsae002", + "use": "enc" + }, + { + "crv": "P-256", + "x": "7DgmIpzwaVYAY0tn2xeQcuWc326cxWwjgEkOrXeR_ko", + "y": "rRCxcdt_Fs9hFefnPmeJ997wbolgguQDBDbkpOdLxIQ", + "kty": "EC", + "kid": "ecs001", + "use": "sig" + }, + { + "crv": "P-256", + "x": "bNTKTTkLCa2jGvKS--_LXlSoaEgHvBDoEHRln5IW-5A", + "y": "bKPxEQlmr8Hn7OdJXD7i_LbK0HBbzrd8uGqai0LYUX8", + "kty": "EC", + "kid": "ecs002", + "use": "sig" + }, + { + "crv": "P-256", + "x": "1DnVId88Hyv02bhEYpoQ2iARL1WlqBSiJYf08to3L0E", + "y": "uxhUp0Ievosxz_eioLXZ3KVsGYwipaZuuRoMx8SJTt0", + "kty": "EC", + "kid": "ece001", + "use": "enc" + }, + { + "crv": "P-256", + "x": "SYL8D7NL03zVegmtnNEeLtJBczOoSthZrZVJ7GAluak", + "y": "PvXky5SMvVWNao37RqKaLK0Tr3xNe8uiwm6Tf0xJxcE", + "kty": "EC", + "kid": "ece002", + "use": "enc" + } + ] +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.compact.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.compact.jws new file mode 100644 index 0000000..f3ee6eb --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.compact.jws @@ -0,0 +1 @@ +eyJhbGciOiJFUzI1NiIsImtpZCI6ImVjczAwMSJ9.TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg.C87wlhhKzyCL666ZzOFs1zBU7v7VHSc-KXzNmZm247YzzzG4c629Dei46Z-n_vUYz2ctdlRa3q92YFE02ZJ_Dg \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.flattened.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.flattened.jws new file mode 100644 index 0000000..fbdd28b --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.flattened.jws @@ -0,0 +1,5 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "protected": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImVjczAwMSJ9", + "signature": "viUzDaM19XmPVJuf4_6prDgN5a6XsfsQ4G-zDwi0Rkd3Tyl7gESonjKkai5bUvA_EglSa8hM4JPAQovZ8mUXBg" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.jws new file mode 100644 index 0000000..33ae0c7 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/ec.p-256.es256.json.jws @@ -0,0 +1,12 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "signatures": [ + { + "protected": "eyJhbGciOiJFUzI1NiJ9", + "header": { + "kid": "ecs001" + }, + "signature": "eQVi-GzBCMtCZH8mp6-tr7ftmYlJ3PIj01ARWnxYTBH1dz8ePxnsGlTFrQTlZH82fPHdAyXtO6NnqK_WftPkIw" + } + ] +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.compact.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.compact.jws new file mode 100644 index 0000000..740559d --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.compact.jws @@ -0,0 +1 @@ +eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYXMwMDEifQ.TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg.riC933eLjd6pdC0oGdbIvBJGz-d9k_6kKh6ptvjiPpqkA5gQx0XHtdeNAXtHLBf7XGB4RPqVvCy-nuli1yzis8NLXXErGOAdUqFjRaNhteWzjquu7bKb1Og5nkN3S1Wp9KqglkzPaxghzcKHyE081M1kGCglogIJij_IEDjpltnAh4MYNrUi9u1Ec01aBSFB_OF9q6cYuCnYokRxzvzzh-r7uP9VRgWIonnC_jZpkUbO6jqd_nQfLk45W_tJZFOUDfwAFOE_IB41a0OX8SSR-NRiyvUFDNT92VhzEVaNw9SaH2sW_BJI0M-WZ1hrFgsxvel5ykZ_1GDBFowupfGtQw \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.flattened.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.flattened.jws new file mode 100644 index 0000000..7563041 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.flattened.jws @@ -0,0 +1,5 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "protected": "eyJhbGciOiJQUzI1NiIsImtpZCI6InJzYXMwMDEifQ", + "signature": "NQdCuHk2hQPKm-wnaWeHvH5rTjD6JwNTQ_vn8__ebImwgGqJYNEudOiH7mMKd5A5Zr6u4RcOZa1C3zkoeN95k4fTTDgFCZCN8uLhmpxsx0Sf-zJsSnGKdsSVhLCL39RirxjK8apuSeMgDuYm3oLIqiSXX1wIwz6bDC2qfoyqigYRvP2Nmi0ggz4MHe8327frS6dCkakokxcAI2yTp38kDYKJzzNyP-psIAQnPvW9MV7kORurPqfYV6BlzohOpVuyl9QpXikqaLDZXDUNmLQYIPFlaeHZMaQkQF31LbP9CB6TqTEkBWu3ZPYPdZhhuCgFa9IyEf4q6MvR4QRAfNVZLA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.jws new file mode 100644 index 0000000..32e4458 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.ps256.json.jws @@ -0,0 +1,12 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "signatures": [ + { + "protected": "eyJhbGciOiJQUzI1NiJ9", + "header": { + "kid": "rsas001" + }, + "signature": "rCbEmCZFS06PJBkwu1F5z7BfzhchcXvoqhYDld5zXbHnBhbB8uy91abg1gVSRoCfj6-EwThkkT8vMHoveQ6OPz-COLhXS3QUR8QNohEPrV4gIc7ZA6LiEDTbsW5AgT2wR8a_9zRFmvTK_U9LjlrJRpbh2UZRhWnpVh77KnQ-9tAkbevc8Ogx1UqvElBZKIdbAZQvrySUgBk3owVdi--k_dlwsBQLuMO4ReDPtFIXcOna7DxFzKys4PtMLWEz-3BMa5WmNzzfDVPlan1gFEzBg570M6rSDR3UneVmwo9HxsqHfqcIKaVt51FbZrI2zq-ff9BwiNnAp4oxpumzs03-_w" + } + ] +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.compact.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.compact.jws new file mode 100644 index 0000000..8e8aef3 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.compact.jws @@ -0,0 +1 @@ +eyJhbGciOiJSUzI1NiIsImtpZCI6InJzYXMwMDEifQ.TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg.Y3c7DhDS0OFI5TO4cVXB1bUcEvuH13zaPdptl4OSmH-cyDOS_8zgGF6vC-6-GyPjZXWiDdHyAX3XIvSpnU291RqyTPD8Ei-UV0PVHOaNsvk5ENHdo0iMom2slOXYb1eK-aobw1sKD8HPQcdxQxcOgg9yf7l3bs8oSR1A-_htucBMCsYnsnwoiwjFfT-1Nz4uwuZF47_oJt83D67BLbMmJ7n5lNMl9EBF4gjFo3QM0Duy4lMIXAeyNHFGMhTZHdemQsZ1YwjOIwaoH9MSP8fgA5cwe5pYtZN4_2doZfFFLQzHhMv7cN16Rz-xeyR6DMOUwGTWcmxljZDB1JKd7qKIoA \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.flattened.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.flattened.jws new file mode 100644 index 0000000..826970c --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.flattened.jws @@ -0,0 +1,5 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "protected": "eyJhbGciOiJSUzI1NiIsImtpZCI6InJzYXMwMDEifQ", + "signature": "Y3c7DhDS0OFI5TO4cVXB1bUcEvuH13zaPdptl4OSmH-cyDOS_8zgGF6vC-6-GyPjZXWiDdHyAX3XIvSpnU291RqyTPD8Ei-UV0PVHOaNsvk5ENHdo0iMom2slOXYb1eK-aobw1sKD8HPQcdxQxcOgg9yf7l3bs8oSR1A-_htucBMCsYnsnwoiwjFfT-1Nz4uwuZF47_oJt83D67BLbMmJ7n5lNMl9EBF4gjFo3QM0Duy4lMIXAeyNHFGMhTZHdemQsZ1YwjOIwaoH9MSP8fgA5cwe5pYtZN4_2doZfFFLQzHhMv7cN16Rz-xeyR6DMOUwGTWcmxljZDB1JKd7qKIoA" +} \ No newline at end of file diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.jws b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.jws new file mode 100644 index 0000000..cf1e3f5 --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/rsa.2048.rs256.json.jws @@ -0,0 +1,12 @@ +{ + "payload": "TGl2ZSBsb25nIGFuZCBwcm9zcGVyLg", + "signatures": [ + { + "protected": "eyJhbGciOiJSUzI1NiJ9", + "header": { + "kid": "rsas001" + }, + "signature": "iC-VxjHolrzzQjGeMISfef71uSXk80sMF34JuLQPeLZ0Ose2fuIEF6ozRYJwP0HSZvzEIgJzibn7e10p3EXmBwL6vJgnZ5NmuRlqbtznST8UwZocazI9_vsxQKJWTmLkZu2YCFTwQelzkgaA8DvpnvCCMB285XmZ9CYAWkArEQFgkNKIzDKhgy6ApgNoJ3K7P53kfKvpl8OG6MQiATPKQWUj6iPDZnBuuwUFDSzD6LdHlGGTPxClBEsZu3BARU3ejteGW4L_5lOCEdcTLRBFU8EZaVojqhI9EIdQRvXPOfn2aM1wzQdBDpe1W4jryY8rG_XSuCHfs80Phhi7-7Hp8g" + } + ] +} \ No newline at end of file
