Author: buildbot
Date: Wed May 18 14:47:37 2016
New Revision: 988536
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Wed May 18 14:47:37
2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p> </p><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1463579220959 {padding: 0px;}
-div.rbtoc1463579220959 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1463579220959 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1463582822610 {padding: 0px;}
+div.rbtoc1463582822610 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1463582822610 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1463579220959">
+/*]]>*/</style></p><div class="toc-macro rbtoc1463582822610">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect"
href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and
Implementation</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification
Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithClearPayload">JWS
with Clear Payload</a></li></ul>
@@ -201,7 +201,7 @@ JwtToken token = jws.getJwtToken();
JoseHeaders headers = token.getHeaders();
assertEquals(SignatureAlgorithm.HS256, headers.getAlgorithm());
validateClaims(token.getClaims());</pre>
-</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3
id="JAX-RSJOSE-JWSwithClearPayload">JWS with Clear Payload</h3><h2
id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7516";
rel="nofollow">JWE</a> (JSON Web Encryption) document describes how a document
content, and, when applicable, a content encryption key, can be encrypted. For
example, <a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7516#appendix-A.1"; rel="nofollow">Appendix
A1</a> shows how the content can be encrypted with a secret key using AesGcm
with the actual content encryption key being encrypted using
RSA-OAEP.</p><p>CXF ships JWE related classes in <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe";
rel="nofollow">this package</a> and offers a support for all of JWA <a
shape="rect" class="external
-link" href="https://tools.ietf.org/html/rfc7518#section-4"; rel="nofollow">key
encryption</a> and <a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-5"; rel="nofollow">content
encryption</a> algorithms.</p><h3
id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption
Providers</h3><p>JWE Encryption process typically involves a content-encryption
key being generated with this key being subsequently encrypted/wrapped with a
key known to the consumer. Thus CXF offers the providers for supporting the
key-encryption algorithms and providers for supporting the content-encryption
algorithms. Direct key encryption (where the content-encryption key is
established out of band) is also supported.</p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java";
rel="nofollow">KeyEncryptionProvider</a> suppo
rts encrypting a content-encryption key, <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java";
rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following
table shows the key encryption algorithms and the corresponding
providers:</p><p>RSAKeyEncryptionAlgorithm</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> </td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td colspan="1"
rowspan="1"
class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2";
rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1"
class="confluenceTd"><pre>RSAKeyEncryptionA
lgorithm</pre></td><td colspan="1" rowspan="1"
class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3";
rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1"
class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1"
class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-4.4"; rel="nofollow">AES Key
Wrap</a></td><td colspan="1" rowspan="1"
class="confluenceTd">EcDsaJwsSignatureProvider</td><td colspan="1" rowspan="1"
class="confluenceTd">EcDsaJwsSignatureVerifier</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-3.5";
rel="nofollow">RSASSA-PSS</a></td><td colspan="1"
rowspan="1" class="confluenceTd">PrivateKeyJwsSignatureProvider</td><td
colspan="1" rowspan="1"
class="confluenceTd">PublicKeyJwsSignatureVerifier</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-3.6";
rel="nofollow">None</a></td><td colspan="1" rowspan="1"
class="confluenceTd">NoneJwsSignatureProvider</td><td colspan="1" rowspan="1"
class="confluenceTd">NoneJwsSignatureVerifier</td></tr></tbody></table></div><p>Either
of these providers can be initialized with the keys loaded from JWK or JCA
stores or from the in-memory representations.</p><h3
id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a shape="rect"
class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD";>JweEncryptionProvider</a>
supports encrypting t
he content, <a shape="rect" class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD";>JweDecryptionProvider</a>
- decrypting the content. Encryptors and Decryptors for all of JWE algorithms
are shipped.</p><p>Here is the example of doing AES CBC HMAC and AES Key Wrap
in CXF:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF Jwe
AesWrapAesCbcHMac</b></div><div class="codeContent panelContent pdl">
+</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3
id="JAX-RSJOSE-JWSwithClearPayload">JWS with Clear Payload</h3><h2
id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7516";
rel="nofollow">JWE</a> (JSON Web Encryption) document describes how a document
content, and, when applicable, a content encryption key, can be encrypted. For
example, <a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7516#appendix-A.1"; rel="nofollow">Appendix
A1</a> shows how the content can be encrypted with a secret key using AesGcm
with the actual content encryption key being encrypted using
RSA-OAEP.</p><p>CXF ships JWE related classes in <a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe";
rel="nofollow">this package</a> and offers a support for all of JWA <a
shape="rect" class="external
-link" href="https://tools.ietf.org/html/rfc7518#section-4"; rel="nofollow">key
encryption</a> and <a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-5"; rel="nofollow">content
encryption</a> algorithms.</p><h3
id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption
Providers</h3><p>JWE Encryption process typically involves a content-encryption
key being generated with this key being subsequently encrypted/wrapped with a
key known to the consumer. Thus CXF offers the providers for supporting the
key-encryption algorithms and providers for supporting the content-encryption
algorithms. Direct key encryption (where the content-encryption key is
established out of band) is also supported.</p><p><a shape="rect"
class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java";
rel="nofollow">KeyEncryptionProvider</a> suppo
rts encrypting a content-encryption key, <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java";
rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following
table shows the key encryption algorithms and the corresponding
providers:</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> </td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td colspan="1"
rowspan="1"
class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2";
rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1"
class="confluenceTd"><pre>RSAKeyEncryptionAlgorithm</pre></td><td colspan="
1" rowspan="1"
class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3";
rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1"
class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1"
class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#section-4.4"; rel="nofollow">AES Key
Wrap</a></td><td colspan="1" rowspan="1"
class="confluenceTd">AesKeyWrapEncryptionAlgorithm</td><td colspan="1"
rowspan="1" class="confluenceTd">AesKeyWrapDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.5";
rel="nofollow">Direct</a></td><td colspan="1" rowspan="1" class="confluen
ceTd">DirectKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1"
class="confluenceTd">DirectKeyDecryptionAlgorithm</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf.org/html/rfc7518#page-15"; rel="nofollow">ECDH-ES
Wrap</a></td><td colspan="1" rowspan="1"
class="confluenceTd">EcdhAesWrapKeyEncryptionAlgorithm</td><td colspan="1"
rowspan="1"
class="confluenceTd">EcdhAesWrapKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#page-15";
rel="nofollow">ECDH-ES Direct</a></td><td colspan="1" rowspan="1"
class="confluenceTd"><span
class="pl-en">EcdhDirectKeyJweEncryption</span></td><td colspan="1" rowspan="1"
class="confluenceTd"><span
class="pl-en">EcdhDirectKeyJweDecryption</span></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><a shape="rect" class="external-link"
href="https://tools.ietf
.org/html/rfc7518#section-4.7" rel="nofollow">AES-GCM</a></td><td colspan="1"
rowspan="1" class="confluenceTd">AesGcmWrapKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1"
class="confluenceTd">AesGcmWrapKeyDecryptionAlgorithm</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.8";
rel="nofollow">PBES2</a></td><td colspan="1" rowspan="1"
class="confluenceTd"><span
class="separator"> </span>PbesHmacAesWrapKeyEncryptionAlgorithm</td><td
colspan="1" rowspan="1" class="confluenceTd"><span
class="separator"> </span>PbesHmacAesWrapKeyDecryptionAlgorithm</td></tr></tbody></table></div><p> </p><p><a
shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java";
rel="nofollow">ContentEncryptionProvider</a> supports encrypting a generated
content
-encryption key, <a shape="rect" class="external-link"
href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java";
rel="nofollow">ContentDecryptionProvider</a> - decrypting it.</p><p>The
following table shows the content encryption algorithms and the corresponding
providers:</p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1"
class="confluenceTd"> </td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>ContentEncryptionProvider</strong></td><td
colspan="1" rowspan="1"
class="confluenceTd"><strong>ContentDecryptionProvider</strong></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.2";
rel="nofollow">AES_CBC_HMAC_SHA2</a></td><td colspan="1" rowspan="1"
class="confluenceTd"><pre>AesCbcHmacJweEncryption</pre></td><td colspan="1" ro
wspan="1"
class="confluenceTd"><pre>AesCbcHmacJweDecryption</pre></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><a shape="rect"
class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.3";
rel="nofollow">AES-GCM</a></td><td colspan="1" rowspan="1"
class="confluenceTd">AesGcmContentEncryptionAlgorithm</td><td colspan="1"
rowspan="1"
class="confluenceTd">AesGcmContentDecryptionAlgorithm</td></tr></tbody></table></div><p>All
of the above providers can be initialized with the keys loaded from JWK or JCA
stores or from the in-memory representations.</p><h3
id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a shape="rect"
class="external-link"
href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD";>JweEncryptionProvider</a>
supports encrypting the content, <a shape="rect" class="external-link"
href="https:
//git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD">JweDecryptionProvider</a>
- decrypting the content. Encryptors and Decryptors for all of JWE algorithms
are shipped.</p><p>Here is the example of doing AES CBC HMAC and AES Key Wrap
in CXF:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF Jwe
AesWrapAesCbcHMac</b></div><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">final String specPlainText = "Live long and prosper.";
byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
