org.apache.cxf.rs.security.jose.common.JoseConstants Java Examples

The following examples show how to use org.apache.cxf.rs.security.jose.common.JoseConstants. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwkUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid) {
    PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper);
    JsonWebKeys jwkSet = loadJwkSet(m, props, cb);
    String kid = null;
    if (inHeaderKid != null
        && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY, false)) {
        kid = inHeaderKid;
    } else {
        kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper);
    }
    if (kid != null) {
        return jwkSet.getKey(kid);
    } else if (keyOper != null) {
        List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper);
        if (keys != null && keys.size() == 1) {
            return keys.get(0);
        }
    }
    return null;
}
 
Example #2
Source File: JAXRSJwsJsonTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Test
public void testJweCompactJwsJsonBookBeanHmac() throws Exception {
    if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
        return;
    }
    String address = "https://localhost:" + PORT + "/jwejwsjsonhmac";
    List<?> extraProviders = Arrays.asList(new JacksonJsonProvider(),
                                           new JweWriterInterceptor(),
                                           new JweClientResponseFilter());
    String jwkStoreProperty = "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties";
    Map<String, Object> props = new HashMap<>();
    props.put(JoseConstants.RSSEC_SIGNATURE_PROPS, jwkStoreProperty);
    props.put(JoseConstants.RSSEC_ENCRYPTION_PROPS, jwkStoreProperty);
    BookStore bs = createBookStore(address,
                                   props,
                                   extraProviders);
    Book book = bs.echoBook(new Book("book", 123L));
    assertEquals("book", book.getName());
    assertEquals(123L, book.getId());
}
 
Example #3
Source File: JAXRSJweJsonTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private BookStore createBookStoreTwoRecipients(String address) throws Exception {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    bean.setProvider(new JweJsonWriterInterceptor());

    List<String> properties = new ArrayList<>();
    properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties");
    properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties");
    bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
                             properties);
    return bean.create(BookStore.class);
}
 
Example #4
Source File: JAXRSJweJsonTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private BookStore createBookStore(String address, String propLoc) throws Exception {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSJweJsonTest.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    bean.setServiceClass(BookStore.class);
    bean.setAddress(address);
    List<Object> providers = new LinkedList<>();
    JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor();
    providers.add(writer);
    providers.add(new JweJsonClientResponseFilter());
    bean.setProviders(providers);
    bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS,
                                 propLoc);
    return bean.create(BookStore.class);
}
 
Example #5
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private Properties prepareSignatureVerificationProperties(JoseOperation operation) {
    Properties props = new Properties();
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword());
    props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.signatureKeyPassword());
    props.setProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, config.signatureAlgorithm());

    if (operation.equals(JoseOperation.SIGN)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, signatureKeyAlias());

    } else if (operation.equals(JoseOperation.VERIFICATION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, verificationKeyAlias());
    }
    return props;
}
 
Example #6
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private Properties prepareEncryptionDecryptionProperties(JoseOperation operation) {
    Properties props = new Properties();

    props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath());
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword());
    props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.encryptionKeyPassword());
    props.setProperty(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, config.keyEncryptionAlgorithm());
    props.setProperty(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, config.contentEncryptionAlgorithm());

    if (operation.equals(JoseOperation.ENCRYPTION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, encryptionKeyAlias());

    } else if (operation.equals(JoseOperation.DECRYPTION)) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, decryptionKeyAlias());

    }
    return props;
}
 
Example #7
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 
Example #8
Source File: JwsUtilsTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadVerificationKeyWithCert() throws Exception {
    Properties p = new Properties();
    p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
        "org/apache/cxf/rs/security/jose/jws/alice.jks");
    p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
    p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
    p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true);
    JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
    assertEquals(1, keySet.asMap().size());
    List<JsonWebKey> keys = keySet.getRsaKeys();
    assertEquals(1, keys.size());
    JsonWebKey key = keys.get(0);
    assertEquals(KeyType.RSA, key.getKeyType());
    assertEquals("alice", key.getKeyId());
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
    assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
    List<String> chain = key.getX509Chain();
    assertNotNull(chain);
    assertEquals(2, chain.size());
}
 
Example #9
Source File: JwsUtilsTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Test
public void testLoadVerificationKey() throws Exception {
    Properties p = new Properties();
    p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
        "org/apache/cxf/rs/security/jose/jws/alice.jks");
    p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
    p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
    JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
    assertEquals(1, keySet.asMap().size());
    List<JsonWebKey> keys = keySet.getRsaKeys();
    assertEquals(1, keys.size());
    JsonWebKey key = keys.get(0);
    assertEquals(KeyType.RSA, key.getKeyType());
    assertEquals("alice", key.getKeyId());
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
    assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
    assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
    assertNull(key.getX509Chain());
}
 
Example #10
Source File: JwsCompactReaderWriterTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
    JwsHeaders headers = new JwsHeaders();
    headers.setType(JoseType.JWT);
    headers.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey);

    JwtClaims claims = new JwtClaims();
    claims.setIssuer("joe");
    claims.setExpiryTime(1300819380L);
    claims.setClaim("http://example.com/is_root", Boolean.TRUE);

    JwtToken token = new JwtToken(headers, claims);
    JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
    jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));

    assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
}
 
Example #11
Source File: JweUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static JweEncryptionProvider loadEncryptionProvider(Properties props, Message m, JweHeaders headers) {

        KeyEncryptionProvider keyEncryptionProvider = loadKeyEncryptionProvider(props, m, headers);
        ContentAlgorithm contentAlgo = getContentEncryptionAlgorithm(m, props, null, ContentAlgorithm.A128GCM);
        if (m != null) {
            m.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentAlgo.getJwaName());
        }
        ContentEncryptionProvider ctEncryptionProvider = null;
        if (KeyAlgorithm.DIRECT == keyEncryptionProvider.getAlgorithm()) {
            JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT);
            if (jwk != null) {
                contentAlgo = getContentEncryptionAlgorithm(m, props,
                    jwk.getAlgorithm() != null ? ContentAlgorithm.getAlgorithm(jwk.getAlgorithm()) : null,
                    contentAlgo);
                ctEncryptionProvider = getContentEncryptionProvider(jwk, contentAlgo);
            }
        }
        String compression = props.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM);
        return createJweEncryptionProvider(keyEncryptionProvider,
                                    ctEncryptionProvider,
                                    contentAlgo,
                                    compression,
                                    headers);
    }
 
Example #12
Source File: OAuthUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static SignatureAlgorithm getClientSecretSignatureAlgorithm(Properties sigProps) {

        String clientSecretSigProp = sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM);
        if (clientSecretSigProp == null) {
            String sigProp = sigProps.getProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
            if (AlgorithmUtils.isHmacSign(sigProp)) {
                clientSecretSigProp = sigProp;
            }
        }
        SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(clientSecretSigProp);
        sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
        if (!AlgorithmUtils.isHmacSign(sigAlgo)) {
            // Must be HS-based for the symmetric signature
            throw new OAuthServiceException(OAuthConstants.SERVER_ERROR);
        }
        return sigAlgo;
    }
 
Example #13
Source File: JweUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey key,
                                                                   Properties props,
                                                                   KeyAlgorithm algo) {
    if (algo == null) {
        algo = getDefaultPublicKeyAlgorithm(key);
    }
    if (key instanceof RSAPublicKey) {
        return new RSAKeyEncryptionAlgorithm((RSAPublicKey)key, algo);
    } else if (key instanceof ECPublicKey) {
        ContentAlgorithm ctAlgo = null;
        Message m = PhaseInterceptorChain.getCurrentMessage();
        if (m != null) {
            ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        String curve = props == null ? JsonWebKey.EC_CURVE_P256
            : props.getProperty(JoseConstants.RSSEC_EC_CURVE, JsonWebKey.EC_CURVE_P256);
        return new EcdhAesWrapKeyEncryptionAlgorithm((ECPublicKey)key,
                                                     curve,
                                                     algo,
                                                     ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo);
    }

    return null;
}
 
Example #14
Source File: AbstractJweJsonWriterProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected List<String> getPropertyLocations() {
    Message m = JAXRSUtils.getCurrentMessage();
    Object propLocsProp =
        MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS,
                                           JoseConstants.RSSEC_ENCRYPTION_PROPS);
    if (propLocsProp == null) {
        if (encProviders == null) {
            LOG.warning("JWE JSON init properties resource is not identified");
            throw new JweException(JweException.Error.NO_INIT_PROPERTIES);
        }
        return Collections.emptyList();
    }
    List<String> propLocs = null;
    if (propLocsProp instanceof String) {
        String[] props = ((String)propLocsProp).split(",");
        propLocs = Arrays.asList(props);
    } else {
        propLocs = CastUtils.cast((List<?>)propLocsProp);
    }
    return propLocs;
}
 
Example #15
Source File: JweUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
    KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
        : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
    KeyEncryptionProvider keyEncryptionProvider = null;
    KeyType keyType = jwk.getKeyType();
    if (KeyType.RSA == keyType) {
        keyEncryptionProvider = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true),
                                                             keyAlgo);
    } else if (KeyType.OCTET == keyType) {
        keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk, keyAlgo),
                                                                keyAlgo);
    } else if (keyAlgo == KeyAlgorithm.ECDH_ES_DIRECT) {
        return new EcdhDirectKeyEncryptionAlgorithm();
    } else {
        ContentAlgorithm ctAlgo = null;
        Message m = PhaseInterceptorChain.getCurrentMessage();
        if (m != null) {
            ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM));
        }
        keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk),
                                    jwk.getStringProperty(JsonWebKey.EC_CURVE),
                                    keyAlgo,
                                    ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo);
    }
    return keyEncryptionProvider;
}
 
Example #16
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private DecryptionOutput decryptCompact(Properties props, String jwe) {
    try {
        JweCompactConsumer consumer = new JweCompactConsumer(jwe);

        if (config.acceptEncryptionAlias()) {
            JweHeaders header = consumer.getJweHeaders();
            props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, header.getKeyId());
        }

        JweDecryptionProvider decryptor = getDecryptionProvider(props, consumer.getJweHeaders());
        String decryptedData = consumer.getDecryptedContentText(decryptor);
        return new DecryptionOutput(consumer.getJweHeaders().asMap(), decryptedData);
    } catch (Exception ex) {
        throw new JoseException("JWE Compact Decryption Failure");
    }
}
 
Example #17
Source File: JwsUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static JsonWebKeys loadPublicVerificationKeys(Message m, Properties props, boolean stripPrivateParameters) {
    String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
    if ("jwk".equals(storeType)) {
        List<JsonWebKey> jsonWebKeys = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN, null);
        if (jsonWebKeys == null || jsonWebKeys.isEmpty()) {
            throw new JoseException("Error loading keys");
        }
        return new JsonWebKeys(stripPrivateParameters ? JwkUtils.stripPrivateParameters(jsonWebKeys) : jsonWebKeys);
    }
    X509Certificate[] certs = null;
    if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
        certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
    }
    PublicKey key = certs != null && certs.length > 0
        ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props);
    JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
    jwk.setPublicKeyUse(PublicKeyUse.SIGN);
    if (certs != null) {
        jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
    }
    return new JsonWebKeys(jwk);
}
 
Example #18
Source File: AbstractJwsJsonWriterProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected List<String> getPropertyLocations() {
    Message m = JAXRSUtils.getCurrentMessage();
    Object propLocsProp =
        MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,
                                           JoseConstants.RSSEC_SIGNATURE_PROPS);
    if (propLocsProp == null) {
        if (sigProviders == null) {
            LOG.warning("JWS JSON init properties resource is not identified");
            throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
        }
        return Collections.emptyList();
    }
    List<String> propLocs = null;
    if (propLocsProp instanceof String) {
        String[] props = ((String)propLocsProp).split(",");
        propLocs = Arrays.asList(props);
    } else {
        propLocs = CastUtils.cast((List<?>)propLocsProp);
    }
    return propLocs;
}
 
Example #19
Source File: JwkUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb) {
    String key = (String)props.get(JoseConstants.RSSEC_KEY_STORE_FILE);
    JsonWebKeys jwkSet = null;
    if (key != null && m != null) {
        Object jwkSetProp = m.getExchange().get(key);
        if (jwkSetProp != null && !(jwkSetProp instanceof JsonWebKeys)) {
            throw new JwkException("Unexpected key store class: " + jwkSetProp.getClass().getName());
        } else {
            jwkSet = (JsonWebKeys)jwkSetProp;
        }
    }
    if (jwkSet == null) {
        jwkSet = loadJwkSet(props, m != null ? m.getExchange().getBus() : null, cb);
        if (key != null && m != null) {
            m.getExchange().put(key, jwkSet);
        }
    }
    return jwkSet;
}
 
Example #20
Source File: AbstractJweDecryption.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
    KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput));
    keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput));
    AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput);
    keyProperties.setAlgoSpec(spec);
    boolean compressionSupported =
        JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm());
    keyProperties.setCompressionSupported(compressionSupported);
    byte[] actualCek = getActualCek(cek,
                           jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName());
    SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo());
    byte[] bytes =
        CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties);

    // Here we're finished with the SecretKey we created, so we can destroy it
    try {
        secretKey.destroy();
    } catch (DestroyFailedException e) {
        // ignore
    }
    Arrays.fill(cek, (byte) 0);
    if (actualCek != cek) {
        Arrays.fill(actualCek, (byte) 0);
    }

    return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes);
}
 
Example #21
Source File: JwkUtilsTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Test
public void testLoadPublicJwkSet() throws Exception {
    final Properties props = new Properties();
    props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, "unavailable");
    try {
        JwkUtils.loadPublicJwkSet(null, props);
        fail();
    } catch (JwkException e) {
        assertNull(e.getCause());
    }
}
 
Example #22
Source File: JweHeaders.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void init(KeyAlgorithm keyEncAlgo, ContentAlgorithm ctEncAlgo, boolean deflate) {
    if (keyEncAlgo != null) {
        setKeyEncryptionAlgorithm(keyEncAlgo);
    }
    setContentEncryptionAlgorithm(ctEncAlgo);
    if (deflate) {
        setZipAlgorithm(JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM);
    }
}
 
Example #23
Source File: JwsUtilsTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
private Message createMessage() {
    Message m = new MessageImpl();
    Exchange e = new ExchangeImpl();
    e.put(Bus.class, BusFactory.getThreadDefaultBus());
    m.setExchange(e);
    m.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, "true");
    e.setInMessage(m);
    return m;
}
 
Example #24
Source File: OidcConfigurationService.java    From cxf with Apache License 2.0 5 votes vote down vote up
@Override
protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) {
    super.prepareConfigurationData(cfg, baseUri);
    // UriInfo Endpoint
    if (!isUserInfoEndpointNotAvailable()) {
        String theUserInfoEndpointAddress =
            calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
        cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
    }

    Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
    if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) {
        cfg.put("id_token_signing_alg_values_supported",
                Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
    }
    
    // RP Initiated Logout Endpoint
    if (!isEndSessionEndpointNotAvailable()) {
        String theEndSessionEndpointAddress =
            calculateEndpointAddress(endSessionEndpointAddress, baseUri, "/idp/logout");
        cfg.put("end_session_endpoint", theEndSessionEndpointAddress);
    }
    
    if (isBackChannelLogoutSupported()) {
        cfg.put("backchannel_logout_supported", Boolean.TRUE);
    }
    
    //Subject types: pairwise is not supported yet
    cfg.put("subject_types_supported", Collections.singletonList("public"));
    
    List<String> theResponseTypes = responseTypes == null ? DEFAULT_RESPONSE_TYPES : responseTypes;
    cfg.put("response_types_supported", theResponseTypes);
}
 
Example #25
Source File: JwsUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static SignatureAlgorithm getSignatureAlgorithm(Message m,
                                                       Properties props,
                                                       SignatureAlgorithm defaultAlgo) {
    String algo = KeyManagementUtils.getKeyAlgorithm(m,
                                              props,
                                              JoseConstants.RSSEC_SIGNATURE_ALGORITHM,
                                              defaultAlgo == null ? null : defaultAlgo.getJwaName());
    return SignatureAlgorithm.getAlgorithm(algo);
}
 
Example #26
Source File: JwsUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static Properties loadSignatureInProperties(boolean required) {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    return KeyManagementUtils.loadStoreProperties(m, required,
                                                  JoseConstants.RSSEC_SIGNATURE_IN_PROPS,
                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);

}
 
Example #27
Source File: JwsUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static Properties loadSignatureOutProperties(boolean required) {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    return KeyManagementUtils.loadStoreProperties(m, required,
                                                  JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,
                                                  JoseConstants.RSSEC_SIGNATURE_PROPS);

}
 
Example #28
Source File: JwsHeaders.java    From cxf with Apache License 2.0 5 votes vote down vote up
public void setPayloadEncodingStatus(Boolean status) {
    super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status);
    if (!status) {
        List<String> critical = this.getCritical();
        if (critical == null) {
            critical = new LinkedList<>();
            setCritical(critical);
        } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) {
            return;
        }
        critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER);

    }
}
 
Example #29
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 5 votes vote down vote up
private JwsSignatureVerifier getJwsSignatureVerifier(Properties props, JwsHeaders headers) {
    if (config.acceptSignatureAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        return JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias()));
    } else {
        return JwsUtils.loadSignatureVerifier(props, headers);
    }
}
 
Example #30
Source File: JwkUtils.java    From cxf with Apache License 2.0 5 votes vote down vote up
public static JsonWebKey fromPublicKey(PublicKey key, Properties props, String algoProp) {
    final JsonWebKey jwk;
    if (key instanceof RSAPublicKey) {
        String algo = props.getProperty(algoProp);
        jwk = JwkUtils.fromRSAPublicKey((RSAPublicKey)key, algo);
    } else {
        jwk = JwkUtils.fromECPublicKey((ECPublicKey)key,
                                       props.getProperty(JoseConstants.RSSEC_EC_CURVE));
    }
    String kid = props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS);
    if (kid != null) {
        jwk.setKeyId(kid);
    }
    return jwk;
}