You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/07/15 17:57:50 UTC
git commit: [CXF-5311] One more refactoring
Repository: cxf
Updated Branches:
refs/heads/master 50c57d9be -> 4e3ffb95a
[CXF-5311] One more refactoring
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4e3ffb95
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4e3ffb95
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4e3ffb95
Branch: refs/heads/master
Commit: 4e3ffb95a8bdb049cbc6b320d0dd9b8b1751c6af
Parents: 50c57d9
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Jul 15 16:57:26 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Jul 15 16:57:26 2014 +0100
----------------------------------------------------------------------
.../oauth2/jwe/AbstractJweDecryption.java | 52 +++++++++++---------
.../oauth2/jwe/ContentEncryptionProvider.java | 29 -----------
.../oauth2/jwe/DirectKeyJweDecryption.java | 8 ++-
.../security/oauth2/jwe/JweCompactConsumer.java | 41 ++++-----------
.../rs/security/oauth2/jwe/JweDecryption.java | 2 +
.../oauth2/jwe/WrappedKeyJweDecryption.java | 7 ++-
6 files changed, 52 insertions(+), 87 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
index 5837e66..2cb23bf 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
@@ -18,33 +18,55 @@
*/
package org.apache.cxf.rs.security.oauth2.jwe;
+import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public abstract class AbstractJweDecryption implements JweDecryption {
private JweCryptoProperties props;
- protected AbstractJweDecryption(JweCryptoProperties props) {
+ private JwtHeadersReader reader = new JwtTokenReaderWriter();
+ protected AbstractJweDecryption(JweCryptoProperties props, JwtHeadersReader thereader) {
this.props = props;
+ if (thereader != null) {
+ reader = thereader;
+ }
}
protected abstract byte[] getContentEncryptionKey(JweCompactConsumer consumer);
public JweDecryptionOutput decrypt(String content) {
- JweCompactConsumer consumer = new JweCompactConsumer(content, props);
+ JweCompactConsumer consumer = new JweCompactConsumer(content, reader);
return doDecrypt(consumer);
}
+ public byte[] decrypt(JweCompactConsumer consumer) {
+ return doDecrypt(consumer).getContent();
+ }
protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer) {
- CeProvider ceProvider = new CeProvider(consumer);
- byte[] bytes = consumer.getDecryptedContent(ceProvider);
+ consumer.enforceJweCryptoProperties(props);
+ byte[] cek = getContentEncryptionKey(consumer);
+ KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(consumer));
+ keyProperties.setAdditionalData(getContentEncryptionCipherAAD(consumer));
+ AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(consumer);
+ keyProperties.setAlgoSpec(spec);
+ boolean compressionSupported =
+ JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(consumer.getJweHeaders().getZipAlgorithm());
+ keyProperties.setCompressionSupported(compressionSupported);
+ Key secretKey = CryptoUtils.createSecretKeySpec(cek, keyProperties.getKeyAlgo());
+ byte[] bytes =
+ CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(consumer), secretKey, keyProperties);
return new JweDecryptionOutput(consumer.getJweHeaders(), bytes);
}
protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
return consumer.getEncryptedContentEncryptionKey();
}
- protected AlgorithmParameterSpec getContentDecryptionCipherSpec(JweCompactConsumer consumer) {
+ protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweCompactConsumer consumer) {
return CryptoUtils.getContentEncryptionCipherSpec(getEncryptionAuthenticationTagLenBits(consumer),
getContentEncryptionCipherInitVector(consumer));
}
@@ -67,23 +89,5 @@ public abstract class AbstractJweDecryption implements JweDecryption {
return getEncryptionAuthenticationTag(consumer).length * 8;
}
- protected class CeProvider implements ContentEncryptionProvider {
-
- private JweCompactConsumer consumer;
- public CeProvider(JweCompactConsumer consumer) {
- this.consumer = consumer;
- }
- @Override
- public byte[] getContentEncryptionKey(JweHeaders headers, byte[] encryptedKey) {
- return AbstractJweDecryption.this.getContentEncryptionKey(consumer);
- }
-
- @Override
- public AlgorithmParameterSpec getContentEncryptionCipherSpec(JweHeaders headers,
- int authTagLength,
- byte[] initVector) {
- return getContentDecryptionCipherSpec(consumer);
- }
-
- }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
deleted file mode 100644
index 0c1a8a1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-public interface ContentEncryptionProvider {
- byte[] getContentEncryptionKey(JweHeaders headers, byte[] encryptedKey);
-
- AlgorithmParameterSpec getContentEncryptionCipherSpec(JweHeaders headers,
- int authTagLength,
- byte[] initVector);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
index d7f3801..a096965 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
@@ -20,13 +20,19 @@ package org.apache.cxf.rs.security.oauth2.jwe;
import java.security.Key;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
+
public class DirectKeyJweDecryption extends AbstractJweDecryption {
private byte[] contentDecryptionKey;
public DirectKeyJweDecryption(Key contentDecryptionKey) {
this(contentDecryptionKey, null);
}
public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props) {
- super(props);
+ this(contentDecryptionKey, props, null);
+ }
+ public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props,
+ JwtHeadersReader reader) {
+ super(props, reader);
this.contentDecryptionKey = contentDecryptionKey.getEncoded();
}
@Override
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
index 042ceda..6a1954f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
@@ -20,17 +20,11 @@
package org.apache.cxf.rs.security.oauth2.jwe;
import java.io.UnsupportedEncodingException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public class JweCompactConsumer {
@@ -41,12 +35,9 @@ public class JweCompactConsumer {
private byte[] authTag;
private JweHeaders jweHeaders;
public JweCompactConsumer(String jweContent) {
- this(jweContent, null);
+ this(jweContent, new JwtTokenReaderWriter());
}
- public JweCompactConsumer(String jweContent, JweCryptoProperties props) {
- this(jweContent, props, new JwtTokenReaderWriter());
- }
- public JweCompactConsumer(String jweContent, JweCryptoProperties props, JwtHeadersReader reader) {
+ public JweCompactConsumer(String jweContent, JwtHeadersReader reader) {
String[] parts = jweContent.split("\\.");
if (parts.length != 5) {
throw new SecurityException("5 JWE parts are expected");
@@ -62,15 +53,14 @@ public class JweCompactConsumer {
System.arraycopy(cipherText, 0, encryptedContentWithTag, 0, cipherText.length);
System.arraycopy(authTag, 0, encryptedContentWithTag, cipherText.length, authTag.length);
jweHeaders = new JweHeaders(reader.fromJsonHeaders(headersJson).asMap());
- enforceJweCryptoProperties(props);
} catch (Base64Exception ex) {
throw new SecurityException(ex);
}
}
- private void enforceJweCryptoProperties(JweCryptoProperties props) {
- if (props != null) {
- //TODO: Validate
+ public void enforceJweCryptoProperties(JweCryptoProperties props) {
+ if (props != null) {
+ //TODO
}
}
@@ -102,25 +92,12 @@ public class JweCompactConsumer {
return encryptedContentWithTag;
}
- public byte[] getDecryptedContent(ContentEncryptionProvider provider) {
- byte[] cek = provider.getContentEncryptionKey(getJweHeaders(), getEncryptedContentEncryptionKey());
- KeyProperties keyProperties = new KeyProperties(
- Algorithm.toJavaName(getJweHeaders().getContentEncryptionAlgorithm()));
- keyProperties.setAdditionalData(getContentEncryptionCipherAAD());
-
- AlgorithmParameterSpec spec = provider.getContentEncryptionCipherSpec(getJweHeaders(),
- getEncryptionAuthenticationTag().length * 8,
- getContentDecryptionCipherInitVector());
- keyProperties.setAlgoSpec(spec);
- boolean compressionSupported =
- JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(getJweHeaders().getZipAlgorithm());
- keyProperties.setCompressionSupported(compressionSupported);
- Key secretKey = CryptoUtils.createSecretKeySpec(cek, keyProperties.getKeyAlgo());
- return CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(), secretKey, keyProperties);
+ public byte[] getDecryptedContent(JweDecryption decryption) {
+ return decryption.decrypt(this);
}
- public String getDecryptedContentText(ContentEncryptionProvider provider) {
+ public String getDecryptedContentText(JweDecryption decryption) {
try {
- return new String(getDecryptedContent(provider), "UTF-8");
+ return new String(getDecryptedContent(decryption), "UTF-8");
} catch (UnsupportedEncodingException ex) {
throw new SecurityException(ex);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
index 814c0a7..e910884 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
@@ -19,6 +19,8 @@
package org.apache.cxf.rs.security.oauth2.jwe;
+
public interface JweDecryption {
JweDecryptionOutput decrypt(String jweContent);
+ byte[] decrypt(JweCompactConsumer consumer);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
index 62a69eb..b3fe9ac 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oauth2.jwe;
import java.security.Key;
import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
@@ -38,7 +39,11 @@ public class WrappedKeyJweDecryption extends AbstractJweDecryption {
}
public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap,
JweCryptoProperties props) {
- super(props);
+ this(cekDecryptionKey, unwrap, props, null);
+ }
+ public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap,
+ JweCryptoProperties props, JwtHeadersReader reader) {
+ super(props, reader);
this.cekDecryptionKey = cekDecryptionKey;
this.unwrap = unwrap;
}