Java Code Examples for org.apache.cxf.rt.security.crypto.CryptoUtils#createSecretKeySpec()
The following examples show how to use
org.apache.cxf.rt.security.crypto.CryptoUtils#createSecretKeySpec() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
|
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm,
ContentAlgorithm contentEncryptionAlgorithm) {
if (key.getAlgorithm() != null) {
return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm);
}
switch (key.getKeyType()) {
case EC:
return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm,
contentEncryptionAlgorithm);
case RSA:
return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm,
contentEncryptionAlgorithm);
case OCTET:
SecretKey secretKey = CryptoUtils.createSecretKeySpec(
(String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName());
return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm,
contentEncryptionAlgorithm);
default:
throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType());
}
}
Example 2
| Source File: JweJsonConsumerTest.java From cxf with Apache License 2.0 | 6 votes |
|
private void doTestMultipleRecipients(String jweJson) {
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
"AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES2,
"AES");
JweJsonConsumer consumer = new JweJsonConsumer(jweJson);
KeyAlgorithm keyAlgo = consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm();
ContentAlgorithm ctAlgo = consumer.getProtectedHeader().getContentEncryptionAlgorithm();
// Recipient 1
JweDecryptionProvider jwe1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, ctAlgo);
JweDecryptionOutput out1 = consumer.decryptWith(jwe1,
Collections.singletonMap("kid", "key1"));
assertEquals(text, out1.getContentText());
// Recipient 2
JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, ctAlgo);
JweDecryptionOutput out2 = consumer.decryptWith(jwe2,
Collections.singletonMap("kid", "key2"));
assertEquals(text, out2.getContentText());
// Extra AAD
assertEquals(JweJsonProducerTest.EXTRA_AAD_SOURCE, consumer.getAadText());
}
Example 3
| Source File: JweJsonConsumerTest.java From cxf with Apache License 2.0 | 6 votes |
|
@Test
public void testSingleRecipientAllTypeOfHeadersAndAadModified() {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
"AES");
JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
KeyAlgorithm.A128KW,
ContentAlgorithm.A128GCM);
JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT);
try {
consumer.decryptWith(jwe);
fail("AAD check has passed unexpectedly");
} catch (SecurityException ex) {
// expected
}
}
Example 4
| Source File: JweJsonConsumerTest.java From cxf with Apache License 2.0 | 6 votes |
|
private void doTestSingleRecipient(String text,
String input,
ContentAlgorithm contentEncryptionAlgo,
final byte[] wrapperKeyBytes,
final byte[] cek) throws Exception {
JweDecryptionProvider jwe = null;
if (wrapperKeyBytes != null) {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
KeyAlgorithm.A128KW,
contentEncryptionAlgo);
} else {
SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo);
}
JweJsonConsumer consumer = new JweJsonConsumer(input);
JweDecryptionOutput out = consumer.decryptWith(jwe);
assertEquals(text, out.getContentText());
}
Example 5
| Source File: JweJsonProducerTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey,
KeyAlgorithm.A128KW,
ContentAlgorithm.A128GCM,
null);
JweJsonProducer p = new JweJsonProducer(protectedHeaders,
sharedUnprotectedHeaders,
StringUtils.toBytesUTF8(text),
StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
false) {
protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
input.setCek(CEK_BYTES);
input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
return input;
}
};
JweHeaders recepientUnprotectedHeaders = new JweHeaders();
recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
}
Example 6
| Source File: JweJsonProducerTest.java From cxf with Apache License 2.0 | 5 votes |
|
private String doTestSingleRecipient(String text,
String expectedOutput,
ContentAlgorithm contentEncryptionAlgo,
final byte[] wrapperKeyBytes,
final byte[] iv,
final byte[] cek,
boolean canBeFlat) throws Exception {
JweHeaders headers = new JweHeaders(KeyAlgorithm.A128KW,
contentEncryptionAlgo);
JweEncryptionProvider jwe = null;
if (wrapperKeyBytes == null) {
headers.asMap().remove("alg");
SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
} else {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
}
JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat) {
protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
input.setCek(cek);
input.setIv(iv);
return input;
}
};
String jweJson = p.encryptWith(jwe);
assertEquals(expectedOutput, jweJson);
return jweJson;
}
Example 7
| Source File: JwaSpecTestCasesTest.java From cxf with Apache License 2.0 | 5 votes |
|
private void doTestSingleRecipient(String text,
String expectedOutput,
ContentAlgorithm contentEncryptionAlgo,
final byte[] iv,
final byte[] cek) throws Exception {
JweHeaders headers = new JweHeaders(KeyAlgorithm.A128KW, contentEncryptionAlgo);
headers.asMap().remove("alg");
JweEncryptionProvider jwe = null;
SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
JweJsonProducer p = new JweJsonProducer(headers, Hex.decode(text.getBytes())) {
protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
input.setCek(cek);
input.setIv(iv);
return input;
}
};
String jweJson = p.encryptWith(jwe);
JsonMapObjectReaderWriter jsonReader = new JsonMapObjectReaderWriter();
Map<String, Object> json = jsonReader.fromJson(jweJson);
// Check IV matches
byte[] outputIv = Base64UrlUtility.decode((String)json.get("iv"));
assertArrayEquals(outputIv, iv);
// Check CipherText matches
byte[] cipherTextBytes = Base64UrlUtility.decode((String)json.get("ciphertext"));
assertArrayEquals(cipherTextBytes, Hex.decode(expectedOutput));
}
Example 8
| Source File: JweCompactReaderWriterTest.java From cxf with Apache License 2.0 | 5 votes |
|
private SecretKey createSecretKey(boolean createIfException) throws Exception {
SecretKey key = null;
if (Cipher.getMaxAllowedKeyLength("AES") > 128) {
key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES");
} else if (createIfException) {
key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES");
}
return key;
}
Example 9
| Source File: AbstractJweDecryption.java From cxf with Apache License 2.0 | 5 votes |
|
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
keyProperties.setAlgoSpec(spec);
boolean compressionSupported =
JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
keyProperties.setCompressionSupported(compressionSupported);
byte[] actualCek = getActualCek(cek,
jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
byte[] bytes =
CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);
// Here we're finished with the SecretKey we created, so we can destroy it
try {
secretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
Arrays.fill(cek, (byte) 0);
if (actualCek != cek) {
Arrays.fill(actualCek, (byte) 0);
}
return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
Example 10
| Source File: JweJsonConsumerTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
"AES");
JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
KeyAlgorithm.A128KW,
ContentAlgorithm.A128GCM);
JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT);
JweDecryptionOutput out = consumer.decryptWith(jwe);
assertEquals(text, out.getContentText());
assertEquals(JweJsonProducerTest.EXTRA_AAD_SOURCE, consumer.getAadText());
}
Example 11
| Source File: JweJsonConsumerTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testMultipleRecipientsAutogeneratedCek() {
final String text = "The true sign of intelligence is not knowledge but imagination.";
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES2, "AES");
JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
List<JweEncryptionProvider> jweProviders = new LinkedList<>();
KeyEncryptionProvider keyEncryption1 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
ContentEncryptionProvider contentEncryption =
new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM, true);
JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
KeyEncryptionProvider keyEncryption2 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
jweProviders.add(jwe1);
jweProviders.add(jwe2);
List<JweHeaders> perRecipientHeaders = new LinkedList<>();
perRecipientHeaders.add(new JweHeaders("key1"));
perRecipientHeaders.add(new JweHeaders("key2"));
JweJsonProducer p = new JweJsonProducer(protectedHeaders,
sharedUnprotectedHeaders,
StringUtils.toBytesUTF8(text),
StringUtils.toBytesUTF8(JweJsonProducerTest.EXTRA_AAD_SOURCE),
false);
String jweJson = p.encryptWith(jweProviders, perRecipientHeaders);
doTestMultipleRecipients(jweJson);
}
Example 12
| Source File: JweJsonProducerTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testMultipleRecipientsA128CBCHS256GivenCek() throws Exception {
final String text = "The true sign of intelligence is not knowledge but imagination.";
KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);
List<JweEncryptionProvider> jweProviders = new LinkedList<>();
KeyEncryptionProvider keyEncryption1 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(contentAlgo, Hex.decode(CEK_32_HEX),
JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption1);
KeyEncryptionProvider keyEncryption2 =
JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(contentAlgo, CEK_BYTES,
JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption2);
jweProviders.add(jwe1);
jweProviders.add(jwe2);
List<JweHeaders> perRecipientHeades = new LinkedList<>();
perRecipientHeades.add(new JweHeaders("key1"));
perRecipientHeades.add(new JweHeaders("key2"));
JweJsonProducer p = new JweJsonProducer(protectedHeaders,
sharedUnprotectedHeaders,
StringUtils.toBytesUTF8(text),
StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
false);
String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
assertEquals(MULTIPLE_RECIPIENTS_A128CBCHS256_JSON_OUTPUT, jweJson);
}
Example 13
| Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
|
public static SecretKey toSecretKey(JsonWebKey jwk) {
return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
AlgorithmUtils.toJavaName(jwk.getAlgorithm()));
}
Example 14
| Source File: JweJsonProducerTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testMultipleRecipientsA128CBCHS256() {
final String text = "The true sign of intelligence is not knowledge but imagination.";
KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
JweHeaders sharedUnprotectedHeaders = new JweHeaders();
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);
List<JweEncryptionProvider> jweProviders = new LinkedList<>();
AesCbcContentEncryptionAlgorithm contentEncryption = new AesCbcContentEncryptionAlgorithm(contentAlgo, true);
KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(keyEncryption1, contentEncryption);
KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(keyEncryption2, contentEncryption);
jweProviders.add(jwe1);
jweProviders.add(jwe2);
List<JweHeaders> perRecipientHeades = new LinkedList<>();
perRecipientHeades.add(new JweHeaders("key1"));
perRecipientHeades.add(new JweHeaders("key2"));
JweJsonProducer p = new JweJsonProducer(protectedHeaders,
sharedUnprotectedHeaders,
StringUtils.toBytesUTF8(text),
StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
false);
String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
JweJsonConsumer consumer = new JweJsonConsumer(jweJson);
Assert.assertEquals(keyAlgo, consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm());
Assert.assertEquals(contentAlgo, consumer.getProtectedHeader().getContentEncryptionAlgorithm());
// Recipient 1
JweDecryptionProvider jwd1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, contentAlgo);
JweDecryptionOutput out1 = consumer.decryptWith(jwd1, Collections.singletonMap("kid", "key1"));
assertEquals(text, out1.getContentText());
// Recipient 2
JweDecryptionProvider jwd2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, contentAlgo);
JweDecryptionOutput out2 = consumer.decryptWith(jwd2, Collections.singletonMap("kid", "key2"));
assertEquals(text, out2.getContentText());
}
Example 15
| Source File: AbstractJweEncryption.java From cxf with Apache License 2.0 | 4 votes |
|
protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()),
state.keyProps.getKeyAlgo());
}
Example 16
| Source File: AesWrapKeyDecryptionAlgorithm.java From cxf with Apache License 2.0 | 4 votes |
|
public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA),
supportedAlgo);
}
Example 17
| Source File: AesGcmWrapKeyEncryptionAlgorithm.java From cxf with Apache License 2.0 | 4 votes |
|
public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES),
keyAlgoJwt);
}
Example 18
| Source File: AesGcmWrapKeyDecryptionAlgorithm.java From cxf with Apache License 2.0 | 4 votes |
|
public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo);
}
Example 19
| Source File: AesWrapKeyEncryptionAlgorithm.java From cxf with Apache License 2.0 | 4 votes |
|
public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()),
keyAlgoJwt);
}
Example 20
| Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
|
public static SecretKey toSecretKey(JsonWebKey jwk, KeyAlgorithm algorithm) {
return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
algorithm.getJavaName());
}
