You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/02/27 14:55:26 UTC
[4/4] cxf git commit: [CXF-6220] JWA algorithm cleanup with a lot of
cosmetic changes
[CXF-6220] JWA algorithm cleanup with a lot of cosmetic changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d2b0180
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d2b0180
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d2b0180
Branch: refs/heads/master
Commit: 8d2b0180518fcec6274ac2f288e74ed1ff5ce76a
Parents: 85fdb62
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Fri Feb 27 13:55:04 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Fri Feb 27 13:55:04 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/jose/JoseConstants.java | 42 ---
.../jose/jaxrs/JwsJsonWriterInterceptor.java | 2 +-
.../cxf/rs/security/jose/jwa/Algorithm.java | 291 -------------------
.../rs/security/jose/jwa/AlgorithmUtils.java | 268 +++++++++++++++++
.../rs/security/jose/jwa/ContentAlgorithm.java | 67 +++++
.../cxf/rs/security/jose/jwa/KeyAlgorithm.java | 74 +++++
.../security/jose/jwa/SignatureAlgorithm.java | 77 +++++
.../jwe/AbstractContentEncryptionAlgorithm.java | 13 +-
...stractContentEncryptionCipherProperties.java | 7 +-
.../jose/jwe/AbstractJweDecryption.java | 10 +-
.../jose/jwe/AbstractJweEncryption.java | 41 +--
.../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 23 +-
.../jose/jwe/AesCbcHmacJweDecryption.java | 11 +-
.../jose/jwe/AesCbcHmacJweEncryption.java | 33 ++-
.../jwe/AesGcmContentDecryptionAlgorithm.java | 7 +-
.../jwe/AesGcmContentEncryptionAlgorithm.java | 15 +-
.../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 13 +-
.../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 17 +-
.../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 14 +-
.../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 16 +-
.../jose/jwe/ContentEncryptionAlgorithm.java | 26 --
.../jwe/ContentEncryptionCipherProperties.java | 4 +-
.../jose/jwe/ContentEncryptionProvider.java | 26 ++
.../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +-
.../jose/jwe/DirectKeyEncryptionAlgorithm.java | 6 +-
.../jwe/EcdhAesWrapKeyDecryptionAlgorithm.java | 13 +-
.../jwe/EcdhAesWrapKeyEncryptionAlgorithm.java | 26 +-
.../jose/jwe/EcdhDirectKeyJweDecryption.java | 8 +-
.../jose/jwe/EcdhDirectKeyJweEncryption.java | 16 +-
.../cxf/rs/security/jose/jwe/JweEncryption.java | 4 +-
.../rs/security/jose/jwe/JweJsonConsumer.java | 2 +-
.../rs/security/jose/jwe/JweJsonProducer.java | 2 +-
.../rs/security/jose/jwe/JweKeyProperties.java | 7 +-
.../cxf/rs/security/jose/jwe/JweUtils.java | 139 ++++-----
.../jose/jwe/KeyDecryptionAlgorithm.java | 4 +-
.../jose/jwe/KeyEncryptionAlgorithm.java | 25 --
.../jose/jwe/KeyEncryptionProvider.java | 27 ++
.../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 24 +-
.../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 58 ++--
.../jose/jwe/RSAKeyDecryptionAlgorithm.java | 9 +-
.../jose/jwe/RSAKeyEncryptionAlgorithm.java | 9 +-
.../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 17 +-
.../cxf/rs/security/jose/jwk/JwkUtils.java | 18 +-
.../jose/jws/AbstractJwsSignatureProvider.java | 11 +-
.../jose/jws/EcDsaJwsSignatureProvider.java | 13 +-
.../jose/jws/EcDsaJwsSignatureVerifier.java | 17 +-
.../jose/jws/HmacJwsSignatureProvider.java | 13 +-
.../jose/jws/HmacJwsSignatureVerifier.java | 22 +-
.../security/jose/jws/JwsCompactProducer.java | 4 +-
.../rs/security/jose/jws/JwsJsonConsumer.java | 4 +-
.../rs/security/jose/jws/JwsJsonProducer.java | 2 +-
.../security/jose/jws/JwsSignatureProvider.java | 3 +-
.../security/jose/jws/JwsSignatureVerifier.java | 3 +-
.../cxf/rs/security/jose/jws/JwsUtils.java | 30 +-
.../jose/jws/NoneJwsSignatureProvider.java | 5 +-
.../jose/jws/NoneJwsSignatureVerifier.java | 5 +-
.../jws/PrivateKeyJwsSignatureProvider.java | 13 +-
.../jose/jws/PublicKeyJwsSignatureVerifier.java | 17 +-
.../jose/cookbook/JwkJoseCookBookTest.java | 7 +-
.../jose/cookbook/JwsJoseCookBookTest.java | 110 +++----
.../jose/jwe/JweCompactReaderWriterTest.java | 50 ++--
.../security/jose/jwe/JweJsonConsumerTest.java | 27 +-
.../security/jose/jwe/JweJsonProducerTest.java | 45 ++-
.../jose/jwe/JwePbeHmacAesWrapTest.java | 23 +-
.../rs/security/jose/jwk/JsonWebKeyTest.java | 21 +-
.../security/jose/jws/JwsCompactHeaderTest.java | 26 +-
.../jose/jws/JwsCompactReaderWriterTest.java | 47 ++-
.../security/jose/jws/JwsJsonProducerTest.java | 21 +-
.../grants/code/JwtRequestCodeFilter.java | 8 +-
.../oauth2/grants/code/JwtRequestCodeGrant.java | 6 +-
.../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 12 +-
.../oidc/idp/AbstractJwsJweProducer.java | 10 +-
.../apache/cxf/systest/jaxrs/BookServer.java | 3 +-
.../jaxrs/JAXRSClientServerBookTest.java | 1 +
.../jaxrs/security/jwt/JAXRSJweJwsTest.java | 15 +-
.../jaxrs/security/jwt/JAXRSJwsJsonTest.java | 4 +-
.../cxf/systest/jaxrs/security/jwt/server.xml | 4 +-
77 files changed, 1168 insertions(+), 949 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
index e131147..c5f3e03 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/JoseConstants.java
@@ -44,48 +44,6 @@ public final class JoseConstants {
public static final String MEDIA_TYPE_JOSE = "application/jose";
public static final String MEDIA_TYPE_JOSE_JSON = "application/jose+json";
- public static final String PLAIN_TEXT_ALGO = "none";
- public static final String HMAC_SHA_256_ALGO = "HS256";
- public static final String HMAC_SHA_384_ALGO = "HS384";
- public static final String HMAC_SHA_512_ALGO = "HS512";
- public static final String RS_SHA_256_ALGO = "RS256";
- public static final String RS_SHA_384_ALGO = "RS384";
- public static final String RS_SHA_512_ALGO = "RS512";
- public static final String PS_SHA_256_ALGO = "PS256";
- public static final String PS_SHA_384_ALGO = "PS384";
- public static final String PS_SHA_512_ALGO = "PS512";
- public static final String ES_SHA_256_ALGO = "ES256";
- public static final String ES_SHA_384_ALGO = "ES384";
- public static final String ES_SHA_512_ALGO = "ES512";
-
- // Key Encryption
- public static final String RSA_OAEP_ALGO = "RSA-OAEP";
- public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
- public static final String RSA_1_5_ALGO = "RSA1_5";
- public static final String A128KW_ALGO = "A128KW";
- public static final String A192KW_ALGO = "A192KW";
- public static final String A256KW_ALGO = "A256KW";
- public static final String A128GCMKW_ALGO = "A128GCMKW";
- public static final String A192GCMKW_ALGO = "A192GCMKW";
- public static final String A256GCMKW_ALGO = "A256GCMKW";
-
- public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES";
-
- public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW";
- public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW";
- public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW";
-
- public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW";
- public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW";
- public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW";
- // Content Encryption
- public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
- public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";
- public static final String A256CBC_HS512_ALGO = "A256CBC-HS512";
- public static final String A128GCM_ALGO = "A128GCM";
- public static final String A192GCM_ALGO = "A192GCM";
- public static final String A256GCM_ALGO = "A256GCM";
-
public static final String JOSE_CONTEXT_PROPERTY = "org.apache.cxf.jose.context";
private JoseConstants() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
index c5159a1..069279b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsJsonWriterInterceptor.java
@@ -93,7 +93,7 @@ public class JwsJsonWriterInterceptor extends AbstractJwsJsonWriterProvider impl
private JoseHeaders prepareProtectedHeader(WriterInterceptorContext ctx,
JwsSignatureProvider signer) {
JoseHeaders headers = new JoseHeaders();
- headers.setAlgorithm(signer.getAlgorithm());
+ headers.setAlgorithm(signer.getAlgorithm().getJwaName());
setContentTypeIfNeeded(headers, ctx);
return headers;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
deleted file mode 100644
index f6e167e..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ /dev/null
@@ -1,291 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwa;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-
-
-
-public enum Algorithm {
- // Signature
- HmacSHA256(JoseConstants.HMAC_SHA_256_ALGO, 256),
- HmacSHA384(JoseConstants.HMAC_SHA_384_ALGO, 384),
- HmacSHA512(JoseConstants.HMAC_SHA_512_ALGO, 512),
-
- SHA256withRSA(JoseConstants.RS_SHA_256_ALGO, 256),
- SHA384withRSA(JoseConstants.RS_SHA_384_ALGO, 384),
- SHA512withRSA(JoseConstants.RS_SHA_512_ALGO, 512),
-
- SHA256withECDSA(JoseConstants.ES_SHA_256_ALGO, 256),
- SHA384withECDSA(JoseConstants.ES_SHA_384_ALGO, 384),
- SHA512withECDSA(JoseConstants.ES_SHA_512_ALGO, 512),
-
- // Key Encryption
- RSA_OAEP(JoseConstants.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
- RSA_OAEP_256(JoseConstants.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
- RSA_1_5(JoseConstants.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
- A128KW(JoseConstants.A128KW_ALGO, "AESWrap", 128),
- A192KW(JoseConstants.A192KW_ALGO, "AESWrap", 192),
- A256KW(JoseConstants.A256KW_ALGO, "AESWrap", 256),
- A128GCMKW(JoseConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
- A192GCMKW(JoseConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
- A256GCMKW(JoseConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
- PBES2_HS256_A128KW(JoseConstants.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
- PBES2_HS384_A192KW(JoseConstants.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
- PBES2_HS512_A256KW(JoseConstants.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
- ECDH_ES_A128KW(JoseConstants.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
- ECDH_ES_A192KW(JoseConstants.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
- ECDH_ES_A256KW(JoseConstants.ECDH_ES_A256KW_ALGO, "AESWrap", 256),
- // Content Encryption
- A128GCM(JoseConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
- A192GCM(JoseConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
- A256GCM(JoseConstants.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
- //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding"
- // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only
- A128CBC_HS256(JoseConstants.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
- A192CBC_HS384(JoseConstants.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
- A256CBC_HS512(JoseConstants.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
-
- public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
- public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
- public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
- public static final String RS_SHA_256_JAVA = "SHA256withRSA";
- public static final String RS_SHA_384_JAVA = "SHA384withRSA";
- public static final String RS_SHA_512_JAVA = "SHA512withRSA";
- public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1";
- public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1";
- public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1";
- public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
- public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
- public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
- public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
- public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
- public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
- public static final String AES_ALGO_JAVA = "AES";
- public static final String AES_WRAP_ALGO_JAVA = "AESWrap";
- public static final String AES_GCM_ALGO_JAVA = "AES/GCM/NoPadding";
- public static final String AES_CBC_ALGO_JAVA = "AES/CBC/PKCS7Padding";
-
- public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.HMAC_SHA_256_ALGO,
- JoseConstants.HMAC_SHA_384_ALGO,
- JoseConstants.HMAC_SHA_512_ALGO));
- public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.RS_SHA_256_ALGO,
- JoseConstants.RS_SHA_384_ALGO,
- JoseConstants.RS_SHA_512_ALGO));
- public static final Set<String> RSA_SHA_PS_SIGN_SET =
- new HashSet<String>(Arrays.asList(JoseConstants.PS_SHA_256_ALGO,
- JoseConstants.PS_SHA_384_ALGO,
- JoseConstants.PS_SHA_512_ALGO));
- public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO,
- JoseConstants.ES_SHA_384_ALGO,
- JoseConstants.ES_SHA_512_ALGO));
- public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
- JoseConstants.RSA_OAEP_256_ALGO,
- JoseConstants.RSA_1_5_ALGO));
- public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO,
- JoseConstants.A192GCM_ALGO,
- JoseConstants.A256GCM_ALGO));
- public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCMKW_ALGO,
- JoseConstants.A192GCMKW_ALGO,
- JoseConstants.A256GCMKW_ALGO));
- public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO,
- JoseConstants.A192KW_ALGO,
- JoseConstants.A256KW_ALGO));
- public static final Set<String> ACBC_HS_SET =
- new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO,
- JoseConstants.A192CBC_HS384_ALGO,
- JoseConstants.A256CBC_HS512_ALGO));
- public static final Set<String> PBES_HS_SET =
- new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW.getJwtName(),
- PBES2_HS384_A192KW.getJwtName(),
- PBES2_HS512_A256KW.getJwtName()));
- public static final Set<String> ECDH_ES_SET =
- new HashSet<String>(Arrays.asList(ECDH_ES_A128KW.getJwtName(),
- ECDH_ES_A192KW.getJwtName(),
- ECDH_ES_A256KW.getJwtName()));
-
- private static final Map<String, String> JAVA_TO_JWT_NAMES;
- private static final Map<String, String> JWT_TO_JAVA_NAMES;
- static {
- JAVA_TO_JWT_NAMES = new HashMap<String, String>();
- JAVA_TO_JWT_NAMES.put(HMAC_SHA_256_JAVA, JoseConstants.HMAC_SHA_256_ALGO);
- JAVA_TO_JWT_NAMES.put(HMAC_SHA_384_JAVA, JoseConstants.HMAC_SHA_384_ALGO);
- JAVA_TO_JWT_NAMES.put(HMAC_SHA_512_JAVA, JoseConstants.HMAC_SHA_512_ALGO);
- JAVA_TO_JWT_NAMES.put(RS_SHA_256_JAVA, JoseConstants.RS_SHA_256_ALGO);
- JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JoseConstants.RS_SHA_384_ALGO);
- JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JoseConstants.RS_SHA_512_ALGO);
- JAVA_TO_JWT_NAMES.put(PS_SHA_256_JAVA, JoseConstants.PS_SHA_256_ALGO);
- JAVA_TO_JWT_NAMES.put(PS_SHA_384_JAVA, JoseConstants.PS_SHA_384_ALGO);
- JAVA_TO_JWT_NAMES.put(PS_SHA_512_JAVA, JoseConstants.PS_SHA_512_ALGO);
- JAVA_TO_JWT_NAMES.put(ES_SHA_256_JAVA, JoseConstants.ES_SHA_256_ALGO);
- JAVA_TO_JWT_NAMES.put(ES_SHA_384_JAVA, JoseConstants.ES_SHA_384_ALGO);
- JAVA_TO_JWT_NAMES.put(ES_SHA_512_JAVA, JoseConstants.ES_SHA_512_ALGO);
- JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JoseConstants.RSA_OAEP_ALGO);
- JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JoseConstants.RSA_OAEP_256_ALGO);
- JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JoseConstants.RSA_1_5_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A256GCM_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A192GCM_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_GCM_ALGO_JAVA, JoseConstants.A128GCM_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A128KW_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A192KW_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_WRAP_ALGO_JAVA, JoseConstants.A256KW_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A128CBC_HS256_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A192CBC_HS384_ALGO);
- JAVA_TO_JWT_NAMES.put(AES_CBC_ALGO_JAVA, JoseConstants.A256CBC_HS512_ALGO);
- JWT_TO_JAVA_NAMES = new HashMap<String, String>();
- JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_256_ALGO, RS_SHA_256_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_256_ALGO, PS_SHA_256_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_384_ALGO, PS_SHA_384_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PS_SHA_512_ALGO, PS_SHA_512_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_256_ALGO, ES_SHA_256_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_384_ALGO, ES_SHA_384_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ES_SHA_512_ALGO, ES_SHA_512_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A128KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A192KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A256KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
- JWT_TO_JAVA_NAMES.put(JoseConstants.ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
- }
- private final String jwtName;
- private final String javaName;
- private final int keySizeBits;
-
- private Algorithm(String jwtName, int keySizeBits) {
- this(jwtName, null, keySizeBits);
- }
- private Algorithm(String jwtName, String javaName, int keySizeBits) {
- this.jwtName = jwtName;
- this.javaName = javaName;
- this.keySizeBits = keySizeBits;
- }
-
- public String getJwtName() {
- return jwtName;
- }
-
- public String getJavaName() {
- return javaName == null ? name() : javaName;
- }
-
- public String getJavaAlgoName() {
- return stripAlgoProperties(getJavaName());
- }
-
- public int getKeySizeBits() {
- return keySizeBits;
- }
-
- public static String toJwtName(String javaName, int keyBitSize) {
- //TODO: perhaps a key should be a name+keysize pair
- String name = JAVA_TO_JWT_NAMES.get(javaName);
- if (name == null && javaName.startsWith(AES_ALGO_JAVA)) {
- name = "A" + keyBitSize + "GCM";
- }
- return name;
- }
- public static String toJavaName(String jwtName) {
- return JWT_TO_JAVA_NAMES.get(jwtName);
- }
- public static String toJavaAlgoNameOnly(String jwtName) {
- return stripAlgoProperties(toJavaName(jwtName));
- }
- public static String stripAlgoProperties(String javaName) {
- if (javaName != null) {
- int index = javaName.indexOf('/');
- if (index != -1) {
- javaName = javaName.substring(0, index);
- }
- }
- return javaName;
- }
- public static boolean isRsa(String algo) {
- return isRsaKeyWrap(algo) || isRsaSign(algo);
- }
- public static boolean isRsaKeyWrap(String algo) {
- return RSA_CEK_SET.contains(algo);
- }
- public static boolean isAesKeyWrap(String algo) {
- return AES_KW_SET.contains(algo);
- }
- public static boolean isAesGcmKeyWrap(String algo) {
- return AES_GCM_KW_SET.contains(algo);
- }
- public static boolean isPbesHsWrap(String algo) {
- return PBES_HS_SET.contains(algo);
- }
- public static boolean isEcdhEsWrap(String algo) {
- return ECDH_ES_SET.contains(algo);
- }
- public static boolean isAesGcm(String algo) {
- return AES_GCM_CEK_SET.contains(algo);
- }
- public static boolean isAesCbcHmac(String algo) {
- return ACBC_HS_SET.contains(algo);
- }
- public static boolean isHmacSign(String algo) {
- return HMAC_SIGN_SET.contains(algo);
- }
- public static boolean isOctet(String algo) {
- return isHmacSign(algo)
- || isAesCbcHmac(algo)
- || isAesGcm(algo)
- || isAesGcmKeyWrap(algo)
- || isAesKeyWrap(algo);
- }
- public static boolean isRsaSign(String algo) {
- return isRsaShaSign(algo) || isRsaShaPsSign(algo);
- }
- public static boolean isRsaShaSign(String algo) {
- return RSA_SHA_SIGN_SET.contains(algo);
- }
- public static boolean isRsaShaPsSign(String algo) {
- return RSA_SHA_PS_SIGN_SET.contains(algo);
- }
- public static boolean isEcDsaSign(String algo) {
- return EC_SHA_SIGN_SET.contains(algo);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
new file mode 100644
index 0000000..22d7908
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/AlgorithmUtils.java
@@ -0,0 +1,268 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+
+
+
+public final class AlgorithmUtils {
+ public static final String AES = "AES";
+
+ // Key Encryption
+ // JWA
+ public static final String RSA_OAEP_ALGO = "RSA-OAEP";
+ public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
+ public static final String RSA_1_5_ALGO = "RSA1_5";
+ public static final String A128KW_ALGO = "A128KW";
+ public static final String A192KW_ALGO = "A192KW";
+ public static final String A256KW_ALGO = "A256KW";
+ public static final String A128GCMKW_ALGO = "A128GCMKW";
+ public static final String A192GCMKW_ALGO = "A192GCMKW";
+ public static final String A256GCMKW_ALGO = "A256GCMKW";
+ public static final String ECDH_ES_A128KW_ALGO = "ECDH-ES+A128KW";
+ public static final String ECDH_ES_A192KW_ALGO = "ECDH-ES+A192KW";
+ public static final String ECDH_ES_A256KW_ALGO = "ECDH-ES+A256KW";
+ public static final String PBES2_HS256_A128KW_ALGO = "PBES2-HS256+A128KW";
+ public static final String PBES2_HS384_A192KW_ALGO = "PBES2-HS384+A192KW";
+ public static final String PBES2_HS512_A256KW_ALGO = "PBES2-HS512+A256KW";
+ public static final String ECDH_ES_DIRECT_ALGO = "ECDH-ES";
+ // Java
+ public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
+ public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
+ public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
+ public static final String AES_WRAP_ALGO_JAVA = AES + "Wrap";
+ // Content Encryption
+ // JWA
+ public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
+ public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";
+ public static final String A256CBC_HS512_ALGO = "A256CBC-HS512";
+ public static final String A128GCM_ALGO = "A128GCM";
+ public static final String A192GCM_ALGO = "A192GCM";
+ public static final String A256GCM_ALGO = "A256GCM";
+ // Java
+ public static final String AES_GCM_ALGO_JAVA = AES + "/GCM/NoPadding";
+ public static final String AES_CBC_ALGO_JAVA = AES + "/CBC/PKCS7Padding";
+ // Signature
+ // JWA
+ public static final String HMAC_SHA_256_ALGO = "HS256";
+ public static final String HMAC_SHA_384_ALGO = "HS384";
+ public static final String HMAC_SHA_512_ALGO = "HS512";
+ public static final String RS_SHA_256_ALGO = "RS256";
+ public static final String RS_SHA_384_ALGO = "RS384";
+ public static final String RS_SHA_512_ALGO = "RS512";
+ public static final String PS_SHA_256_ALGO = "PS256";
+ public static final String PS_SHA_384_ALGO = "PS384";
+ public static final String PS_SHA_512_ALGO = "PS512";
+ public static final String ES_SHA_256_ALGO = "ES256";
+ public static final String ES_SHA_384_ALGO = "ES384";
+ public static final String ES_SHA_512_ALGO = "ES512";
+ public static final String PLAIN_TEXT_ALGO = "none";
+ // Java
+ public static final String HMAC_SHA_256_JAVA = "HmacSHA256";
+ public static final String HMAC_SHA_384_JAVA = "HmacSHA384";
+ public static final String HMAC_SHA_512_JAVA = "HmacSHA512";
+ public static final String RS_SHA_256_JAVA = "SHA256withRSA";
+ public static final String RS_SHA_384_JAVA = "SHA384withRSA";
+ public static final String RS_SHA_512_JAVA = "SHA512withRSA";
+ public static final String PS_SHA_256_JAVA = "SHA256withRSAandMGF1";
+ public static final String PS_SHA_384_JAVA = "SHA384withRSAandMGF1";
+ public static final String PS_SHA_512_JAVA = "SHA512withRSAandMGF1";
+ public static final String ES_SHA_256_JAVA = "SHA256withECDSA";
+ public static final String ES_SHA_384_JAVA = "SHA384withECDSA";
+ public static final String ES_SHA_512_JAVA = "SHA512withECDSA";
+
+ public static final Set<String> HMAC_SIGN_SET = new HashSet<String>(Arrays.asList(HMAC_SHA_256_ALGO,
+ HMAC_SHA_384_ALGO,
+ HMAC_SHA_512_ALGO));
+ public static final Set<String> RSA_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(RS_SHA_256_ALGO,
+ RS_SHA_384_ALGO,
+ RS_SHA_512_ALGO));
+ public static final Set<String> RSA_SHA_PS_SIGN_SET = new HashSet<String>(Arrays.asList(PS_SHA_256_ALGO,
+ PS_SHA_384_ALGO,
+ PS_SHA_512_ALGO));
+ public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(ES_SHA_256_ALGO,
+ ES_SHA_384_ALGO,
+ ES_SHA_512_ALGO));
+ public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(RSA_OAEP_ALGO,
+ RSA_OAEP_256_ALGO,
+ RSA_1_5_ALGO));
+ public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(A128GCM_ALGO,
+ A192GCM_ALGO,
+ A256GCM_ALGO));
+ public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(A128GCMKW_ALGO,
+ A192GCMKW_ALGO,
+ A256GCMKW_ALGO));
+ public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(A128KW_ALGO,
+ A192KW_ALGO,
+ A256KW_ALGO));
+ public static final Set<String> ACBC_HS_SET = new HashSet<String>(Arrays.asList(A128CBC_HS256_ALGO,
+ A192CBC_HS384_ALGO,
+ A256CBC_HS512_ALGO));
+ public static final Set<String> PBES_HS_SET = new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW_ALGO,
+ PBES2_HS384_A192KW_ALGO,
+ PBES2_HS512_A256KW_ALGO));
+ public static final Set<String> ECDH_ES_SET = new HashSet<String>(Arrays.asList(ECDH_ES_A128KW_ALGO,
+ ECDH_ES_A192KW_ALGO,
+ ECDH_ES_A256KW_ALGO));
+
+ private static final Map<String, String> JAVA_TO_JWA_NAMES;
+ private static final Map<String, String> JWA_TO_JAVA_NAMES;
+ static {
+ JAVA_TO_JWA_NAMES = new HashMap<String, String>();
+ JAVA_TO_JWA_NAMES.put(HMAC_SHA_256_JAVA, HMAC_SHA_256_ALGO);
+ JAVA_TO_JWA_NAMES.put(HMAC_SHA_384_JAVA, HMAC_SHA_384_ALGO);
+ JAVA_TO_JWA_NAMES.put(HMAC_SHA_512_JAVA, HMAC_SHA_512_ALGO);
+ JAVA_TO_JWA_NAMES.put(RS_SHA_256_JAVA, RS_SHA_256_ALGO);
+ JAVA_TO_JWA_NAMES.put(RS_SHA_384_JAVA, RS_SHA_384_ALGO);
+ JAVA_TO_JWA_NAMES.put(RS_SHA_512_JAVA, RS_SHA_512_ALGO);
+ JAVA_TO_JWA_NAMES.put(PS_SHA_256_JAVA, PS_SHA_256_ALGO);
+ JAVA_TO_JWA_NAMES.put(PS_SHA_384_JAVA, PS_SHA_384_ALGO);
+ JAVA_TO_JWA_NAMES.put(PS_SHA_512_JAVA, PS_SHA_512_ALGO);
+ JAVA_TO_JWA_NAMES.put(ES_SHA_256_JAVA, ES_SHA_256_ALGO);
+ JAVA_TO_JWA_NAMES.put(ES_SHA_384_JAVA, ES_SHA_384_ALGO);
+ JAVA_TO_JWA_NAMES.put(ES_SHA_512_JAVA, ES_SHA_512_ALGO);
+ JAVA_TO_JWA_NAMES.put(RSA_OAEP_ALGO_JAVA, RSA_OAEP_ALGO);
+ JAVA_TO_JWA_NAMES.put(RSA_OAEP_256_ALGO_JAVA, RSA_OAEP_256_ALGO);
+ JAVA_TO_JWA_NAMES.put(RSA_1_5_ALGO_JAVA, RSA_1_5_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A256GCM_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A192GCM_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_GCM_ALGO_JAVA, A128GCM_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A128KW_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A192KW_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_WRAP_ALGO_JAVA, A256KW_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A128CBC_HS256_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A192CBC_HS384_ALGO);
+ JAVA_TO_JWA_NAMES.put(AES_CBC_ALGO_JAVA, A256CBC_HS512_ALGO);
+ JWA_TO_JAVA_NAMES = new HashMap<String, String>();
+ JWA_TO_JAVA_NAMES.put(HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
+ JWA_TO_JAVA_NAMES.put(HMAC_SHA_384_ALGO, HMAC_SHA_384_JAVA);
+ JWA_TO_JAVA_NAMES.put(HMAC_SHA_512_ALGO, HMAC_SHA_512_JAVA);
+ JWA_TO_JAVA_NAMES.put(RS_SHA_256_ALGO, RS_SHA_256_JAVA);
+ JWA_TO_JAVA_NAMES.put(RS_SHA_384_ALGO, RS_SHA_384_JAVA);
+ JWA_TO_JAVA_NAMES.put(RS_SHA_512_ALGO, RS_SHA_512_JAVA);
+ JWA_TO_JAVA_NAMES.put(PS_SHA_256_ALGO, PS_SHA_256_JAVA);
+ JWA_TO_JAVA_NAMES.put(PS_SHA_384_ALGO, PS_SHA_384_JAVA);
+ JWA_TO_JAVA_NAMES.put(PS_SHA_512_ALGO, PS_SHA_512_JAVA);
+ JWA_TO_JAVA_NAMES.put(ES_SHA_256_ALGO, ES_SHA_256_JAVA);
+ JWA_TO_JAVA_NAMES.put(ES_SHA_384_ALGO, ES_SHA_384_JAVA);
+ JWA_TO_JAVA_NAMES.put(ES_SHA_512_ALGO, ES_SHA_512_JAVA);
+ JWA_TO_JAVA_NAMES.put(RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(RSA_1_5_ALGO, RSA_1_5_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A256GCM_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A192GCM_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A128GCM_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(PBES2_HS256_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(PBES2_HS384_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(PBES2_HS512_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(ECDH_ES_A128KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(ECDH_ES_A192KW_ALGO, AES_WRAP_ALGO_JAVA);
+ JWA_TO_JAVA_NAMES.put(ECDH_ES_A256KW_ALGO, AES_WRAP_ALGO_JAVA);
+ }
+
+ private AlgorithmUtils() {
+ }
+ public static boolean isRsa(String algo) {
+ return isRsaKeyWrap(algo) || isRsaSign(algo);
+ }
+ public static boolean isRsaKeyWrap(String algo) {
+ return RSA_CEK_SET.contains(algo);
+ }
+ public static boolean isAesKeyWrap(String algo) {
+ return AES_KW_SET.contains(algo);
+ }
+ public static boolean isAesGcmKeyWrap(String algo) {
+ return AES_GCM_KW_SET.contains(algo);
+ }
+ public static boolean isPbesHsWrap(String algo) {
+ return PBES_HS_SET.contains(algo);
+ }
+ public static boolean isEcdhEsWrap(String algo) {
+ return ECDH_ES_SET.contains(algo);
+ }
+ public static boolean isAesGcm(String algo) {
+ return AES_GCM_CEK_SET.contains(algo);
+ }
+ public static boolean isAesCbcHmac(String algo) {
+ return ACBC_HS_SET.contains(algo);
+ }
+ public static boolean isHmacSign(String algo) {
+ return HMAC_SIGN_SET.contains(algo);
+ }
+ public static boolean isOctet(String algo) {
+ return isHmacSign(algo)
+ || isAesCbcHmac(algo)
+ || isAesGcm(algo)
+ || isAesGcmKeyWrap(algo)
+ || isAesKeyWrap(algo);
+ }
+ public static boolean isRsaSign(String algo) {
+ return isRsaShaSign(algo) || isRsaShaPsSign(algo);
+ }
+ public static boolean isRsaShaSign(String algo) {
+ return RSA_SHA_SIGN_SET.contains(algo);
+ }
+ public static boolean isRsaShaPsSign(String algo) {
+ return RSA_SHA_PS_SIGN_SET.contains(algo);
+ }
+ public static boolean isEcDsaSign(String algo) {
+ return EC_SHA_SIGN_SET.contains(algo);
+ }
+
+ public static String toJwaName(String javaName, int keyBitSize) {
+ //TODO: perhaps a key should be a name+keysize pair
+ String name = JAVA_TO_JWA_NAMES.get(javaName);
+ if (name == null && javaName.startsWith(AES)) {
+ name = "A" + keyBitSize + "GCM";
+ }
+ return name;
+ }
+ public static String toJavaName(String jwtName) {
+ return JWA_TO_JAVA_NAMES.get(jwtName);
+ }
+ public static String toJavaAlgoNameOnly(String jwtName) {
+ return stripAlgoProperties(toJavaName(jwtName));
+ }
+ public static String stripAlgoProperties(String javaName) {
+ if (javaName != null) {
+ int index = javaName.indexOf('/');
+ if (index != -1) {
+ javaName = javaName.substring(0, index);
+ }
+ }
+ return javaName;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
new file mode 100644
index 0000000..5f9e158
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/ContentAlgorithm.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum ContentAlgorithm {
+ A128GCM(AlgorithmUtils.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
+ A192GCM(AlgorithmUtils.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
+ A256GCM(AlgorithmUtils.A256GCM_ALGO, "AES/GCM/NoPadding", 256),
+ //TODO: default to "AES/CBC/PKCS5Padding" if Cipher "AES/CBC/PKCS7Padding"
+ // can not be initialized, apparently Java 8 has decided to settle on PKCS5Padding only
+ A128CBC_HS256(AlgorithmUtils.A128CBC_HS256_ALGO, "AES/CBC/PKCS7Padding", 128),
+ A192CBC_HS384(AlgorithmUtils.A192CBC_HS384_ALGO, "AES/CBC/PKCS7Padding", 192),
+ A256CBC_HS512(AlgorithmUtils.A256CBC_HS512_ALGO, "AES/CBC/PKCS7Padding", 256);
+
+ private final String jwaName;
+ private final String javaName;
+ private final int keySizeBits;
+
+ private ContentAlgorithm(String jwaName, String javaName, int keySizeBits) {
+ this.jwaName = jwaName;
+ this.javaName = javaName;
+ this.keySizeBits = keySizeBits;
+ }
+
+ public String getJwaName() {
+ return jwaName;
+ }
+
+ public String getJavaName() {
+ return javaName == null ? name() : javaName;
+ }
+
+ public String getJavaAlgoName() {
+ return AlgorithmUtils.stripAlgoProperties(getJavaName());
+ }
+
+ public int getKeySizeBits() {
+ return keySizeBits;
+ }
+
+ public static ContentAlgorithm getAlgorithm(String algo) {
+ return ContentAlgorithm.valueOf(algo.replace('-', '_')
+ .replace('+', '_'));
+
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
new file mode 100644
index 0000000..d5b03fb
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/KeyAlgorithm.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum KeyAlgorithm {
+ RSA_OAEP(AlgorithmUtils.RSA_OAEP_ALGO, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", -1),
+ RSA_OAEP_256(AlgorithmUtils.RSA_OAEP_256_ALGO, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", -1),
+ RSA_1_5(AlgorithmUtils.RSA_1_5_ALGO, "RSA/ECB/PKCS1Padding", -1),
+ A128KW(AlgorithmUtils.A128KW_ALGO, "AESWrap", 128),
+ A192KW(AlgorithmUtils.A192KW_ALGO, "AESWrap", 192),
+ A256KW(AlgorithmUtils.A256KW_ALGO, "AESWrap", 256),
+ A128GCMKW(AlgorithmUtils.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
+ A192GCMKW(AlgorithmUtils.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
+ A256GCMKW(AlgorithmUtils.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
+ PBES2_HS256_A128KW(AlgorithmUtils.PBES2_HS256_A128KW_ALGO, "AESWrap", 128),
+ PBES2_HS384_A192KW(AlgorithmUtils.PBES2_HS384_A192KW_ALGO, "AESWrap", 192),
+ PBES2_HS512_A256KW(AlgorithmUtils.PBES2_HS512_A256KW_ALGO, "AESWrap", 256),
+ ECDH_ES_A128KW(AlgorithmUtils.ECDH_ES_A128KW_ALGO, "AESWrap", 128),
+ ECDH_ES_A192KW(AlgorithmUtils.ECDH_ES_A192KW_ALGO, "AESWrap", 192),
+ ECDH_ES_A256KW(AlgorithmUtils.ECDH_ES_A256KW_ALGO, "AESWrap", 256);
+
+ private final String jwaName;
+ private final String javaName;
+ private final int keySizeBits;
+
+ private KeyAlgorithm(String jwaName, String javaName, int keySizeBits) {
+ this.jwaName = jwaName;
+ this.javaName = javaName;
+ this.keySizeBits = keySizeBits;
+ }
+
+ public String getJwaName() {
+ return jwaName;
+ }
+
+ public String getJavaName() {
+ return javaName == null ? name() : javaName;
+ }
+
+ public String getJavaAlgoName() {
+ return AlgorithmUtils.stripAlgoProperties(getJavaName());
+ }
+
+ public int getKeySizeBits() {
+ return keySizeBits;
+ }
+ public static KeyAlgorithm getAlgorithm(String algo) {
+ return KeyAlgorithm.valueOf(algo.replace('-', '_')
+ .replace('+', '_'));
+
+ }
+
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
new file mode 100644
index 0000000..79f41a5
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/SignatureAlgorithm.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwa;
+
+
+
+
+public enum SignatureAlgorithm {
+ HS256(AlgorithmUtils.HMAC_SHA_256_ALGO, AlgorithmUtils.HMAC_SHA_256_JAVA, 256),
+ HS384(AlgorithmUtils.HMAC_SHA_384_ALGO, AlgorithmUtils.HMAC_SHA_384_JAVA, 384),
+ HS512(AlgorithmUtils.HMAC_SHA_512_ALGO, AlgorithmUtils.HMAC_SHA_512_JAVA, 512),
+
+ RS256(AlgorithmUtils.RS_SHA_256_ALGO, AlgorithmUtils.RS_SHA_256_JAVA, 256),
+ RS384(AlgorithmUtils.RS_SHA_384_ALGO, AlgorithmUtils.RS_SHA_384_JAVA, 384),
+ RS512(AlgorithmUtils.RS_SHA_512_ALGO, AlgorithmUtils.RS_SHA_512_JAVA, 512),
+
+ PS256(AlgorithmUtils.PS_SHA_256_ALGO, AlgorithmUtils.PS_SHA_256_JAVA, 256),
+ PS384(AlgorithmUtils.PS_SHA_384_ALGO, AlgorithmUtils.PS_SHA_384_JAVA, 384),
+ PS512(AlgorithmUtils.PS_SHA_512_ALGO, AlgorithmUtils.PS_SHA_512_JAVA, 512),
+
+ ES256(AlgorithmUtils.ES_SHA_256_ALGO, AlgorithmUtils.ES_SHA_256_JAVA, 256),
+ ES384(AlgorithmUtils.ES_SHA_384_ALGO, AlgorithmUtils.ES_SHA_384_JAVA, 384),
+ ES512(AlgorithmUtils.ES_SHA_512_ALGO, AlgorithmUtils.ES_SHA_512_JAVA, 512),
+
+ PLAIN(AlgorithmUtils.PLAIN_TEXT_ALGO, null, -1);
+
+
+ private final String jwaName;
+ private final String javaName;
+ private final int keySizeBits;
+
+ private SignatureAlgorithm(String jwaName, String javaName, int keySizeBits) {
+ this.jwaName = jwaName;
+ this.javaName = javaName;
+ this.keySizeBits = keySizeBits;
+ }
+
+ public String getJwaName() {
+ return jwaName;
+ }
+
+ public String getJavaName() {
+ return javaName == null ? name() : javaName;
+ }
+
+ public String getJavaAlgoName() {
+ return AlgorithmUtils.stripAlgoProperties(getJavaName());
+ }
+
+ public int getKeySizeBits() {
+ return keySizeBits;
+ }
+
+ public static SignatureAlgorithm getAlgorithm(String algo) {
+ return SignatureAlgorithm.valueOf(algo.replace('-', '_')
+ .replace('+', '_'));
+
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index 5edf9fa..7627b94 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -21,29 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
- implements ContentEncryptionAlgorithm {
+ implements ContentEncryptionProvider {
private static final int DEFAULT_IV_SIZE = 128;
private byte[] cek;
private byte[] iv;
private AtomicInteger providedIvUsageCount;
- private String algorithm;
- protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) {
+
+ protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
super(algo);
this.cek = cek;
this.iv = iv;
if (iv != null && iv.length > 0) {
providedIvUsageCount = new AtomicInteger();
}
- this.algorithm = algo;
- }
- @Override
- public String getAlgorithm() {
- return algorithm;
}
+
public byte[] getContentEncryptionKey(JweHeaders headers) {
return cek;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index e9fc794..f7eb38c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -21,13 +21,14 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.spec.AlgorithmParameterSpec;
import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
- private String algo;
- public AbstractContentEncryptionCipherProperties(String algo) {
+ private ContentAlgorithm algo;
+ public AbstractContentEncryptionCipherProperties(ContentAlgorithm algo) {
this.algo = algo;
}
public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
@@ -40,7 +41,7 @@ public abstract class AbstractContentEncryptionCipherProperties implements Conte
return authTagLen;
}
@Override
- public String getAlgorithm() {
+ public ContentAlgorithm getAlgorithm() {
return algo;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index ad4fd8e..d49359c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -24,7 +24,9 @@ import java.security.spec.AlgorithmParameterSpec;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public abstract class AbstractJweDecryption implements JweDecryptionProvider {
private KeyDecryptionAlgorithm keyDecryptionAlgo;
@@ -70,7 +72,7 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider {
getContentEncryptionCipherInitVector(jweDecryptionInput));
}
protected String getContentEncryptionAlgorithm(JweDecryptionInput jweDecryptionInput) {
- return Algorithm.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
+ return AlgorithmUtils.toJavaName(jweDecryptionInput.getJweHeaders().getContentEncryptionAlgorithm());
}
protected byte[] getContentEncryptionCipherAAD(JweDecryptionInput jweDecryptionInput) {
return contentDecryptionAlgo.getAdditionalAuthenticationData(
@@ -94,11 +96,11 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider {
return theCek;
}
@Override
- public String getKeyAlgorithm() {
+ public KeyAlgorithm getKeyAlgorithm() {
return keyDecryptionAlgo.getAlgorithm();
}
@Override
- public String getContentAlgorithm() {
+ public ContentAlgorithm getContentAlgorithm() {
return contentDecryptionAlgo.getAlgorithm();
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 6f47018..613dd2c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -28,19 +28,21 @@ import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
- private ContentEncryptionAlgorithm contentEncryptionAlgo;
- private KeyEncryptionAlgorithm keyEncryptionAlgo;
+ private ContentEncryptionProvider contentEncryptionAlgo;
+ private KeyEncryptionProvider keyEncryptionAlgo;
private JoseHeadersReaderWriter writer = new JoseHeadersReaderWriter();
- protected AbstractJweEncryption(ContentEncryptionAlgorithm contentEncryptionAlgo,
- KeyEncryptionAlgorithm keyEncryptionAlgo) {
+ protected AbstractJweEncryption(ContentEncryptionProvider contentEncryptionAlgo,
+ KeyEncryptionProvider keyEncryptionAlgo) {
this.keyEncryptionAlgo = keyEncryptionAlgo;
this.contentEncryptionAlgo = contentEncryptionAlgo;
}
- protected ContentEncryptionAlgorithm getContentEncryptionAlgorithm() {
+ protected ContentEncryptionProvider getContentEncryptionAlgorithm() {
return contentEncryptionAlgo;
}
protected AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
@@ -52,14 +54,14 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
if (cek == null) {
String algoJava = getContentEncryptionAlgoJava();
String algoJwt = getContentEncryptionAlgoJwt();
- cek = CryptoUtils.getSecretKey(Algorithm.stripAlgoProperties(algoJava),
+ cek = CryptoUtils.getSecretKey(AlgorithmUtils.stripAlgoProperties(algoJava),
getCekSize(algoJwt)).getEncoded();
}
return cek;
}
protected int getCekSize(String algoJwt) {
- return Algorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
+ return ContentAlgorithm.valueOf(algoJwt.replace('-', '_')).getKeySizeBits();
}
protected byte[] getProvidedContentEncryptionKey(JweHeaders headers) {
@@ -71,10 +73,10 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
}
protected String getContentEncryptionAlgoJwt() {
- return getContentEncryptionAlgorithm().getAlgorithm();
+ return getContentEncryptionAlgorithm().getAlgorithm().getJwaName();
}
protected String getContentEncryptionAlgoJava() {
- return Algorithm.toJavaName(getContentEncryptionAlgoJwt());
+ return getContentEncryptionAlgorithm().getAlgorithm().getJavaName();
}
protected byte[] getAAD(String protectedHeaders, byte[] aad) {
return getContentEncryptionAlgorithm().getAdditionalAuthenticationData(protectedHeaders, aad);
@@ -128,11 +130,12 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
return Arrays.copyOfRange(cipher, cipher.length - DEFAULT_AUTH_TAG_LENGTH / 8, cipher.length);
}
@Override
- public String getKeyAlgorithm() {
- return getKeyEncryptionAlgo().getAlgorithm();
+ public KeyAlgorithm getKeyAlgorithm() {
+ KeyAlgorithm keyAlgo = getKeyEncryptionAlgo().getAlgorithm();
+ return keyAlgo != null ? keyAlgo : null;
}
@Override
- public String getContentAlgorithm() {
+ public ContentAlgorithm getContentAlgorithm() {
return getContentEncryptionAlgorithm().getAlgorithm();
}
protected JoseHeadersReaderWriter getJwtHeadersWriter() {
@@ -154,17 +157,17 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
private JweEncryptionInternal getInternalState(JweHeaders jweInHeaders, JweEncryptionInput jweInput) {
JweHeaders theHeaders = new JweHeaders();
if (getKeyAlgorithm() != null) {
- theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm());
+ theHeaders.setKeyEncryptionAlgorithm(getKeyAlgorithm().getJwaName());
}
- theHeaders.setContentEncryptionAlgorithm(getContentAlgorithm());
+ theHeaders.setContentEncryptionAlgorithm(getContentEncryptionAlgoJwt());
JweHeaders protectedHeaders = null;
if (jweInHeaders != null) {
if (jweInHeaders.getKeyEncryptionAlgorithm() != null
&& (getKeyAlgorithm() == null
- || !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm()))
+ || !getKeyAlgorithm().getJwaName().equals(jweInHeaders.getKeyEncryptionAlgorithm()))
|| jweInHeaders.getContentEncryptionAlgorithm() != null
- && !getContentAlgorithm().equals(jweInHeaders.getContentEncryptionAlgorithm())) {
+ && !getContentEncryptionAlgoJwt().equals(jweInHeaders.getContentEncryptionAlgorithm())) {
throw new SecurityException();
}
theHeaders.asMap().putAll(jweInHeaders.asMap());
@@ -178,7 +181,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
byte[] theCek = jweInput != null && jweInput.getCek() != null
? jweInput.getCek() : getContentEncryptionKey(theHeaders);
- String contentEncryptionAlgoJavaName = Algorithm.toJavaName(getContentEncryptionAlgoJwt());
+ String contentEncryptionAlgoJavaName = getContentEncryptionAlgoJava();
KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
keyProps.setCompressionSupported(compressionRequired(theHeaders));
@@ -209,7 +212,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
private boolean compressionRequired(JweHeaders theHeaders) {
return JoseConstants.DEFLATE_ZIP_ALGORITHM.equals(theHeaders.getZipAlgorithm());
}
- protected KeyEncryptionAlgorithm getKeyEncryptionAlgo() {
+ protected KeyEncryptionProvider getKeyEncryptionAlgo() {
return keyEncryptionAlgo;
}
protected static class JweEncryptionInternal {
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index ed35eab..3797b64 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -24,12 +24,13 @@ import java.util.Set;
import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.common.util.crypto.KeyProperties;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
-public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
+public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionProvider {
private Key keyEncryptionKey;
private boolean wrap;
- private String algorithm;
+ private KeyAlgorithm algorithm;
private Set<String> supportedAlgorithms;
protected AbstractWrapKeyEncryptionAlgorithm(Key key, Set<String> supportedAlgorithms) {
this(key, null, true, supportedAlgorithms);
@@ -37,10 +38,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
protected AbstractWrapKeyEncryptionAlgorithm(Key key, boolean wrap, Set<String> supportedAlgorithms) {
this(key, null, wrap, supportedAlgorithms);
}
- protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, Set<String> supportedAlgorithms) {
+ protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, Set<String> supportedAlgorithms) {
this(key, jweAlgo, true, supportedAlgorithms);
}
- protected AbstractWrapKeyEncryptionAlgorithm(Key key, String jweAlgo, boolean wrap,
+ protected AbstractWrapKeyEncryptionAlgorithm(Key key, KeyAlgorithm jweAlgo, boolean wrap,
Set<String> supportedAlgorithms) {
this.keyEncryptionKey = key;
this.algorithm = jweAlgo;
@@ -48,7 +49,7 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
this.supportedAlgorithms = supportedAlgorithms;
}
@Override
- public String getAlgorithm() {
+ public KeyAlgorithm getAlgorithm() {
return algorithm;
}
@Override
@@ -69,10 +70,10 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
}
}
protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
- return Algorithm.toJavaName(headers.getKeyEncryptionAlgorithm());
+ return AlgorithmUtils.toJavaName(headers.getKeyEncryptionAlgorithm());
}
protected String getContentEncryptionAlgoJava(JweHeaders headers) {
- return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
+ return AlgorithmUtils.toJavaName(headers.getContentEncryptionAlgorithm());
}
protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
return null;
@@ -86,14 +87,14 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
protected void checkAlgorithms(JweHeaders headers) {
String providedAlgo = headers.getKeyEncryptionAlgorithm();
if ((providedAlgo == null && algorithm == null)
- || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm))) {
+ || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm.getJwaName()))) {
throw new SecurityException();
}
if (providedAlgo != null) {
checkAlgorithm(providedAlgo);
} else if (algorithm != null) {
- headers.setKeyEncryptionAlgorithm(algorithm);
- checkAlgorithm(algorithm);
+ headers.setKeyEncryptionAlgorithm(algorithm.getJwaName());
+ checkAlgorithm(algorithm.getJwaName());
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
index 68c558f..b39b787 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
@@ -23,7 +23,8 @@ import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public class AesCbcHmacJweDecryption extends JweDecryption {
private String supportedAlgo;
@@ -31,9 +32,9 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
this(keyDecryptionAlgo, null);
}
public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
- String supportedAlgo) {
+ ContentAlgorithm supportedAlgo) {
super(keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo));
- this.supportedAlgo = supportedAlgo;
+ this.supportedAlgo = supportedAlgo == null ? null : supportedAlgo.getJwaName();
}
protected JweDecryptionOutput doDecrypt(JweDecryptionInput jweDecryptionInput, byte[] cek) {
validateAuthenticationTag(jweDecryptionInput, cek);
@@ -62,7 +63,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
}
private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
implements ContentDecryptionAlgorithm {
- public AesCbcContentDecryptionAlgorithm(String supportedAlgo) {
+ public AesCbcContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
super(supportedAlgo);
}
@Override
@@ -79,7 +80,7 @@ public class AesCbcHmacJweDecryption extends JweDecryption {
}
}
private String validateCekAlgorithm(String cekAlgo) {
- if (!Algorithm.isAesCbcHmac(cekAlgo)
+ if (!AlgorithmUtils.isAesCbcHmac(cekAlgo)
|| supportedAlgo != null && !supportedAlgo.equals(cekAlgo)) {
throw new SecurityException();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index a6a0dd2..d3de1c7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -27,28 +27,33 @@ import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import org.apache.cxf.common.util.crypto.HmacUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public class AesCbcHmacJweEncryption extends JweEncryption {
private static final Map<String, String> AES_HMAC_MAP;
private static final Map<String, Integer> AES_CEK_SIZE_MAP;
static {
AES_HMAC_MAP = new HashMap<String, String>();
- AES_HMAC_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), Algorithm.HMAC_SHA_256_JAVA);
- AES_HMAC_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), Algorithm.HMAC_SHA_384_JAVA);
- AES_HMAC_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), Algorithm.HMAC_SHA_512_JAVA);
+ AES_HMAC_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), AlgorithmUtils.HMAC_SHA_256_JAVA);
+ AES_HMAC_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), AlgorithmUtils.HMAC_SHA_384_JAVA);
+ AES_HMAC_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), AlgorithmUtils.HMAC_SHA_512_JAVA);
AES_CEK_SIZE_MAP = new HashMap<String, Integer>();
- AES_CEK_SIZE_MAP.put(Algorithm.A128CBC_HS256.getJwtName(), 32);
- AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
- AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
+ AES_CEK_SIZE_MAP.put(ContentAlgorithm.A128CBC_HS256.getJwaName(), 32);
+ AES_CEK_SIZE_MAP.put(ContentAlgorithm.A192CBC_HS384.getJwaName(), 48);
+ AES_CEK_SIZE_MAP.put(ContentAlgorithm.A256CBC_HS512.getJwaName(), 64);
}
- public AesCbcHmacJweEncryption(String cekAlgoJwt,
- KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
+ public AesCbcHmacJweEncryption(String cekAlgo,
+ KeyEncryptionProvider keyEncryptionAlgorithm) {
+ this(ContentAlgorithm.getAlgorithm(cekAlgo), keyEncryptionAlgorithm);
+ }
+ public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt,
+ KeyEncryptionProvider keyEncryptionAlgorithm) {
this(cekAlgoJwt, null, null, keyEncryptionAlgorithm);
}
- public AesCbcHmacJweEncryption(String cekAlgoJwt, byte[] cek,
- byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
+ public AesCbcHmacJweEncryption(ContentAlgorithm cekAlgoJwt, byte[] cek,
+ byte[] iv, KeyEncryptionProvider keyEncryptionAlgorithm) {
super(keyEncryptionAlgorithm,
new AesCbcContentEncryptionAlgorithm(cek, iv,
validateCekAlgorithm(cekAlgoJwt)));
@@ -142,7 +147,7 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
}
private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
- public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) {
+ public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
super(cek, iv, algo);
}
@Override
@@ -160,8 +165,8 @@ public class AesCbcHmacJweEncryption extends JweEncryption {
private byte[] al;
}
- private static String validateCekAlgorithm(String cekAlgo) {
- if (!Algorithm.isAesCbcHmac(cekAlgo)) {
+ private static ContentAlgorithm validateCekAlgorithm(ContentAlgorithm cekAlgo) {
+ if (!AlgorithmUtils.isAesCbcHmac(cekAlgo.getJwaName())) {
throw new SecurityException();
}
return cekAlgo;
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
index f1f3388..f1a75ea 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
@@ -18,20 +18,21 @@
*/
package org.apache.cxf.rs.security.jose.jwe;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
implements ContentDecryptionAlgorithm {
- public AesGcmContentDecryptionAlgorithm(String supportedAlgo) {
+ public AesGcmContentDecryptionAlgorithm(ContentAlgorithm supportedAlgo) {
super(supportedAlgo);
}
@Override
public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag) {
String algo = headers.getContentEncryptionAlgorithm();
- if (!Algorithm.isAesGcm(algo) || !getAlgorithm().equals(algo)) {
+ if (!AlgorithmUtils.isAesGcm(algo) || !getAlgorithm().getJwaName().equals(algo)) {
throw new SecurityException();
}
return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index bcd0fb3..f5788d9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -21,28 +21,29 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
private static final int DEFAULT_IV_SIZE = 96;
- public AesGcmContentEncryptionAlgorithm(String algo) {
+ public AesGcmContentEncryptionAlgorithm(ContentAlgorithm algo) {
this((byte[])null, null, algo);
}
- public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo) {
+ public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, ContentAlgorithm algo) {
this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv), algo);
}
- public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) {
+ public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, ContentAlgorithm algo) {
this(key.getEncoded(), iv, algo);
}
- public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) {
+ public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, ContentAlgorithm algo) {
super(cek, iv, checkAlgorithm(algo));
}
protected int getIvSize() {
return DEFAULT_IV_SIZE;
}
- private static String checkAlgorithm(String algo) {
- if (Algorithm.isAesGcm(algo)) {
+ private static ContentAlgorithm checkAlgorithm(ContentAlgorithm algo) {
+ if (AlgorithmUtils.isAesGcm(algo.getJwaName())) {
return algo;
}
throw new SecurityException();
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
index 6180014..8d8ec23 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -24,25 +24,26 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {
this(encodedKey, null);
}
- public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {
+ public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {
this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
}
public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {
this(secretKey, null);
}
- public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {
- this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA), supportedAlgo);
+ public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
+ this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES), supportedAlgo);
}
public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {
this(secretKey, null);
}
- public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {
+ public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {
super(secretKey, supportedAlgo);
}
@Override
@@ -65,7 +66,7 @@ public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgori
}
protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
super.validateKeyEncryptionAlgorithm(keyAlgo);
- if (!Algorithm.isAesGcmKeyWrap(keyAlgo)) {
+ if (!AlgorithmUtils.isAesGcmKeyWrap(keyAlgo)) {
throw new SecurityException();
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
index e230470..584d48f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -27,21 +27,22 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
- Arrays.asList(Algorithm.A128GCMKW.getJwtName(),
- Algorithm.A192GCMKW.getJwtName(),
- Algorithm.A256GCMKW.getJwtName()));
- public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {
+ Arrays.asList(KeyAlgorithm.A128GCMKW.getJwaName(),
+ KeyAlgorithm.A192GCMKW.getJwaName(),
+ KeyAlgorithm.A256GCMKW.getJwaName()));
+ public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, KeyAlgorithm keyAlgoJwt) {
this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
}
- public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
- this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA),
+ public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, KeyAlgorithm keyAlgoJwt) {
+ this(CryptoUtils.createSecretKeySpec(keyBytes, AlgorithmUtils.AES),
keyAlgoJwt);
}
- public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+ public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm keyAlgoJwt) {
super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 8871f06..7cfe880 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -21,25 +21,27 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
public AesWrapKeyDecryptionAlgorithm(String encodedKey) {
this(encodedKey, null);
}
- public AesWrapKeyDecryptionAlgorithm(String encodedKey, String supportedAlgo) {
+ public AesWrapKeyDecryptionAlgorithm(String encodedKey, KeyAlgorithm supportedAlgo) {
this(CryptoUtils.decodeSequence(encodedKey), supportedAlgo);
}
public AesWrapKeyDecryptionAlgorithm(byte[] secretKey) {
this(secretKey, null);
}
- public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, String supportedAlgo) {
- this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_WRAP_ALGO_JAVA), supportedAlgo);
+ public AesWrapKeyDecryptionAlgorithm(byte[] secretKey, KeyAlgorithm supportedAlgo) {
+ this(CryptoUtils.createSecretKeySpec(secretKey, AlgorithmUtils.AES_WRAP_ALGO_JAVA),
+ supportedAlgo);
}
public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey) {
this(secretKey, null);
}
- public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, String supportedAlgo) {
+ public AesWrapKeyDecryptionAlgorithm(SecretKey secretKey, KeyAlgorithm supportedAlgo) {
super(secretKey, supportedAlgo);
}
@Override
@@ -51,7 +53,7 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm
}
protected boolean isValidAlgorithmFamily(String keyAlgo) {
- return Algorithm.isAesKeyWrap(keyAlgo);
+ return AlgorithmUtils.isAesKeyWrap(keyAlgo);
}
}