You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/01/31 15:56:57 UTC
svn commit: r1563141 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src:
main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Author: sergeyb
Date: Fri Jan 31 14:56:57 2014
New Revision: 1563141
URL: http://svn.apache.org/r1563141
Log:
[CXF-5513] Adding a test involving both cert and secret key
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java?rev=1563141&r1=1563140&r2=1563141&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java Fri Jan 31 14:56:57 2014
@@ -20,6 +20,7 @@
package org.apache.cxf.rs.security.oauth2.utils;
import java.security.Key;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
@@ -41,9 +42,28 @@ public final class EncryptionUtils {
private EncryptionUtils() {
}
- public static String getEncodedSecretKey(SecretKey key) throws Exception {
+ public static String encodeSecretKey(SecretKey key) throws Exception {
try {
- return Base64UrlUtility.encode(key.getEncoded());
+ return encodeBytes(key.getEncoded());
+ } catch (Exception ex) {
+ throw new OAuthServiceException(ex);
+ }
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) throws Exception {
+ SecretKeyProperties props = new SecretKeyProperties();
+ props.setCompressionSupported(false);
+ return encryptSecretKey(secretKey, publicKey, props);
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey,
+ PublicKey publicKey,
+ SecretKeyProperties props) throws Exception {
+ try {
+ byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(),
+ publicKey,
+ props);
+ return encodeBytes(encryptedBytes);
} catch (Exception ex) {
throw new OAuthServiceException(ex);
}
@@ -104,7 +124,7 @@ public final class EncryptionUtils {
SecretKeyProperties props) {
try {
byte[] encryptedBytes = decodeSequence(encodedData);
- byte[] bytes = processBytes(encryptedBytes, secretKey, props, Cipher.DECRYPT_MODE);
+ byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
return new String(bytes, "UTF-8");
} catch (Exception ex) {
throw new OAuthServiceException(ex);
@@ -118,17 +138,38 @@ public final class EncryptionUtils {
public static String encryptSequence(String sequence, Key secretKey,
SecretKeyProperties keyProps) {
try {
- byte[] bytes = processBytes(sequence.getBytes("UTF-8"),
- secretKey,
- keyProps,
- Cipher.ENCRYPT_MODE);
+ byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+ return encodeBytes(bytes);
+ } catch (Exception ex) {
+ throw new OAuthServiceException(ex);
+ }
+ }
+
+ public static String encodeBytes(byte[] bytes) throws Exception {
+ try {
return Base64UrlUtility.encode(bytes);
} catch (Exception ex) {
throw new OAuthServiceException(ex);
}
}
- public static byte[] processBytes(byte[] bytes,
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey) {
+ return encryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey, SecretKeyProperties keyProps) {
+ return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey) {
+ return decryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey, SecretKeyProperties keyProps) {
+ return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+ }
+
+ private static byte[] processBytes(byte[] bytes,
Key secretKey,
SecretKeyProperties keyProps,
int mode) {
@@ -183,6 +224,10 @@ public final class EncryptionUtils {
return result;
}
+ public static SecretKey decodeSecretKey(String encodedSecretKey) {
+ return decodeSecretKey(encodedSecretKey, "AES");
+ }
+
public static SecretKey decodeSecretKey(String encodedSecretKey, String algo) {
try {
byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
@@ -192,6 +237,24 @@ public final class EncryptionUtils {
}
}
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, PrivateKey privateKey) {
+ SecretKeyProperties props = new SecretKeyProperties();
+ props.setCompressionSupported(false);
+ return decryptSecretKey(encodedEncryptedSecretKey, props, privateKey);
+ }
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ SecretKeyProperties props,
+ PrivateKey privateKey) {
+ try {
+ byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+ byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
+ return new SecretKeySpec(descryptedBytes, props.getKeyAlgo());
+ } catch (Exception ex) {
+ throw new OAuthServiceException(ex);
+ }
+ }
+
public static byte[] decodeSequence(String encodedSequence) {
try {
return Base64UrlUtility.decode(encodedSequence);
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java?rev=1563141&r1=1563140&r2=1563141&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtilsTest.java Fri Jan 31 14:56:57 2014
@@ -28,6 +28,7 @@ import java.security.PublicKey;
import java.util.Collections;
import java.util.List;
+import javax.crypto.SecretKey;
import javax.ws.rs.core.MediaType;
import org.apache.cxf.jaxrs.impl.MetadataMap;
@@ -85,6 +86,27 @@ public class EncryptionUtilsTest extends
}
@Test
+ public void testBearerTokenCertAndSecretKey() throws Exception {
+ AccessTokenRegistration atr = prepareTokenRegistration();
+ BearerAccessToken token = p.createAccessTokenInternal(atr);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = kpg.generateKeyPair();
+ PublicKey publicKey = keyPair.getPublic();
+ PrivateKey privateKey = keyPair.getPrivate();
+
+ SecretKey secretKey = EncryptionUtils.getSecretKey();
+ String encryptedSecretKey = EncryptionUtils.encryptSecretKey(secretKey, publicKey);
+
+ String encryptedToken = ModelEncryptionSupport.encryptAccessToken(token, secretKey);
+ token.setTokenKey(encryptedToken);
+ SecretKey decryptedSecretKey = EncryptionUtils.decryptSecretKey(encryptedSecretKey, privateKey);
+ ServerAccessToken token2 = ModelEncryptionSupport.decryptAccessToken(p, encryptedToken, decryptedSecretKey);
+ // compare tokens
+ compareAccessTokens(token, token2);
+ }
+
+ @Test
public void testBearerTokenJSON() throws Exception {
AccessTokenRegistration atr = prepareTokenRegistration();