You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/07/28 12:15:51 UTC

cxf git commit: [CXF-6487] Basic JWK Thumprint implementation

Repository: cxf
Updated Branches:
  refs/heads/master a15cf6003 -> a40ffd06e


[CXF-6487] Basic JWK Thumprint implementation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a40ffd06
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a40ffd06
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a40ffd06

Branch: refs/heads/master
Commit: a40ffd06e0ae0afa53ceebfb56a580eaaa522a97
Parents: a15cf60
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Jul 28 13:15:33 2015 +0300
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Jul 28 13:15:33 2015 +0300

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 31 ++++++++++++++
 .../cxf/rs/security/jose/jwk/JwkUtilsTest.java  | 43 ++++++++++++++++++++
 2 files changed, 74 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 608c4f5..b70a01c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -29,8 +29,11 @@ import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import javax.crypto.SecretKey;
@@ -40,6 +43,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
@@ -64,14 +68,41 @@ import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm
 import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rt.security.crypto.MessageDigestUtils;
 
 public final class JwkUtils {
     public static final String JWK_KEY_STORE_TYPE = "jwk";
     public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset";
     public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey";
+    private static final Map<KeyType, List<String>> JWK_REQUIRED_FIELDS_MAP;
+    static {
+        JWK_REQUIRED_FIELDS_MAP = new HashMap<KeyType, List<String>>();
+        JWK_REQUIRED_FIELDS_MAP.put(KeyType.RSA, Arrays.asList(
+            JsonWebKey.RSA_PUBLIC_EXP, JsonWebKey.KEY_TYPE, JsonWebKey.RSA_MODULUS));
+        JWK_REQUIRED_FIELDS_MAP.put(KeyType.EC, Arrays.asList(
+            JsonWebKey.EC_CURVE, JsonWebKey.KEY_TYPE, JsonWebKey.EC_X_COORDINATE, JsonWebKey.EC_Y_COORDINATE));
+        JWK_REQUIRED_FIELDS_MAP.put(KeyType.OCTET, Arrays.asList(
+            JsonWebKey.OCTET_KEY_VALUE, JsonWebKey.KEY_TYPE));
+    }
     private JwkUtils() {
         
     }
+    public static String getThumbprint(String keySequence) {
+        return getThumbprint(readJwkKey(keySequence));
+    }
+    public static String getThumbprint(JsonWebKey key) {
+        List<String> fields = getRequiredFields(key.getKeyType());
+        JsonWebKey thumbprintKey = new JsonWebKey();
+        for (String f : fields) {
+            thumbprintKey.setProperty(f, key.getProperty(f));
+        }
+        String json = new JsonMapObjectReaderWriter().toJson(thumbprintKey);
+        byte[] digest = MessageDigestUtils.createDigest(json, MessageDigestUtils.ALGO_SHA_256);
+        return Base64UrlUtility.encode(digest);
+    }
+    public static List<String> getRequiredFields(KeyType keyType) {
+        return JWK_REQUIRED_FIELDS_MAP.get(keyType);
+    }
     public static JsonWebKey readJwkKey(URI uri) throws IOException {
         return readJwkKey(uri.toURL().openStream());
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a40ffd06/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
new file mode 100644
index 0000000..34d3183
--- /dev/null
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JwkUtilsTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwk;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwkUtilsTest extends Assert {
+    private static final String RSA_KEY = "{"
+      + "\"kty\": \"RSA\","
+      + "\"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt"
+      +      "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6"
+      +      "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FD"
+      +      "W2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n9"
+      +      "1CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINH"
+      +      "aQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\","
+      + "\"e\": \"AQAB\","
+      + "\"alg\": \"RS256\","
+      + "\"kid\": \"2011-04-29\""
+      + "}\"";
+    @Test
+    public void testRsaKeyThumbprint() throws Exception {
+        String thumbprint = JwkUtils.getThumbprint(RSA_KEY);
+        assertEquals("NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs", thumbprint);
+    }
+    
+}