You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/07/28 12:15:51 UTC
cxf git commit: [CXF-6487] Basic JWK Thumprint implementation
Repository: cxf
Updated Branches:
refs/heads/master a15cf6003 -> a40ffd06e
[CXF-6487] Basic JWK Thumprint implementation
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a40ffd06
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a40ffd06
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a40ffd06
Branch: refs/heads/master
Commit: a40ffd06e0ae0afa53ceebfb56a580eaaa522a97
Parents: a15cf60
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Jul 28 13:15:33 2015 +0300
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Jul 28 13:15:33 2015 +0300
----------------------------------------------------------------------
.../cxf/rs/security/jose/jwk/JwkUtils.java | 31 ++++++++++++++
.../cxf/rs/security/jose/jwk/JwkUtilsTest.java | 43 ++++++++++++++++++++
2 files changed, 74 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 608c4f5..b70a01c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -29,8 +29,11 @@ import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.Properties;
import javax.crypto.SecretKey;
@@ -40,6 +43,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
@@ -64,14 +68,41 @@ import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
public final class JwkUtils {
public static final String JWK_KEY_STORE_TYPE = "jwk";
public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset";
public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey";
+ private static final Map<KeyType, List<String>> JWK_REQUIRED_FIELDS_MAP;
+ static {
+ JWK_REQUIRED_FIELDS_MAP = new HashMap<KeyType, List<String>>();
+ JWK_REQUIRED_FIELDS_MAP.put(KeyType.RSA, Arrays.asList(
+ JsonWebKey.RSA_PUBLIC_EXP, JsonWebKey.KEY_TYPE, JsonWebKey.RSA_MODULUS));
+ JWK_REQUIRED_FIELDS_MAP.put(KeyType.EC, Arrays.asList(
+ JsonWebKey.EC_CURVE, JsonWebKey.KEY_TYPE, JsonWebKey.EC_X_COORDINATE, JsonWebKey.EC_Y_COORDINATE));
+ JWK_REQUIRED_FIELDS_MAP.put(KeyType.OCTET, Arrays.asList(
+ JsonWebKey.OCTET_KEY_VALUE, JsonWebKey.KEY_TYPE));
+ }
private JwkUtils() {
}
+ public static String getThumbprint(String keySequence) {
+ return getThumbprint(readJwkKey(keySequence));
+ }
+ public static String getThumbprint(JsonWebKey key) {
+ List<String> fields = getRequiredFields(key.getKeyType());
+ JsonWebKey thumbprintKey = new JsonWebKey();
+ for (String f : fields) {
+ thumbprintKey.setProperty(f, key.getProperty(f));
+ }
+ String json = new JsonMapObjectReaderWriter().toJson(thumbprintKey);
+ byte[] digest = MessageDigestUtils.createDigest(json, MessageDigestUtils.ALGO_SHA_256);
+ return Base64UrlUtility.encode(digest);
+ }
+ public static List<String> getRequiredFields(KeyType keyType) {
+ return JWK_REQUIRED_FIELDS_MAP.get(keyType);
+ }
public static JsonWebKey readJwkKey(URI uri) throws IOException {
return readJwkKey(uri.toURL().openStream());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
new file mode 100644
index 0000000..34d3183
--- /dev/null
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwk;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwkUtilsTest extends Assert {
+ private static final String RSA_KEY = "{"
+ + "\"kty\": \"RSA\","
+ + "\"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt"
+ + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6"
+ + "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD"
+ + "W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9"
+ + "1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH"
+ + "aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\","
+ + "\"e\": \"AQAB\","
+ + "\"alg\": \"RS256\","
+ + "\"kid\": \"2011-04-29\""
+ + "}\"";
+ @Test
+ public void testRsaKeyThumbprint() throws Exception {
+ String thumbprint = JwkUtils.getThumbprint(RSA_KEY);
+ assertEquals("NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs", thumbprint);
+ }
+
+}