Java Code Examples for org.apache.cxf.rs.security.jose.jwe.JweUtils#loadDecryptionProvider()

The following examples show how to use org.apache.cxf.rs.security.jose.jwe.JweUtils#loadDecryptionProvider() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: thorntail   File: DefaultJoseImpl.java    License: Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 
Example 2
Source Project: cxf   File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 3
Source Project: cxf   File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());

        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
            ContentAlgorithm.A128CBC_HS256.name()
        );

        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertNotNull(providerResponse);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

        String token = (String)providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);

        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
                              ContentAlgorithm.A128CBC_HS256.name());

            JweDecryptionProvider decProvider =
                JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();

            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();

            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
 
Example 4
Source Project: cxf   File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 5
Source Project: cxf   File: JoseClientCodeStateManager.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (decryptionProvider != null) {
        return decryptionProvider;
    }
    return JweUtils.loadDecryptionProvider(false);
}
 
Example 6
Source Project: cxf   File: JoseSessionTokenProvider.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweRequired);
}
 
Example 7
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 8
Source Project: cxf   File: AbstractJweDecryptingFilter.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 9
Source Project: cxf   File: AbstractJoseConsumer.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweHeaders, false);
}