You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/10/22 20:06:56 UTC
git commit: Update Jwe KeyDecryptionAlgorithm and providers to report
the algorithm
Repository: cxf
Updated Branches:
refs/heads/master e125ae55f -> 29789aac5
Update Jwe KeyDecryptionAlgorithm and providers to report the algorithm
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29789aac
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29789aac
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29789aac
Branch: refs/heads/master
Commit: 29789aac58271203ab319856fe1a020b04af4dd4
Parents: e125ae5
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Oct 22 19:06:35 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Oct 22 19:06:35 2014 +0100
----------------------------------------------------------------------
.../jose/jwe/AbstractJweDecryption.java | 9 ++++++-
.../jose/jwe/AbstractJweEncryption.java | 8 ++++++
.../jose/jwe/DirectKeyDecryptionAlgorithm.java | 4 +++
.../jose/jwe/JweDecryptionProvider.java | 2 +-
.../jose/jwe/JweEncryptionProvider.java | 2 +-
.../rs/security/jose/jwe/JweKeyProperties.java | 26 ++++++++++++++++++++
.../jose/jwe/KeyDecryptionAlgorithm.java | 1 +
.../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 20 +++++++++++++--
.../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 7 +++---
.../jose/jws/HmacJwsSignatureVerifier.java | 4 +++
10 files changed, 75 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index 45d3ee7..ae525c7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -101,5 +101,12 @@ public abstract class AbstractJweDecryption implements JweDecryptionProvider {
protected byte[] getActualCek(byte[] theCek, String algoJwt) {
return theCek;
}
-
+ @Override
+ public String getKeyAlgorithm() {
+ return keyDecryptionAlgo.getAlgorithm();
+ }
+ @Override
+ public String getContentAlgorithm() {
+ return contentDecryptionAlgo.getAlgorithm();
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 4354bf3..9a7764c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -117,6 +117,14 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
return headers;
}
@Override
+ public String getKeyAlgorithm() {
+ return keyEncryptionAlgo.getAlgorithm();
+ }
+ @Override
+ public String getContentAlgorithm() {
+ return contentEncryptionAlgo.getAlgorithm();
+ }
+ @Override
public JweEncryptionState createJweEncryptionState(String contentType) {
JweEncryptionInternal state = getInternalState(contentType);
Cipher c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps,
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
index c1803c6..88a48ca 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyDecryptionAlgorithm.java
@@ -36,4 +36,8 @@ public class DirectKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
}
return contentDecryptionKey;
}
+ @Override
+ public String getAlgorithm() {
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
index d20401b..006bc03 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweDecryptionProvider.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
-public interface JweDecryptionProvider {
+public interface JweDecryptionProvider extends JweKeyProperties {
JweDecryptionOutput decrypt(String jweContent);
byte[] decrypt(JweCompactConsumer consumer);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
index 5b9afee..548191b 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
-public interface JweEncryptionProvider {
+public interface JweEncryptionProvider extends JweKeyProperties {
String encrypt(byte[] jweContent, String contentType);
JweEncryptionState createJweEncryptionState(String contentType);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
new file mode 100644
index 0000000..4217525
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweKeyProperties.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+
+
+public interface JweKeyProperties {
+ String getKeyAlgorithm();
+ String getContentAlgorithm();
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
index 9932ab2..83339ad 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyDecryptionAlgorithm.java
@@ -20,5 +20,6 @@ package org.apache.cxf.rs.security.jose.jwe;
public interface KeyDecryptionAlgorithm {
+ String getAlgorithm();
byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
index d338cdd..f5f4c99 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
@@ -19,17 +19,29 @@
package org.apache.cxf.rs.security.jose.jwe;
import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
private byte[] password;
+ private String algo;
public PbesHmacAesWrapKeyDecryptionAlgorithm(String password) {
- this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password));
+ this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+ }
+ public PbesHmacAesWrapKeyDecryptionAlgorithm(String password, String algo) {
+ this(PbesHmacAesWrapKeyEncryptionAlgorithm.stringToBytes(password), algo);
}
public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password) {
- this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password));
+ this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+ }
+ public PbesHmacAesWrapKeyDecryptionAlgorithm(char[] password, String algo) {
+ this(PbesHmacAesWrapKeyEncryptionAlgorithm.charsToBytes(password), algo);
}
public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password) {
+ this(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
+ }
+ public PbesHmacAesWrapKeyDecryptionAlgorithm(byte[] password, String algo) {
this.password = password;
+ this.algo = algo;
}
@Override
public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
@@ -50,5 +62,9 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
throw new SecurityException(ex);
}
}
+ @Override
+ public String getAlgorithm() {
+ return algo;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 8af2c63..6608436 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -29,9 +29,6 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
private Key cekDecryptionKey;
private boolean unwrap;
private String supportedAlgo;
- public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey) {
- this(cekDecryptionKey, null);
- }
public WrappedKeyDecryptionAlgorithm(Key cekDecryptionKey, String supportedAlgo) {
this(cekDecryptionKey, supportedAlgo, true);
}
@@ -82,4 +79,8 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
return consumer.getEncryptedContentEncryptionKey();
}
+ @Override
+ public String getAlgorithm() {
+ return supportedAlgo;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/29789aac/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
index 3bdf335..55ec94e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java
@@ -22,6 +22,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import org.apache.cxf.common.util.crypto.HmacUtils;
+import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
@@ -31,6 +32,9 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier {
private AlgorithmParameterSpec hmacSpec;
private String supportedAlgo;
+ public HmacJwsSignatureVerifier(String encodedKey) {
+ this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO);
+ }
public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) {
this(JoseUtils.decode(encodedKey), supportedAlgo);
}