You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/02/11 18:41:28 UTC
cxf git commit: [CXF-6085] Just prototyping JweJsonProducerTest and
fixing few typos
Repository: cxf
Updated Branches:
refs/heads/master 69da964ce -> 76e1cd86b
[CXF-6085] Just prototyping JweJsonProducerTest and fixing few typos
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/76e1cd86
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/76e1cd86
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/76e1cd86
Branch: refs/heads/master
Commit: 76e1cd86bf15145a3a5d6942d5b36567a98b54fd
Parents: 69da964
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Feb 11 17:41:09 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Feb 11 17:41:09 2015 +0000
----------------------------------------------------------------------
.../jose/jwe/AbstractJweEncryption.java | 2 +-
.../rs/security/jose/jwe/JweJsonProducer.java | 28 ++++++---
.../jose/jwe/JweCompactReaderWriterTest.java | 6 +-
.../security/jose/jwe/JweJsonProducerTest.java | 66 ++++++++++++++++++++
4 files changed, 88 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/76e1cd86/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index e0d7cf6..ba805938 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -143,7 +143,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
&& (getKeyAlgorithm() == null
|| !getKeyAlgorithm().equals(jweInHeaders.getKeyEncryptionAlgorithm()))
|| jweInHeaders.getAlgorithm() != null
- && !getContentAlgorithm().equals(jweInHeaders.getAlgorithm())) {
+ && !getContentAlgorithm().equals(jweInHeaders.getContentEncryptionAlgorithm())) {
throw new SecurityException();
}
theHeaders.asMap().putAll(jweInHeaders.asMap());
http://git-wip-us.apache.org/repos/asf/cxf/blob/76e1cd86/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
index 8879e24..ede3a0a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducer.java
@@ -50,22 +50,27 @@ public class JweJsonProducer {
this(protectedHeader, content, aad);
this.unprotectedHeader = unprotectedHeader;
}
-
+ public String encryptWith(JweEncryptionProvider encryptor) {
+ return encryptWith(Collections.singletonList(encryptor), null);
+ }
+ public String encryptWith(JweEncryptionProvider encryptor, JweHeaders recipientUnprotected) {
+ return encryptWith(Collections.singletonList(encryptor),
+ Collections.singletonList(recipientUnprotected));
+ }
public String encryptWith(List<JweEncryptionProvider> encryptors) {
return encryptWith(encryptors, null);
}
public String encryptWith(List<JweEncryptionProvider> encryptors,
- List<JweHeaders> recepientUnprotected) {
+ List<JweHeaders> recipientUnprotected) {
checkAndGetContentAlgorithm(encryptors);
- if (recepientUnprotected != null
- && recepientUnprotected.size() != encryptors.size()) {
+ if (recipientUnprotected != null
+ && recipientUnprotected.size() != encryptors.size()) {
throw new IllegalArgumentException();
}
//TODO: determine the actual cek and iv length based on the algo
byte[] cek = CryptoUtils.generateSecureRandomBytes(32);
byte[] iv = CryptoUtils.generateSecureRandomBytes(16);
JweHeaders unionHeaders = new JweHeaders();
- unionHeaders.setProtectedHeaders(protectedHeader);
if (protectedHeader != null) {
unionHeaders.asMap().putAll(protectedHeader.asMap());
}
@@ -91,9 +96,9 @@ public class JweJsonProducer {
for (int i = 0; i < encryptors.size(); i++) {
JweEncryptionProvider encryptor = encryptors.get(i);
JweHeaders perRecipientUnprotected =
- recepientUnprotected == null ? null : recepientUnprotected.get(i);
+ recipientUnprotected == null ? null : recipientUnprotected.get(i);
JweHeaders jsonHeaders = null;
- if (recepientUnprotected != null) {
+ if (recipientUnprotected != null) {
if (!Collections.disjoint(unionHeaders.asMap().keySet(),
perRecipientUnprotected.asMap().keySet())) {
throw new SecurityException("Protected and unprotected headers have duplicate values");
@@ -101,9 +106,11 @@ public class JweJsonProducer {
jsonHeaders = new JweHeaders(unionHeaders.asMap());
jsonHeaders.asMap().putAll(unprotectedHeader.asMap());
} else {
- jsonHeaders = null;
+ jsonHeaders = unionHeaders;
}
- JweEncryptionInput input = new JweEncryptionInput(unionHeaders,
+ jsonHeaders.setProtectedHeaders(protectedHeader);
+
+ JweEncryptionInput input = new JweEncryptionInput(jsonHeaders,
cek,
iv,
aad);
@@ -121,7 +128,8 @@ public class JweJsonProducer {
final int authTagLengthBits = 128;
final int cipherTextLen = currentCipherOutput.length - authTagLengthBits / 8;
currentCipherText = Arrays.copyOf(currentCipherOutput, cipherTextLen);
- currentAuthTag = Arrays.copyOfRange(currentCipherOutput, cipherTextLen, authTagLengthBits / 8);
+ currentAuthTag = Arrays.copyOfRange(currentCipherOutput, cipherTextLen,
+ cipherTextLen + authTagLengthBits / 8);
if (cipherText == null) {
cipherText = currentCipherText;
} else if (!Arrays.equals(cipherText, currentCipherText)) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/76e1cd86/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 029e164..c3f52f3 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -42,18 +42,18 @@ import org.junit.Test;
public class JweCompactReaderWriterTest extends Assert {
// A1 example
- private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = {
+ static final byte[] CONTENT_ENCRYPTION_KEY_A1 = {
(byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225,
115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246,
(byte)138, 7, 110, 91, 112, 46, 34, 105, 47,
(byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252};
- private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
+ static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
+ "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"
+ "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"
+ "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"
+ "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
+ "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
- private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
+ static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 =
"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
+ "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
http://git-wip-us.apache.org/repos/asf/cxf/blob/76e1cd86/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
new file mode 100644
index 0000000..166c326
--- /dev/null
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.Security;
+import java.security.interfaces.RSAPublicKey;
+
+import javax.crypto.Cipher;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JweJsonProducerTest extends Assert {
+ @BeforeClass
+ public static void registerBouncyCastleIfNeeded() throws Exception {
+ try {
+ Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
+ Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA);
+ } catch (Throwable t) {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+ }
+ @AfterClass
+ public static void unregisterBouncyCastleIfNeeded() throws Exception {
+ Security.removeProvider(BouncyCastleProvider.class.getName());
+ }
+
+ @Test
+ public void testSingleRecipient() throws Exception {
+ final String text = "The true sign of intelligence is not knowledge but imagination.";
+ RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(JweCompactReaderWriterTest.RSA_MODULUS_ENCODED_A1,
+ JweCompactReaderWriterTest.RSA_PUBLIC_EXPONENT_ENCODED_A1);
+ JweHeaders headers = new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
+ JoseConstants.A128GCM_ALGO);
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(publicKey, headers);
+ JweJsonProducer p = new JweJsonProducer(headers, StringUtils.toBytesUTF8(text));
+ String jweJws = p.encryptWith(jwe);
+ assertNotNull(jweJws);
+
+ }
+}
+