org.apache.cxf.rs.security.jose.jwe.JweUtils Java Examples
The following examples show how to use
org.apache.cxf.rs.security.jose.jwe.JweUtils.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) { if (config.acceptEncryptionAlias()) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId()); } if (isInlinedJwkSetAvailable()) { if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) { return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias())); } else { return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()), ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm())); } } else { return JweUtils.loadDecryptionProvider(props, headers); } }
Example #2
Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm, ContentAlgorithm contentEncryptionAlgorithm) { if (key.getAlgorithm() != null) { return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm); } switch (key.getKeyType()) { case EC: return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm, contentEncryptionAlgorithm); case RSA: return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm, contentEncryptionAlgorithm); case OCTET: SecretKey secretKey = CryptoUtils.createSecretKeySpec( (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName()); return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm, contentEncryptionAlgorithm); default: throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType()); } }
Example #3
Source File: ApacheCXFProducer.java From cxf with Apache License 2.0 | 6 votes |
private void produceJsonJWE(String plainText, JsonWebKey key, JweHeaders protectedHeaders, JweHeaders unprotectedJweHeaders, JweHeaders recipientHeaders, boolean flattened) { JweJsonProducer jweProducer = new JweJsonProducer(protectedHeaders, unprotectedJweHeaders, plainText.getBytes(StandardCharsets.UTF_8), null, flattened); Map<String, Object> union = new HashMap<>(); if (protectedHeaders != null) { union.putAll(protectedHeaders.asMap()); } if (unprotectedJweHeaders != null) { union.putAll(unprotectedJweHeaders.asMap()); } JweHeaders unionHeaders = new JweHeaders(union); JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, unionHeaders); String encryptedData = jweProducer.encryptWith(jweEncryptionProvider, recipientHeaders); JweJsonConsumer validator = new JweJsonConsumer(encryptedData); Assert.assertEquals(protectedHeaders.getKeyEncryptionAlgorithm(), validator.getProtectedHeader().getKeyEncryptionAlgorithm()); Assert.assertEquals(protectedHeaders.getContentEncryptionAlgorithm(), validator.getProtectedHeader().getContentEncryptionAlgorithm()); Assert.assertEquals(1, validator.getRecipients().size()); Assert.assertEquals(recipientHeaders.getKeyId(), validator.getRecipients().get(0).getUnprotectedHeader().getKeyId()); }
Example #4
Source File: OAuthServerJoseJwtProducer.java From cxf with Apache License 2.0 | 6 votes |
protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { JweEncryptionProvider theEncryptionProvider = null; if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(), KeyAlgorithm.RSA_OAEP, ContentAlgorithm.A128GCM, null); } if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) { theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret()); } return theEncryptionProvider; }
Example #5
Source File: BookStore.java From cxf with Apache License 2.0 | 6 votes |
private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) { Message message = JAXRSUtils.getCurrentMessage(); Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc); JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid); ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps); JweDecryptionProvider jweRecipient = JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm); JweDecryptionOutput jweRecipientOutput = consumer.decryptWith(jweRecipient, Collections.singletonMap("kid", recipientKid)); return jweRecipientOutput.getContentText(); }
Example #6
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 5 votes |
private JweEncryptionProvider getEncryptionProvider(Properties props, JweHeaders headers) { if (isInlinedJwkSetAvailable()) { if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) { return JweUtils.getDirectKeyJweEncryption(loadJsonWebKey(encryptionKeyAlias())); } else { return JweUtils.createJweEncryptionProvider(loadJsonWebKey(encryptionKeyAlias()), headers); } } else { return JweUtils.loadEncryptionProvider(props, headers); } }
Example #7
Source File: ApacheCXFProducer.java From cxf with Apache License 2.0 | 5 votes |
private void produceCompactJWE(String plainText, JsonWebKey key, JweHeaders headers) { JweCompactProducer jweProducer = new JweCompactProducer(headers, plainText); JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, headers); String encryptedData = jweProducer.encryptWith(jweEncryptionProvider); JweCompactConsumer validator = new JweCompactConsumer(encryptedData); Assert.assertEquals(headers.getKeyEncryptionAlgorithm(), validator.getJweHeaders().getKeyEncryptionAlgorithm()); Assert.assertEquals(headers.getContentEncryptionAlgorithm(), validator.getJweHeaders().getContentEncryptionAlgorithm()); Assert.assertEquals(headers.getKeyId(), validator.getJweHeaders().getKeyId()); }
Example #8
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String encryptJwkSet(JsonWebKeys jwkSet, PublicKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)), "jwk-set+json"); }
Example #9
Source File: AbstractJoseConsumer.java From cxf with Apache License 2.0 | 4 votes |
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) { if (jweDecryptor != null) { return jweDecryptor; } return JweUtils.loadDecryptionProvider(jweHeaders, false); }
Example #10
Source File: AbstractJoseProducer.java From cxf with Apache License 2.0 | 4 votes |
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) { if (encryptionProvider != null) { return encryptionProvider; } return JweUtils.loadEncryptionProvider(jweHeaders, false); }
Example #11
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, String jsonJwk) { return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk))); }
Example #12
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JsonWebKey decryptJwkKey(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, String jsonJwk) { return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk))); }
Example #13
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)), "jwk+json"); }
Example #14
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String encryptJwkKey(JsonWebKey jwkKey, PublicKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)), "jwk+json"); }
Example #15
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, String jsonJwkSet) { return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet))); }
Example #16
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JsonWebKeys decryptJwkSet(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo, String jsonJwkSet) { return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet))); }
Example #17
Source File: JwkUtils.java From cxf with Apache License 2.0 | 4 votes |
public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo) { return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)), "jwk-set+json"); }
Example #18
Source File: JWTTokenProviderTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testCreateUnsignedEncryptedCBCJWT() throws Exception { try { Security.addProvider(new BouncyCastleProvider()); TokenProvider jwtTokenProvider = new JWTTokenProvider(); ((JWTTokenProvider)jwtTokenProvider).setSignToken(false); TokenProviderParameters providerParameters = createProviderParameters(); providerParameters.setEncryptToken(true); providerParameters.getEncryptionProperties().setEncryptionAlgorithm( ContentAlgorithm.A128CBC_HS256.name() ); assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); assertNotNull(providerResponse); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); String token = (String)providerResponse.getToken(); assertNotNull(token); assertTrue(token.split("\\.").length == 5); if (unrestrictedPoliciesInstalled) { // Validate the token JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token); Properties decProperties = new Properties(); Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties()); KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore(); decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey"); decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass"); decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, ContentAlgorithm.A128CBC_HS256.name()); JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders()); JweDecryptionOutput decOutput = decProvider.decrypt(token); String decToken = decOutput.getContentText(); JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken); JwtToken jwt = jwtJwsConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); } } finally { Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } }
Example #19
Source File: AbstractJweDecryptingFilter.java From cxf with Apache License 2.0 | 4 votes |
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) { if (decryption != null) { return decryption; } return JweUtils.loadDecryptionProvider(headers, true); }
Example #20
Source File: AbstractJweJsonDecryptingFilter.java From cxf with Apache License 2.0 | 4 votes |
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) { if (decryption != null) { return decryption; } return JweUtils.loadDecryptionProvider(headers, true); }
Example #21
Source File: JweWriterInterceptor.java From cxf with Apache License 2.0 | 4 votes |
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders headers) { if (encryptionProvider != null) { return encryptionProvider; } return JweUtils.loadEncryptionProvider(headers, true); }
Example #22
Source File: JWTTokenProviderTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testCreateUnsignedEncryptedJWT() throws Exception { TokenProvider jwtTokenProvider = new JWTTokenProvider(); ((JWTTokenProvider)jwtTokenProvider).setSignToken(false); TokenProviderParameters providerParameters = createProviderParameters(); providerParameters.setEncryptToken(true); assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); assertNotNull(providerResponse); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); String token = (String)providerResponse.getToken(); assertNotNull(token); assertTrue(token.split("\\.").length == 5); if (unrestrictedPoliciesInstalled) { // Validate the token JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token); Properties decProperties = new Properties(); Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties()); KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore(); decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey"); decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass"); JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders()); JweDecryptionOutput decOutput = decProvider.decrypt(token); String decToken = decOutput.getContentText(); JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken); JwtToken jwt = jwtJwsConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); } }
Example #23
Source File: JoseSessionTokenProvider.java From cxf with Apache License 2.0 | 4 votes |
protected JweDecryptionProvider getInitializedDecryptionProvider() { if (jweDecryptor != null) { return jweDecryptor; } return JweUtils.loadDecryptionProvider(jweRequired); }
Example #24
Source File: JoseSessionTokenProvider.java From cxf with Apache License 2.0 | 4 votes |
protected JweEncryptionProvider getInitializedEncryptionProvider() { if (jweEncryptor != null) { return jweEncryptor; } return JweUtils.loadEncryptionProvider(jweRequired); }
Example #25
Source File: JoseClientCodeStateManager.java From cxf with Apache License 2.0 | 4 votes |
protected JweEncryptionProvider getInitializedEncryptionProvider() { if (encryptionProvider != null) { return encryptionProvider; } return JweUtils.loadEncryptionProvider(false); }
Example #26
Source File: JoseClientCodeStateManager.java From cxf with Apache License 2.0 | 4 votes |
protected JweDecryptionProvider getInitializedDecryptionProvider() { if (decryptionProvider != null) { return decryptionProvider; } return JweUtils.loadDecryptionProvider(false); }
Example #27
Source File: OAuthUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JweEncryptionProvider getClientSecretEncryptionProvider(String clientSecret) { Properties props = JweUtils.loadEncryptionInProperties(false); byte[] key = StringUtils.toBytesUTF8(clientSecret); return JweUtils.getDirectKeyJweEncryption(key, getClientSecretContentAlgorithm(props)); }
Example #28
Source File: OAuthUtils.java From cxf with Apache License 2.0 | 4 votes |
public static JweDecryptionProvider getClientSecretDecryptionProvider(String clientSecret) { Properties props = JweUtils.loadEncryptionInProperties(false); byte[] key = StringUtils.toBytesUTF8(clientSecret); return JweUtils.getDirectKeyJweDecryption(key, getClientSecretContentAlgorithm(props)); }
Example #29
Source File: JWTTokenProviderTest.java From cxf with Apache License 2.0 | 4 votes |
@org.junit.Test public void testCreateSignedEncryptedJWT() throws Exception { TokenProvider jwtTokenProvider = new JWTTokenProvider(); TokenProviderParameters providerParameters = createProviderParameters(); providerParameters.setEncryptToken(true); assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE)); TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters); assertNotNull(providerResponse); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); String token = (String)providerResponse.getToken(); assertNotNull(token); assertTrue(token.split("\\.").length == 5); if (unrestrictedPoliciesInstalled) { // Validate the token JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token); Properties decProperties = new Properties(); Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties()); KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore(); decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore); decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey"); decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass"); JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders()); JweDecryptionOutput decOutput = decProvider.decrypt(token); String decToken = decOutput.getContentText(); JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken); JwtToken jwt = jwtJwsConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID)); Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT)); Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY)); } }