You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2016/05/18 14:47:38 UTC

svn commit: r988536 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html

Author: buildbot
Date: Wed May 18 14:47:37 2016
New Revision: 988536

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Wed May 18 14:47:37 2016
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1463579220959 {padding: 0px;}
-div.rbtoc1463579220959 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1463579220959 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1463582822610 {padding: 0px;}
+div.rbtoc1463582822610 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1463582822610 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1463579220959">
+/*]]>*/</style></p><div class="toc-macro rbtoc1463582822610">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithClearPayload">JWS with Clear Payload</a></li></ul>
@@ -201,7 +201,7 @@ JwtToken token = jws.getJwtToken();
 JoseHeaders headers = token.getHeaders();
 assertEquals(SignatureAlgorithm.HS256, headers.getAlgorithm());
 validateClaims(token.getClaims());</pre>
-</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3 id="JAX-RSJOSE-JWSwithClearPayload">JWS with Clear Payload</h3><h2 id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516" rel="nofollow">JWE</a> (JSON Web Encryption) document describes how a document content, and, when applicable, a content encryption key, can be encrypted. For example, <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516#appendix-A.1" rel="nofollow">Appendix A1</a> shows how the content can be encrypted with a secret key using AesGcm with the actual content encryption key being encrypted using RSA-OAEP.</p><p>CXF ships JWE related classes in <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe" rel="nofollow">this package</a> and offers a support for all of JWA <a shape="rect" class="external
 -link" href="https://tools.ietf.org/html/rfc7518#section-4" rel="nofollow">key encryption</a> and <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5" rel="nofollow">content encryption</a> algorithms.</p><h3 id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption Providers</h3><p>JWE Encryption process typically involves a content-encryption key being generated with this key being subsequently encrypted/wrapped with a key known to the consumer. Thus CXF offers the providers for supporting the key-encryption algorithms and providers for supporting the content-encryption algorithms. Direct key encryption (where the content-encryption key is established out of band) is also supported.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java" rel="nofollow">KeyEncryptionProvider</a> suppo
 rts encrypting a content-encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java" rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following table shows the key encryption algorithms and the corresponding providers:</p><p>RSAKeyEncryptionAlgorithm</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2" rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyEncryptionA
 lgorithm</pre></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3" rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.4" rel="nofollow">AES Key Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">EcDsaJwsSignatureProvider</td><td colspan="1" rowspan="1" class="confluenceTd">EcDsaJwsSignatureVerifier</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-3.5" rel="nofollow">RSASSA-PSS</a></td><td colspan="1"
  rowspan="1" class="confluenceTd">PrivateKeyJwsSignatureProvider</td><td colspan="1" rowspan="1" class="confluenceTd">PublicKeyJwsSignatureVerifier</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-3.6" rel="nofollow">None</a></td><td colspan="1" rowspan="1" class="confluenceTd">NoneJwsSignatureProvider</td><td colspan="1" rowspan="1" class="confluenceTd">NoneJwsSignatureVerifier</td></tr></tbody></table></div><p>Either of these providers can be initialized with the keys loaded from JWK or JCA stores or from the in-memory representations.</p><h3 id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD">JweEncryptionProvider</a> supports encrypting t
 he content, <a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD">JweDecryptionProvider</a> - decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.</p><p>Here is the example of doing AES CBC HMAC and AES Key Wrap in CXF:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF Jwe AesWrapAesCbcHMac</b></div><div class="codeContent panelContent pdl">
+</div></div><h3 id="JAX-RSJOSE-JWSJSON">JWS JSON</h3><h3 id="JAX-RSJOSE-JWSwithClearPayload">JWS with Clear Payload</h3><h2 id="JAX-RSJOSE-JWEEncryption">JWE Encryption</h2><p><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516" rel="nofollow">JWE</a> (JSON Web Encryption) document describes how a document content, and, when applicable, a content encryption key, can be encrypted. For example, <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7516#appendix-A.1" rel="nofollow">Appendix A1</a> shows how the content can be encrypted with a secret key using AesGcm with the actual content encryption key being encrypted using RSA-OAEP.</p><p>CXF ships JWE related classes in <a shape="rect" class="external-link" href="https://github.com/apache/cxf/tree/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe" rel="nofollow">this package</a> and offers a support for all of JWA <a shape="rect" class="external
 -link" href="https://tools.ietf.org/html/rfc7518#section-4" rel="nofollow">key encryption</a> and <a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5" rel="nofollow">content encryption</a> algorithms.</p><h3 id="JAX-RSJOSE-KeyandContentEncryptionProviders">Key and Content Encryption Providers</h3><p>JWE Encryption process typically involves a content-encryption key being generated with this key being subsequently encrypted/wrapped with a key known to the consumer. Thus CXF offers the providers for supporting the key-encryption algorithms and providers for supporting the content-encryption algorithms. Direct key encryption (where the content-encryption key is established out of band) is also supported.</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionProvider.java" rel="nofollow">KeyEncryptionProvider</a> suppo
 rts encrypting a content-encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionProvider.java" rel="nofollow">KeyDecryptionProvider</a> - decrypting it.</p><p>The following table shows the key encryption algorithms and the corresponding providers:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyEncryptionProvider</strong></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>KeyDecryptionProvider</strong></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.2" rel="nofollow">RSAES-PKCS1-v1_5</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>RSAKeyEncryptionAlgorithm</pre></td><td colspan="
 1" rowspan="1" class="confluenceTd"><pre>RSAKeyDecryptionAlgorithm</pre></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.3" rel="nofollow">RSAES OAEP</a></td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">RSAKeyDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.4" rel="nofollow">AES Key Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">AesKeyWrapEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">AesKeyWrapDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.5" rel="nofollow">Direct</a></td><td colspan="1" rowspan="1" class="confluen
 ceTd">DirectKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">DirectKeyDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#page-15" rel="nofollow">ECDH-ES Wrap</a></td><td colspan="1" rowspan="1" class="confluenceTd">EcdhAesWrapKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">EcdhAesWrapKeyDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#page-15" rel="nofollow">ECDH-ES Direct</a></td><td colspan="1" rowspan="1" class="confluenceTd"><span class="pl-en">EcdhDirectKeyJweEncryption</span></td><td colspan="1" rowspan="1" class="confluenceTd"><span class="pl-en">EcdhDirectKeyJweDecryption</span></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf
 .org/html/rfc7518#section-4.7" rel="nofollow">AES-GCM</a></td><td colspan="1" rowspan="1" class="confluenceTd">AesGcmWrapKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">AesGcmWrapKeyDecryptionAlgorithm</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-4.8" rel="nofollow">PBES2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><span class="separator">&#160;</span>PbesHmacAesWrapKeyEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd"><span class="separator">&#160;</span>PbesHmacAesWrapKeyDecryptionAlgorithm</td></tr></tbody></table></div><p>&#160;</p><p><a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionProvider.java" rel="nofollow">ContentEncryptionProvider</a> supports encrypting a generated content
 -encryption key, <a shape="rect" class="external-link" href="https://github.com/apache/cxf/blob/master/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentDecryptionProvider.java" rel="nofollow">ContentDecryptionProvider</a> - decrypting it.</p><p>The following table shows the content encryption algorithms and the corresponding providers:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><td colspan="1" rowspan="1" class="confluenceTd">&#160;</td><td colspan="1" rowspan="1" class="confluenceTd"><strong>ContentEncryptionProvider</strong></td><td colspan="1" rowspan="1" class="confluenceTd"><strong>ContentDecryptionProvider</strong></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.2" rel="nofollow">AES_CBC_HMAC_SHA2</a></td><td colspan="1" rowspan="1" class="confluenceTd"><pre>AesCbcHmacJweEncryption</pre></td><td colspan="1" ro
 wspan="1" class="confluenceTd"><pre>AesCbcHmacJweDecryption</pre></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><a shape="rect" class="external-link" href="https://tools.ietf.org/html/rfc7518#section-5.3" rel="nofollow">AES-GCM</a></td><td colspan="1" rowspan="1" class="confluenceTd">AesGcmContentEncryptionAlgorithm</td><td colspan="1" rowspan="1" class="confluenceTd">AesGcmContentDecryptionAlgorithm</td></tr></tbody></table></div><p>All of the above providers can be initialized with the keys loaded from JWK or JCA stores or from the in-memory representations.</p><h3 id="JAX-RSJOSE-JWECompact">JWE Compact</h3><p><a shape="rect" class="external-link" href="https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java;h=615212b1622abb1c0a8b06a3b5498d8b6199d0cc;hb=HEAD">JweEncryptionProvider</a> supports encrypting the content, <a shape="rect" class="external-link" href="https:
 //git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java;h=1f4861a2d78df5514ff74c40330c1a5f5933f47d;hb=HEAD">JweDecryptionProvider</a> - decrypting the content. Encryptors and Decryptors for all of JWE algorithms are shipped.</p><p>Here is the example of doing AES CBC HMAC and AES Key Wrap in CXF:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>CXF Jwe AesWrapAesCbcHMac</b></div><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">final String specPlainText = "Live long and prosper.";
         
 byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);