You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/10/06 19:25:55 UTC
[02/10] [CXF-5944] Finalizing the current round of refactorings with
introducing a dedicated rt rs security module, idea from Luigi Lo Iacono
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
deleted file mode 100644
index b3d0cbb..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.io.UnsupportedEncodingException;
-
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-
-public class JwsCompactConsumer {
- private JoseHeadersReader reader = new JoseHeadersReaderWriter();
- private String encodedSequence;
- private String encodedSignature;
- private String headersJson;
- private String jwsPayload;
- public JwsCompactConsumer(String encodedJws) {
- this(encodedJws, null);
- }
- public JwsCompactConsumer(String encodedJws, JoseHeadersReader r) {
- if (r != null) {
- this.reader = r;
- }
- String[] parts = encodedJws.split("\\.");
- if (parts.length != 3) {
- if (parts.length == 2 && encodedJws.endsWith(".")) {
- encodedSignature = "";
- } else {
- throw new OAuthServiceException("Invalid JWS Compact sequence");
- }
- } else {
- encodedSignature = parts[2];
- }
- headersJson = decodeToString(parts[0]);
- jwsPayload = decodeToString(parts[1]);
- encodedSequence = parts[0] + "." + parts[1];
-
- }
- public String getUnsignedEncodedPayload() {
- return encodedSequence;
- }
- public String getEncodedSignature() {
- return encodedSignature;
- }
- public String getDecodedJsonHeaders() {
- return headersJson;
- }
- public String getDecodedJwsPayload() {
- return jwsPayload;
- }
- public byte[] getDecodedJwsPayloadBytes() {
- try {
- return jwsPayload.getBytes("UTF-8");
- } catch (UnsupportedEncodingException ex) {
- throw new SecurityException(ex);
- }
- }
- public byte[] getDecodedSignature() {
- return encodedSignature.isEmpty() ? new byte[]{} : decode(encodedSignature);
- }
- public JwsHeaders getJwsHeaders() {
- JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson);
- if (joseHeaders.getHeaderUpdateCount() != null) {
- throw new SecurityException();
- }
- return new JwsHeaders(joseHeaders);
- }
- public boolean verifySignatureWith(JwsSignatureVerifier validator) {
- try {
- if (validator.verify(getJwsHeaders(), getUnsignedEncodedPayload(), getDecodedSignature())) {
- return true;
- }
- } catch (SecurityException ex) {
- // ignore
- }
- return false;
- }
- public boolean verifySignatureWith(JsonWebKey key) {
- return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
- }
- private static String decodeToString(String encoded) {
- try {
- return new String(decode(encoded), "UTF-8");
- } catch (UnsupportedEncodingException ex) {
- throw new SecurityException(ex);
- }
-
- }
- protected JoseHeadersReader getReader() {
- return reader;
- }
- private static byte[] decode(String encoded) {
- try {
- return Base64UrlUtility.decode(encoded);
- } catch (Base64Exception ex) {
- throw new SecurityException(ex);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
deleted file mode 100644
index 307cf26..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-
-public class JwsCompactProducer {
- private JoseHeadersWriter writer = new JoseHeadersReaderWriter();
- private JwsHeaders headers;
- private String plainJwsPayload;
- private String signature;
- private String plainRep;
-
- public JwsCompactProducer(String plainJwsPayload) {
- this(null, null, plainJwsPayload);
- }
- public JwsCompactProducer(JwsHeaders headers, String plainJwsPayload) {
- this(headers, null, plainJwsPayload);
- }
- public JwsCompactProducer(JwsHeaders headers, JoseHeadersWriter w, String plainJwsPayload) {
- this.headers = headers;
- if (w != null) {
- this.writer = w;
- }
- this.plainJwsPayload = plainJwsPayload;
- }
- public JwsHeaders getHeaders() {
- if (headers == null) {
- headers = new JwsHeaders();
- }
- return headers;
- }
- public String getUnsignedEncodedJws() {
- checkAlgorithm();
- if (plainRep == null) {
- plainRep = Base64UrlUtility.encode(writer.headersToJson(getHeaders()))
- + "."
- + Base64UrlUtility.encode(plainJwsPayload);
- }
- return plainRep;
- }
-
- public String getSignedEncodedJws() {
- checkAlgorithm();
- boolean noSignature = StringUtils.isEmpty(signature);
- if (noSignature && !isPlainText()) {
- throw new IllegalStateException("Signature is not available");
- }
- return getUnsignedEncodedJws() + "." + (noSignature ? "" : signature);
- }
-
- public String signWith(JsonWebKey jwk) {
- return signWith(JwsUtils.getSignatureProvider(jwk));
- }
-
- public String signWith(JwsSignatureProvider signer) {
- JwsSignature worker = signer.createJwsSignature(getHeaders());
- try {
- byte[] bytes = getUnsignedEncodedJws().getBytes("UTF-8");
- worker.update(bytes, 0, bytes.length);
- signWith(worker.sign());
- return getSignedEncodedJws();
- } catch (Exception ex) {
- throw new SecurityException();
- }
- }
-
- public String signWith(String signatureText) {
- setEncodedSignature(Base64UrlUtility.encode(signatureText));
- return getSignedEncodedJws();
- }
-
- public String signWith(byte[] signatureOctets) {
- setEncodedSignature(Base64UrlUtility.encode(signatureOctets));
- return getSignedEncodedJws();
- }
-
- private void setEncodedSignature(String sig) {
- this.signature = sig;
- }
- private boolean isPlainText() {
- return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm());
- }
- private String getAlgorithm() {
- return getHeaders().getAlgorithm();
- }
- private void checkAlgorithm() {
- if (getAlgorithm() == null) {
- throw new IllegalStateException("Algorithm header is not set");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
deleted file mode 100644
index 8ef08a6..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-public class JwsHeaders extends JwtHeaders {
- public JwsHeaders() {
- }
-
- public JwsHeaders(JoseHeaders headers) {
- super(headers.asMap());
- }
-
- public JwsHeaders(Map<String, Object> values) {
- super(values);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java
deleted file mode 100644
index 61138af..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenJson;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReader;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-
-public class JwsJwtCompactConsumer extends JwsCompactConsumer {
- private JwtToken token;
- public JwsJwtCompactConsumer(String encodedJws) {
- this(encodedJws, null);
- }
- public JwsJwtCompactConsumer(String encodedJws, JwtTokenReader r) {
- super(encodedJws, r == null ? new JwtTokenReaderWriter() : r);
- }
- public JwtTokenJson getDecodedJsonToken() {
- return new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload());
- }
- public JwtClaims getJwtClaims() {
- return getJwtToken().getClaims();
- }
- public JwtToken getJwtToken() {
- if (token == null) {
- token = ((JwtTokenReaderWriter)getReader()).fromJson(
- new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload()));
- }
- return token;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
deleted file mode 100644
index 19c194d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter;
-
-public class JwsJwtCompactProducer extends JwsCompactProducer {
-
- public JwsJwtCompactProducer(JwtToken token) {
- this(token, null);
- }
- public JwsJwtCompactProducer(JwtClaims claims) {
- this(new JwtToken(null, claims), null);
- }
- public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims) {
- this(headers, claims, null);
- }
- public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims, JwtTokenWriter w) {
- this(new JwtToken(headers, claims), w);
- }
- public JwsJwtCompactProducer(JwtToken token, JwtTokenWriter w) {
- super(new JwsHeaders(token.getHeaders().asMap()), w, serializeClaims(token.getClaims(), w));
- }
-
- private static String serializeClaims(JwtClaims claims, JwtTokenWriter writer) {
- if (writer == null) {
- writer = new JwtTokenReaderWriter();
- }
- return writer.claimsToJson(claims);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java
deleted file mode 100644
index f10f30c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.io.FilterOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.nio.ByteBuffer;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-
-public class JwsOutputStream extends FilterOutputStream {
- private boolean flushed;
- private JwsSignature signature;
- public JwsOutputStream(OutputStream out, JwsSignature signature) {
- super(out);
- this.signature = signature;
- }
-
- @Override
- public void write(int value) throws IOException {
- byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array();
- write(bytes, 0, bytes.length);
- }
-
- @Override
- public void write(byte b[], int off, int len) throws IOException {
- try {
- signature.update(b, off, len);
- } catch (Throwable ex) {
- throw new SecurityException();
- }
- out.write(b, off, len);
- }
- @Override
- public void flush() throws IOException {
- if (flushed) {
- return;
- }
- try {
- byte[] finalBytes = signature.sign();
- out.write(new byte[]{'.'});
- Base64UrlUtility.encodeAndStream(finalBytes, 0, finalBytes.length, out);
- } catch (Exception ex) {
- throw new SecurityException();
- }
- flushed = true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java
deleted file mode 100644
index 778b5cb..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-
-public interface JwsSignature {
- void update(byte[] src, int off, int len);
- byte[] sign();
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
deleted file mode 100644
index 010c62e..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-
-public interface JwsSignatureProvider {
- String getAlgorithm();
- JwsSignature createJwsSignature(JwsHeaders headers);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
deleted file mode 100644
index ea4a01f..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-public interface JwsSignatureVerifier {
- boolean verify(JwtHeaders headers, String unsignedText, byte[] signature);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
deleted file mode 100644
index 08c59c1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-
-public final class JwsUtils {
- private JwsUtils() {
-
- }
- public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) {
- return getSignatureProvider(jwk, null);
- }
- public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) {
- String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
- JwsSignatureProvider theSigProvider = null;
- if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
- theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
- rsaSignatureAlgo);
- } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())
- && Algorithm.isHmacSign(rsaSignatureAlgo)) {
- theSigProvider =
- new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE),
- rsaSignatureAlgo);
- } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
- theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk),
- rsaSignatureAlgo);
- }
- return theSigProvider;
- }
- public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) {
- return getSignatureVerifier(jwk, null);
- }
- public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) {
- String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
- JwsSignatureVerifier theVerifier = null;
- if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) {
- theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toRSAPublicKey(jwk), rsaSignatureAlgo);
- } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())
- && Algorithm.isHmacSign(rsaSignatureAlgo)) {
- theVerifier =
- new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), rsaSignatureAlgo);
- } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) {
- theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), rsaSignatureAlgo);
- }
- return theVerifier;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
deleted file mode 100644
index c2f5a6a..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
- private PrivateKey key;
- private SecureRandom random;
- private AlgorithmParameterSpec signatureSpec;
-
- public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) {
- this(key, null, algo);
- }
- public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) {
- this(key, null, spec, algo);
- }
- public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random,
- AlgorithmParameterSpec spec, String algo) {
- super(algo);
- this.key = key;
- this.random = random;
- this.signatureSpec = spec;
- }
- protected JwsSignature doCreateJwsSignature(JwsHeaders headers) {
- final Signature s = CryptoUtils.getSignature(key,
- Algorithm.toJavaName(headers.getAlgorithm()),
- random,
- signatureSpec);
- return new JwsSignature() {
-
- @Override
- public void update(byte[] src, int off, int len) {
- try {
- s.update(src, off, len);
- } catch (SignatureException ex) {
- throw new SecurityException();
- }
- }
-
- @Override
- public byte[] sign() {
- try {
- return s.sign();
- } catch (SignatureException ex) {
- throw new SecurityException();
- }
- }
-
- };
- }
- @Override
- protected void checkAlgorithm(String algo) {
- super.checkAlgorithm(algo);
- if (!isValidAlgorithmFamily(algo)) {
- throw new SecurityException();
- }
- }
-
- protected boolean isValidAlgorithmFamily(String algo) {
- return Algorithm.isRsaShaSign(algo);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
deleted file mode 100644
index d485256..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jws;
-
-import java.security.PublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-
-public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier {
- private PublicKey key;
- private AlgorithmParameterSpec signatureSpec;
- private String supportedAlgo;
-
- public PublicKeyJwsSignatureVerifier(PublicKey key) {
- this(key, null);
- }
- public PublicKeyJwsSignatureVerifier(PublicKey key, String supportedAlgorithm) {
- this(key, null, supportedAlgorithm);
- }
- public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) {
- this.key = key;
- this.signatureSpec = spec;
- this.supportedAlgo = supportedAlgo;
- }
- @Override
- public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) {
- try {
- return CryptoUtils.verifySignature(unsignedText.getBytes("UTF-8"),
- signature,
- key,
- Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())),
- signatureSpec);
- } catch (Exception ex) {
- throw new SecurityException(ex);
- }
- }
- protected String checkAlgorithm(String algo) {
- if (algo == null
- || !isValidAlgorithmFamily(algo)
- || supportedAlgo != null && !supportedAlgo.equals(algo)) {
- throw new SecurityException();
- }
- return algo;
- }
- protected boolean isValidAlgorithmFamily(String algo) {
- return Algorithm.isRsaShaSign(algo);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
deleted file mode 100644
index 8944e07..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwt;
-
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.AbstractJoseObject;
-
-
-
-
-public class JwtClaims extends AbstractJoseObject {
-
- public JwtClaims() {
- }
-
- public JwtClaims(Map<String, Object> values) {
- super(values);
- }
-
- public void setIssuer(String issuer) {
- setClaim(JwtConstants.CLAIM_ISSUER, issuer);
- }
-
- public String getIssuer() {
- return (String)getValue(JwtConstants.CLAIM_ISSUER);
- }
-
- public void setSubject(String subject) {
- setClaim(JwtConstants.CLAIM_SUBJECT, subject);
- }
-
- public String getSubject() {
- return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
- }
-
- public void setAudience(String audience) {
- setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
- }
-
- public String getAudience() {
- return (String)getClaim(JwtConstants.CLAIM_AUDIENCE);
- }
-
- public void setExpiryTime(Long expiresIn) {
- setClaim(JwtConstants.CLAIM_EXPIRY, expiresIn);
- }
-
- public Long getExpiryTime() {
- return getLongDate(JwtConstants.CLAIM_EXPIRY);
- }
-
- public void setNotBefore(Long notBefore) {
- setClaim(JwtConstants.CLAIM_NOT_BEFORE, notBefore);
- }
-
- public Long getNotBefore() {
- return getLongDate(JwtConstants.CLAIM_NOT_BEFORE);
- }
-
- public void setIssuedAt(Long issuedAt) {
- setClaim(JwtConstants.CLAIM_ISSUED_AT, issuedAt);
- }
-
- public Long getIssuedAt() {
- return getLongDate(JwtConstants.CLAIM_ISSUED_AT);
- }
-
- public void setTokenId(String id) {
- setValue(JwtConstants.CLAIM_JWT_ID, id);
- }
-
- public String getTokenId() {
- return (String)getClaim(JwtConstants.CLAIM_JWT_ID);
- }
-
- public JwtClaims setClaim(String name, Object value) {
- setValue(name, value);
- return this;
- }
-
- public Object getClaim(String name) {
- return getValue(name);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
deleted file mode 100644
index 2f23e2c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwt;
-
-public final class JwtConstants {
-
- public static final String CLAIM_ISSUER = "iss";
- public static final String CLAIM_SUBJECT = "sub";
- public static final String CLAIM_AUDIENCE = "aud";
- public static final String CLAIM_EXPIRY = "exp";
- public static final String CLAIM_NOT_BEFORE = "nbf";
- public static final String CLAIM_ISSUED_AT = "iat";
- public static final String CLAIM_JWT_ID = "jti";
-
-
- private JwtConstants() {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java
deleted file mode 100644
index e4a1891..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.jose.jwt;
-
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.JoseHeaders;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class JwtHeaders extends JoseHeaders {
-
- public JwtHeaders() {
- }
-
- public JwtHeaders(String algorithm) {
- init(algorithm);
- }
-
- public JwtHeaders(Algorithm algo) {
- init(algo.getJwtName());
- }
-
- public JwtHeaders(Map<String, Object> values) {
- super(values);
- }
-
- public JwtHeaders(JoseHeaders headers) {
- super(headers.asMap());
- }
-
- private void init(String algo) {
- setType(JoseConstants.TYPE_JWT);
- setAlgorithm(algo);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
deleted file mode 100644
index 630813c..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-
-
-public class JwtToken {
- private JwtHeaders headers;
- private JwtClaims claims;
- public JwtToken(JwtHeaders headers, JwtClaims claims) {
- this.headers = headers;
- this.claims = claims;
- }
- public JwtHeaders getHeaders() {
- return headers;
- }
- public JwtClaims getClaims() {
- return claims;
- }
- public int hashCode() {
- return headers.hashCode() + 37 * claims.hashCode();
- }
-
- public boolean equals(Object obj) {
- return obj instanceof JwtToken
- && ((JwtToken)obj).headers.equals(this.headers)
- && ((JwtToken)obj).claims.equals(this.claims);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java
deleted file mode 100644
index e8e79f0..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-
-
-public class JwtTokenJson {
- private String headersJson;
- private String claimsJson;
- public JwtTokenJson(String headersJson, String claimsJson) {
- this.headersJson = headersJson;
- this.claimsJson = claimsJson;
- }
- public String getHeadersJson() {
- return headersJson;
- }
- public String getClaimsJson() {
- return claimsJson;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java
deleted file mode 100644
index 09a6a5d..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersReader;
-
-
-public interface JwtTokenReader extends JoseHeadersReader {
- JwtClaims fromJsonClaims(String jsonClaims);
- JwtToken fromJson(JwtTokenJson jsonPair);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
deleted file mode 100644
index d3e7db4..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
-
-
-
-
-public class JwtTokenReaderWriter extends JoseHeadersReaderWriter
- implements JwtTokenReader, JwtTokenWriter {
-
-
- @Override
- public String claimsToJson(JwtClaims claims) {
- return toJson(claims);
- }
-
- @Override
- public JwtTokenJson tokenToJson(JwtToken token) {
- return new JwtTokenJson(toJson(token.getHeaders()),
- toJson(token.getClaims()));
- }
-
- @Override
- public JwtClaims fromJsonClaims(String claimsJson) {
- JwtClaims claims = new JwtClaims();
- fromJsonInternal(claims, claimsJson);
- return claims;
-
- }
-
- private JwtToken fromJson(String headersJson, String claimsJson) {
- JwtHeaders headers = fromJsonHeaders(headersJson);
- JwtClaims claims = fromJsonClaims(claimsJson);
- return new JwtToken(headers, claims);
- }
-
- @Override
- public JwtToken fromJson(JwtTokenJson pair) {
- return fromJson(pair.getHeadersJson(), pair.getClaimsJson());
- }
-
- @Override
- public JwtHeaders fromJsonHeaders(String jsonHeaders) {
- return new JwtHeaders(super.fromJsonHeaders(jsonHeaders));
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java
deleted file mode 100644
index a2bd02f..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwt;
-
-import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
-
-
-
-public interface JwtTokenWriter extends JoseHeadersWriter {
-
- String claimsToJson(JwtClaims claims);
- JwtTokenJson tokenToJson(JwtToken token);
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
deleted file mode 100644
index b62dc87..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ /dev/null
@@ -1,211 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Security;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-public class JweCompactReaderWriterTest extends Assert {
- // A1 example
- private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = {
- (byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225,
- 115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246,
- (byte)138, 7, 110, 91, 112, 46, 34, 105, 47,
- (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252};
- private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"
- + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"
- + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"
- + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"
- + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"
- + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw";
- private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB";
- private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 =
- "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"
- + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"
- + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"
- + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"
- + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"
- + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ";
-
- private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219,
- (byte)233, 68, (byte)180, (byte)225, 77, (byte)219};
-
- // A3 example
- private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = {
- 4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100,
- (byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212,
- 45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143,
- (byte)156, 44, (byte)207};
- private static final byte[] INIT_VECTOR_A3 = {
- 3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101};
- private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg";
- private static final String JWE_OUTPUT_A3 =
- "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"
- + ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"
- + ".AxY8DCtDaGlsbGljb3RoZQ"
- + ".KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY"
- + ".U0m_YmjN04DJvceFICbCVQ";
-
- @BeforeClass
- public static void registerBouncyCastleIfNeeded() throws Exception {
- try {
- // Java 8 apparently has it
- Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA);
- } catch (Throwable t) {
- // Oracle Java 7
- Security.addProvider(new BouncyCastleProvider());
- }
- }
- @AfterClass
- public static void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.class.getName());
- }
-
- @Test
- public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception {
- final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(Algorithm.A128KW.getJwtName());
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
-
- byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
-
- AesWrapKeyEncryptionAlgorithm keyEncryption =
- new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
- CONTENT_ENCRYPTION_KEY_A3,
- INIT_VECTOR_A3,
- keyEncryption);
- String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
- assertEquals(JWE_OUTPUT_A3, jweContent);
-
- AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey);
- JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
- String decryptedText = decryption.decrypt(jweContent).getContentText();
- assertEquals(specPlainText, decryptedText);
- }
- @Test
- public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
- final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(JoseConstants.A128GCMKW_ALGO);
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
-
- byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
-
- AesGcmWrapKeyEncryptionAlgorithm keyEncryption =
- new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JoseConstants.A128GCMKW_ALGO);
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
- CONTENT_ENCRYPTION_KEY_A3,
- INIT_VECTOR_A3,
- keyEncryption);
- String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-
- AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey);
- JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
- String decryptedText = decryption.decrypt(jweContent).getContentText();
- assertEquals(specPlainText, decryptedText);
- }
-
- @Test
- public void testEncryptDecryptSpecExample() throws Exception {
- final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
- String jweContent = encryptContent(specPlainText, true);
-
- decrypt(jweContent, specPlainText, true);
- }
-
- @Test
- public void testDirectKeyEncryptDecrypt() throws Exception {
- final String specPlainText = "The true sign of intelligence is not knowledge but imagination.";
- SecretKey key = createSecretKey(true);
- String jweContent = encryptContentDirect(key, specPlainText);
-
- decryptDirect(key, jweContent, specPlainText);
- }
-
- @Test
- public void testEncryptDecryptJwsToken() throws Exception {
- String jweContent = encryptContent(JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
- decrypt(jweContent, JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false);
- }
-
- private String encryptContent(String content, boolean createIfException) throws Exception {
- RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1,
- RSA_PUBLIC_EXPONENT_ENCODED_A1);
- SecretKey key = createSecretKey(createIfException);
- String jwtKeyName = null;
- if (key == null) {
- // the encryptor will generate it
- jwtKeyName = Algorithm.A128GCM.getJwtName();
- } else {
- jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8);
- }
- KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey,
- Algorithm.RSA_OAEP.getJwtName());
- ContentEncryptionAlgorithm contentEncryptionAlgo =
- new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName);
- JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(keyEncryptionAlgo, contentEncryptionAlgo);
- return encryptor.encrypt(content.getBytes("UTF-8"), null);
- }
- private String encryptContentDirect(SecretKey key, String content) throws Exception {
- DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption(
- new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, JoseConstants.A128GCM_ALGO));
- return encryptor.encrypt(content.getBytes("UTF-8"), null);
- }
- private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception {
- RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1,
- RSA_PRIVATE_EXPONENT_ENCODED_A1);
- JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey),
- new AesGcmContentDecryptionAlgorithm());
- String decryptedText = decryptor.decrypt(jweContent).getContentText();
- assertEquals(decryptedText, plainContent);
- }
- private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception {
- DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key, new AesGcmContentDecryptionAlgorithm());
- String decryptedText = decryptor.decrypt(jweContent).getContentText();
- assertEquals(decryptedText, plainContent);
- }
- private SecretKey createSecretKey(boolean createIfException) throws Exception {
- SecretKey key = null;
- if (Cipher.getMaxAllowedKeyLength("AES") > 128) {
- key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES");
- } else if (createIfException) {
- key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES");
- }
- return key;
- }
-}
-
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
deleted file mode 100644
index 05d53c2..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.Security;
-
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.After;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-public class JwePbeHmacAesWrapTest extends Assert {
- @Before
- public void registerBouncyCastleIfNeeded() throws Exception {
- Security.addProvider(new BouncyCastleProvider());
- }
- @After
- public void unregisterBouncyCastleIfNeeded() throws Exception {
- Security.removeProvider(BouncyCastleProvider.class.getName());
- }
- @Test
- public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception {
- final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO);
- headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
- final String password = "Thus from my lips, by yours, my sin is purged.";
- KeyEncryptionAlgorithm keyEncryption =
- new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
- JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption);
- String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
-
- PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
- JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
- String decryptedText = decryption.decrypt(jweContent).getContentText();
- assertEquals(specPlainText, decryptedText);
-
- }
- @Test
- public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception {
- final String specPlainText = "Live long and prosper.";
- JweHeaders headers = new JweHeaders();
- headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO);
- headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName());
- final String password = "Thus from my lips, by yours, my sin is purged.";
- KeyEncryptionAlgorithm keyEncryption =
- new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO);
- JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers,
- keyEncryption,
- new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
- String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
- PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
- JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption,
- new AesGcmContentDecryptionAlgorithm());
- String decryptedText = decryption.decrypt(jweContent).getContentText();
- assertEquals(specPlainText, decryptedText);
-
- }
-}
-
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
deleted file mode 100644
index eb660ae..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwk;
-
-import java.io.InputStream;
-import java.security.Security;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.rs.security.jose.JoseConstants;
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-public class JsonWebKeyTest extends Assert {
- private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt"
- + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf"
- + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt"
- + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw";
- private static final String RSA_PUBLIC_EXP_VALUE = "AQAB";
- private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d"
- + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4"
- + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66"
- + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q";
- private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ"
- + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9"
- + "RzzOGVQzXvNEvn7O0nVbfs";
- private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3"
- + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA"
- + "ITAG9LUnADun4vIcb6yelxk";
- private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o"
- + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm"
- + "s6rY3Ob8YeiKkTiBj0";
- private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu"
- + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW"
- + "rX-L18txXw494Q_cgk";
- private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm"
- + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF"
- + "YItdldUKGzO6Ia6zTKhAVRU";
- private static final String RSA_KID_VALUE = "2011-04-29";
- private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256;
- private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4";
- private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM";
- private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE";
- private static final String EC_KID_VALUE = "1";
- private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg";
- private static final String AES_KID_VALUE = "AesWrapKey";
- private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3"
- + "Yj0iPS4hcgUuTwjAzZr1Z9CAow";
- private static final String HMAC_KID_VALUE = "HMACKey";
-
- @Test
- public void testPublicSetAsList() throws Exception {
- JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
- List<JsonWebKey> keys = jwks.getKeys();
- assertEquals(2, keys.size());
-
- JsonWebKey ecKey = keys.get(0);
- assertEquals(6, ecKey.asMap().size());
- validatePublicEcKey(ecKey);
- JsonWebKey rsaKey = keys.get(1);
- assertEquals(5, rsaKey.asMap().size());
- validatePublicRsaKey(rsaKey);
- }
-
- @Test
- public void testPublicSetAsMap() throws Exception {
- JsonWebKeys jwks = readKeySet("jwkPublicSet.txt");
- Map<String, JsonWebKey> keysMap = jwks.getKeyIdMap();
- assertEquals(2, keysMap.size());
-
- JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE);
- assertEquals(5, rsaKey.asMap().size());
- validatePublicRsaKey(rsaKey);
- JsonWebKey ecKey = keysMap.get(EC_KID_VALUE);
- assertEquals(6, ecKey.asMap().size());
- validatePublicEcKey(ecKey);
- }
-
- @Test
- public void testPrivateSetAsList() throws Exception {
- JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
- validatePrivateSet(jwks);
- }
- private void validatePrivateSet(JsonWebKeys jwks) throws Exception {
- List<JsonWebKey> keys = jwks.getKeys();
- assertEquals(2, keys.size());
-
- JsonWebKey ecKey = keys.get(0);
- assertEquals(7, ecKey.asMap().size());
- validatePrivateEcKey(ecKey);
- JsonWebKey rsaKey = keys.get(1);
- assertEquals(11, rsaKey.asMap().size());
- validatePrivateRsaKey(rsaKey);
- }
- @Test
- public void testEncryptDecryptPrivateSet() throws Exception {
- Security.addProvider(new BouncyCastleProvider());
- try {
- JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt");
- validatePrivateSet(jwks);
- String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray());
- JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet);
- assertEquals("jwk-set+json", c.getJweHeaders().getContentType());
- assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
- assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
- assertNotNull(c.getJweHeaders().getHeader("p2s"));
- assertNotNull(c.getJweHeaders().getHeader("p2c"));
- jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray());
- validatePrivateSet(jwks);
- } finally {
- Security.removeProvider(BouncyCastleProvider.class.getName());
- }
- }
- @Test
- public void testEncryptDecryptPrivateKey() throws Exception {
- final String key = "{\"kty\":\"oct\","
- + "\"alg\":\"A128KW\","
- + "\"k\":\"GawgguFyGrWKav7AX4VKUg\","
- + "\"kid\":\"AesWrapKey\"}";
- Security.addProvider(new BouncyCastleProvider());
- try {
- JsonWebKey jwk = readKey(key);
- validateSecretAesKey(jwk);
- String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray());
- JweCompactConsumer c = new JweCompactConsumer(encryptedKey);
- assertEquals("jwk+json", c.getJweHeaders().getContentType());
- assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm());
- assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm());
- assertNotNull(c.getJweHeaders().getHeader("p2s"));
- assertNotNull(c.getJweHeaders().getHeader("p2c"));
- jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray());
- validateSecretAesKey(jwk);
- } finally {
- Security.removeProvider(BouncyCastleProvider.class.getName());
- }
- }
-
- @Test
- public void testSecretSetAsList() throws Exception {
- JsonWebKeys jwks = readKeySet("jwkSecretSet.txt");
- List<JsonWebKey> keys = jwks.getKeys();
- assertEquals(2, keys.size());
- JsonWebKey aesKey = keys.get(0);
- assertEquals(4, aesKey.asMap().size());
- validateSecretAesKey(aesKey);
- JsonWebKey hmacKey = keys.get(1);
- assertEquals(4, hmacKey.asMap().size());
- validateSecretHmacKey(hmacKey);
- }
-
- private void validateSecretAesKey(JsonWebKey key) {
- assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- assertEquals(AES_KID_VALUE, key.getKid());
- assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
- assertEquals(JoseConstants.A128KW_ALGO, key.getAlgorithm());
- }
- private void validateSecretHmacKey(JsonWebKey key) {
- assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- assertEquals(HMAC_KID_VALUE, key.getKid());
- assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType());
- assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm());
- }
-
- private void validatePublicRsaKey(JsonWebKey key) {
- assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS));
- assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP));
- assertEquals(RSA_KID_VALUE, key.getKid());
- assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType());
- assertEquals(JoseConstants.RS_SHA_256_ALGO, key.getAlgorithm());
- }
- private void validatePrivateRsaKey(JsonWebKey key) {
- validatePublicRsaKey(key);
- assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP));
- assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR));
- assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR));
- assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT));
- assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT));
- assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT));
- }
- private void validatePublicEcKey(JsonWebKey key) {
- assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE));
- assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE));
- assertEquals(EC_KID_VALUE, key.getKid());
- assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType());
- assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE));
- assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse());
- }
- private void validatePrivateEcKey(JsonWebKey key) {
- validatePublicEcKey(key);
- assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY));
- }
-
- public JsonWebKeys readKeySet(String fileName) throws Exception {
- InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName);
- String s = IOUtils.readStringFromStream(is);
- return JwkUtils.readJwkSet(s);
- }
- public JsonWebKey readKey(String key) throws Exception {
- return JwkUtils.readJwkKey(key);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
deleted file mode 100644
index cb30c04..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-{"keys":
- [
- {"kty":"EC",
- "crv":"P-256",
- "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
- "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
- "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
- "use":"enc",
- "kid":"1"},
-
- {"kty":"RSA",
- "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
- "e":"AQAB",
- "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q",
- "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs",
- "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk",
- "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0",
- "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk",
- "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU",
- "alg":"RS256",
- "kid":"2011-04-29"}
- ]
- }
http://git-wip-us.apache.org/repos/asf/cxf/blob/9c053334/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
deleted file mode 100644
index 5a4a839..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-{"keys":
- [
- {"kty":"EC",
- "crv":"P-256",
- "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
- "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
- "use":"enc",
- "kid":"1"},
-
- {"kty":"RSA",
- "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
- "e":"AQAB",
- "alg":"RS256",
- "kid":"2011-04-29"}
-
- ]
- }
\ No newline at end of file