Java Code Examples for org.apache.cxf.rs.security.jose.jwe.JweUtils#loadDecryptionProvider()

The following examples show how to use org.apache.cxf.rs.security.jose.jwe.JweUtils#loadDecryptionProvider() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 
Example 2
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 3
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());

        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
            ContentAlgorithm.A128CBC_HS256.name()
        );

        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertNotNull(providerResponse);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

        String token = (String)providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);

        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
                              ContentAlgorithm.A128CBC_HS256.name());

            JweDecryptionProvider decProvider =
                JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();

            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();

            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
 
Example 4
Source File: JWTTokenProviderTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 5
Source File: JoseClientCodeStateManager.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (decryptionProvider != null) {
        return decryptionProvider;
    }
    return JweUtils.loadDecryptionProvider(false);
}
 
Example 6
Source File: JoseSessionTokenProvider.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweRequired);
}
 
Example 7
Source File: AbstractJweJsonDecryptingFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 8
Source File: AbstractJweDecryptingFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 9
Source File: AbstractJoseConsumer.java    From cxf with Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweHeaders, false);
}