org.apache.cxf.rs.security.jose.jwe.JweUtils Java Examples

The following examples show how to use org.apache.cxf.rs.security.jose.jwe.JweUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 
Example #2
Source File: ApacheCXFConsumer.java    From cxf with Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm,
    ContentAlgorithm contentEncryptionAlgorithm) {
    if (key.getAlgorithm() != null) {
        return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm);
    }
    switch (key.getKeyType()) {
    case EC:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case RSA:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case OCTET:
        SecretKey secretKey = CryptoUtils.createSecretKeySpec(
            (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName());
        return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    default:
        throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType());
    }
}
 
Example #3
Source File: ApacheCXFProducer.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void produceJsonJWE(String plainText, JsonWebKey key, JweHeaders protectedHeaders,
    JweHeaders unprotectedJweHeaders, JweHeaders recipientHeaders, boolean flattened) {
    JweJsonProducer jweProducer = new JweJsonProducer(protectedHeaders, unprotectedJweHeaders,
        plainText.getBytes(StandardCharsets.UTF_8), null, flattened);
    Map<String, Object> union = new HashMap<>();
    if (protectedHeaders != null) {
        union.putAll(protectedHeaders.asMap());
    }
    if (unprotectedJweHeaders != null) {
        union.putAll(unprotectedJweHeaders.asMap());
    }
    JweHeaders unionHeaders = new JweHeaders(union);
    JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, unionHeaders);
    String encryptedData = jweProducer.encryptWith(jweEncryptionProvider, recipientHeaders);
    JweJsonConsumer validator = new JweJsonConsumer(encryptedData);
    Assert.assertEquals(protectedHeaders.getKeyEncryptionAlgorithm(),
        validator.getProtectedHeader().getKeyEncryptionAlgorithm());
    Assert.assertEquals(protectedHeaders.getContentEncryptionAlgorithm(),
        validator.getProtectedHeader().getContentEncryptionAlgorithm());
    Assert.assertEquals(1, validator.getRecipients().size());
    Assert.assertEquals(recipientHeaders.getKeyId(),
        validator.getRecipients().get(0).getUnprotectedHeader().getKeyId());
}
 
Example #4
Source File: OAuthServerJoseJwtProducer.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) {
    JweEncryptionProvider theEncryptionProvider = null;
    if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) {
        X509Certificate cert =
            (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
        theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(),
                                                                     KeyAlgorithm.RSA_OAEP,
                                                                     ContentAlgorithm.A128GCM,
                                                                     null);
    }
    if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) {
        theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret());
    }
    return theEncryptionProvider;

}
 
Example #5
Source File: BookStore.java    From cxf with Apache License 2.0 6 votes vote down vote up
private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) { 
    Message message = JAXRSUtils.getCurrentMessage();
    
    
    Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc);
    JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid);
    
    ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps);
    
    JweDecryptionProvider jweRecipient = 
        JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm);
    
    JweDecryptionOutput jweRecipientOutput = 
        consumer.decryptWith(jweRecipient,
                             Collections.singletonMap("kid", recipientKid));
    return jweRecipientOutput.getContentText();
}
 
Example #6
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 5 votes vote down vote up
private JweEncryptionProvider getEncryptionProvider(Properties props, JweHeaders headers) {
    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweEncryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweEncryptionProvider(loadJsonWebKey(encryptionKeyAlias()), headers);
        }
    } else {
        return JweUtils.loadEncryptionProvider(props, headers);
    }
}
 
Example #7
Source File: ApacheCXFProducer.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void produceCompactJWE(String plainText, JsonWebKey key, JweHeaders headers) {
    JweCompactProducer jweProducer = new JweCompactProducer(headers, plainText);
    JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, headers);
    String encryptedData = jweProducer.encryptWith(jweEncryptionProvider);
    JweCompactConsumer validator = new JweCompactConsumer(encryptedData);
    Assert.assertEquals(headers.getKeyEncryptionAlgorithm(), validator.getJweHeaders().getKeyEncryptionAlgorithm());
    Assert.assertEquals(headers.getContentEncryptionAlgorithm(),
        validator.getJweHeaders().getContentEncryptionAlgorithm());
    Assert.assertEquals(headers.getKeyId(), validator.getJweHeaders().getKeyId());
}
 
Example #8
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static String encryptJwkSet(JsonWebKeys jwkSet, PublicKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                            "jwk-set+json");
}
 
Example #9
Source File: AbstractJoseConsumer.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweHeaders, false);
}
 
Example #10
Source File: AbstractJoseProducer.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(jweHeaders, false);
}
 
Example #11
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                       String jsonJwk) {
    return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
 
Example #12
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JsonWebKey decryptJwkKey(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                       String jsonJwk) {
    return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
 
Example #13
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                            "jwk+json");
}
 
Example #14
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static String encryptJwkKey(JsonWebKey jwkKey, PublicKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                            "jwk+json");
}
 
Example #15
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                        String jsonJwkSet) {
    return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
 
Example #16
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JsonWebKeys decryptJwkSet(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                        String jsonJwkSet) {
    return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
 
Example #17
Source File: JwkUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                            "jwk-set+json");
}
 
Example #18
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());

        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
            ContentAlgorithm.A128CBC_HS256.name()
        );

        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertNotNull(providerResponse);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

        String token = (String)providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);

        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
                              ContentAlgorithm.A128CBC_HS256.name());

            JweDecryptionProvider decProvider =
                JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();

            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();

            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
 
Example #19
Source File: AbstractJweDecryptingFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example #20
Source File: AbstractJweJsonDecryptingFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example #21
Source File: JweWriterInterceptor.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders headers) {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(headers, true);
}
 
Example #22
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example #23
Source File: JoseSessionTokenProvider.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweRequired);
}
 
Example #24
Source File: JoseSessionTokenProvider.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider() {
    if (jweEncryptor != null) {
        return jweEncryptor;
    }
    return JweUtils.loadEncryptionProvider(jweRequired);
}
 
Example #25
Source File: JoseClientCodeStateManager.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider() {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(false);
}
 
Example #26
Source File: JoseClientCodeStateManager.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (decryptionProvider != null) {
        return decryptionProvider;
    }
    return JweUtils.loadDecryptionProvider(false);
}
 
Example #27
Source File: OAuthUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JweEncryptionProvider getClientSecretEncryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweEncryption(key, getClientSecretContentAlgorithm(props));
}
 
Example #28
Source File: OAuthUtils.java    From cxf with Apache License 2.0 4 votes vote down vote up
public static JweDecryptionProvider getClientSecretDecryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweDecryption(key, getClientSecretContentAlgorithm(props));
}
 
Example #29
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}