You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by as...@apache.org on 2014/04/01 12:56:29 UTC
svn commit: r1583609 - in /oltu/trunk/jose/jws: ./
src/main/java/org/apache/oltu/jose/jws/
src/main/java/org/apache/oltu/jose/jws/signature/impl/
Author: asanso
Date: Tue Apr 1 10:56:28 2014
New Revision: 1583609
URL: http://svn.apache.org/r1583609
Log:
OLTU-143 - Add support for public key signature algorithm to the JWS module
Added:
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
Modified:
oltu/trunk/jose/jws/pom.xml
Modified: oltu/trunk/jose/jws/pom.xml
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/pom.xml?rev=1583609&r1=1583608&r2=1583609&view=diff
==============================================================================
--- oltu/trunk/jose/jws/pom.xml (original)
+++ oltu/trunk/jose/jws/pom.xml Tue Apr 1 10:56:28 2014
@@ -38,7 +38,7 @@
<dependency>
<groupId>org.apache.oltu.commons</groupId>
<artifactId>org.apache.oltu.commons.encodedtoken</artifactId>
- <version>1.0.0</version>
+ <version>1.0.1-SNAPSHOT</version>
</dependency>
<dependency>
@@ -46,6 +46,7 @@
<artifactId>org.apache.oltu.commons.json</artifactId>
<version>1.0.0</version>
</dependency>
+
</dependencies>
</project>
Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java (added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JwsConstants.java Tue Apr 1 10:56:28 2014
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws;
+
+public class JwsConstants {
+
+ public static final String RS256 = "RS256";
+
+ public static final String RS384 = "RS384";
+
+ public static final String RS512 = "RS512";
+}
Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java (added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java Tue Apr 1 10:56:28 2014
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import org.apache.oltu.jose.jws.signature.SigningKey;
+
+public class PrivateKey implements SigningKey {
+
+ java.security.PrivateKey privateKey;
+
+ public PrivateKey(java.security.PrivateKey privateKey) {
+ this.privateKey = privateKey;
+ }
+
+ public java.security.PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+}
\ No newline at end of file
Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java (added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PublicKey.java Tue Apr 1 10:56:28 2014
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import org.apache.oltu.jose.jws.signature.VerifyingKey;
+
+public class PublicKey implements VerifyingKey {
+
+ java.security.PublicKey publicKey;
+
+ public PublicKey(java.security.PublicKey publicKey) {
+ this.publicKey = publicKey;
+ }
+
+ public java.security.PublicKey getPublicKey() {
+ return publicKey;
+ }
+
+}
\ No newline at end of file
Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java?rev=1583609&view=auto
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java (added)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/SignatureMethodRSAImpl.java Tue Apr 1 10:56:28 2014
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.oltu.jose.jws.signature.impl;
+
+import java.security.Signature;
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
+import org.apache.oltu.jose.jws.JwsConstants;
+import org.apache.oltu.jose.jws.signature.SignatureMethod;
+
+/**
+ * Class that asymmetrically sign and verify the
+ * issued token
+ *
+ */
+public class SignatureMethodRSAImpl implements
+SignatureMethod<PrivateKey, PublicKey>{
+
+ private String algorithm;
+
+ public SignatureMethodRSAImpl(String algorithm) {
+ super();
+ this.algorithm = algorithm;
+ }
+
+
+ /*
+ * Calculate the signature of given header.payload as for
+ * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-21#appendix-A.2.1
+ *
+ */
+ @Override
+ public String calculate(String header, String payload, PrivateKey signingKey) {
+ StringBuilder sb = new StringBuilder();
+ sb.append(header).append(".").append(payload);
+ final String stringToSign = sb.toString();
+ byte[] bytes = stringToSign.getBytes();
+ try {
+ Signature signature = Signature.getInstance(getAlgorithmInternal());
+
+ signature.initSign(signingKey.getPrivateKey());
+ signature.update(bytes);
+ bytes = signature.sign();
+
+ return TokenDecoder.base64Encode(bytes);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /*
+ * Verify the signature of given header.payload as for
+ * http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-21#appendix-A.2.2
+ *
+ */
+ @Override
+ public boolean verify(String signature, String header, String payload,
+ PublicKey verifyingKey) {
+ final String text = header + "." + payload;
+ try {
+ Signature sign = Signature.getInstance(getAlgorithmInternal());
+ sign.initVerify(verifyingKey.getPublicKey());
+ sign.update(text.getBytes());
+
+ return sign.verify(decode(signature));
+
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
+ @Override
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
+ // ---------- Private methods ---------------------------------------------
+ private String getAlgorithmInternal(){
+ String alg = null;
+ if (JwsConstants.RS256.equals(algorithm)) {
+ alg = "SHA256withRSA";
+ } else if (JwsConstants.RS384.equals(algorithm)) {
+ alg = "SHA384withRSA";
+ } else if (JwsConstants.RS512.equals(algorithm)) {
+ alg = "SHA512withRSA";
+ }
+ return alg;
+ }
+
+ private static byte[] decode(String arg) throws Exception {
+ String s = arg;
+ s = s.replace('-', '+'); // 62nd char of encoding
+ s = s.replace('_', '/'); // 63rd char of encoding
+ switch (s.length() % 4) // Pad with trailing '='s
+ {
+ case 0: break; // No pad chars in this case
+ case 2: s += "=="; break; // Two pad chars
+ case 3: s += "="; break; // One pad char
+ default: throw new java.lang.Exception(
+ "Illegal base64url string!");
+ }
+ return TokenDecoder.base64DecodeToByte(s);
+ }
+
+}
Re: svn commit: r1583609 - in /oltu/trunk/jose/jws: ./ src/main/java/org/apache/oltu/jose/jws/ src/main/java/org/apache/oltu/jose/jws/signature/impl/
Posted by Łukasz Dywicki <lu...@code-house.org>.
If thiss class contains just constants you can make it as interface and skip repeated "public static final” and also avoid checkstyle crying about constructor. :)
Cheers,
Łukasz Dywicki
--
luke@code-house.org
Twitter: ldywicki
Blog: http://dywicki.pl
Code-House - http://code-house.org
Wiadomość napisana przez Antonio Sanso <as...@adobe.com> w dniu 11 kwi 2014, o godz. 14:45:
> hi Simo +1
>
> Maybe we can leave in the same bundle though. Just not in the impl package…
>
> regards
>
> antonio
>
> On Apr 11, 2014, at 1:51 PM, Simone Tripodi <si...@apache.org> wrote:
>
>> Hi Tonino,
>>
>> just few considerations:
>>
>>> +public class JwsConstants {
>>> +
>>> + public static final String RS256 = "RS256";
>>> +
>>> + public static final String RS384 = "RS384";
>>> +
>>> + public static final String RS512 = "RS512";
>>> +}
>>
>> I'd reduce this class constructor as 'private'
>>
>>>
>>> Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
>>
>> I wouldn't add that classes to a generic 'impl' package, they refer to
>> specific 'java.security' implementation, so I would suggest to:
>>
>> * having them implemented in a separated module/bundle
>>
>> * package name be renamed
>>
>> WDYT?
>> Best,
>> -Simo
>
Re: svn commit: r1583609 - in /oltu/trunk/jose/jws: ./
src/main/java/org/apache/oltu/jose/jws/
src/main/java/org/apache/oltu/jose/jws/signature/impl/
Posted by Antonio Sanso <as...@adobe.com>.
hi Simo +1
Maybe we can leave in the same bundle though. Just not in the impl package…
regards
antonio
On Apr 11, 2014, at 1:51 PM, Simone Tripodi <si...@apache.org> wrote:
> Hi Tonino,
>
> just few considerations:
>
>> +public class JwsConstants {
>> +
>> + public static final String RS256 = "RS256";
>> +
>> + public static final String RS384 = "RS384";
>> +
>> + public static final String RS512 = "RS512";
>> +}
>
> I'd reduce this class constructor as 'private'
>
>>
>> Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
>
> I wouldn't add that classes to a generic 'impl' package, they refer to
> specific 'java.security' implementation, so I would suggest to:
>
> * having them implemented in a separated module/bundle
>
> * package name be renamed
>
> WDYT?
> Best,
> -Simo
Re: svn commit: r1583609 - in /oltu/trunk/jose/jws: ./
src/main/java/org/apache/oltu/jose/jws/ src/main/java/org/apache/oltu/jose/jws/signature/impl/
Posted by Simone Tripodi <si...@apache.org>.
Hi Tonino,
just few considerations:
> +public class JwsConstants {
> +
> + public static final String RS256 = "RS256";
> +
> + public static final String RS384 = "RS384";
> +
> + public static final String RS512 = "RS512";
> +}
I'd reduce this class constructor as 'private'
>
> Added: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/impl/PrivateKey.java
I wouldn't add that classes to a generic 'impl' package, they refer to
specific 'java.security' implementation, so I would suggest to:
* having them implemented in a separated module/bundle
* package name be renamed
WDYT?
Best,
-Simo