You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/10/06 17:30:51 UTC
[2/2] git commit: [CXF-5944] Moving some of security utils to the
core where they might stay and working toward preparing creating a JOSE
module without the deps on the OAuth2 module, the idea from Luigio
[CXF-5944] Moving some of security utils to the core where they might stay and working toward preparing creating a JOSE module without the deps on the OAuth2 module, the idea from Luigio
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6129ec5f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6129ec5f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6129ec5f
Branch: refs/heads/master
Commit: 6129ec5f6735a986660a2d05c6b3b0c9230610d9
Parents: 8644ac4
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Mon Oct 6 16:30:17 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Mon Oct 6 16:30:17 2014 +0100
----------------------------------------------------------------------
.../cxf/common/util/crypto/CryptoUtils.java | 667 ++++++++++++++++
.../cxf/common/util/crypto/HmacUtils.java | 145 ++++
.../cxf/common/util/crypto/KeyProperties.java | 88 +++
.../common/util/crypto/MessageDigestUtils.java | 74 ++
.../jose/jaxrs/AbstractJweDecryptingFilter.java | 6 +-
.../jose/jaxrs/AbstractJwsReaderProvider.java | 5 +-
.../jose/jaxrs/AbstractJwsWriterProvider.java | 7 +-
.../jose/jaxrs/JweWriterInterceptor.java | 5 +-
.../security/jose/jaxrs/KeyManagementUtils.java | 145 ++++
.../jose/jaxrs/PrivateKeyPasswordProvider.java | 25 +
.../jwe/AbstractContentEncryptionAlgorithm.java | 2 +-
...stractContentEncryptionCipherProperties.java | 2 +-
.../jose/jwe/AbstractJweDecryption.java | 4 +-
.../jose/jwe/AbstractJweEncryption.java | 4 +-
.../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 4 +-
.../jose/jwe/AesCbcHmacJweEncryption.java | 2 +-
.../jwe/AesGcmContentEncryptionAlgorithm.java | 2 +-
.../jwe/AesGcmWrapKeyDecryptionAlgorithm.java | 2 +-
.../jwe/AesGcmWrapKeyEncryptionAlgorithm.java | 2 +-
.../jose/jwe/AesWrapKeyDecryptionAlgorithm.java | 2 +-
.../jose/jwe/AesWrapKeyEncryptionAlgorithm.java | 2 +-
.../PbesHmacAesWrapKeyEncryptionAlgorithm.java | 2 +-
.../jose/jwe/WrappedKeyDecryptionAlgorithm.java | 4 +-
.../cxf/rs/security/jose/jwk/JwkUtils.java | 24 +-
.../jose/jws/HmacJwsSignatureProvider.java | 2 +-
.../jose/jws/HmacJwsSignatureVerifier.java | 2 +-
.../jws/PrivateKeyJwsSignatureProvider.java | 2 +-
.../jose/jws/PublicKeyJwsSignatureVerifier.java | 2 +-
.../jose/jwe/JweCompactReaderWriterTest.java | 2 +-
.../jose/jws/JwsCompactReaderWriterTest.java | 2 +-
.../code/DefaultEncryptingCodeDataProvider.java | 2 +-
.../oauth2/grants/code/DigestCodeVerifier.java | 2 +-
.../DefaultEncryptingOAuthDataProvider.java | 4 +-
.../oauth2/tokens/hawk/HawkAccessToken.java | 2 +-
.../tokens/hawk/HawkAccessTokenValidator.java | 2 +-
.../tokens/hawk/HawkAuthorizationScheme.java | 2 +-
.../oauth2/utils/MessageDigestUtils.java | 80 --
.../rs/security/oauth2/utils/OAuthUtils.java | 1 +
.../oauth2/utils/crypto/CryptoUtils.java | 774 -------------------
.../security/oauth2/utils/crypto/HmacUtils.java | 146 ----
.../oauth2/utils/crypto/KeyProperties.java | 88 ---
.../utils/crypto/ModelEncryptionSupport.java | 2 +
.../crypto/PrivateKeyPasswordProvider.java | 25 -
.../oauth2/utils/crypto/CryptoUtilsTest.java | 2 +
.../utils/crypto/EncryptingDataProvider.java | 1 +
.../jaxrs/security/jwt/JAXRSJweJwsTest.java | 2 +-
.../jwt/PrivateKeyPasswordProviderImpl.java | 2 +-
.../security/oauth2/OAuthDataProviderImpl.java | 4 +-
48 files changed, 1206 insertions(+), 1172 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
new file mode 100644
index 0000000..184f69f
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/util/crypto/CryptoUtils.java
@@ -0,0 +1,667 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.common.util.crypto;
+
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.CompressionUtils;
+import org.apache.cxf.helpers.IOUtils;
+
+
+/**
+ * Encryption helpers
+ */
+public final class CryptoUtils {
+
+ private CryptoUtils() {
+ }
+
+ public static String encodeSecretKey(SecretKey key) throws SecurityException {
+ return encodeBytes(key.getEncoded());
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey)
+ throws SecurityException {
+ KeyProperties props = new KeyProperties(publicKey.getAlgorithm());
+ return encryptSecretKey(secretKey, publicKey, props);
+ }
+
+ public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey,
+ KeyProperties props) throws SecurityException {
+ byte[] encryptedBytes = encryptBytes(secretKey.getEncoded(),
+ publicKey,
+ props);
+ return encodeBytes(encryptedBytes);
+ }
+
+ public static byte[] generateSecureRandomBytes(int size) {
+ SecureRandom sr = new SecureRandom();
+ byte[] bytes = new byte[size];
+ sr.nextBytes(bytes);
+ return bytes;
+ }
+
+ public static RSAPublicKey getRSAPublicKey(String encodedModulus,
+ String encodedPublicExponent) {
+ try {
+ return getRSAPublicKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPublicExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPublicKey getRSAPublicKey(byte[] modulusBytes,
+ byte[] publicExponentBytes) {
+ try {
+ return getRSAPublicKey(KeyFactory.getInstance("RSA"),
+ modulusBytes,
+ publicExponentBytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPublicKey getRSAPublicKey(KeyFactory factory,
+ byte[] modulusBytes,
+ byte[] publicExponentBytes) {
+ BigInteger modulus = new BigInteger(1, modulusBytes);
+ BigInteger publicExponent = new BigInteger(1, publicExponentBytes);
+ try {
+ return (RSAPublicKey)factory.generatePublic(
+ new RSAPublicKeySpec(modulus, publicExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+ String encodedPrivateExponent) {
+ try {
+ return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPrivateExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+ byte[] privateExponentBytes) {
+ BigInteger modulus = new BigInteger(1, modulusBytes);
+ BigInteger privateExponent = new BigInteger(1, privateExponentBytes);
+ try {
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ return (RSAPrivateKey)factory.generatePrivate(
+ new RSAPrivateKeySpec(modulus, privateExponent));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ //CHECKSTYLE:OFF
+ public static RSAPrivateKey getRSAPrivateKey(String encodedModulus,
+ String encodedPublicExponent,
+ String encodedPrivateExponent,
+ String encodedPrimeP,
+ String encodedPrimeQ,
+ String encodedPrimeExpP,
+ String encodedPrimeExpQ,
+ String encodedCrtCoefficient) {
+ //CHECKSTYLE:ON
+ try {
+ return getRSAPrivateKey(CryptoUtils.decodeSequence(encodedModulus),
+ CryptoUtils.decodeSequence(encodedPublicExponent),
+ CryptoUtils.decodeSequence(encodedPrivateExponent),
+ CryptoUtils.decodeSequence(encodedPrimeP),
+ CryptoUtils.decodeSequence(encodedPrimeQ),
+ CryptoUtils.decodeSequence(encodedPrimeExpP),
+ CryptoUtils.decodeSequence(encodedPrimeExpQ),
+ CryptoUtils.decodeSequence(encodedCrtCoefficient));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ //CHECKSTYLE:OFF
+ public static RSAPrivateKey getRSAPrivateKey(byte[] modulusBytes,
+ byte[] publicExponentBytes,
+ byte[] privateExponentBytes,
+ byte[] primePBytes,
+ byte[] primeQBytes,
+ byte[] primeExpPBytes,
+ byte[] primeExpQBytes,
+ byte[] crtCoefficientBytes) {
+ //CHECKSTYLE:ON
+ BigInteger modulus = new BigInteger(1, modulusBytes);
+ BigInteger publicExponent = new BigInteger(1, publicExponentBytes);
+ BigInteger privateExponent = new BigInteger(1, privateExponentBytes);
+ BigInteger primeP = new BigInteger(1, primePBytes);
+ BigInteger primeQ = new BigInteger(1, primeQBytes);
+ BigInteger primeExpP = new BigInteger(1, primeExpPBytes);
+ BigInteger primeExpQ = new BigInteger(1, primeExpQBytes);
+ BigInteger crtCoefficient = new BigInteger(1, crtCoefficientBytes);
+ try {
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ return (RSAPrivateKey)factory.generatePrivate(
+ new RSAPrivateCrtKeySpec(modulus,
+ publicExponent,
+ privateExponent,
+ primeP,
+ primeQ,
+ primeExpP,
+ primeExpQ,
+ crtCoefficient));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static ECPrivateKey getECPrivateKey(String curve, String encodedPrivateKey) {
+ try {
+ return getECPrivateKey(curve, CryptoUtils.decodeSequence(encodedPrivateKey));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static ECPrivateKey getECPrivateKey(String curve, byte[] privateKey) {
+ try {
+ ECParameterSpec params = getECParameterSpec(curve, true);
+ ECPrivateKeySpec keySpec = new ECPrivateKeySpec(
+ new BigInteger(1, privateKey), params);
+ KeyFactory kf = KeyFactory.getInstance("EC");
+ return (ECPrivateKey) kf.generatePrivate(keySpec);
+
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ private static ECParameterSpec getECParameterSpec(String curve, boolean isPrivate)
+ throws Exception {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
+ ECGenParameterSpec kpgparams = new ECGenParameterSpec("sec"
+ + curve.toLowerCase().replace("-", "")
+ + "r1");
+ kpg.initialize(kpgparams);
+ KeyPair pair = kpg.generateKeyPair();
+ return isPrivate ? ((ECPublicKey) pair.getPublic()).getParams()
+ : ((ECPrivateKey) pair.getPrivate()).getParams();
+ }
+
+ public static ECPublicKey getECPublicKey(String curve, String encodedXPoint, String encodedYPoint) {
+ try {
+ return getECPublicKey(curve,
+ CryptoUtils.decodeSequence(encodedXPoint),
+ CryptoUtils.decodeSequence(encodedYPoint));
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static ECPublicKey getECPublicKey(String curve, byte[] xPoint, byte[] yPoint) {
+ try {
+ ECParameterSpec params = getECParameterSpec(curve, false);
+
+ ECPoint ecPoint = new ECPoint(new BigInteger(1, xPoint),
+ new BigInteger(1, yPoint));
+ ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint, params);
+ KeyFactory kf = KeyFactory.getInstance("EC");
+ return (ECPublicKey) kf.generatePublic(keySpec);
+
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int authTagLength, byte[] iv) {
+ if (authTagLength > 0) {
+ return CryptoUtils.getGCMParameterSpec(authTagLength, iv);
+ } else if (iv.length > 0) {
+ return new IvParameterSpec(iv);
+ } else {
+ return null;
+ }
+ }
+
+ public static AlgorithmParameterSpec getGCMParameterSpec(int authTagLength, byte[] iv) {
+ return new GCMParameterSpec(authTagLength, iv);
+ }
+
+ public static byte[] signData(byte[] data, PrivateKey key, String signAlgo) {
+ return signData(data, key, signAlgo, null, null);
+ }
+
+ public static byte[] signData(byte[] data, PrivateKey key, String signAlgo, SecureRandom random,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = getSignature(key, signAlgo, random, params);
+ s.update(data);
+ return s.sign();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static Signature getSignature(PrivateKey key, String signAlgo, SecureRandom random,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = Signature.getInstance(signAlgo);
+ if (random == null) {
+ s.initSign(key);
+ } else {
+ s.initSign(key, random);
+ }
+ if (params != null) {
+ s.setParameter(params);
+ }
+ return s;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo) {
+ return verifySignature(data, signature, key, signAlgo, null);
+ }
+
+ public static boolean verifySignature(byte[] data, byte[] signature, PublicKey key, String signAlgo,
+ AlgorithmParameterSpec params) {
+ try {
+ Signature s = Signature.getInstance(signAlgo);
+ s.initVerify(key);
+ if (params != null) {
+ s.setParameter(params);
+ }
+ s.update(data);
+ return s.verify(signature);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static SecretKey getSecretKey(String symEncAlgo) throws SecurityException {
+ return getSecretKey(new KeyProperties(symEncAlgo));
+ }
+
+ public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException {
+ return getSecretKey(new KeyProperties(symEncAlgo, keySize));
+ }
+
+ public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
+ try {
+ KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());
+ AlgorithmParameterSpec algoSpec = props.getAlgoSpec();
+ SecureRandom random = props.getSecureRandom();
+ if (algoSpec != null) {
+ if (random != null) {
+ keyGen.init(algoSpec, random);
+ } else {
+ keyGen.init(algoSpec);
+ }
+ } else {
+ int keySize = props.getKeySize();
+ if (keySize == -1) {
+ keySize = 128;
+ }
+ if (random != null) {
+ keyGen.init(keySize, random);
+ } else {
+ keyGen.init(keySize);
+ }
+ }
+
+ return keyGen.generateKey();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String decryptSequence(String encodedToken, String encodedSecretKey)
+ throws SecurityException {
+ return decryptSequence(encodedToken, encodedSecretKey, new KeyProperties("AES"));
+ }
+
+ public static String decryptSequence(String encodedData, String encodedSecretKey,
+ KeyProperties props) throws SecurityException {
+ SecretKey key = decodeSecretKey(encodedSecretKey, props.getKeyAlgo());
+ return decryptSequence(encodedData, key, props);
+ }
+
+ public static String decryptSequence(String encodedData, Key secretKey) throws SecurityException {
+ return decryptSequence(encodedData, secretKey, null);
+ }
+
+ public static String decryptSequence(String encodedData, Key secretKey,
+ KeyProperties props) throws SecurityException {
+ byte[] encryptedBytes = decodeSequence(encodedData);
+ byte[] bytes = decryptBytes(encryptedBytes, secretKey, props);
+ try {
+ return new String(bytes, "UTF-8");
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String encryptSequence(String sequence, Key secretKey) throws SecurityException {
+ return encryptSequence(sequence, secretKey, null);
+ }
+
+ public static String encryptSequence(String sequence, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ try {
+ byte[] bytes = encryptBytes(sequence.getBytes("UTF-8"), secretKey, keyProps);
+ return encodeBytes(bytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static String encodeBytes(byte[] bytes) throws SecurityException {
+ try {
+ return Base64UrlUtility.encode(bytes);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+ return encryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] encryptBytes(byte[] bytes, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ return processBytes(bytes, secretKey, keyProps, Cipher.ENCRYPT_MODE);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey) throws SecurityException {
+ return decryptBytes(bytes, secretKey, null);
+ }
+
+ public static byte[] decryptBytes(byte[] bytes, Key secretKey,
+ KeyProperties keyProps) throws SecurityException {
+ return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
+ }
+
+ public static byte[] wrapSecretKey(byte[] keyBytes,
+ String keyAlgo,
+ Key wrapperKey,
+ KeyProperties wrapperKeyProps) throws SecurityException {
+ return wrapSecretKey(new SecretKeySpec(keyBytes, convertJCECipherToSecretKeyName(keyAlgo)),
+ wrapperKey,
+ wrapperKeyProps);
+ }
+
+ public static byte[] wrapSecretKey(Key secretKey,
+ Key wrapperKey,
+ KeyProperties keyProps) throws SecurityException {
+ try {
+ Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+ return c.wrap(secretKey);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ String unwrapperKeyAlgo) throws SecurityException {
+ return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey,
+ new KeyProperties(unwrapperKeyAlgo));
+ }
+
+ public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ KeyProperties keyProps) throws SecurityException {
+ return (SecretKey)unwrapKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, keyProps, Cipher.SECRET_KEY);
+ }
+
+ public static Key unwrapKey(byte[] wrappedBytes,
+ String wrappedKeyAlgo,
+ Key unwrapperKey,
+ KeyProperties keyProps,
+ int wrappedKeyType) throws SecurityException {
+ try {
+ Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+ return c.unwrap(wrappedBytes, wrappedKeyAlgo, wrappedKeyType);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static byte[] processBytes(byte[] bytes,
+ Key secretKey,
+ KeyProperties keyProps,
+ int mode) throws SecurityException {
+ boolean compressionSupported = keyProps != null && keyProps.isCompressionSupported();
+ if (compressionSupported && mode == Cipher.ENCRYPT_MODE) {
+ bytes = CompressionUtils.deflate(bytes, false);
+ }
+ try {
+ Cipher c = initCipher(secretKey, keyProps, mode);
+ byte[] result = new byte[0];
+ int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
+ if (secretKey instanceof SecretKey && blockSize == -1) {
+ result = c.doFinal(bytes);
+ } else {
+ if (blockSize == -1) {
+ blockSize = secretKey instanceof PublicKey ? 117 : 128;
+ }
+ boolean updateRequired = keyProps != null && keyProps.getAdditionalData() != null;
+ int offset = 0;
+ for (; offset + blockSize < bytes.length; offset += blockSize) {
+ byte[] next = !updateRequired ? c.doFinal(bytes, offset, blockSize)
+ : c.update(bytes, offset, blockSize);
+ result = addToResult(result, next);
+ }
+ if (offset < bytes.length) {
+ result = addToResult(result, c.doFinal(bytes, offset, bytes.length - offset));
+ } else {
+ result = addToResult(result, c.doFinal());
+ }
+ }
+ if (compressionSupported && mode == Cipher.DECRYPT_MODE) {
+ result = IOUtils.readBytesFromStream(CompressionUtils.inflate(result, false));
+ }
+ return result;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ public static Cipher initCipher(Key secretKey, KeyProperties keyProps, int mode) throws SecurityException {
+ try {
+ String algorithm = keyProps != null && keyProps.getKeyAlgo() != null
+ ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+ Cipher c = Cipher.getInstance(algorithm);
+ if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom() == null) {
+ c.init(mode, secretKey);
+ } else {
+ AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+ SecureRandom random = keyProps.getSecureRandom();
+ if (algoSpec == null) {
+ c.init(mode, secretKey, random);
+ } else if (random == null) {
+ c.init(mode, secretKey, algoSpec);
+ } else {
+ c.init(mode, secretKey, algoSpec, random);
+ }
+ }
+ if (keyProps != null && keyProps.getAdditionalData() != null) {
+ c.updateAAD(keyProps.getAdditionalData());
+ }
+ return c;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static byte[] addToResult(byte[] prefix, byte[] suffix) {
+ if (suffix == null || suffix.length == 0) {
+ return prefix;
+ } else if (prefix.length == 0) {
+ return suffix;
+ } else {
+ byte[] result = new byte[prefix.length + suffix.length];
+ System.arraycopy(prefix, 0, result, 0, prefix.length);
+ System.arraycopy(suffix, 0, result, prefix.length, suffix.length);
+ return result;
+ }
+ }
+
+ public static SecretKey decodeSecretKey(String encodedSecretKey) throws SecurityException {
+ return decodeSecretKey(encodedSecretKey, "AES");
+ }
+
+ public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo)
+ throws SecurityException {
+ byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
+ return createSecretKeySpec(secretKeyBytes, secretKeyAlgo);
+ }
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ PrivateKey privateKey) {
+ return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+ }
+
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ String secretKeyAlgo,
+ PrivateKey privateKey)
+ throws SecurityException {
+ KeyProperties props = new KeyProperties(privateKey.getAlgorithm());
+ return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
+ }
+
+ public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+ String secretKeyAlgo,
+ KeyProperties props,
+ PrivateKey privateKey) throws SecurityException {
+ byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
+ byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
+ return createSecretKeySpec(descryptedBytes, secretKeyAlgo);
+ }
+
+ public static SecretKey createSecretKeySpec(String encodedBytes, String algo) {
+ return new SecretKeySpec(decodeSequence(encodedBytes), algo);
+ }
+ public static SecretKey createSecretKeySpec(byte[] bytes, String algo) {
+ return new SecretKeySpec(bytes, convertJCECipherToSecretKeyName(algo));
+ }
+ public static byte[] decodeSequence(String encodedSequence) throws SecurityException {
+ try {
+ return Base64UrlUtility.decode(encodedSequence);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+
+ private static String convertJCECipherToSecretKeyName(String jceCipherName) {
+ if (jceCipherName != null) {
+ if (jceCipherName.startsWith("AES")) {
+ return "AES";
+ } else if (jceCipherName.startsWith("DESede")) {
+ return "DESede";
+ } else if (jceCipherName.startsWith("SEED")) {
+ return "SEED";
+ } else if (jceCipherName.startsWith("Camellia")) {
+ return "Camellia";
+ }
+ }
+ return null;
+ }
+ public static Certificate loadCertificate(InputStream storeLocation, char[] storePassword, String alias,
+ String storeType) {
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadCertificate(keyStore, alias);
+ }
+ public static Certificate loadCertificate(KeyStore keyStore, String alias) {
+ try {
+ return keyStore.getCertificate(alias);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PublicKey loadPublicKey(InputStream storeLocation, char[] storePassword, String alias,
+ String storeType) {
+ return loadCertificate(storeLocation, storePassword, alias, storeType).getPublicKey();
+ }
+ public static PublicKey loadPublicKey(KeyStore keyStore, String alias) {
+ return loadCertificate(keyStore, alias).getPublicKey();
+ }
+ public static KeyStore loadKeyStore(InputStream storeLocation, char[] storePassword, String type) {
+ try {
+ KeyStore ks = KeyStore.getInstance(type == null ? KeyStore.getDefaultType() : type);
+ ks.load(storeLocation, storePassword);
+ return ks;
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PrivateKey loadPrivateKey(InputStream storeLocation,
+ char[] storePassword,
+ char[] keyPassword,
+ String alias,
+ String storeType) {
+ KeyStore keyStore = loadKeyStore(storeLocation, storePassword, storeType);
+ return loadPrivateKey(keyStore, keyPassword, alias);
+ }
+
+ public static PrivateKey loadPrivateKey(KeyStore keyStore,
+ char[] keyPassword,
+ String alias) {
+ try {
+ KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
+ keyStore.getEntry(alias, new KeyStore.PasswordProtection(keyPassword));
+ return pkEntry.getPrivateKey();
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
new file mode 100644
index 0000000..4a07edc
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/util/crypto/HmacUtils.java
@@ -0,0 +1,145 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.util.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.Base64Utility;
+
+public final class HmacUtils {
+
+ private HmacUtils() {
+
+ }
+
+ public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data) {
+ return Base64Utility.encode(computeHmac(macSecret, macAlgoJavaName, data));
+ }
+
+ public static String encodeHmacString(String macSecret, String macAlgoJavaName, String data, boolean urlSafe) {
+ byte[] bytes = computeHmac(macSecret, macAlgoJavaName, data);
+ return urlSafe ? Base64UrlUtility.encode(bytes) : Base64Utility.encode(bytes);
+ }
+
+ public static Mac getMac(String macAlgoJavaName) {
+ return getMac(macAlgoJavaName, (String)null);
+ }
+
+ public static Mac getMac(String macAlgoJavaName, String provider) {
+ try {
+ return provider == null ? Mac.getInstance(macAlgoJavaName) : Mac.getInstance(macAlgoJavaName, provider);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ } catch (NoSuchProviderException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static Mac getMac(String macAlgoJavaName, Provider provider) {
+ try {
+ return Mac.getInstance(macAlgoJavaName, provider);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] computeHmac(String key, String macAlgoJavaName, String data) {
+ Mac mac = getMac(macAlgoJavaName);
+ return computeHmac(key, mac, data);
+ }
+
+ public static byte[] computeHmac(byte[] key, String macAlgoJavaName, String data) {
+ return computeHmac(key, macAlgoJavaName, null, data);
+ }
+ public static byte[] computeHmac(byte[] key, String macAlgoJavaName, AlgorithmParameterSpec spec,
+ String data) {
+ Mac mac = getMac(macAlgoJavaName);
+ return computeHmac(new SecretKeySpec(key, mac.getAlgorithm()), mac, spec, data);
+ }
+
+ public static byte[] computeHmac(String key, Mac hmac, String data) {
+ try {
+ return computeHmac(key.getBytes("UTF-8"), hmac, data);
+ } catch (UnsupportedEncodingException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] computeHmac(byte[] key, Mac hmac, String data) {
+ SecretKeySpec secretKey = new SecretKeySpec(key, hmac.getAlgorithm());
+ return computeHmac(secretKey, hmac, data);
+ }
+
+ public static byte[] computeHmac(Key secretKey, Mac hmac, String data) {
+ return computeHmac(secretKey, hmac, null, data);
+ }
+
+ public static byte[] computeHmac(Key secretKey, Mac hmac, AlgorithmParameterSpec spec, String data) {
+ initMac(hmac, secretKey, spec);
+ return hmac.doFinal(data.getBytes());
+ }
+
+ public static Mac getInitializedMac(byte[] key, String algo, AlgorithmParameterSpec spec) {
+ Mac hmac = getMac(algo);
+ initMac(hmac, key, spec);
+ return hmac;
+ }
+
+ private static void initMac(Mac hmac, byte[] key, AlgorithmParameterSpec spec) {
+ initMac(hmac, new SecretKeySpec(key, hmac.getAlgorithm()), spec);
+
+ }
+ private static void initMac(Mac hmac, Key secretKey, AlgorithmParameterSpec spec) {
+ try {
+ if (spec == null) {
+ hmac.init(secretKey);
+ } else {
+ hmac.init(secretKey, spec);
+ }
+ } catch (InvalidKeyException e) {
+ throw new SecurityException(e);
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static String generateKey(String algo) {
+ try {
+ KeyGenerator keyGen = KeyGenerator.getInstance(algo);
+ return Base64Utility.encode(keyGen.generateKey().getEncoded());
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java b/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
new file mode 100644
index 0000000..1d4f75c
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/util/crypto/KeyProperties.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.util.crypto;
+
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+public class KeyProperties {
+ private String keyAlgo;
+ private int keySize;
+ private int blockSize = -1;
+ private byte[] additionalData;
+ private SecureRandom secureRandom;
+ private AlgorithmParameterSpec algoSpec;
+ private boolean compressionSupported;
+
+ public KeyProperties() {
+ }
+
+ public KeyProperties(String keyAlgo) {
+ this(keyAlgo, -1);
+ }
+ public KeyProperties(String keyAlgo, int keySize) {
+ this.keyAlgo = keyAlgo;
+ this.keySize = keySize;
+ }
+ public String getKeyAlgo() {
+ return keyAlgo;
+ }
+ public void setKeyAlgo(String keyAlgo) {
+ this.keyAlgo = keyAlgo;
+ }
+ public int getKeySize() {
+ return keySize;
+ }
+ public void setKeySize(int keySize) {
+ this.keySize = keySize;
+ }
+ public SecureRandom getSecureRandom() {
+ return secureRandom;
+ }
+ public void setSecureRandom(SecureRandom secureRandom) {
+ this.secureRandom = secureRandom;
+ }
+ public AlgorithmParameterSpec getAlgoSpec() {
+ return algoSpec;
+ }
+ public void setAlgoSpec(AlgorithmParameterSpec algoSpec) {
+ this.algoSpec = algoSpec;
+ }
+ public int getBlockSize() {
+ return blockSize;
+ }
+ public void setBlockSize(int blockSize) {
+ this.blockSize = blockSize;
+ }
+ public boolean isCompressionSupported() {
+ return compressionSupported;
+ }
+ public void setCompressionSupported(boolean compressionSupported) {
+ this.compressionSupported = compressionSupported;
+ }
+ public byte[] getAdditionalData() {
+ return additionalData;
+ }
+ public void setAdditionalData(byte[] additionalData) {
+ this.additionalData = additionalData;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java b/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
new file mode 100644
index 0000000..314f791
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/common/util/crypto/MessageDigestUtils.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.common.util.crypto;
+
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * The utility Message Digest generator which can be used for generating
+ * random values
+ */
+public final class MessageDigestUtils {
+
+ public static final String ALGO_SHA_1 = "SHA-1";
+ public static final String ALGO_SHA_256 = "SHA-256";
+ public static final String ALGO_MD5 = "MD5";
+
+ private MessageDigestUtils() {
+
+ }
+
+ public static String generate(byte[] input) {
+ return generate(input, ALGO_MD5);
+ }
+
+ public static String generate(byte[] input, String algo) {
+ try {
+ byte[] messageDigest = createDigest(input, algo);
+ StringBuffer hexString = new StringBuffer();
+ for (int i = 0; i < messageDigest.length; i++) {
+ hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
+ }
+
+ return hexString.toString();
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] createDigest(String input, String algo) {
+ try {
+ return createDigest(input.getBytes("UTF-8"), algo);
+ } catch (UnsupportedEncodingException e) {
+ throw new SecurityException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SecurityException(e);
+ }
+ }
+
+ public static byte[] createDigest(byte[] input, String algo) throws NoSuchAlgorithmException {
+ MessageDigest md = MessageDigest.getInstance(algo);
+ md.reset();
+ md.update(input);
+ return md.digest();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
index 65deb0b..a1bd5cf 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJweDecryptingFilter.java
@@ -44,7 +44,6 @@ import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweDecryption;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJweDecryptingFilter {
private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
@@ -82,7 +81,7 @@ public class AbstractJweDecryptingFilter {
Properties props = ResourceUtils.loadProperties(propLoc, bus);
String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
SecretKey ctDecryptionKey = null;
- if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
+ if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
String keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
if ("direct".equals(keyEncryptionAlgo)) {
@@ -93,7 +92,8 @@ public class AbstractJweDecryptingFilter {
}
} else {
keyDecryptionProvider = new RSAOaepKeyDecryptionAlgorithm(
- (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props, CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
+ (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(
+ m, props, KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER));
}
if (keyDecryptionProvider == null && ctDecryptionKey == null) {
throw new SecurityException();
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
index 1eb9dee..6902e97 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsReaderProvider.java
@@ -31,7 +31,6 @@ import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJwsReaderProvider {
private static final String RSSEC_SIGNATURE_IN_PROPS = "rs.security.signature.in.properties";
@@ -62,14 +61,14 @@ public class AbstractJwsReaderProvider {
Properties props = ResourceUtils.loadProperties(propLoc, bus);
JwsSignatureVerifier theVerifier = null;
String rsaSignatureAlgo = null;
- if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
+ if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_VERIFY);
rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
theVerifier = JwsUtils.getSignatureVerifier(jwk, rsaSignatureAlgo);
} else {
theVerifier = new PublicKeyJwsSignatureVerifier(
- (RSAPublicKey)CryptoUtils.loadPublicKey(m, props));
+ (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props));
}
return theVerifier;
} catch (SecurityException ex) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
index d2fc2ae..480f83d 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
@@ -36,7 +36,6 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jws.PrivateKeyJwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jwt.JwtHeaders;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AbstractJwsWriterProvider {
private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
@@ -63,14 +62,14 @@ public class AbstractJwsWriterProvider {
Properties props = ResourceUtils.loadProperties(propLoc, m.getExchange().getBus());
JwsSignatureProvider theSigProvider = null;
String rsaSignatureAlgo = null;
- if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
+ if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_SIGN);
rsaSignatureAlgo = getSignatureAlgo(props, jwk.getAlgorithm());
theSigProvider = JwsUtils.getSignatureProvider(jwk, rsaSignatureAlgo);
} else {
rsaSignatureAlgo = getSignatureAlgo(props, null);
- RSAPrivateKey pk = (RSAPrivateKey)CryptoUtils.loadPrivateKey(m, props,
- CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
+ RSAPrivateKey pk = (RSAPrivateKey)KeyManagementUtils.loadPrivateKey(m, props,
+ KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER);
theSigProvider = new PrivateKeyJwsSignatureProvider(pk, rsaSignatureAlgo);
}
if (theSigProvider == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
index c9fd343..d35c519 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -57,7 +57,6 @@ import org.apache.cxf.rs.security.jose.jwe.RSAOaepKeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.WrappedKeyJweEncryption;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
@Priority(Priorities.JWE_WRITE_PRIORITY)
public class JweWriterInterceptor implements WriterInterceptor {
@@ -137,7 +136,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
Properties props = ResourceUtils.loadProperties(propLoc, bus);
String contentEncryptionAlgo = props.getProperty(JSON_WEB_ENCRYPTION_CEK_ALGO_PROP);
ContentEncryptionAlgorithm ctEncryptionProvider = null;
- if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(CryptoUtils.RSSEC_KEY_STORE_TYPE))) {
+ if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, JsonWebKey.KEY_OPER_ENCRYPT);
keyEncryptionAlgo = getKeyEncryptionAlgo(props, jwk.getAlgorithm());
if ("direct".equals(keyEncryptionAlgo)) {
@@ -149,7 +148,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
} else {
keyEncryptionProvider = new RSAOaepKeyEncryptionAlgorithm(
- (RSAPublicKey)CryptoUtils.loadPublicKey(m, props),
+ (RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props),
getKeyEncryptionAlgo(props, keyEncryptionAlgo));
}
if (keyEncryptionProvider == null && ctEncryptionProvider == null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
new file mode 100644
index 0000000..369e072
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/KeyManagementUtils.java
@@ -0,0 +1,145 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Properties;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.jaxrs.utils.ResourceUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.security.SecurityContext;
+
+
+/**
+ * Encryption helpers
+ */
+public final class KeyManagementUtils {
+ public static final String RSSEC_KEY_STORE_TYPE = "rs.security.keystore.type";
+ public static final String RSSEC_KEY_STORE_PSWD = "rs.security.keystore.password";
+ public static final String RSSEC_KEY_PSWD = "rs.security.key.password";
+ public static final String RSSEC_KEY_STORE_ALIAS = "rs.security.keystore.alias";
+ public static final String RSSEC_KEY_STORE_FILE = "rs.security.keystore.file";
+ public static final String RSSEC_PRINCIPAL_NAME = "rs.security.principal.name";
+ public static final String RSSEC_KEY_PSWD_PROVIDER = "rs.security.key.password.provider";
+ public static final String RSSEC_SIG_KEY_PSWD_PROVIDER = "rs.security.signature.key.password.provider";
+ public static final String RSSEC_DECRYPT_KEY_PSWD_PROVIDER = "rs.security.decryption.key.password.provider";
+
+ private KeyManagementUtils() {
+ }
+
+ public static PublicKey loadPublicKey(Message m, Properties props) {
+ KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
+ return CryptoUtils.loadPublicKey(keyStore, props.getProperty(RSSEC_KEY_STORE_ALIAS));
+ }
+ public static PublicKey loadPublicKey(Message m, String keyStoreLocProp) {
+ return loadPublicKey(m, keyStoreLocProp, null);
+ }
+ public static PublicKey loadPublicKey(Message m, String keyStoreLocPropPreferred, String keyStoreLocPropDefault) {
+ String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
+ Bus bus = m.getExchange().getBus();
+ try {
+ Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
+ return KeyManagementUtils.loadPublicKey(m, props);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ private static String getMessageProperty(Message m, String keyStoreLocPropPreferred,
+ String keyStoreLocPropDefault) {
+ String propLoc =
+ (String)MessageUtils.getContextualProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
+ if (propLoc == null) {
+ throw new SecurityException();
+ }
+ return propLoc;
+ }
+ public static PrivateKey loadPrivateKey(Properties props, Bus bus, PrivateKeyPasswordProvider provider) {
+ KeyStore keyStore = loadKeyStore(props, bus);
+ return loadPrivateKey(keyStore, props, bus, provider);
+ }
+ public static PrivateKey loadPrivateKey(KeyStore keyStore,
+ Properties props,
+ Bus bus,
+ PrivateKeyPasswordProvider provider) {
+
+ String keyPswd = props.getProperty(RSSEC_KEY_PSWD);
+ String alias = props.getProperty(RSSEC_KEY_STORE_ALIAS);
+ char[] keyPswdChars = provider != null ? provider.getPassword(props)
+ : keyPswd != null ? keyPswd.toCharArray() : null;
+ return CryptoUtils.loadPrivateKey(keyStore, keyPswdChars, alias);
+ }
+
+ public static PrivateKey loadPrivateKey(Message m, String keyStoreLocProp, String passwordProviderProp) {
+ return loadPrivateKey(m, keyStoreLocProp, null, passwordProviderProp);
+ }
+ public static PrivateKey loadPrivateKey(Message m, String keyStoreLocPropPreferred,
+ String keyStoreLocPropDefault, String passwordProviderProp) {
+ String keyStoreLoc = getMessageProperty(m, keyStoreLocPropPreferred, keyStoreLocPropDefault);
+ Bus bus = m.getExchange().getBus();
+ try {
+ Properties props = ResourceUtils.loadProperties(keyStoreLoc, bus);
+ return KeyManagementUtils.loadPrivateKey(m, props, passwordProviderProp);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+ public static PrivateKey loadPrivateKey(Message m, Properties props, String passwordProviderProp) {
+ Bus bus = m.getExchange().getBus();
+ KeyStore keyStore = KeyManagementUtils.loadPersistKeyStore(m, props);
+ PrivateKeyPasswordProvider cb =
+ (PrivateKeyPasswordProvider)m.getContextualProperty(passwordProviderProp);
+ if (cb != null && m.getExchange().getInMessage() != null) {
+ SecurityContext sc = m.getExchange().getInMessage().get(SecurityContext.class);
+ if (sc != null) {
+ Principal p = sc.getUserPrincipal();
+ if (p != null) {
+ props.setProperty(RSSEC_PRINCIPAL_NAME, p.getName());
+ }
+ }
+ }
+ return KeyManagementUtils.loadPrivateKey(keyStore, props, bus, cb);
+ }
+ public static KeyStore loadPersistKeyStore(Message m, Properties props) {
+ KeyStore keyStore = (KeyStore)m.getExchange().get(props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE));
+ if (keyStore == null) {
+ keyStore = KeyManagementUtils.loadKeyStore(props, m.getExchange().getBus());
+ m.getExchange().put((String)props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE), keyStore);
+ }
+ return keyStore;
+ }
+ public static KeyStore loadKeyStore(Properties props, Bus bus) {
+ String keyStoreType = props.getProperty(RSSEC_KEY_STORE_TYPE);
+ String keyStoreLoc = props.getProperty(RSSEC_KEY_STORE_FILE);
+ String keyStorePswd = props.getProperty(RSSEC_KEY_STORE_PSWD);
+ try {
+ InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
+ return CryptoUtils.loadKeyStore(is, keyStorePswd.toCharArray(), keyStoreType);
+ } catch (Exception ex) {
+ throw new SecurityException(ex);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
new file mode 100644
index 0000000..bfcde49
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/PrivateKeyPasswordProvider.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.util.Properties;
+
+public interface PrivateKeyPasswordProvider {
+ char[] getPassword(Properties storeProperties);
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index adf6d59..770ee56 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.util.concurrent.atomic.AtomicInteger;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index 291b8cb..bc30979 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.spec.AlgorithmParameterSpec;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
index 987ebb7..45d3ee7 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweDecryption.java
@@ -21,12 +21,12 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReader;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public abstract class AbstractJweDecryption implements JweDecryptionProvider {
private KeyDecryptionAlgorithm keyDecryptionAlgo;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 86ff16e..4354bf3 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -23,12 +23,12 @@ import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public abstract class AbstractJweEncryption implements JweEncryptionProvider {
protected static final int DEFAULT_AUTH_TAG_LENGTH = 128;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index 6e831a9..ed35eab 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -22,9 +22,9 @@ import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Set;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm {
private Key keyEncryptionKey;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index 111641e..ab0220c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -26,9 +26,9 @@ import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
+import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
private static final Map<String, String> AES_HMAC_MAP;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 65575ac..bcd0fb3 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
index c05bafa..0043ec2 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -23,8 +23,8 @@ import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
index ff34b93..e230470 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -26,8 +26,8 @@ import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
index 0ee79b4..3ba6919 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyDecryptionAlgorithm.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jwe;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AesWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
public AesWrapKeyDecryptionAlgorithm(String encodedKey) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
index a0b01b9..a8b5899 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesWrapKeyEncryptionAlgorithm.java
@@ -24,8 +24,8 @@ import java.util.Set;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
public class AesWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm {
private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index 3728444..4697cad 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -29,8 +29,8 @@ import java.util.Map;
import java.util.Set;
import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
index 4566f61..8af2c63 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -21,9 +21,9 @@ package org.apache.cxf.rs.security.jose.jwe;
import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
+import org.apache.cxf.common.util.crypto.KeyProperties;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm {
private Key cekDecryptionKey;
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index bf255b9..c994b1e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -32,9 +32,12 @@ import java.util.Properties;
import javax.crypto.SecretKey;
import org.apache.cxf.Bus;
+import org.apache.cxf.common.util.crypto.CryptoUtils;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.ResourceUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
+import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
@@ -44,8 +47,6 @@ import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider;
public final class JwkUtils {
public static final String JWK_KEY_STORE_TYPE = "jwk";
@@ -144,10 +145,10 @@ public final class JwkUtils {
}
public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb,
JwkReaderWriter reader) {
- JsonWebKeys jwkSet = (JsonWebKeys)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE));
+ JsonWebKeys jwkSet = (JsonWebKeys)m.getExchange().get(props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE));
if (jwkSet == null) {
jwkSet = loadJwkSet(props, m.getExchange().getBus(), cb, reader);
- m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), jwkSet);
+ m.getExchange().put((String)props.get(KeyManagementUtils.RSSEC_KEY_STORE_FILE), jwkSet);
}
return jwkSet;
}
@@ -162,7 +163,7 @@ public final class JwkUtils {
}
public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) {
String keyContent = null;
- String keyStoreLoc = props.getProperty(CryptoUtils.RSSEC_KEY_STORE_FILE);
+ String keyStoreLoc = props.getProperty(KeyManagementUtils.RSSEC_KEY_STORE_FILE);
if (keyStoreLoc != null) {
try {
InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus);
@@ -193,23 +194,24 @@ public final class JwkUtils {
}
public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, JwkReaderWriter reader) {
PrivateKeyPasswordProvider cb =
- (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER);
+ (PrivateKeyPasswordProvider)m.getContextualProperty(KeyManagementUtils.RSSEC_KEY_PSWD_PROVIDER);
if (cb == null && keyOper != null) {
- String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER
- : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) ? CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
+ String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? KeyManagementUtils.RSSEC_SIG_KEY_PSWD_PROVIDER
+ : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)
+ ? KeyManagementUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null;
if (propName != null) {
cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName);
}
}
JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader);
- String kid = props.getProperty(CryptoUtils.RSSEC_KEY_STORE_ALIAS);
+ String kid = props.getProperty(KeyManagementUtils.RSSEC_KEY_STORE_ALIAS);
if (kid == null && keyOper != null) {
String keyIdProp = null;
if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) {
- keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jwe";
+ keyIdProp = KeyManagementUtils.RSSEC_KEY_STORE_ALIAS + ".jwe";
} else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN)
|| keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) {
- keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jws";
+ keyIdProp = KeyManagementUtils.RSSEC_KEY_STORE_ALIAS + ".jws";
}
if (keyIdProp != null) {
kid = props.getProperty(keyIdProp);
http://git-wip-us.apache.org/repos/asf/cxf/blob/6129ec5f/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
index 2d09bb1..3808d4e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java
@@ -24,8 +24,8 @@ import javax.crypto.Mac;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.crypto.HmacUtils;
import org.apache.cxf.rs.security.jose.jwa.Algorithm;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider {
private byte[] key;