org.apache.cxf.rs.security.jose.common.JoseConstants Java Examples
The following examples show how to use
org.apache.cxf.rs.security.jose.common.JoseConstants.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwkUtils.java From cxf with Apache License 2.0 | 6 votes |
public static JsonWebKey loadJsonWebKey(Message m, Properties props, KeyOperation keyOper, String inHeaderKid) { PrivateKeyPasswordProvider cb = KeyManagementUtils.loadPasswordProvider(m, props, keyOper); JsonWebKeys jwkSet = loadJwkSet(m, props, cb); String kid = null; if (inHeaderKid != null && MessageUtils.getContextualBoolean(m, JoseConstants.RSSEC_ACCEPT_PUBLIC_KEY, false)) { kid = inHeaderKid; } else { kid = KeyManagementUtils.getKeyId(m, props, JoseConstants.RSSEC_KEY_STORE_ALIAS, keyOper); } if (kid != null) { return jwkSet.getKey(kid); } else if (keyOper != null) { List<JsonWebKey> keys = jwkSet.getKeyOperationMap().get(keyOper); if (keys != null && keys.size() == 1) { return keys.get(0); } } return null; }
Example #2
Source File: JAXRSJwsJsonTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testJweCompactJwsJsonBookBeanHmac() throws Exception { if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) { return; } String address = "https://localhost:" + PORT + "/jwejwsjsonhmac"; List<?> extraProviders = Arrays.asList(new JacksonJsonProvider(), new JweWriterInterceptor(), new JweClientResponseFilter()); String jwkStoreProperty = "org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"; Map<String, Object> props = new HashMap<>(); props.put(JoseConstants.RSSEC_SIGNATURE_PROPS, jwkStoreProperty); props.put(JoseConstants.RSSEC_ENCRYPTION_PROPS, jwkStoreProperty); BookStore bs = createBookStore(address, props, extraProviders); Book book = bs.echoBook(new Book("book", 123L)); assertEquals("book", book.getName()); assertEquals(123L, book.getId()); }
Example #3
Source File: JAXRSJweJsonTest.java From cxf with Apache License 2.0 | 6 votes |
private BookStore createBookStoreTwoRecipients(String address) throws Exception { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); URL busFile = JAXRSJweJsonTest.class.getResource("client.xml"); Bus springBus = bf.createBus(busFile.toString()); bean.setBus(springBus); bean.setServiceClass(BookStore.class); bean.setAddress(address); bean.setProvider(new JweJsonWriterInterceptor()); List<String> properties = new ArrayList<>(); properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties"); properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties"); bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS, properties); return bean.create(BookStore.class); }
Example #4
Source File: JAXRSJweJsonTest.java From cxf with Apache License 2.0 | 6 votes |
private BookStore createBookStore(String address, String propLoc) throws Exception { JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); URL busFile = JAXRSJweJsonTest.class.getResource("client.xml"); Bus springBus = bf.createBus(busFile.toString()); bean.setBus(springBus); bean.setServiceClass(BookStore.class); bean.setAddress(address); List<Object> providers = new LinkedList<>(); JweJsonWriterInterceptor writer = new JweJsonWriterInterceptor(); providers.add(writer); providers.add(new JweJsonClientResponseFilter()); bean.setProviders(providers); bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS, propLoc); return bean.create(BookStore.class); }
Example #5
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
private Properties prepareSignatureVerificationProperties(JoseOperation operation) { Properties props = new Properties(); props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType()); props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath()); props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword()); props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.signatureKeyPassword()); props.setProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, config.signatureAlgorithm()); if (operation.equals(JoseOperation.SIGN)) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, signatureKeyAlias()); } else if (operation.equals(JoseOperation.VERIFICATION)) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, verificationKeyAlias()); } return props; }
Example #6
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
private Properties prepareEncryptionDecryptionProperties(JoseOperation operation) { Properties props = new Properties(); props.setProperty(JoseConstants.RSSEC_KEY_STORE_TYPE, config.keystoreType()); props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, config.keystorePath()); props.setProperty(JoseConstants.RSSEC_KEY_STORE_PSWD, config.keystorePassword()); props.setProperty(JoseConstants.RSSEC_KEY_PSWD, config.encryptionKeyPassword()); props.setProperty(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, config.keyEncryptionAlgorithm()); props.setProperty(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, config.contentEncryptionAlgorithm()); if (operation.equals(JoseOperation.ENCRYPTION)) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, encryptionKeyAlias()); } else if (operation.equals(JoseOperation.DECRYPTION)) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, decryptionKeyAlias()); } return props; }
Example #7
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) { if (config.acceptEncryptionAlias()) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId()); } if (isInlinedJwkSetAvailable()) { if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) { return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias())); } else { return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()), ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm())); } } else { return JweUtils.loadDecryptionProvider(props, headers); } }
Example #8
Source File: JwsUtilsTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testLoadVerificationKeyWithCert() throws Exception { Properties p = new Properties(); p.put(JoseConstants.RSSEC_KEY_STORE_FILE, "org/apache/cxf/rs/security/jose/jws/alice.jks"); p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password"); p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice"); p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true); JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true); assertEquals(1, keySet.asMap().size()); List<JsonWebKey> keys = keySet.getRsaKeys(); assertEquals(1, keys.size()); JsonWebKey key = keys.get(0); assertEquals(KeyType.RSA, key.getKeyType()); assertEquals("alice", key.getKeyId()); assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS)); assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP)); List<String> chain = key.getX509Chain(); assertNotNull(chain); assertEquals(2, chain.size()); }
Example #9
Source File: JwsUtilsTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testLoadVerificationKey() throws Exception { Properties p = new Properties(); p.put(JoseConstants.RSSEC_KEY_STORE_FILE, "org/apache/cxf/rs/security/jose/jws/alice.jks"); p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password"); p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice"); JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true); assertEquals(1, keySet.asMap().size()); List<JsonWebKey> keys = keySet.getRsaKeys(); assertEquals(1, keys.size()); JsonWebKey key = keys.get(0); assertEquals(KeyType.RSA, key.getKeyType()); assertEquals("alice", key.getKeyId()); assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS)); assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP)); assertNull(key.getX509Chain()); }
Example #10
Source File: JwsCompactReaderWriterTest.java From cxf with Apache License 2.0 | 6 votes |
private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception { JwsHeaders headers = new JwsHeaders(); headers.setType(JoseType.JWT); headers.setSignatureAlgorithm(SignatureAlgorithm.HS256); headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey); JwtClaims claims = new JwtClaims(); claims.setIssuer("joe"); claims.setExpiryTime(1300819380L); claims.setClaim("http://example.com/is_root", Boolean.TRUE); JwtToken token = new JwtToken(headers, claims); JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter()); jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)); assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws()); }
Example #11
Source File: JweUtils.java From cxf with Apache License 2.0 | 6 votes |
public static JweEncryptionProvider loadEncryptionProvider(Properties props, Message m, JweHeaders headers) { KeyEncryptionProvider keyEncryptionProvider = loadKeyEncryptionProvider(props, m, headers); ContentAlgorithm contentAlgo = getContentEncryptionAlgorithm(m, props, null, ContentAlgorithm.A128GCM); if (m != null) { m.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, contentAlgo.getJwaName()); } ContentEncryptionProvider ctEncryptionProvider = null; if (KeyAlgorithm.DIRECT == keyEncryptionProvider.getAlgorithm()) { JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.ENCRYPT); if (jwk != null) { contentAlgo = getContentEncryptionAlgorithm(m, props, jwk.getAlgorithm() != null ? ContentAlgorithm.getAlgorithm(jwk.getAlgorithm()) : null, contentAlgo); ctEncryptionProvider = getContentEncryptionProvider(jwk, contentAlgo); } } String compression = props.getProperty(JoseConstants.RSSEC_ENCRYPTION_ZIP_ALGORITHM); return createJweEncryptionProvider(keyEncryptionProvider, ctEncryptionProvider, contentAlgo, compression, headers); }
Example #12
Source File: OAuthUtils.java From cxf with Apache License 2.0 | 6 votes |
public static SignatureAlgorithm getClientSecretSignatureAlgorithm(Properties sigProps) { String clientSecretSigProp = sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM); if (clientSecretSigProp == null) { String sigProp = sigProps.getProperty(JoseConstants.RSSEC_SIGNATURE_ALGORITHM); if (AlgorithmUtils.isHmacSign(sigProp)) { clientSecretSigProp = sigProp; } } SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(clientSecretSigProp); sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; if (!AlgorithmUtils.isHmacSign(sigAlgo)) { // Must be HS-based for the symmetric signature throw new OAuthServiceException(OAuthConstants.SERVER_ERROR); } return sigAlgo; }
Example #13
Source File: JweUtils.java From cxf with Apache License 2.0 | 6 votes |
public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey key, Properties props, KeyAlgorithm algo) { if (algo == null) { algo = getDefaultPublicKeyAlgorithm(key); } if (key instanceof RSAPublicKey) { return new RSAKeyEncryptionAlgorithm((RSAPublicKey)key, algo); } else if (key instanceof ECPublicKey) { ContentAlgorithm ctAlgo = null; Message m = PhaseInterceptorChain.getCurrentMessage(); if (m != null) { ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM)); } String curve = props == null ? JsonWebKey.EC_CURVE_P256 : props.getProperty(JoseConstants.RSSEC_EC_CURVE, JsonWebKey.EC_CURVE_P256); return new EcdhAesWrapKeyEncryptionAlgorithm((ECPublicKey)key, curve, algo, ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo); } return null; }
Example #14
Source File: AbstractJweJsonWriterProvider.java From cxf with Apache License 2.0 | 6 votes |
protected List<String> getPropertyLocations() { Message m = JAXRSUtils.getCurrentMessage(); Object propLocsProp = MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_ENCRYPTION_OUT_PROPS, JoseConstants.RSSEC_ENCRYPTION_PROPS); if (propLocsProp == null) { if (encProviders == null) { LOG.warning("JWE JSON init properties resource is not identified"); throw new JweException(JweException.Error.NO_INIT_PROPERTIES); } return Collections.emptyList(); } List<String> propLocs = null; if (propLocsProp instanceof String) { String[] props = ((String)propLocsProp).split(","); propLocs = Arrays.asList(props); } else { propLocs = CastUtils.cast((List<?>)propLocsProp); } return propLocs; }
Example #15
Source File: JweUtils.java From cxf with Apache License 2.0 | 6 votes |
public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) { KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()); KeyEncryptionProvider keyEncryptionProvider = null; KeyType keyType = jwk.getKeyType(); if (KeyType.RSA == keyType) { keyEncryptionProvider = getPublicKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true), keyAlgo); } else if (KeyType.OCTET == keyType) { keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk, keyAlgo), keyAlgo); } else if (keyAlgo == KeyAlgorithm.ECDH_ES_DIRECT) { return new EcdhDirectKeyEncryptionAlgorithm(); } else { ContentAlgorithm ctAlgo = null; Message m = PhaseInterceptorChain.getCurrentMessage(); if (m != null) { ctAlgo = getContentAlgo((String)m.get(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM)); } keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk), jwk.getStringProperty(JsonWebKey.EC_CURVE), keyAlgo, ctAlgo == null ? ContentAlgorithm.A128GCM : ctAlgo); } return keyEncryptionProvider; }
Example #16
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
private DecryptionOutput decryptCompact(Properties props, String jwe) { try { JweCompactConsumer consumer = new JweCompactConsumer(jwe); if (config.acceptEncryptionAlias()) { JweHeaders header = consumer.getJweHeaders(); props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, header.getKeyId()); } JweDecryptionProvider decryptor = getDecryptionProvider(props, consumer.getJweHeaders()); String decryptedData = consumer.getDecryptedContentText(decryptor); return new DecryptionOutput(consumer.getJweHeaders().asMap(), decryptedData); } catch (Exception ex) { throw new JoseException("JWE Compact Decryption Failure"); } }
Example #17
Source File: JwsUtils.java From cxf with Apache License 2.0 | 6 votes |
public static JsonWebKeys loadPublicVerificationKeys(Message m, Properties props, boolean stripPrivateParameters) { String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE); if ("jwk".equals(storeType)) { List<JsonWebKey> jsonWebKeys = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN, null); if (jsonWebKeys == null || jsonWebKeys.isEmpty()) { throw new JoseException("Error loading keys"); } return new JsonWebKeys(stripPrivateParameters ? JwkUtils.stripPrivateParameters(jsonWebKeys) : jsonWebKeys); } X509Certificate[] certs = null; if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) { certs = KeyManagementUtils.loadX509CertificateOrChain(m, props); } PublicKey key = certs != null && certs.length > 0 ? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props); JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM); jwk.setPublicKeyUse(PublicKeyUse.SIGN); if (certs != null) { jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs)); } return new JsonWebKeys(jwk); }
Example #18
Source File: AbstractJwsJsonWriterProvider.java From cxf with Apache License 2.0 | 6 votes |
protected List<String> getPropertyLocations() { Message m = JAXRSUtils.getCurrentMessage(); Object propLocsProp = MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, JoseConstants.RSSEC_SIGNATURE_PROPS); if (propLocsProp == null) { if (sigProviders == null) { LOG.warning("JWS JSON init properties resource is not identified"); throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES); } return Collections.emptyList(); } List<String> propLocs = null; if (propLocsProp instanceof String) { String[] props = ((String)propLocsProp).split(","); propLocs = Arrays.asList(props); } else { propLocs = CastUtils.cast((List<?>)propLocsProp); } return propLocs; }
Example #19
Source File: JwkUtils.java From cxf with Apache License 2.0 | 6 votes |
public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb) { String key = (String)props.get(JoseConstants.RSSEC_KEY_STORE_FILE); JsonWebKeys jwkSet = null; if (key != null && m != null) { Object jwkSetProp = m.getExchange().get(key); if (jwkSetProp != null && !(jwkSetProp instanceof JsonWebKeys)) { throw new JwkException("Unexpected key store class: " + jwkSetProp.getClass().getName()); } else { jwkSet = (JsonWebKeys)jwkSetProp; } } if (jwkSet == null) { jwkSet = loadJwkSet(props, m != null ? m.getExchange().getBus() : null, cb); if (key != null && m != null) { m.getExchange().put(key, jwkSet); } } return jwkSet; }
Example #20
Source File: AbstractJweDecryption.java From cxf with Apache License 2.0 | 5 votes |
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) { KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(jweDecryptionInput)); keyProperties.setAdditionalData(getContentEncryptionCipherAAD(jweDecryptionInput)); AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(jweDecryptionInput); keyProperties.setAlgoSpec(spec); boolean compressionSupported = JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM.equals(jweDecryptionInput.getJweHeaders().getZipAlgorithm()); keyProperties.setCompressionSupported(compressionSupported); byte[] actualCek = getActualCek(cek, jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm().getJwaName()); SecretKey secretKey = CryptoUtils.createSecretKeySpec(actualCek, keyProperties.getKeyAlgo()); byte[] bytes = CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(jweDecryptionInput), secretKey, keyProperties); // Here we're finished with the SecretKey we created, so we can destroy it try { secretKey.destroy(); } catch (DestroyFailedException e) { // ignore } Arrays.fill(cek, (byte) 0); if (actualCek != cek) { Arrays.fill(actualCek, (byte) 0); } return new JweDecryptionOutput(jweDecryptionInput.getJweHeaders(), bytes); }
Example #21
Source File: JwkUtilsTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testLoadPublicJwkSet() throws Exception { final Properties props = new Properties(); props.setProperty(JoseConstants.RSSEC_KEY_STORE_FILE, "unavailable"); try { JwkUtils.loadPublicJwkSet(null, props); fail(); } catch (JwkException e) { assertNull(e.getCause()); } }
Example #22
Source File: JweHeaders.java From cxf with Apache License 2.0 | 5 votes |
private void init(KeyAlgorithm keyEncAlgo, ContentAlgorithm ctEncAlgo, boolean deflate) { if (keyEncAlgo != null) { setKeyEncryptionAlgorithm(keyEncAlgo); } setContentEncryptionAlgorithm(ctEncAlgo); if (deflate) { setZipAlgorithm(JoseConstants.JWE_DEFLATE_ZIP_ALGORITHM); } }
Example #23
Source File: JwsUtilsTest.java From cxf with Apache License 2.0 | 5 votes |
private Message createMessage() { Message m = new MessageImpl(); Exchange e = new ExchangeImpl(); e.put(Bus.class, BusFactory.getThreadDefaultBus()); m.setExchange(e); m.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_KEY_ID, "true"); e.setInMessage(m); return m; }
Example #24
Source File: OidcConfigurationService.java From cxf with Apache License 2.0 | 5 votes |
@Override protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) { super.prepareConfigurationData(cfg, baseUri); // UriInfo Endpoint if (!isUserInfoEndpointNotAvailable()) { String theUserInfoEndpointAddress = calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo"); cfg.put("userinfo_endpoint", theUserInfoEndpointAddress); } Properties sigProps = JwsUtils.loadSignatureOutProperties(false); if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) { cfg.put("id_token_signing_alg_values_supported", Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM))); } // RP Initiated Logout Endpoint if (!isEndSessionEndpointNotAvailable()) { String theEndSessionEndpointAddress = calculateEndpointAddress(endSessionEndpointAddress, baseUri, "/idp/logout"); cfg.put("end_session_endpoint", theEndSessionEndpointAddress); } if (isBackChannelLogoutSupported()) { cfg.put("backchannel_logout_supported", Boolean.TRUE); } //Subject types: pairwise is not supported yet cfg.put("subject_types_supported", Collections.singletonList("public")); List<String> theResponseTypes = responseTypes == null ? DEFAULT_RESPONSE_TYPES : responseTypes; cfg.put("response_types_supported", theResponseTypes); }
Example #25
Source File: JwsUtils.java From cxf with Apache License 2.0 | 5 votes |
public static SignatureAlgorithm getSignatureAlgorithm(Message m, Properties props, SignatureAlgorithm defaultAlgo) { String algo = KeyManagementUtils.getKeyAlgorithm(m, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM, defaultAlgo == null ? null : defaultAlgo.getJwaName()); return SignatureAlgorithm.getAlgorithm(algo); }
Example #26
Source File: JwsUtils.java From cxf with Apache License 2.0 | 5 votes |
public static Properties loadSignatureInProperties(boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); return KeyManagementUtils.loadStoreProperties(m, required, JoseConstants.RSSEC_SIGNATURE_IN_PROPS, JoseConstants.RSSEC_SIGNATURE_PROPS); }
Example #27
Source File: JwsUtils.java From cxf with Apache License 2.0 | 5 votes |
public static Properties loadSignatureOutProperties(boolean required) { Message m = PhaseInterceptorChain.getCurrentMessage(); return KeyManagementUtils.loadStoreProperties(m, required, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, JoseConstants.RSSEC_SIGNATURE_PROPS); }
Example #28
Source File: JwsHeaders.java From cxf with Apache License 2.0 | 5 votes |
public void setPayloadEncodingStatus(Boolean status) { super.setProperty(JoseConstants.JWS_HEADER_B64_STATUS_HEADER, status); if (!status) { List<String> critical = this.getCritical(); if (critical == null) { critical = new LinkedList<>(); setCritical(critical); } else if (critical.contains(JoseConstants.JWS_HEADER_B64_STATUS_HEADER)) { return; } critical.add(JoseConstants.JWS_HEADER_B64_STATUS_HEADER); } }
Example #29
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 5 votes |
private JwsSignatureVerifier getJwsSignatureVerifier(Properties props, JwsHeaders headers) { if (config.acceptSignatureAlias()) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId()); } if (isInlinedJwkSetAvailable()) { return JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias())); } else { return JwsUtils.loadSignatureVerifier(props, headers); } }
Example #30
Source File: JwkUtils.java From cxf with Apache License 2.0 | 5 votes |
public static JsonWebKey fromPublicKey(PublicKey key, Properties props, String algoProp) { final JsonWebKey jwk; if (key instanceof RSAPublicKey) { String algo = props.getProperty(algoProp); jwk = JwkUtils.fromRSAPublicKey((RSAPublicKey)key, algo); } else { jwk = JwkUtils.fromECPublicKey((ECPublicKey)key, props.getProperty(JoseConstants.RSSEC_EC_CURVE)); } String kid = props.getProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS); if (kid != null) { jwk.setKeyId(kid); } return jwk; }