You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/12/11 13:34:01 UTC
cxf git commit: Adding an RSA 1_5 JWE test
Repository: cxf
Updated Branches:
refs/heads/master e34329f6f -> 3f04b09c0
Adding an RSA 1_5 JWE test
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3f04b09c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3f04b09c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3f04b09c
Branch: refs/heads/master
Commit: 3f04b09c054fb3cccc0042cfb5e5bafe4479a091
Parents: e34329f
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Dec 11 12:33:44 2014 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Dec 11 12:33:44 2014 +0000
----------------------------------------------------------------------
.../cxf/rs/security/jose/jwa/Algorithm.java | 20 ++++++---
.../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 6 ++-
.../cxf/rs/security/jose/jwe/JweUtils.java | 4 +-
.../PbesHmacAesWrapKeyDecryptionAlgorithm.java | 6 ++-
.../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 10 +----
.../jose/jwe/RSAKeyDecryptionAlgorithm.java | 45 ++++++++++++++++++++
.../jose/jwe/RSAKeyEncryptionAlgorithm.java | 33 ++++++++++++++
.../jose/jwe/RSAOaepKeyDecryptionAlgorithm.java | 45 --------------------
.../jose/jwe/RSAOaepKeyEncryptionAlgorithm.java | 39 -----------------
.../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 3 +-
.../jose/jwe/JweCompactReaderWriterTest.java | 32 +++++++++++++-
11 files changed, 138 insertions(+), 105 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
index c356bad..6de807d 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
@@ -93,12 +93,13 @@ public enum Algorithm {
public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO,
JoseConstants.ES_SHA_384_ALGO,
JoseConstants.ES_SHA_512_ALGO));
- public static final Set<String> RSA_OAEP_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
- JoseConstants.RSA_OAEP_256_ALGO));
+ public static final Set<String> RSA_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
+ JoseConstants.RSA_OAEP_256_ALGO,
+ JoseConstants.RSA_1_5_ALGO));
public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO,
JoseConstants.A192GCM_ALGO,
JoseConstants.A256GCM_ALGO));
- public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A192GCMKW_ALGO,
+ public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCMKW_ALGO,
JoseConstants.A192GCMKW_ALGO,
JoseConstants.A256GCMKW_ALGO));
public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO,
@@ -108,6 +109,10 @@ public enum Algorithm {
new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO,
JoseConstants.A192CBC_HS384_ALGO,
JoseConstants.A256CBC_HS512_ALGO));
+ public static final Set<String> PBES_HS_SET =
+ new HashSet<String>(Arrays.asList(PBES2_HS256_A128KW.getJwtName(),
+ PBES2_HS384_A192KW.getJwtName(),
+ PBES2_HS512_A256KW.getJwtName()));
private static final Map<String, String> JAVA_TO_JWT_NAMES;
private static final Map<String, String> JWT_TO_JAVA_NAMES;
@@ -216,10 +221,10 @@ public enum Algorithm {
return javaName;
}
public static boolean isRsa(String algo) {
- return isRsaOaep(algo) || isRsaShaSign(algo);
+ return isRsa(algo) || isRsaShaSign(algo);
}
- public static boolean isRsaOaep(String algo) {
- return RSA_OAEP_CEK_SET.contains(algo);
+ public static boolean isRsaKeyWrap(String algo) {
+ return RSA_CEK_SET.contains(algo);
}
public static boolean isAesKeyWrap(String algo) {
return AES_KW_SET.contains(algo);
@@ -227,6 +232,9 @@ public enum Algorithm {
public static boolean isAesGcmKeyWrap(String algo) {
return AES_GCM_KW_SET.contains(algo);
}
+ public static boolean isPbesHsWrap(String algo) {
+ return PBES_HS_SET.contains(algo);
+ }
public static boolean isAesGcm(String algo) {
return AES_GCM_CEK_SET.contains(algo);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 3ba6919..8871f06 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -45,9 +45,13 @@ public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm
@Override
protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
super.validateKeyEncryptionAlgorithm(keyAlgo);
- if (!Algorithm.isAesKeyWrap(keyAlgo)) {
+ if (!isValidAlgorithmFamily(keyAlgo)) {
throw new SecurityException();
}
}
+ protected boolean isValidAlgorithmFamily(String keyAlgo) {
+ return Algorithm.isAesKeyWrap(keyAlgo);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index ad05e0f..ec0a69c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -121,7 +121,7 @@ public final class JweUtils {
return keyEncryptionProvider;
}
public static KeyEncryptionAlgorithm getRSAKeyEncryptionAlgorithm(RSAPublicKey key, String algo) {
- return new RSAOaepKeyEncryptionAlgorithm(key, algo);
+ return new RSAKeyEncryptionAlgorithm(key, algo);
}
public static KeyEncryptionAlgorithm getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) {
if (Algorithm.isAesKeyWrap(algo)) {
@@ -150,7 +150,7 @@ public final class JweUtils {
return keyDecryptionProvider;
}
public static KeyDecryptionAlgorithm getRSAKeyDecryptionAlgorithm(RSAPrivateKey key, String algo) {
- return new RSAOaepKeyDecryptionAlgorithm(key, algo);
+ return new RSAKeyDecryptionAlgorithm(key, algo);
}
public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) {
if (Algorithm.isAesKeyWrap(algo)) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
index f5f4c99..3fb8cb9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyDecryptionAlgorithm.java
@@ -51,7 +51,11 @@ public class PbesHmacAesWrapKeyDecryptionAlgorithm implements KeyDecryptionAlgor
int keySize = PbesHmacAesWrapKeyEncryptionAlgorithm.getKeySize(keyAlgoJwt);
byte[] derivedKey = PbesHmacAesWrapKeyEncryptionAlgorithm
.createDerivedKey(keyAlgoJwt, keySize, password, saltInput, pbesCount);
- KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey);
+ KeyDecryptionAlgorithm aesWrap = new AesWrapKeyDecryptionAlgorithm(derivedKey) {
+ protected boolean isValidAlgorithmFamily(String wrapAlgo) {
+ return Algorithm.isPbesHsWrap(wrapAlgo);
+ }
+ };
return aesWrap.getDecryptedContentEncryptionKey(consumer);
}
private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index f6464e0..2089859 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -21,11 +21,8 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
-import java.util.Arrays;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
@@ -39,10 +36,7 @@ import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
- private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
- Arrays.asList(Algorithm.PBES2_HS256_A128KW.getJwtName(),
- Algorithm.PBES2_HS384_A192KW.getJwtName(),
- Algorithm.PBES2_HS512_A256KW.getJwtName()));
+
private static final Map<String, Integer> PBES_HMAC_MAP;
private static final Map<String, String> PBES_AES_MAP;
private static final Map<String, Integer> DERIVED_KEY_SIZE_MAP;
@@ -140,7 +134,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
return saltValue;
}
static String validateKeyAlgorithm(String algo) {
- if (!SUPPORTED_ALGORITHMS.contains(algo)) {
+ if (!Algorithm.isPbesHsWrap(algo)) {
throw new SecurityException();
}
return algo;
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..5bacb6e
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.interfaces.RSAPrivateKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+
+public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
+ public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {
+ this(privateKey, null);
+ }
+ public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) {
+ this(privateKey, supportedAlgo, true);
+ }
+ public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean unwrap) {
+ super(privateKey, supportedAlgo, unwrap);
+ }
+ protected int getKeyCipherBlockSize() {
+ return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
+ }
+ @Override
+ protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
+ super.validateKeyEncryptionAlgorithm(keyAlgo);
+ if (!Algorithm.isRsaKeyWrap(keyAlgo)) {
+ throw new SecurityException();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..dee0a2c
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyEncryptionAlgorithm.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.security.interfaces.RSAPublicKey;
+
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
+
+public class RSAKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
+ public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
+ this(publicKey, jweAlgo, true);
+ }
+ public RSAKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
+ super(publicKey, jweAlgo, wrap, Algorithm.RSA_CEK_SET);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
deleted file mode 100644
index a0ea63d..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyDecryptionAlgorithm.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPrivateKey;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
- public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey) {
- this(privateKey, null);
- }
- public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo) {
- this(privateKey, supportedAlgo, true);
- }
- public RSAOaepKeyDecryptionAlgorithm(RSAPrivateKey privateKey, String supportedAlgo, boolean unwrap) {
- super(privateKey, supportedAlgo, unwrap);
- }
- protected int getKeyCipherBlockSize() {
- return ((RSAPrivateKey)getCekDecryptionKey()).getModulus().toByteArray().length;
- }
- @Override
- protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
- super.validateKeyEncryptionAlgorithm(keyAlgo);
- if (!Algorithm.isRsaOaep(keyAlgo)) {
- throw new SecurityException();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
deleted file mode 100644
index b658e36..0000000
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAOaepKeyEncryptionAlgorithm.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.jose.jwe;
-
-import java.security.interfaces.RSAPublicKey;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-
-public class RSAOaepKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
- private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
- Arrays.asList(Algorithm.RSA_OAEP.getJwtName(),
- Algorithm.RSA_OAEP_256.getJwtName()));
- public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo) {
- this(publicKey, jweAlgo, true);
- }
- public RSAOaepKeyEncryptionAlgorithm(RSAPublicKey publicKey, String jweAlgo, boolean wrap) {
- super(publicKey, jweAlgo, wrap, SUPPORTED_ALGORITHMS);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 6608436..3775ef7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -63,10 +63,11 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
}
protected String getKeyEncryptionAlgorithm(JweCompactConsumer consumer) {
String keyAlgo = consumer.getJweHeaders().getKeyEncryptionAlgorithm();
+ validateKeyEncryptionAlgorithm(keyAlgo);
return Algorithm.toJavaName(keyAlgo);
}
protected void validateKeyEncryptionAlgorithm(String keyAlgo) {
- if (keyAlgo == null || supportedAlgo != null && supportedAlgo.equals(keyAlgo)) {
+ if (keyAlgo == null || supportedAlgo != null && !supportedAlgo.equals(keyAlgo)) {
throw new SecurityException();
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3f04b09c/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index abf6e5a..b3be0a6 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -115,6 +116,33 @@ public class JweCompactReaderWriterTest extends Assert {
assertEquals(specPlainText, decryptedText);
}
@Test
+ public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception {
+ final String specPlainText = "Live long and prosper.";
+ JweHeaders headers = new JweHeaders();
+ headers.setAlgorithm(Algorithm.RSA_1_5.getJwtName());
+ headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+
+ RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1,
+ RSA_PUBLIC_EXPONENT_ENCODED_A1);
+
+ KeyEncryptionAlgorithm keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey,
+ Algorithm.RSA_1_5.getJwtName());
+
+ JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+ CONTENT_ENCRYPTION_KEY_A3,
+ INIT_VECTOR_A3,
+ keyEncryption);
+ String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+
+ RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1,
+ RSA_PRIVATE_EXPONENT_ENCODED_A1);
+ KeyDecryptionAlgorithm keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey,
+ Algorithm.RSA_1_5.getJwtName());
+ JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+ String decryptedText = decryption.decrypt(jweContent).getContentText();
+ assertEquals(specPlainText, decryptedText);
+ }
+ @Test
public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
//
// This test fails with the IBM JDK
@@ -177,7 +205,7 @@ public class JweCompactReaderWriterTest extends Assert {
} else {
jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8);
}
- KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey,
+ KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey,
Algorithm.RSA_OAEP.getJwtName());
ContentEncryptionAlgorithm contentEncryptionAlgo =
new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName);
@@ -194,7 +222,7 @@ public class JweCompactReaderWriterTest extends Assert {
RSA_PRIVATE_EXPONENT_ENCODED_A1);
String algo = Cipher.getMaxAllowedKeyLength("AES") > 128
? JoseConstants.A256GCM_ALGO : JoseConstants.A128GCM_ALGO;
- JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey),
+ JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAKeyDecryptionAlgorithm(privateKey),
new AesGcmContentDecryptionAlgorithm(algo));
String decryptedText = decryptor.decrypt(jweContent).getContentText();
assertEquals(decryptedText, plainContent);