You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/07/06 22:36:40 UTC
[2/2] cxf git commit: Updating Jose utils to use enums were possible
Updating Jose utils to use enums were possible
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e92477bc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e92477bc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e92477bc
Branch: refs/heads/master
Commit: e92477bc8d0a0a00eb5afca6fb5ee5a85718672b
Parents: e545379
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Mon Jul 6 21:36:12 2015 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Mon Jul 6 21:36:12 2015 +0100
----------------------------------------------------------------------
.../jose/jwe/JweJwtCompactConsumer.java | 10 +-
.../cxf/rs/security/jose/jwe/JweUtils.java | 169 ++++++++++---------
.../cxf/rs/security/jose/jwk/JwkUtils.java | 33 ++--
.../security/jose/jws/JwsCompactConsumer.java | 9 +-
.../security/jose/jws/JwsCompactProducer.java | 10 +-
.../rs/security/jose/jws/JwsJsonConsumer.java | 7 +-
.../rs/security/jose/jws/JwsJsonProducer.java | 5 +-
.../cxf/rs/security/jose/jws/JwsUtils.java | 77 +++++----
.../jose/cookbook/JwsJoseCookBookTest.java | 72 ++++----
.../security/jose/jwe/JweJsonConsumerTest.java | 29 ++--
.../security/jose/jwe/JweJsonProducerTest.java | 10 +-
.../grants/code/JwtRequestCodeFilter.java | 9 +-
.../oauth2/grants/code/JwtRequestCodeGrant.java | 7 +-
.../oauth2/tokens/jwt/JwtAccessTokenUtils.java | 11 +-
.../oidc/idp/AbstractJwsJweProducer.java | 12 +-
15 files changed, 260 insertions(+), 210 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
index 09e491b..d7a76b9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
@@ -36,17 +36,17 @@ public class JweJwtCompactConsumer {
}
public JwtToken decryptWith(JsonWebKey key) {
return decryptWith(JweUtils.createJweDecryptionProvider(key,
- headers.getContentEncryptionAlgorithm().getJwaName()));
+ headers.getContentEncryptionAlgorithm()));
}
public JwtToken decryptWith(RSAPrivateKey key) {
return decryptWith(JweUtils.createJweDecryptionProvider(key,
- headers.getKeyEncryptionAlgorithm().getJwaName(),
- headers.getContentEncryptionAlgorithm().getJwaName()));
+ headers.getKeyEncryptionAlgorithm(),
+ headers.getContentEncryptionAlgorithm()));
}
public JwtToken decryptWith(SecretKey key) {
return decryptWith(JweUtils.createJweDecryptionProvider(key,
- headers.getKeyEncryptionAlgorithm().getJwaName(),
- headers.getContentEncryptionAlgorithm().getJwaName()));
+ headers.getKeyEncryptionAlgorithm(),
+ headers.getContentEncryptionAlgorithm()));
}
public JwtToken decryptWith(JweDecryptionProvider jwe) {
byte[] bytes = jwe.decrypt(jweConsumer.getJweDecryptionInput());
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index c0b7317..bac9ba7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -66,17 +66,21 @@ public final class JweUtils {
private JweUtils() {
}
- public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content) {
+ public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo,
+ byte[] content) {
return encrypt(key, keyAlgo, contentAlgo, content, null);
}
- public static String encrypt(RSAPublicKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
+ public static String encrypt(RSAPublicKey key, KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentAlgo, byte[] content, String ct) {
KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
}
- public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content) {
+ public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo,
+ byte[] content) {
return encrypt(key, keyAlgo, contentAlgo, content, null);
}
- public static String encrypt(SecretKey key, String keyAlgo, String contentAlgo, byte[] content, String ct) {
+ public static String encrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo,
+ byte[] content, String ct) {
if (keyAlgo != null) {
KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
@@ -84,14 +88,14 @@ public final class JweUtils {
return encryptDirect(key, contentAlgo, content, ct);
}
}
- public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String ct) {
+ public static String encrypt(JsonWebKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) {
KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
}
- public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content) {
+ public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content) {
return encryptDirect(key, contentAlgo, content, null);
}
- public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content, String ct) {
+ public static String encryptDirect(SecretKey key, ContentAlgorithm contentAlgo, byte[] content, String ct) {
JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo);
return jwe.encrypt(content, toJweHeaders(ct));
}
@@ -99,11 +103,11 @@ public final class JweUtils {
JweEncryptionProvider jwe = getDirectKeyJweEncryption(key);
return jwe.encrypt(content, toJweHeaders(ct));
}
- public static byte[] decrypt(PrivateKey key, String keyAlgo, String contentAlgo, String content) {
+ public static byte[] decrypt(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) {
KeyDecryptionAlgorithm keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(key, keyAlgo);
return decrypt(keyDecryptionProvider, contentAlgo, content);
}
- public static byte[] decrypt(SecretKey key, String keyAlgo, String contentAlgo, String content) {
+ public static byte[] decrypt(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm contentAlgo, String content) {
if (keyAlgo != null) {
KeyDecryptionAlgorithm keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(key, keyAlgo);
return decrypt(keyDecryptionProvider, contentAlgo, content);
@@ -111,11 +115,11 @@ public final class JweUtils {
return decryptDirect(key, contentAlgo, content);
}
}
- public static byte[] decrypt(JsonWebKey key, String contentAlgo, String content) {
+ public static byte[] decrypt(JsonWebKey key, ContentAlgorithm contentAlgo, String content) {
KeyDecryptionAlgorithm keyDecryptionProvider = getKeyDecryptionAlgorithm(key);
return decrypt(keyDecryptionProvider, contentAlgo, content);
}
- public static byte[] decryptDirect(SecretKey key, String contentAlgo, String content) {
+ public static byte[] decryptDirect(SecretKey key, ContentAlgorithm contentAlgo, String content) {
JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo);
return jwe.decrypt(content).getContent();
}
@@ -126,31 +130,32 @@ public final class JweUtils {
public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk) {
return getKeyEncryptionProvider(jwk, null);
}
- public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, String defaultAlgorithm) {
- String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ public static KeyEncryptionProvider getKeyEncryptionProvider(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
+ KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
+ : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
KeyEncryptionProvider keyEncryptionProvider = null;
KeyType keyType = jwk.getKeyType();
if (KeyType.RSA == keyType) {
keyEncryptionProvider = getRSAKeyEncryptionProvider(JwkUtils.toRSAPublicKey(jwk, true),
- keyEncryptionAlgo);
+ keyAlgo);
} else if (KeyType.OCTET == keyType) {
keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
- keyEncryptionAlgo);
+ keyAlgo);
} else {
keyEncryptionProvider = new EcdhAesWrapKeyEncryptionAlgorithm(JwkUtils.toECPublicKey(jwk),
jwk.getStringProperty(JsonWebKey.EC_CURVE),
- KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
+ keyAlgo);
}
return keyEncryptionProvider;
}
- public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, String algo) {
- return new RSAKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+ public static KeyEncryptionProvider getRSAKeyEncryptionProvider(RSAPublicKey key, KeyAlgorithm algo) {
+ return new RSAKeyEncryptionAlgorithm(key, algo);
}
- public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, String algo) {
- if (AlgorithmUtils.isAesKeyWrap(algo)) {
- return new AesWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
- } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
- return new AesGcmWrapKeyEncryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+ public static KeyEncryptionProvider getSecretKeyEncryptionAlgorithm(SecretKey key, KeyAlgorithm algo) {
+ if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) {
+ return new AesWrapKeyEncryptionAlgorithm(key, algo);
+ } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) {
+ return new AesGcmWrapKeyEncryptionAlgorithm(key, algo);
}
return null;
}
@@ -158,34 +163,35 @@ public final class JweUtils {
return getKeyDecryptionAlgorithm(jwk, null);
}
- public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, String defaultAlgorithm) {
- String keyEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ public static KeyDecryptionAlgorithm getKeyDecryptionAlgorithm(JsonWebKey jwk, KeyAlgorithm defaultAlgorithm) {
+ KeyAlgorithm keyAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
+ : KeyAlgorithm.getAlgorithm(jwk.getAlgorithm());
KeyDecryptionAlgorithm keyDecryptionProvider = null;
KeyType keyType = jwk.getKeyType();
if (KeyType.RSA == keyType) {
keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toRSAPrivateKey(jwk),
- keyEncryptionAlgo);
+ keyAlgo);
} else if (KeyType.OCTET == keyType) {
keyDecryptionProvider = getSecretKeyDecryptionAlgorithm(JwkUtils.toSecretKey(jwk),
- keyEncryptionAlgo);
+ keyAlgo);
} else {
keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(JwkUtils.toECPrivateKey(jwk),
- keyEncryptionAlgo);
+ keyAlgo);
}
return keyDecryptionProvider;
}
- public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, String algo) {
+ public static KeyDecryptionAlgorithm getPrivateKeyDecryptionAlgorithm(PrivateKey key, KeyAlgorithm algo) {
if (key instanceof RSAPrivateKey) {
- return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, KeyAlgorithm.getAlgorithm(algo));
+ return new RSAKeyDecryptionAlgorithm((RSAPrivateKey)key, algo);
} else {
- return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, KeyAlgorithm.getAlgorithm(algo));
+ return new EcdhAesWrapKeyDecryptionAlgorithm((ECPrivateKey)key, algo);
}
}
- public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, String algo) {
- if (AlgorithmUtils.isAesKeyWrap(algo)) {
- return new AesWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
- } else if (AlgorithmUtils.isAesGcmKeyWrap(algo)) {
- return new AesGcmWrapKeyDecryptionAlgorithm(key, KeyAlgorithm.getAlgorithm(algo));
+ public static KeyDecryptionAlgorithm getSecretKeyDecryptionAlgorithm(SecretKey key, KeyAlgorithm algo) {
+ if (AlgorithmUtils.isAesKeyWrap(algo.getJwaName())) {
+ return new AesWrapKeyDecryptionAlgorithm(key, algo);
+ } else if (AlgorithmUtils.isAesGcmKeyWrap(algo.getJwaName())) {
+ return new AesGcmWrapKeyDecryptionAlgorithm(key, algo);
}
return null;
}
@@ -198,13 +204,14 @@ public final class JweUtils {
KeyType keyType = jwk.getKeyType();
if (KeyType.OCTET == keyType) {
return getContentEncryptionAlgorithm(JwkUtils.toSecretKey(jwk),
- ctEncryptionAlgo);
+ getContentAlgo(ctEncryptionAlgo));
}
return contentEncryptionProvider;
}
- public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key, String algorithm) {
- if (AlgorithmUtils.isAesGcm(algorithm)) {
- return new AesGcmContentEncryptionAlgorithm(key, null, getContentAlgo(algorithm));
+ public static ContentEncryptionProvider getContentEncryptionAlgorithm(SecretKey key,
+ ContentAlgorithm algorithm) {
+ if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) {
+ return new AesGcmContentEncryptionAlgorithm(key, null, algorithm);
}
return null;
}
@@ -214,9 +221,9 @@ public final class JweUtils {
}
return null;
}
- public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(String algorithm) {
- if (AlgorithmUtils.isAesGcm(algorithm)) {
- return new AesGcmContentDecryptionAlgorithm(getContentAlgo(algorithm));
+ public static ContentDecryptionAlgorithm getContentDecryptionAlgorithm(ContentAlgorithm algorithm) {
+ if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) {
+ return new AesGcmContentDecryptionAlgorithm(algorithm);
}
return null;
}
@@ -235,23 +242,24 @@ public final class JweUtils {
return ContentAlgorithm.getAlgorithm(algo);
}
public static JweEncryption getDirectKeyJweEncryption(JsonWebKey key) {
- return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key), key.getAlgorithm());
+ return getDirectKeyJweEncryption(JwkUtils.toSecretKey(key),
+ getContentAlgo(key.getAlgorithm()));
}
- public static JweEncryption getDirectKeyJweEncryption(SecretKey key, String algorithm) {
- if (AlgorithmUtils.isAesCbcHmac(algorithm)) {
- return new AesCbcHmacJweEncryption(getContentAlgo(algorithm), key.getEncoded(),
+ public static JweEncryption getDirectKeyJweEncryption(SecretKey key, ContentAlgorithm algo) {
+ if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) {
+ return new AesCbcHmacJweEncryption(algo, key.getEncoded(),
null, new DirectKeyEncryptionAlgorithm());
} else {
return new JweEncryption(new DirectKeyEncryptionAlgorithm(),
- getContentEncryptionAlgorithm(key, algorithm));
+ getContentEncryptionAlgorithm(key, algo));
}
}
public static JweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
- return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), key.getAlgorithm());
+ return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm()));
}
- public static JweDecryption getDirectKeyJweDecryption(SecretKey key, String algorithm) {
- if (AlgorithmUtils.isAesCbcHmac(algorithm)) {
- return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), getContentAlgo(algorithm));
+ public static JweDecryption getDirectKeyJweDecryption(SecretKey key, ContentAlgorithm algorithm) {
+ if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) {
+ return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm);
} else {
return new JweDecryption(new DirectKeyDecryptionAlgorithm(key),
getContentDecryptionAlgorithm(algorithm));
@@ -279,6 +287,7 @@ public final class JweUtils {
KeyEncryptionProvider keyEncryptionProvider = null;
String keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, null, null);
+ KeyAlgorithm keyAlgo = KeyAlgorithm.getAlgorithm(keyEncryptionAlgo);
String contentEncryptionAlgo = getContentEncryptionAlgo(m, props, null);
ContentEncryptionProvider ctEncryptionProvider = null;
if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
@@ -289,7 +298,7 @@ public final class JweUtils {
} else {
keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgo(jwk));
- keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyEncryptionAlgo);
+ keyEncryptionProvider = getKeyEncryptionProvider(jwk, keyAlgo);
if (reportPublicKey || reportPublicKeyId) {
JwkUtils.setPublicKeyInfo(jwk, headers, keyEncryptionAlgo,
reportPublicKey, reportPublicKeyId);
@@ -298,7 +307,7 @@ public final class JweUtils {
} else {
keyEncryptionProvider = getRSAKeyEncryptionProvider(
(RSAPublicKey)KeyManagementUtils.loadPublicKey(m, props),
- keyEncryptionAlgo);
+ keyAlgo);
if (reportPublicKey) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
@@ -334,7 +343,7 @@ public final class JweUtils {
KeyManagementUtils.loadPrivateKey(m, props, chain, KeyOperation.DECRYPT);
contentEncryptionAlgo = inHeaders.getContentEncryptionAlgorithm().getJwaName();
keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(privateKey,
- inHeaders.getKeyEncryptionAlgorithm().getJwaName());
+ inHeaders.getKeyEncryptionAlgorithm());
} else {
if (JwkUtils.JWK_KEY_STORE_TYPE.equals(props.get(KeyManagementUtils.RSSEC_KEY_STORE_TYPE))) {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.DECRYPT);
@@ -344,41 +353,44 @@ public final class JweUtils {
} else {
keyEncryptionAlgo = getKeyEncryptionAlgo(m, props, jwk.getAlgorithm(),
getDefaultKeyAlgo(jwk));
- keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk, keyEncryptionAlgo);
+ keyDecryptionProvider = getKeyDecryptionAlgorithm(jwk,
+ KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
}
} else {
keyDecryptionProvider = getPrivateKeyDecryptionAlgorithm(
- KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT), keyEncryptionAlgo);
+ KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.DECRYPT),
+ KeyAlgorithm.getAlgorithm(keyEncryptionAlgo));
}
}
- return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo);
+ return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey,
+ getContentAlgo(contentEncryptionAlgo));
}
public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key,
- String keyAlgo,
- String contentEncryptionAlgo,
+ KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentEncryptionAlgo,
String compression) {
KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key, keyAlgo);
return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
}
public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders headers) {
KeyEncryptionProvider keyEncryptionProvider = getRSAKeyEncryptionProvider(key,
- headers.getKeyEncryptionAlgorithm().getJwaName());
+ headers.getKeyEncryptionAlgorithm());
return createJweEncryptionProvider(keyEncryptionProvider, headers);
}
public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key,
- String keyAlgo,
- String contentEncryptionAlgo,
+ KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentEncryptionAlgo,
String compression) {
KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key, keyAlgo);
return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
}
public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders headers) {
KeyEncryptionProvider keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key,
- headers.getKeyEncryptionAlgorithm().getJwaName());
+ headers.getKeyEncryptionAlgorithm());
return createJweEncryptionProvider(keyEncryptionProvider, headers);
}
public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key,
- String contentEncryptionAlgo,
+ ContentAlgorithm contentEncryptionAlgo,
String compression) {
KeyEncryptionProvider keyEncryptionProvider = getKeyEncryptionProvider(key);
return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo, compression);
@@ -388,11 +400,11 @@ public final class JweUtils {
return createJweEncryptionProvider(keyEncryptionProvider, headers);
}
public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
- String contentEncryptionAlgo,
+ ContentAlgorithm contentEncryptionAlgo,
String compression) {
JweHeaders headers =
prepareJweHeaders(keyEncryptionProvider != null ? keyEncryptionProvider.getAlgorithm().getJwaName() : null,
- contentEncryptionAlgo, compression);
+ contentEncryptionAlgo.getJwaName(), compression);
return createJweEncryptionProvider(keyEncryptionProvider, headers);
}
public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider,
@@ -406,23 +418,23 @@ public final class JweUtils {
}
}
public static JweDecryptionProvider createJweDecryptionProvider(PrivateKey key,
- String keyAlgo,
- String contentDecryptionAlgo) {
+ KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentDecryptionAlgo) {
return createJweDecryptionProvider(getPrivateKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo);
}
public static JweDecryptionProvider createJweDecryptionProvider(SecretKey key,
- String keyAlgo,
- String contentDecryptionAlgo) {
+ KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentDecryptionAlgo) {
return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo);
}
public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey key,
- String contentDecryptionAlgo) {
+ ContentAlgorithm contentDecryptionAlgo) {
return createJweDecryptionProvider(getKeyDecryptionAlgorithm(key), contentDecryptionAlgo);
}
public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
- String contentDecryptionAlgo) {
- if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo)) {
- return new AesCbcHmacJweDecryption(keyDecryptionProvider, getContentAlgo(contentDecryptionAlgo));
+ ContentAlgorithm contentDecryptionAlgo) {
+ if (AlgorithmUtils.isAesCbcHmac(contentDecryptionAlgo.getJwaName())) {
+ return new AesCbcHmacJweDecryption(keyDecryptionProvider, contentDecryptionAlgo);
} else {
return new JweDecryption(keyDecryptionProvider,
getContentDecryptionAlgorithm(contentDecryptionAlgo));
@@ -556,7 +568,7 @@ public final class JweUtils {
}
private static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm keyDecryptionProvider,
SecretKey ctDecryptionKey,
- String contentDecryptionAlgo) {
+ ContentAlgorithm contentDecryptionAlgo) {
if (keyDecryptionProvider == null && ctDecryptionKey == null) {
LOG.warning("Key or content encryptor is not available");
throw new JweException(JweException.Error.NO_ENCRYPTOR);
@@ -594,11 +606,12 @@ public final class JweUtils {
return algo;
}
private static String encrypt(KeyEncryptionProvider keyEncryptionProvider,
- String contentAlgo, byte[] content, String ct) {
+ ContentAlgorithm contentAlgo, byte[] content, String ct) {
JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo, null);
return jwe.encrypt(content, toJweHeaders(ct));
}
- private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo, String content) {
+ private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, ContentAlgorithm contentAlgo,
+ String content) {
JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo);
return jwe.decrypt(content).getContent();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 511bf9b..608c4f5 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -51,6 +51,7 @@ import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
@@ -117,14 +118,16 @@ public final class JwkUtils {
return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)),
toJweHeaders("jwk-set+json"));
}
- public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, String keyAlgo, String contentAlgo) {
+ public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentAlgo) {
return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
"jwk-set+json");
}
- public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, String algo) {
+ public static String signJwkSet(JsonWebKeys jwkSet, RSAPrivateKey key, SignatureAlgorithm algo) {
return JwsUtils.sign(key, algo, jwkSetToJson(jwkSet), "jwk-set+json");
}
- public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, String keyAlgo, String contentAlgo) {
+ public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentAlgo) {
return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
"jwk-set+json");
}
@@ -137,13 +140,15 @@ public final class JwkUtils {
public static JsonWebKeys decryptJwkSet(String jsonJwkSet, JweDecryptionProvider jwe, JwkReaderWriter reader) {
return reader.jsonToJwkSet(jwe.decrypt(jsonJwkSet).getContentText());
}
- public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) {
+ public static JsonWebKeys decryptJwkSet(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
+ String jsonJwkSet) {
return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
- public static JsonWebKeys verifyJwkSet(RSAPublicKey key, String keyAlgo, String jsonJwk) {
+ public static JsonWebKeys verifyJwkSet(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) {
return readJwkSet(JwsUtils.verify(key, keyAlgo, jsonJwk));
}
- public static JsonWebKeys decryptJwkSet(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwkSet) {
+ public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
+ String jsonJwkSet) {
return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
public static JsonWebKeys decryptJwkSet(InputStream is, char[] password) throws IOException {
@@ -167,15 +172,17 @@ public final class JwkUtils {
return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)),
toJweHeaders("jwk+json"));
}
- public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, String keyAlgo, String contentAlgo) {
+ public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentAlgo) {
return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
"jwk+json");
}
- public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, String keyAlgo, String contentAlgo) {
+ public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo,
+ ContentAlgorithm contentAlgo) {
return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
"jwk+json");
}
- public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, String algo) {
+ public static String signJwkKey(JsonWebKey jwkKey, RSAPrivateKey key, SignatureAlgorithm algo) {
return JwsUtils.sign(key, algo, jwkKeyToJson(jwkKey), "jwk+json");
}
public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) {
@@ -184,13 +191,15 @@ public final class JwkUtils {
public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password, JwkReaderWriter reader) {
return decryptJwkKey(jsonJwkKey, createDefaultDecryption(password), reader);
}
- public static JsonWebKey decryptJwkKey(RSAPrivateKey key, String keyAlgo, String ctAlgo, String jsonJwk) {
+ public static JsonWebKey decryptJwkKey(RSAPrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
+ String jsonJwk) {
return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
- public static JsonWebKey verifyJwkKey(RSAPublicKey key, String keyAlgo, String jsonJwk) {
+ public static JsonWebKey verifyJwkKey(RSAPublicKey key, SignatureAlgorithm keyAlgo, String jsonJwk) {
return readJwkKey(JwsUtils.verify(key, keyAlgo, jsonJwk));
}
- public static JsonWebKey decryptJwkKey(SecretKey key, String keyAlgo, String ctAlgo, String jsonJwk) {
+ public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
+ String jsonJwk) {
return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
public static JsonWebKey decryptJwkKey(String jsonJwkKey, JweDecryptionProvider jwe, JwkReaderWriter reader) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index edd2560..62975a6 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -27,6 +27,7 @@ import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsCompactConsumer {
@@ -112,16 +113,16 @@ public class JwsCompactConsumer {
public boolean verifySignatureWith(JsonWebKey key) {
return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
}
- public boolean verifySignatureWith(JsonWebKey key, String algo) {
+ public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
}
- public boolean verifySignatureWith(X509Certificate cert, String algo) {
+ public boolean verifySignatureWith(X509Certificate cert, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(cert, algo));
}
- public boolean verifySignatureWith(PublicKey key, String algo) {
+ public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
}
- public boolean verifySignatureWith(byte[] key, String algo) {
+ public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
}
public boolean validateCriticalHeaders() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index fc13844..6a549aa 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -24,6 +24,7 @@ import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsCompactProducer {
@@ -74,14 +75,17 @@ public class JwsCompactProducer {
return getUnsignedEncodedJws(detached) + "." + (noSignature ? "" : signature);
}
public String signWith(JsonWebKey jwk) {
- return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm()));
+ return signWith(JwsUtils.getSignatureProvider(jwk,
+ SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
}
public String signWith(PrivateKey key) {
- return signWith(JwsUtils.getPrivateKeySignatureProvider(key, headers.getAlgorithm()));
+ return signWith(JwsUtils.getPrivateKeySignatureProvider(key,
+ SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
}
public String signWith(byte[] key) {
- return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));
+ return signWith(JwsUtils.getHmacSignatureProvider(key,
+ SignatureAlgorithm.getAlgorithm(headers.getAlgorithm())));
}
public String signWith(JwsSignatureProvider signer) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index a7cb20a..33dc8bf 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -34,6 +34,7 @@ import org.apache.cxf.jaxrs.provider.json.JsonMapObject;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsJsonConsumer {
@@ -128,10 +129,10 @@ public class JwsJsonConsumer {
}
return false;
}
- public boolean verifySignatureWith(PublicKey key, String algo) {
+ public boolean verifySignatureWith(PublicKey key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getPublicKeySignatureVerifier(key, algo));
}
- public boolean verifySignatureWith(byte[] key, String algo) {
+ public boolean verifySignatureWith(byte[] key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
}
public boolean verifySignatureWith(List<JwsSignatureVerifier> validators) {
@@ -172,7 +173,7 @@ public class JwsJsonConsumer {
public boolean verifySignatureWith(JsonWebKey key) {
return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
}
- public boolean verifySignatureWith(JsonWebKey key, String algo) {
+ public boolean verifySignatureWith(JsonWebKey key, SignatureAlgorithm algo) {
return verifySignatureWith(JwsUtils.getSignatureVerifier(key, algo));
}
public JwsJsonProducer toProducer() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index 9bac5b8..16841b7 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -32,6 +32,7 @@ import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseHeaders;
import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
public class JwsJsonProducer {
protected static final Logger LOG = LogUtils.getL7dLogger(JwsJsonProducer.class);
@@ -110,10 +111,10 @@ public class JwsJsonProducer {
public String signWith(JsonWebKey jwk) {
return signWith(JwsUtils.getSignatureProvider(jwk));
}
- public String signWith(PrivateKey key, String algo) {
+ public String signWith(PrivateKey key, SignatureAlgorithm algo) {
return signWith(JwsUtils.getPrivateKeySignatureProvider(key, algo));
}
- public String signWith(byte[] key, String algo) {
+ public String signWith(byte[] key, SignatureAlgorithm algo) {
return signWith(JwsUtils.getHmacSignatureProvider(key, algo));
}
public String signWith(JwsSignatureProvider signer,
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index f8073cd..d0b5b6e 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -61,112 +61,115 @@ public final class JwsUtils {
private JwsUtils() {
}
- public static String sign(PrivateKey key, String algo, String content) {
+ public static String sign(PrivateKey key, SignatureAlgorithm algo, String content) {
return sign(key, algo, content, null);
}
- public static String sign(PrivateKey key, String algo, String content, String ct) {
+ public static String sign(PrivateKey key, SignatureAlgorithm algo, String content, String ct) {
return sign(getPrivateKeySignatureProvider(key, algo), content, ct);
}
- public static String sign(byte[] key, String algo, String content) {
+ public static String sign(byte[] key, SignatureAlgorithm algo, String content) {
return sign(key, algo, content, null);
}
- public static String sign(byte[] key, String algo, String content, String ct) {
+ public static String sign(byte[] key, SignatureAlgorithm algo, String content, String ct) {
return sign(getHmacSignatureProvider(key, algo), content, ct);
}
- public static String verify(PublicKey key, String algo, String content) {
+ public static String verify(PublicKey key, SignatureAlgorithm algo, String content) {
JwsCompactConsumer jws = verify(getPublicKeySignatureVerifier(key, algo), content);
return jws.getDecodedJwsPayload();
}
- public static String verify(byte[] key, String algo, String content) {
+ public static String verify(byte[] key, SignatureAlgorithm algo, String content) {
JwsCompactConsumer jws = verify(getHmacSignatureVerifier(key, algo), content);
return jws.getDecodedJwsPayload();
}
public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) {
return getSignatureProvider(jwk, null);
}
- public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) {
- String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk,
+ SignatureAlgorithm defaultAlgorithm) {
+ SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
+ : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
JwsSignatureProvider theSigProvider = null;
KeyType keyType = jwk.getKeyType();
if (KeyType.RSA == keyType) {
theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toRSAPrivateKey(jwk),
- signatureAlgo);
+ sigAlgo);
} else if (KeyType.OCTET == keyType) {
byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- theSigProvider = getHmacSignatureProvider(key, signatureAlgo);
+ theSigProvider = getHmacSignatureProvider(key, sigAlgo);
} else if (KeyType.EC == jwk.getKeyType()) {
theSigProvider = getPrivateKeySignatureProvider(JwkUtils.toECPrivateKey(jwk),
- signatureAlgo);
+ sigAlgo);
}
return theSigProvider;
}
- public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, String algo) {
+ public static JwsSignatureProvider getPrivateKeySignatureProvider(PrivateKey key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
if (key instanceof ECPrivateKey) {
- return new EcDsaJwsSignatureProvider((ECPrivateKey)key, SignatureAlgorithm.getAlgorithm(algo));
+ return new EcDsaJwsSignatureProvider((ECPrivateKey)key, algo);
} else if (key instanceof RSAPrivateKey) {
- return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+ return new PrivateKeyJwsSignatureProvider(key, algo);
}
return null;
}
- public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) {
+ public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
- if (AlgorithmUtils.isHmacSign(algo)) {
- return new HmacJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo));
+ if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
+ return new HmacJwsSignatureProvider(key, algo);
}
return null;
}
public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) {
return getSignatureVerifier(jwk, null);
}
- public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) {
- String signatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm();
+ public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, SignatureAlgorithm defaultAlgorithm) {
+ SignatureAlgorithm sigAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm
+ : SignatureAlgorithm.getAlgorithm(jwk.getAlgorithm());
JwsSignatureVerifier theVerifier = null;
KeyType keyType = jwk.getKeyType();
if (KeyType.RSA == keyType) {
- theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), signatureAlgo);
+ theVerifier = getPublicKeySignatureVerifier(JwkUtils.toRSAPublicKey(jwk, true), sigAlgo);
} else if (KeyType.OCTET == keyType) {
byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE));
- theVerifier = getHmacSignatureVerifier(key, signatureAlgo);
+ theVerifier = getHmacSignatureVerifier(key, sigAlgo);
} else if (KeyType.EC == keyType) {
- theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), signatureAlgo);
+ theVerifier = getPublicKeySignatureVerifier(JwkUtils.toECPublicKey(jwk), sigAlgo);
}
return theVerifier;
}
- public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, String algo) {
+ public static JwsSignatureVerifier getPublicKeySignatureVerifier(X509Certificate cert, SignatureAlgorithm algo) {
return getPublicKeySignatureVerifier(cert.getPublicKey(), algo);
}
- public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, String algo) {
+ public static JwsSignatureVerifier getPublicKeySignatureVerifier(PublicKey key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
if (key instanceof RSAPublicKey) {
- return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+ return new PublicKeyJwsSignatureVerifier(key, algo);
} else if (key instanceof ECPublicKey) {
- return new EcDsaJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+ return new EcDsaJwsSignatureVerifier(key, algo);
}
return null;
}
- public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) {
+ public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
- if (AlgorithmUtils.isHmacSign(algo)) {
- return new HmacJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo));
+ if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
+ return new HmacJwsSignatureVerifier(key, algo);
}
return null;
}
@@ -272,7 +275,7 @@ public final class JwsUtils {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.SIGN);
if (jwk != null) {
String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
- theSigProvider = JwsUtils.getSignatureProvider(jwk, signatureAlgo);
+ theSigProvider = JwsUtils.getSignatureProvider(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
if (reportPublicKey || reportPublicKeyId) {
JwkUtils.setPublicKeyInfo(jwk, headers, signatureAlgo, reportPublicKey, reportPublicKeyId);
}
@@ -280,7 +283,8 @@ public final class JwsUtils {
} else {
String signatureAlgo = getSignatureAlgo(m, props, null, null);
PrivateKey pk = KeyManagementUtils.loadPrivateKey(m, props, KeyOperation.SIGN);
- theSigProvider = getPrivateKeySignatureProvider(pk, signatureAlgo);
+ theSigProvider = getPrivateKeySignatureProvider(pk,
+ SignatureAlgorithm.getAlgorithm(signatureAlgo));
if (reportPublicKey) {
headers.setX509Chain(KeyManagementUtils.loadAndEncodeX509CertificateOrChain(m, props));
}
@@ -306,11 +310,13 @@ public final class JwsUtils {
|| !MessageUtils.getContextualBoolean(m, KeyManagementUtils.RSSEC_ACCEPT_PUBLIC_KEY_PROP, true)) {
throw new JwsException(JwsException.Error.INVALID_KEY);
}
- return getSignatureVerifier(publicJwk, inHeaders.getAlgorithm());
+ return getSignatureVerifier(publicJwk,
+ SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm()));
} else if (inHeaders.getHeader(JoseConstants.HEADER_X509_CHAIN) != null) {
List<X509Certificate> chain = KeyManagementUtils.toX509CertificateChain(inHeaders.getX509Chain());
KeyManagementUtils.validateCertificateChain(props, chain);
- return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(), inHeaders.getAlgorithm());
+ return getPublicKeySignatureVerifier(chain.get(0).getPublicKey(),
+ SignatureAlgorithm.getAlgorithm(inHeaders.getAlgorithm()));
}
}
@@ -318,13 +324,14 @@ public final class JwsUtils {
JsonWebKey jwk = JwkUtils.loadJsonWebKey(m, props, KeyOperation.VERIFY, inHeaderKid);
if (jwk != null) {
String signatureAlgo = getSignatureAlgo(m, props, jwk.getAlgorithm(), getDefaultKeyAlgo(jwk));
- theVerifier = getSignatureVerifier(jwk, signatureAlgo);
+ theVerifier = getSignatureVerifier(jwk, SignatureAlgorithm.getAlgorithm(signatureAlgo));
}
} else {
String signatureAlgo = getSignatureAlgo(m, props, null, null);
theVerifier = getPublicKeySignatureVerifier(
- KeyManagementUtils.loadPublicKey(m, props), signatureAlgo);
+ KeyManagementUtils.loadPublicKey(m, props),
+ SignatureAlgorithm.getAlgorithm(signatureAlgo));
}
if (theVerifier == null && !ignoreNullVerifier) {
LOG.warning("Verifier is not available");
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
index c31ba44..2c2435d 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java
@@ -370,7 +370,8 @@ public class JwsJoseCookBookTest {
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
- assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+ assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey,
+ SignatureAlgorithm.RS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -378,16 +379,17 @@ public class JwsJoseCookBookTest {
JoseHeaders protectedHeader = new JoseHeaders();
protectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO);
protectedHeader.setKeyId(RSA_KID_VALUE);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey,
+ SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
@Test
public void testRSAPSSSignature() throws Exception {
@@ -414,7 +416,7 @@ public class JwsJoseCookBookTest {
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
- assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+ assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -422,16 +424,16 @@ public class JwsJoseCookBookTest {
JoseHeaders protectedHeader = new JoseHeaders();
protectedHeader.setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO);
protectedHeader.setKeyId(RSA_KID_VALUE);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length());
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length());
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
Security.removeProvider(BouncyCastleProvider.class.getName());
}
@@ -465,7 +467,7 @@ public class JwsJoseCookBookTest {
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey ecPublicKey = publicKeys.get(0);
- assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
+ assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
} finally {
Security.removeProvider(BouncyCastleProvider.class.getName());
}
@@ -486,7 +488,7 @@ public class JwsJoseCookBookTest {
assertEquals(compactProducer.getSignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
- assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -494,16 +496,16 @@ public class JwsJoseCookBookTest {
JoseHeaders protectedHeader = new JoseHeaders();
protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
protectedHeader.setKeyId(HMAC_KID_VALUE);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
@Test
public void testDetachedHMACSignature() throws Exception {
@@ -521,7 +523,7 @@ public class JwsJoseCookBookTest {
assertEquals(compactProducer.getSignedEncodedJws(true), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer =
new JwsCompactConsumer(compactProducer.getSignedEncodedJws(true), ENCODED_PAYLOAD);
- assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
@@ -529,17 +531,17 @@ public class JwsJoseCookBookTest {
JoseHeaders protectedHeader = new JoseHeaders();
protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO);
protectedHeader.setKeyId(HMAC_KID_VALUE);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader);
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
@Test
public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
@@ -553,21 +555,21 @@ public class JwsJoseCookBookTest {
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
@Test
public void testProtectingContentOnlySignature() throws Exception {
@@ -580,21 +582,21 @@ public class JwsJoseCookBookTest {
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
null, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
null, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
- assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
@Test
public void testMultipleSignatures() throws Exception {
@@ -614,7 +616,7 @@ public class JwsJoseCookBookTest {
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256),
firstSignerProtectedHeader, firstSignerUnprotectedHeader);
assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(),
FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
@@ -623,7 +625,7 @@ public class JwsJoseCookBookTest {
secondSignerUnprotectedHeader.setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO);
secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE);
JsonWebKey ecKey = keys.get(0);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, AlgorithmUtils.ES_SHA_512_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, SignatureAlgorithm.ES512),
null, secondSignerUnprotectedHeader);
assertEquals(new JoseHeadersReaderWriter().toJson(
jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()),
@@ -637,7 +639,7 @@ public class JwsJoseCookBookTest {
JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> secretKeys = secretJwks.getKeys();
JsonWebKey hmacKey = secretKeys.get(0);
- jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO),
+ jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, SignatureAlgorithm.HS256),
thirdSignerProtectedHeader);
assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(),
THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
@@ -649,9 +651,9 @@ public class JwsJoseCookBookTest {
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
JsonWebKey ecPublicKey = publicKeys.get(0);
- assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO));
- assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO));
- assertTrue(jsonConsumer.verifySignatureWith(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO));
+ assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
+ assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
+ assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256));
} finally {
Security.removeProvider(BouncyCastleProvider.class.getName());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
index a243aca..a5c178c 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java
@@ -25,8 +25,11 @@ import javax.crypto.SecretKey;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -70,7 +73,7 @@ public class JweJsonConsumerTest extends Assert {
final String text = "The true sign of intelligence is not knowledge but imagination.";
doTestSingleRecipient(text,
JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT,
- AlgorithmUtils.A128GCM_ALGO,
+ ContentAlgorithm.A128GCM,
JweJsonProducerTest.WRAPPER_BYTES1,
null);
}
@@ -79,7 +82,7 @@ public class JweJsonConsumerTest extends Assert {
final String text = "The true sign of intelligence is not knowledge but imagination.";
doTestSingleRecipient(text,
JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT,
- AlgorithmUtils.A128GCM_ALGO,
+ ContentAlgorithm.A128GCM,
JweJsonProducerTest.WRAPPER_BYTES1,
null);
}
@@ -88,7 +91,7 @@ public class JweJsonConsumerTest extends Assert {
final String text = "The true sign of intelligence is not knowledge but imagination.";
doTestSingleRecipient(text,
JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT,
- AlgorithmUtils.A128GCM_ALGO,
+ ContentAlgorithm.A128GCM,
null,
JweJsonProducerTest.CEK_BYTES);
}
@@ -97,7 +100,7 @@ public class JweJsonConsumerTest extends Assert {
String text = "Live long and prosper.";
doTestSingleRecipient(text,
JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT,
- AlgorithmUtils.A128CBC_HS256_ALGO,
+ ContentAlgorithm.A128CBC_HS256,
null,
JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3);
}
@@ -106,7 +109,7 @@ public class JweJsonConsumerTest extends Assert {
String text = "Live long and prosper.";
doTestSingleRecipient(text,
JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT,
- AlgorithmUtils.A128CBC_HS256_ALGO,
+ ContentAlgorithm.A128CBC_HS256,
Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3),
null);
}
@@ -116,8 +119,9 @@ public class JweJsonConsumerTest extends Assert {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
"AES");
- JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO,
- AlgorithmUtils.A128GCM_ALGO);
+ JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
+ KeyAlgorithm.A128KW,
+ ContentAlgorithm.A128GCM);
JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT);
JweDecryptionOutput out = consumer.decryptWith(jwe);
assertEquals(text, out.getContentText());
@@ -127,8 +131,9 @@ public class JweJsonConsumerTest extends Assert {
public void testSingleRecipientAllTypeOfHeadersAndAadModified() {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1,
"AES");
- JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO,
- AlgorithmUtils.A128GCM_ALGO);
+ JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
+ KeyAlgorithm.A128KW,
+ ContentAlgorithm.A128GCM);
JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT);
try {
consumer.decryptWith(jwe);
@@ -140,13 +145,15 @@ public class JweJsonConsumerTest extends Assert {
}
private void doTestSingleRecipient(String text,
String input,
- String contentEncryptionAlgo,
+ ContentAlgorithm contentEncryptionAlgo,
final byte[] wrapperKeyBytes,
final byte[] cek) throws Exception {
JweDecryptionProvider jwe = null;
if (wrapperKeyBytes != null) {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
- jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo);
+ jwe = JweUtils.createJweDecryptionProvider(wrapperKey,
+ KeyAlgorithm.A128KW,
+ contentEncryptionAlgo);
} else {
SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
index ed18b96..bc5f556 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java
@@ -219,7 +219,7 @@ public class JweJsonProducerTest extends Assert {
if (wrapperKeyBytes == null) {
headers.asMap().remove("alg");
SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES");
- jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo.getJwaName());
+ jwe = JweUtils.getDirectKeyJweEncryption(cekKey, contentEncryptionAlgo);
} else {
SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES");
jwe = JweUtils.createJweEncryptionProvider(wrapperKey, headers);
@@ -246,8 +246,8 @@ public class JweJsonProducerTest extends Assert {
sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks");
JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey,
- AlgorithmUtils.A128KW_ALGO,
- AlgorithmUtils.A128GCM_ALGO,
+ KeyAlgorithm.A128KW,
+ ContentAlgorithm.A128GCM,
null);
JweJsonProducer p = new JweJsonProducer(protectedHeaders,
sharedUnprotectedHeaders,
@@ -280,12 +280,12 @@ public class JweJsonProducerTest extends Assert {
List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>();
KeyEncryptionProvider keyEncryption1 =
- JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, AlgorithmUtils.A128KW_ALGO);
+ JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW);
ContentEncryptionProvider contentEncryption =
JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO);
JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption);
KeyEncryptionProvider keyEncryption2 =
- JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, AlgorithmUtils.A128KW_ALGO);
+ JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW);
JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption);
jweList.add(jwe1);
jweList.add(jwe2);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e92477bc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index cdbf2e1..4920af0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -28,7 +28,8 @@ import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
import org.apache.cxf.rs.security.jose.jwe.JweUtils;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
@@ -105,7 +106,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
}
if (decryptWithClientSecret) {
SecretKey key = CryptoUtils.decodeSecretKey(c.getClientSecret());
- return JweUtils.getDirectKeyJweDecryption(key, AlgorithmUtils.A128GCM_ALGO);
+ return JweUtils.getDirectKeyJweDecryption(key, ContentAlgorithm.A128GCM);
}
return JweUtils.loadDecryptionProvider(false);
}
@@ -115,11 +116,11 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
}
if (verifyWithClientSecret) {
byte[] hmac = CryptoUtils.decodeSequence(c.getClientSecret());
- return JwsUtils.getHmacSignatureVerifier(hmac, AlgorithmUtils.HMAC_SHA_256_ALGO);
+ return JwsUtils.getHmacSignatureVerifier(hmac, SignatureAlgorithm.HS256);
} else if (verifyWithClientCertificates) {
X509Certificate cert =
(X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
- return JwsUtils.getPublicKeySignatureVerifier(cert, AlgorithmUtils.RS_SHA_256_ALGO);
+ return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256);
}
return JwsUtils.loadSignatureVerifier(true);
}