Java Code Examples for org.apache.cxf.rt.security.crypto.CryptoUtils#createSecretKeySpec()

The following examples show how to use org.apache.cxf.rt.security.crypto.CryptoUtils#createSecretKeySpec() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: cxf   File: ApacheCXFConsumer.java    License: Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm,
    ContentAlgorithm contentEncryptionAlgorithm) {
    if (key.getAlgorithm() != null) {
        return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm);
    }
    switch (key.getKeyType()) {
    case EC:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case RSA:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case OCTET:
        SecretKey secretKey = CryptoUtils.createSecretKeySpec(
            (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName());
        return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    default:
        throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType());
    }
}
 
Example 2
Source Project: cxf   File: JweJsonConsumerTest.java    License: Apache License 2.0 6 votes vote down vote up
private void doTestMultipleRecipients(String jweJson) {
    final String text = "The true sign of intelligence is not knowledge but imagination.";

    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
                                                           "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES2,
        "AES");
    JweJsonConsumer consumer = new JweJsonConsumer(jweJson);
    KeyAlgorithm keyAlgo = consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm();
    ContentAlgorithm ctAlgo = consumer.getProtectedHeader().getContentEncryptionAlgorithm();
    // Recipient 1
    JweDecryptionProvider jwe1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, ctAlgo);
    JweDecryptionOutput out1 = consumer.decryptWith(jwe1,
                                                    Collections.singletonMap("kid", "key1"));
    assertEquals(text, out1.getContentText());
    // Recipient 2
    JweDecryptionProvider jwe2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, ctAlgo);

    JweDecryptionOutput out2 = consumer.decryptWith(jwe2,
                                                    Collections.singletonMap("kid", "key2"));
    assertEquals(text, out2.getContentText());

    // Extra AAD
    assertEquals(JweJsonProducerTest.EXTRA_AAD_SOURCE, consumer.getAadText());
}
 
Example 3
Source Project: cxf   File: JweJsonConsumerTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testSingleRecipientAllTypeOfHeadersAndAadModified() {
    SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
                                                           "AES");
    JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
                                                                     KeyAlgorithm.A128KW,
                                                                     ContentAlgorithm.A128GCM);
    JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT);
    try {
        consumer.decryptWith(jwe);
        fail("AAD check has passed unexpectedly");
    } catch (SecurityException ex) {
        // expected
    }

}
 
Example 4
Source Project: cxf   File: JweJsonConsumerTest.java    License: Apache License 2.0 6 votes vote down vote up
private void doTestSingleRecipient(String text,
                                   String input,
                                   ContentAlgorithm contentEncryptionAlgo,
                                   final byte[] wrapperKeyBytes,
                                   final byte[] cek) throws Exception {
    JweDecryptionProvider jwe = null;
    if (wrapperKeyBytes != null) {
        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
        jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
                                                   KeyAlgorithm.A128KW,
                                                   contentEncryptionAlgo);
    } else {
        SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
        jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo);
    }
    JweJsonConsumer consumer = new JweJsonConsumer(input);
    JweDecryptionOutput out = consumer.decryptWith(jwe);
    assertEquals(text, out.getContentText());
}
 
Example 5
Source Project: cxf   File: AbstractJweDecryption.java    License: Apache License 2.0 5 votes vote down vote up
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
    KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
    keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
    AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
    keyProperties.setAlgoSpec(spec);
    boolean compressionSupported =
        JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
    keyProperties.setCompressionSupported(compressionSupported);
    byte[] actualCek = getActualCek(cek,
                           jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
    byte[] bytes =
        CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);

    // Here we're finished with the SecretKey we created, so we can destroy it
    try {
        secretKey.destroy();
    } catch (DestroyFailedException e) {
        // ignore
    }
    Arrays.fill(cek, (byte) 0);
    if (actualCek != cek) {
        Arrays.fill(actualCek, (byte) 0);
    }

    return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
 
Example 6
Source Project: cxf   File: JweJsonConsumerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";

    SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
                                                           "AES");
    JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
                                                                     KeyAlgorithm.A128KW,
                                                                     ContentAlgorithm.A128GCM);
    JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT);
    JweDecryptionOutput out = consumer.decryptWith(jwe);
    assertEquals(text, out.getContentText());
    assertEquals(JweJsonProducerTest.EXTRA_AAD_SOURCE, consumer.getAadText());
}
 
Example 7
Source Project: cxf   File: JweJsonConsumerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testMultipleRecipientsAutogeneratedCek() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    KeyEncryptionProvider keyEncryption1 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
    ContentEncryptionProvider contentEncryption =
        new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM, true);

    JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
    KeyEncryptionProvider keyEncryption2 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
    JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeaders = new LinkedList<>();
    perRecipientHeaders.add(new JweHeaders("key1"));
    perRecipientHeaders.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(JweJsonProducerTest.EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeaders);
    doTestMultipleRecipients(jweJson);
}
 
Example 8
Source Project: cxf   File: JweCompactReaderWriterTest.java    License: Apache License 2.0 5 votes vote down vote up
private SecretKey createSecretKey(boolean createIfException) throws Exception {
    SecretKey key = null;
    if (Cipher.getMaxAllowedKeyLength("AES") > 128) {
        key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES");
    } else if (createIfException) {
        key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES");
    }
    return key;
}
 
Example 9
Source Project: cxf   File: JwaSpecTestCasesTest.java    License: Apache License 2.0 5 votes vote down vote up
private void doTestSingleRecipient(String text,
                                     String expectedOutput,
                                     ContentAlgorithm contentEncryptionAlgo,
                                     final byte[] iv,
                                     final byte[] cek) throws Exception {
    JweHeaders headers = new JweHeaders(KeyAlgorithm.A128KW, contentEncryptionAlgo);

    headers.asMap().remove("alg");
    JweEncryptionProvider jwe = null;
    SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
    jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
    JweJsonProducer p = new JweJsonProducer(headers, Hex.decode(text.getBytes())) {
        protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
            JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
            input.setCek(cek);
            input.setIv(iv);
            return input;
        }
    };
    String jweJson = p.encryptWith(jwe);

    JsonMapObjectReaderWriter jsonReader = new JsonMapObjectReaderWriter();
    Map<String, Object> json = jsonReader.fromJson(jweJson);

    // Check IV matches
    byte[] outputIv = Base64UrlUtility.decode((String)json.get("iv"));
    assertArrayEquals(outputIv, iv);

    // Check CipherText matches
    byte[] cipherTextBytes = Base64UrlUtility.decode((String)json.get("ciphertext"));
    assertArrayEquals(cipherTextBytes, Hex.decode(expectedOutput));
}
 
Example 10
Source Project: cxf   File: JweJsonProducerTest.java    License: Apache License 2.0 5 votes vote down vote up
private String doTestSingleRecipient(String text,
                                     String expectedOutput,
                                     ContentAlgorithm contentEncryptionAlgo,
                                     final byte[] wrapperKeyBytes,
                                     final byte[] iv,
                                     final byte[] cek,
                                     boolean canBeFlat) throws Exception {
    JweHeaders headers = new JweHeaders(KeyAlgorithm.A128KW,
                                        contentEncryptionAlgo);
    JweEncryptionProvider jwe = null;
    if (wrapperKeyBytes == null) {
        headers.asMap().remove("alg");
        SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
        jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
    } else {
        SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
        jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
    }
    JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text), canBeFlat) {
        protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
            JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
            input.setCek(cek);
            input.setIv(iv);
            return input;
        }
    };
    String jweJson = p.encryptWith(jwe);
    assertEquals(expectedOutput, jweJson);
    return jweJson;
}
 
Example 11
Source Project: cxf   File: JweJsonProducerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testSingleRecipientAllTypeOfHeadersAndAad() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");

    JweHeaders protectedHeaders = new JweHeaders(ContentAlgorithm.A128GCM);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");

    JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey,
                                                                     KeyAlgorithm.A128KW,
                                                                     ContentAlgorithm.A128GCM,
                                                                     null);
    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false) {
        protected JweEncryptionInput createEncryptionInput(JweHeaders jsonHeaders) {
            JweEncryptionInput input = super.createEncryptionInput(jsonHeaders);
            input.setCek(CEK_BYTES);
            input.setIv(JweCompactReaderWriterTest.INIT_VECTOR_A1);
            return input;
        }
    };
    JweHeaders recepientUnprotectedHeaders = new JweHeaders();
    recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);
    String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders);
    assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson);
}
 
Example 12
Source Project: cxf   File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static SecretKey toSecretKey(JsonWebKey jwk) {
    return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
                                           AlgorithmUtils.toJavaName(jwk.getAlgorithm()));
}
 
Example 13
Source Project: cxf   File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static SecretKey toSecretKey(JsonWebKey jwk, KeyAlgorithm algorithm) {
    return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
                                           algorithm.getJavaName());
}
 
Example 14
public AesWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
    this(CryptoUtils.createSecretKeySpec(keyBytes, keyAlgoJwt.getJavaName()),
         keyAlgoJwt);
}
 
Example 15
public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
    this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo);
}
 
Example 16
public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
    this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES),
         keyAlgoJwt);
}
 
Example 17
public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
    this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA),
         supportedAlgo);
}
 
Example 18
Source Project: cxf   File: AbstractJweEncryption.java    License: Apache License 2.0 4 votes vote down vote up
protected SecretKey createCekSecretKey(JweEncryptionInternal state) {
    return CryptoUtils.createSecretKeySpec(getActualCek(state.secretKey, this.getContentEncryptionAlgoJwt()),
                                           state.keyProps.getKeyAlgo());
}
 
Example 19
Source Project: cxf   File: JweJsonProducerTest.java    License: Apache License 2.0 4 votes vote down vote up
@Test
public void testMultipleRecipientsA128CBCHS256() {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    
    KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
    ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
    
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    AesCbcContentEncryptionAlgorithm contentEncryption = new AesCbcContentEncryptionAlgorithm(contentAlgo, true);
    
    KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
    JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(keyEncryption1, contentEncryption);
    KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
    JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(keyEncryption2, contentEncryption);
    
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeades = new LinkedList<>();
    perRecipientHeades.add(new JweHeaders("key1"));
    perRecipientHeades.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
    
    JweJsonConsumer consumer = new JweJsonConsumer(jweJson);
    Assert.assertEquals(keyAlgo, consumer.getSharedUnprotectedHeader().getKeyEncryptionAlgorithm());
    Assert.assertEquals(contentAlgo, consumer.getProtectedHeader().getContentEncryptionAlgorithm());
    
    // Recipient 1
    JweDecryptionProvider jwd1 = JweUtils.createJweDecryptionProvider(wrapperKey1, keyAlgo, contentAlgo);
    JweDecryptionOutput out1 = consumer.decryptWith(jwd1, Collections.singletonMap("kid", "key1"));
    assertEquals(text, out1.getContentText());
    // Recipient 2
    JweDecryptionProvider jwd2 = JweUtils.createJweDecryptionProvider(wrapperKey2, keyAlgo, contentAlgo);

    JweDecryptionOutput out2 = consumer.decryptWith(jwd2, Collections.singletonMap("kid", "key2"));
    assertEquals(text, out2.getContentText());
}
 
Example 20
Source Project: cxf   File: JweJsonProducerTest.java    License: Apache License 2.0 4 votes vote down vote up
@Test
public void testMultipleRecipientsA128CBCHS256GivenCek() throws Exception {
    final String text = "The true sign of intelligence is not knowledge but imagination.";
    
    KeyAlgorithm keyAlgo = KeyAlgorithm.A128KW;
    ContentAlgorithm contentAlgo = ContentAlgorithm.A128CBC_HS256;
    
    SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
    SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");

    JweHeaders protectedHeaders = new JweHeaders(contentAlgo);
    JweHeaders sharedUnprotectedHeaders = new JweHeaders();
    sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
    
    sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(keyAlgo);

    List<JweEncryptionProvider> jweProviders = new LinkedList<>();

    KeyEncryptionProvider keyEncryption1 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, keyAlgo);
    
    JweEncryptionProvider jwe1 = new AesCbcHmacJweEncryption(contentAlgo, Hex.decode(CEK_32_HEX), 
        JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption1);
    KeyEncryptionProvider keyEncryption2 =
        JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, keyAlgo);
    JweEncryptionProvider jwe2 = new AesCbcHmacJweEncryption(contentAlgo, CEK_BYTES, 
        JweCompactReaderWriterTest.INIT_VECTOR_A3, keyEncryption2);
    jweProviders.add(jwe1);
    jweProviders.add(jwe2);

    List<JweHeaders> perRecipientHeades = new LinkedList<>();
    perRecipientHeades.add(new JweHeaders("key1"));
    perRecipientHeades.add(new JweHeaders("key2"));

    JweJsonProducer p = new JweJsonProducer(protectedHeaders,
                                            sharedUnprotectedHeaders,
                                            StringUtils.toBytesUTF8(text),
                                            StringUtils.toBytesUTF8(EXTRA_AAD_SOURCE),
                                            false);

    String jweJson = p.encryptWith(jweProviders, perRecipientHeades);
    assertEquals(MULTIPLE_RECIPIENTS_A128CBCHS256_JSON_OUTPUT, jweJson);
}