Repository: cxf Updated Branches: refs/heads/master 5a407ef98 -> 8bc72ec08
[CXF-5944] Trying to minimize on a number of utility classes for now Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8bc72ec0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8bc72ec0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8bc72ec0 Branch: refs/heads/master Commit: 8bc72ec088209f7ec6261ad0fea660b0dbff5a56 Parents: 5a407ef Author: Sergey Beryozkin <[email protected]> Authored: Tue Sep 16 17:04:15 2014 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Sep 16 17:04:15 2014 +0100 ---------------------------------------------------------------------- .../security/oauth2/jwe/RSAJweDecryption.java | 38 ------------ .../security/oauth2/jwe/RSAJweEncryption.java | 61 -------------------- .../jwe/RSAOaepKeyEncryptionAlgorithm.java | 6 -- .../oauth2/jwe/WrappedKeyJweDecryption.java | 3 + .../oauth2/jwt/jaxrs/JweWriterInterceptor.java | 17 +++--- .../oauth2/jwe/JweCompactReaderWriterTest.java | 13 +++-- 6 files changed, 20 insertions(+), 118 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java deleted file mode 100644 index 5a1e21a..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryption.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.jwe; - -import java.security.interfaces.RSAPrivateKey; - - -public class RSAJweDecryption extends WrappedKeyJweDecryption { - - public RSAJweDecryption(RSAPrivateKey privateKey) { - this(privateKey, true); - } - public RSAJweDecryption(RSAPrivateKey privateKey, boolean unwrap) { - this(privateKey, unwrap, null); - } - public RSAJweDecryption(RSAPrivateKey privateKey, boolean unwrap, - JweCryptoProperties props) { - super(new RSAOaepKeyDecryptionAlgorithm(privateKey, unwrap), props, null); - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java deleted file mode 100644 index 46723eb..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryption.java +++ /dev/null @@ -1,61 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.jwe; - -import java.security.interfaces.RSAPublicKey; - -import javax.crypto.SecretKey; - -import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter; - -public class RSAJweEncryption extends WrappedKeyJweEncryption { - public RSAJweEncryption(RSAPublicKey publicKey, - String keyEncryptionJwtAlgo, - String contentEncryptionJwtAlgo) { - super(new JweHeaders(keyEncryptionJwtAlgo, - contentEncryptionJwtAlgo), - new RSAOaepKeyEncryptionAlgorithm(publicKey, keyEncryptionJwtAlgo)); - } - public RSAJweEncryption(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[] iv) { - this(publicKey, headers, cek, iv, true, null); - } - public RSAJweEncryption(RSAPublicKey publicKey, - String keyEncryptionJwtAlgo, - SecretKey secretKey, - String secretKeyJwtAlgo, - byte[] iv) { - this(publicKey, - new JweHeaders(keyEncryptionJwtAlgo, secretKeyJwtAlgo), - secretKey != null ? secretKey.getEncoded() : null, iv, true, null); - } - - public RSAJweEncryption(RSAPublicKey publicKey, - JweHeaders headers, - byte[] cek, - byte[] iv, - boolean wrap, - JwtHeadersWriter writer) { - this(new RSAOaepKeyEncryptionAlgorithm(publicKey, wrap), headers, cek, iv, writer); - } - public RSAJweEncryption(RSAOaepKeyEncryptionAlgorithm keyEncryptionAlgorithm, JweHeaders headers, byte[] cek, - byte[] iv, JwtHeadersWriter writer) { - super(headers, cek, iv, keyEncryptionAlgorithm, writer); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java index 212e6d4..d80a04d 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAOaepKeyEncryptionAlgorithm.java @@ -29,12 +29,6 @@ public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgo private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>( Arrays.asList(Algorithm.RSA_OAEP.getJwtName(), Algorithm.RSA_OAEP_256.getJwtName())); - public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey) { - this(publicKey, null, true); - } - public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, boolean wrap) { - this(publicKey, null, wrap); - } public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) { this(publicKey, jweAlgo, true); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java index b36585a..0c65962 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java @@ -41,6 +41,9 @@ public class WrappedKeyJweDecryption extends AbstractJweDecryption { this(new WrappedKeyDecryptionAlgorithm(cekDecryptionKey, unwrap), props, reader); } + public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo) { + this(keyDecryptionAlgo, null, null); + } public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo, JweCryptoProperties props, JwtHeadersReader reader) { this(keyDecryptionAlgo, props, reader, new AesGcmContentDecryptionAlgorithm()); http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java index 73fa72c..e37f68c 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java @@ -140,7 +140,8 @@ public class JweWriterInterceptor implements WriterInterceptor { keyEncryptionAlgo = jwk.getAlgorithm(); // TODO: Put it into some factory code if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(jwk.toRSAPublicKey()); + keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(jwk.toRSAPublicKey(), + getKeyEncryptionAlgo(props, keyEncryptionAlgo)); } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { SecretKey key = jwk.toSecretKey(); if (Algorithm.isAesKeyWrap(keyEncryptionAlgo)) { @@ -154,16 +155,16 @@ public class JweWriterInterceptor implements WriterInterceptor { } else { keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm( - (RSAPublicKey)CryptoUtils.loadPublicKey(m, props)); + (RSAPublicKey)CryptoUtils.loadPublicKey(m, props), + getKeyEncryptionAlgo(props, keyEncryptionAlgo)); } if (keyEncryptionProvider == null) { throw new SecurityException(); } - if (keyEncryptionAlgo == null) { - keyEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP); - } + String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP); - JweHeaders headers = new JweHeaders(keyEncryptionAlgo, contentEncryptionAlgo); + JweHeaders headers = new JweHeaders(getKeyEncryptionAlgo(props, keyEncryptionAlgo), + contentEncryptionAlgo); String compression = props.getProperty(JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP); if (compression != null) { headers.setZipAlgorithm(compression); @@ -181,7 +182,9 @@ public class JweWriterInterceptor implements WriterInterceptor { throw new SecurityException(ex); } } - + private String getKeyEncryptionAlgo(Properties props, String algo) { + return algo == null ? props.getProperty(JSON_WEB_ENCRYPTION_KEY_ALGO_PROP) : algo; + } public void setUseJweOutputStream(boolean useJweOutputStream) { this.useJweOutputStream = useJweOutputStream; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8bc72ec0/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java index f59e602..a540ee6 100644 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java @@ -173,11 +173,12 @@ public class JweCompactReaderWriterTest extends Assert { } else { jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8); } - RSAJweEncryption encryptor = new RSAJweEncryption(publicKey, - Algorithm.RSA_OAEP.getJwtName(), - key, - jwtKeyName, - INIT_VECTOR_A1); + JweEncryptionProvider encryptor = new WrappedKeyJweEncryption( + new JweHeaders(Algorithm.RSA_OAEP.getJwtName(), jwtKeyName), + key.getEncoded(), + INIT_VECTOR_A1, + new RSAOaepKeyEncryptionAlgorithm(publicKey, + Algorithm.RSA_OAEP.getJwtName())); return encryptor.encrypt(content.getBytes("UTF-8"), null); } private String encryptContentDirect(SecretKey key, String content) throws Exception { @@ -187,7 +188,7 @@ public class JweCompactReaderWriterTest extends Assert { private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception { RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, RSA_PRIVATE_EXPONENT_ENCODED_A1); - RSAJweDecryption decryptor = new RSAJweDecryption(privateKey, unwrap); + JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey)); String decryptedText = decryptor.decrypt(jweContent).getContentText(); assertEquals(decryptedText, plainContent); }
