Java Code Examples for org.apache.cxf.common.util.StringUtils#toBytesUTF8()

private String doTestSingleRecipient(String text,
                                     String expectedOutput,
                                     ContentAlgorithm contentEncryptionAlgo,
                                     final byte[] wrapperKeyBytes,
                                     final byte[] iv,
                                     final byte[] cek,
                                     boolean canBeFlat) throws Exception {
    JweHeaders headers = new JweHeaders(KeyAlgorithm.A128KW,
                                        contentEncryptionAlgo);
    JweEncryptionProvider jwe = null;
    if (wrapperKeyBytes == null) {
        headers.asMap().remove("alg");
        SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
        jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
    } else {
        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
        jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
    }
    JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat) {
        protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
            JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
            input.setCek(cek);
            input.setIv(iv);
            return input;
        }
    };
    String jweJson = p.encryptWith(jwe);
    assertEquals(expectedOutput, jweJson);
    return jweJson;
}
 

@Test
public void testMultipleRecipientsAutogeneratedCek() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    KeyEncryptionProvider keyEncryption1 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
    ContentEncryptionProvider contentEncryption =
        new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM, true);

    JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
    KeyEncryptionProvider keyEncryption2 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
    JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeaders = new LinkedList<>();
    perRecipientHeaders.add(new JweHeaders("key1"));
    perRecipientHeaders.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(JweJsonProducerTest.EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeaders);
    doTestMultipleRecipients(jweJson);
}
 

@Test
public void testMultipleRecipientsA128GCM() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    KeyEncryptionProvider keyEncryption1 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
    ContentEncryptionProvider contentEncryption =
        new AesGcmContentEncryptionAlgorithm(CEK_BYTES, JweCompactReaderWriterTest.INIT_VECTOR_A1,
                                             ContentAlgorithm.A128GCM);

    JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
    KeyEncryptionProvider keyEncryption2 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
    JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeades = new LinkedList<>();
    perRecipientHeades.add(new JweHeaders("key1"));
    perRecipientHeades.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
    assertEquals(MULTIPLE_RECIPIENTS_OUTPUT, jweJson);
}
 

protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream os)
    throws IOException {
    p.signWith(theSigProvider);
    JoseUtils.traceHeaders(p.getJwsHeaders());
    byte[] bytes = StringUtils.toBytesUTF8(p.getSignedEncodedJws());
    IOUtils.copy(new ByteArrayInputStream(bytes), os);
}
 

public static void startJweContent(OutputStream os,
                                   JweHeaders headers,
                                   byte[] encryptedContentEncryptionKey,
                                   byte[] cipherInitVector) throws IOException {
    byte[] jsonBytes = StringUtils.toBytesUTF8(getHeadersJson(headers));
    Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
    byte[] dotBytes = new byte[]{'.'};
    os.write(dotBytes);
    Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0,
                                     encryptedContentEncryptionKey.length, os);
    os.write(dotBytes);
    Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os);
    os.write(dotBytes);
    os.flush();
}
 

private String encryptJson(JweEncryptionProvider provider, JweHeaders headers, String data) {
    try {
        JweJsonProducer producer = new JweJsonProducer(headers, StringUtils.toBytesUTF8(data), true);
        return producer.encryptWith(provider);
    } catch (Exception ex) {
        throw new JoseException("JWE JSON Encryption Failure", ex);
    }
}
 

public String signWith(JwsSignatureProvider signer) {
    if (headers.getSignatureAlgorithm() == null) {
        headers.setSignatureAlgorithm(signer.getAlgorithm());
    }
    byte[] bytes = StringUtils.toBytesUTF8(getSigningInput());
    byte[] sig = signer.sign(getJwsHeaders(), bytes);
    return setSignatureBytes(sig);
}
 

public byte[] getDecodedJwsPayloadBytes() {
    return StringUtils.toBytesUTF8(getDecodedJwsPayload());
}
 

@Test
public void testMultipleRecipientsA128CBCHS256GivenCek() throws Exception {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    
    KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
    ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
    
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    KeyEncryptionProvider keyEncryption1 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
    
    JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(contentAlgo, Hex.decode(CEK_32_HEX), 
        JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption1);
    KeyEncryptionProvider keyEncryption2 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
    JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(contentAlgo, CEK_BYTES, 
        JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption2);
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeades = new LinkedList<>();
    perRecipientHeades.add(new JweHeaders("key1"));
    perRecipientHeades.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
    assertEquals(MULTIPLE_RECIPIENTS_A128CBCHS256_JSON_OUTPUT, jweJson);
}
 

@Test
public void testMultipleRecipientsA128CBCHS256() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    
    KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
    ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
    
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    AesCbcContentEncryptionAlgorithm contentEncryption = new AesCbcContentEncryptionAlgorithm(contentAlgo, true);
    
    KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
    JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(keyEncryption1, contentEncryption);
    KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
    JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(keyEncryption2, contentEncryption);
    
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeades = new LinkedList<>();
    perRecipientHeades.add(new JweHeaders("key1"));
    perRecipientHeades.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
    
    JweJsonConsumer consumer = new JweJsonConsumer(jweJson);
    Assert.assertEquals(keyAlgo, consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm());
    Assert.assertEquals(contentAlgo, consumer.getProtectedHeader().getContentEncryptionAlgorithm());
    
    // Recipient 1
    JweDecryptionProvider jwd1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, contentAlgo);
    JweDecryptionOutput out1 = consumer.decryptWith(jwd1, Collections.singletonMap("kid", "key1"));
    assertEquals(text, out1.getContentText());
    // Recipient 2
    JweDecryptionProvider jwd2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, contentAlgo);

    JweDecryptionOutput out2 = consumer.decryptWith(jwd2, Collections.singletonMap("kid", "key2"));
    assertEquals(text, out2.getContentText());
}
 

private byte[] toBytes(String str) {
    return str == null ? null : StringUtils.toBytesUTF8(str);
}
 

static byte[] stringToBytes(String str) {
    return StringUtils.toBytesUTF8(str);
}
 

public byte[] getDecodedJwsPayloadBytes() {
    return StringUtils.toBytesUTF8(getDecodedJwsPayload());
}
 

public String signWith(JwsSignatureProvider signer,
                       JwsHeaders protectedHeader,
                       JwsHeaders unprotectedHeader) {
    JwsHeaders unionHeaders = new JwsHeaders();

    if (protectedHeader != null) {
        unionHeaders.asMap().putAll(protectedHeader.asMap());
    }
    if (unprotectedHeader != null) {
        checkUnprotectedHeaders(unprotectedHeader,
                                JoseConstants.HEADER_CRITICAL,
                                JoseConstants.JWS_HEADER_B64_STATUS_HEADER);
        if (!Collections.disjoint(unionHeaders.asMap().keySet(),
                                 unprotectedHeader.asMap().keySet())) {
            LOG.warning("Protected and unprotected headers have duplicate values");
            throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
        }
        unionHeaders.asMap().putAll(unprotectedHeader.asMap());
    }
    if (unionHeaders.getSignatureAlgorithm() == null) {
        LOG.warning("Algorithm header is not set");
        throw new JwsException(JwsException.Error.INVALID_JSON_JWS);
    }
    String sequenceToBeSigned;
    String actualPayload = protectedHeader != null
        ? getActualPayload(protectedHeader.getPayloadEncodingStatus())
        : getUnsignedEncodedPayload();
    if (protectedHeader != null) {
        sequenceToBeSigned = Base64UrlUtility.encode(writer.toJson(protectedHeader))
                + "." + actualPayload;
    } else {
        sequenceToBeSigned = "." + getUnsignedEncodedPayload();
    }
    byte[] bytesToBeSigned = StringUtils.toBytesUTF8(sequenceToBeSigned);

    byte[] signatureBytes = signer.sign(unionHeaders, bytesToBeSigned);

    String encodedSignatureBytes = Base64UrlUtility.encode(signatureBytes);
    JwsJsonSignatureEntry signature;
    if (protectedHeader != null) {
        signature = new JwsJsonSignatureEntry(actualPayload,
                Base64UrlUtility.encode(writer.toJson(protectedHeader)),
                encodedSignatureBytes,
                unprotectedHeader);
    } else {
        signature = new JwsJsonSignatureEntry(getUnsignedEncodedPayload(),
                null,
                encodedSignatureBytes,
                unprotectedHeader);
    }
    return updateJwsJsonSignedDocument(signature);
}
 

public byte[] getDecodedJwsPayloadBytes() {
    return StringUtils.toBytesUTF8(getDecodedJwsPayload());
}
 

protected void writeJws(JwsJsonProducer p, OutputStream os)
    throws IOException {
    byte[] bytes = StringUtils.toBytesUTF8(p.getJwsJsonSignedDocument());
    IOUtils.copy(new ByteArrayInputStream(bytes), os);
}
 

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    JwsHeaders headers = new JwsHeaders();
    JwsSignatureProvider sigProvider = getInitializedSigProvider(headers);
    setContentTypeIfNeeded(headers, ctx);
    if (!encodePayload) {
        headers.setPayloadEncodingStatus(false);
    }
    protectHttpHeadersIfNeeded(ctx, headers);
    OutputStream actualOs = ctx.getOutputStream();
    if (useJwsOutputStream) {
        JwsSignature jwsSignature = sigProvider.createJwsSignature(headers);
        JoseUtils.traceHeaders(headers);
        JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature, true);
        byte[] headerBytes = StringUtils.toBytesUTF8(writer.toJson(headers));
        Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
        jwsStream.write(new byte[]{'.'});

        Base64UrlOutputStream base64Stream = null;
        if (encodePayload) {
            base64Stream = new Base64UrlOutputStream(jwsStream);
            ctx.setOutputStream(base64Stream);
        } else {
            ctx.setOutputStream(jwsStream);
        }
        ctx.proceed();
        setJoseMediaType(ctx);
        if (base64Stream != null) {
            base64Stream.flush();
        }
        jwsStream.flush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JwsCompactProducer p = new JwsCompactProducer(headers, new String(cos.getBytes(), StandardCharsets.UTF_8));
        setJoseMediaType(ctx);
        writeJws(p, sigProvider, actualOs);
    }
}
 

public static JweEncryptionProvider getClientSecretEncryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweEncryption(key, getClientSecretContentAlgorithm(props));
}
 

public static JweDecryptionProvider getClientSecretDecryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweDecryption(key, getClientSecretContentAlgorithm(props));
}
 

@Override
public void filter(ContainerRequestContext context) throws IOException {
    UriInfo ui = context.getUriInfo();
    String path = ui.getPath(false);

    if ("POST".equals(context.getMethod())
        && "bookstore/bookheaders/simple".equals(path) && !context.hasEntity()) {
        byte[] bytes = StringUtils.toBytesUTF8("<Book><name>Book</name><id>126</id></Book>");
        context.getHeaders().putSingle(HttpHeaders.CONTENT_LENGTH, Integer.toString(bytes.length));
        context.getHeaders().putSingle("Content-Type", "application/xml");
        context.getHeaders().putSingle("EmptyRequestStreamDetected", "true");
        context.setEntityStream(new ByteArrayInputStream(bytes));
    }
    if ("true".equals(context.getProperty("DynamicPrematchingFilter"))) {
        throw new RuntimeException();
    }
    context.setProperty("FirstPrematchingFilter", "true");

    if ("wrongpath".equals(path)) {
        context.setRequestUri(URI.create("/bookstore/bookheaders/simple"));
    } else if ("throwException".equals(path)) {
        context.setProperty("filterexception", "prematch");
        throw new InternalServerErrorException(
            Response.status(500).type("text/plain")
                .entity("Prematch filter error").build());
    } else if ("throwExceptionIO".equals(path)) {
        context.setProperty("filterexception", "prematch");
        throw new IOException();
    }

    MediaType mt = context.getMediaType();
    if (mt != null && "text/xml".equals(mt.toString())) {
        String method = context.getMethod();
        if ("PUT".equals(method)) {
            context.setMethod("POST");
        }
        context.getHeaders().putSingle("Content-Type", "application/xml");
    } else {
        String newMt = context.getHeaderString("newmediatype");
        if (newMt != null) {
            context.getHeaders().putSingle("Content-Type", newMt);
        }
    }
    List<MediaType> acceptTypes = context.getAcceptableMediaTypes();
    if (acceptTypes.size() == 1 && "text/mistypedxml".equals(acceptTypes.get(0).toString())) {
        context.getHeaders().putSingle("Accept", "text/xml");
    }
}