Java Code Examples for org.apache.cxf.rs.security.jose.jwk.JsonWebKey#getKeyId()

The following examples show how to use org.apache.cxf.rs.security.jose.jwk.JsonWebKey#getKeyId() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JwsJwksJwtAccessTokenValidator.java    From cxf with Apache License 2.0 6 votes vote down vote up
private JwkHolder updateJwk(String keyId) {
    Objects.requireNonNull(jwksURL, "JWK Set URL must be specified");
    JwkHolder jwkHolder = null;
    final Set<String> kids = new HashSet<>();
    for (JsonWebKey jwk : getJsonWebKeys().getKeys()) {
        if (PublicKeyUse.ENCRYPT != jwk.getPublicKeyUse()) {
            final String kid = jwk.getKeyId();
            kids.add(kid);
            final JwkHolder h = new JwkHolder(jwk);
            if (keyId.equals(kid)) {
                jwkHolder = h;
            } else {
                jsonWebKeys.putIfAbsent(kid, h);
            }
        }
    }
    jsonWebKeys.keySet().removeIf(not(kids::contains));
    return jwkHolder;
}
 
Example 2
Source File: ApacheCXFProducer.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void produceJsonJWE(String keyEncryptionAlgorithm, String contentEncryptionAlgorithm, String plainText,
    JsonWebKey key, boolean flattened) {
    JweHeaders protectedHeaders = new JweHeaders();
    protectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(keyEncryptionAlgorithm));
    protectedHeaders
        .setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(contentEncryptionAlgorithm));
    JweHeaders recipientHeaders = new JweHeaders(key.getKeyId());
    produceJsonJWE(plainText, key, protectedHeaders, null, recipientHeaders, flattened);
}
 
Example 3
Source File: JweUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static KeyEncryptionProvider loadKeyEncryptionProvider(Properties props, Message m, JweHeaders headers) {

        KeyEncryptionProvider keyEncryptionProvider = null;
        KeyAlgorithm keyAlgo = getKeyEncryptionAlgorithm(m, props, null, null);

        if (KeyAlgorithm.DIRECT == keyAlgo) {
            keyEncryptionProvider = new DirectKeyEncryptionAlgorithm();
        } else if (keyAlgo != null && AlgorithmUtils.PBES_HS_SET.contains(keyAlgo.getJwaName())) {
            PrivateKeyPasswordProvider provider =
                KeyManagementUtils.loadPasswordProvider(m, props, KeyOperation.ENCRYPT);
            char[] password = provider != null ? provider.getPassword(props) : null;
            if (password == null) {
                throw new JweException(JweException.Error.KEY_ENCRYPTION_FAILURE);
            }
            int pbes2Count = MessageUtils.getContextualInteger(m, JoseConstants.RSSEC_ENCRYPTION_PBES2_COUNT, 4096);
            return new PbesHmacAesWrapKeyEncryptionAlgorithm(new String(password), pbes2Count, keyAlgo, false);
        } else {
            boolean includeCert =
                JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT);
            boolean includeCertSha1 =
                JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA1);
            boolean includeCertSha256 =
                JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_CERT_SHA256);
            boolean includeKeyId =
                JoseUtils.checkBooleanProperty(headers, props, m, JoseConstants.RSSEC_ENCRYPTION_INCLUDE_KEY_ID);

            if (JoseConstants.HEADER_JSON_WEB_KEY.equals(props.get(JoseConstants.RSSEC_KEY_STORE_TYPE))) {
                JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
                if (jwk != null) {
                    keyAlgo = getKeyEncryptionAlgorithm(m, props,
                                                        KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()),
                                                        getDefaultKeyAlgorithm(jwk));
                    keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);

                    boolean includePublicKey =
                        JoseUtils.checkBooleanProperty(headers, props, m,
                                                       JoseConstants.RSSEC_ENCRYPTION_INCLUDE_PUBLIC_KEY);
                    if (includeCert) {
                        JwkUtils.includeCertChain(jwk, headers, keyAlgo.getJwaName());
                    }
                    if (includeCertSha1) {
                        KeyManagementUtils.setSha1DigestHeader(headers, m, props);
                    } else if (includeCertSha256) {
                        KeyManagementUtils.setSha256DigestHeader(headers, m, props);
                    }
                    if (includePublicKey) {
                        JwkUtils.includePublicKey(jwk, headers, keyAlgo.getJwaName());
                    }
                    if (includeKeyId && jwk.getKeyId() != null) {
                        headers.setKeyId(jwk.getKeyId());
                    }
                }
            } else {
                keyEncryptionProvider = getPublicKeyEncryptionProvider(
                    KeyManagementUtils.loadPublicKey(m, props),
                    props,
                    keyAlgo);
                if (includeCert) {
                    headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
                }
                if (includeCertSha1) {
                    KeyManagementUtils.setSha1DigestHeader(headers, m, props);
                } else if (includeCertSha256) {
                    KeyManagementUtils.setSha256DigestHeader(headers, m, props);
                }
                if (includeKeyId && props.containsKey(JoseConstants.RSSEC_KEY_STORE_ALIAS)) {
                    headers.setKeyId(props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS));
                }
            }
        }
        if (keyEncryptionProvider == null) {
            throw new JweException(JweException.Error.INVALID_KEY_ALGORITHM);
        }
        headers.setKeyEncryptionAlgorithm(keyEncryptionProvider.getAlgorithm());
        return keyEncryptionProvider;

    }