You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/06/21 14:44:56 UTC
cxf git commit: [CXF-7420] Aligning JweCompactProducer with other
JOSE helpers
Repository: cxf
Updated Branches:
refs/heads/master a6d18c83a -> 62fdd5c09
[CXF-7420] Aligning JweCompactProducer with other JOSE helpers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/62fdd5c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/62fdd5c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/62fdd5c0
Branch: refs/heads/master
Commit: 62fdd5c09bfc4d436d77abcbe6dd50e99f1212a9
Parents: a6d18c8
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jun 21 15:44:40 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jun 21 15:44:40 2017 +0100
----------------------------------------------------------------------
.../jose/jaxrs/JweWriterInterceptor.java | 4 +-
.../jose/jwe/AbstractJweEncryption.java | 2 +-
.../security/jose/jwe/JweCompactProducer.java | 119 ++++-------------
.../jose/jwe/JweCompactProducerBuilder.java | 129 +++++++++++++++++++
.../jose/jwe/JweJwtCompactProducer.java | 29 +----
5 files changed, 156 insertions(+), 127 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/62fdd5c0/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
index 9fb92ff..bc94db8 100644
--- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -38,7 +38,7 @@ import org.apache.cxf.io.CachedOutputStream;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
+import org.apache.cxf.rs.security.jose.jwe.JweCompactProducerBuilder;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionInput;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionOutput;
import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
@@ -83,7 +83,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
theEncryptionProvider.getEncryptionOutput(new JweEncryptionInput(jweHeaders));
JoseUtils.traceHeaders(encryption.getHeaders());
try {
- JweCompactProducer.startJweContent(actualOs,
+ JweCompactProducerBuilder.startJweContent(actualOs,
encryption.getHeaders(),
encryption.getContentEncryptionKey(),
encryption.getIv());
http://git-wip-us.apache.org/repos/asf/cxf/blob/62fdd5c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 39057ed..37666e5 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -76,7 +76,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider {
byte[] encryptedContent = encryptInternal(state, content);
byte[] cipher = getActualCipher(encryptedContent);
byte[] authTag = getAuthenticationTag(state, encryptedContent);
- JweCompactProducer producer = new JweCompactProducer(state.protectedHeadersJson,
+ JweCompactProducerBuilder producer = new JweCompactProducerBuilder(state.protectedHeadersJson,
state.jweContentEncryptionKey,
state.theIv,
cipher,
http://git-wip-us.apache.org/repos/asf/cxf/blob/62fdd5c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
index 2a51539..c2aed7f 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducer.java
@@ -16,114 +16,39 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.cxf.rs.security.jose.jwe;
+import java.security.PublicKey;
-import java.io.IOException;
-import java.io.OutputStream;
+import javax.crypto.SecretKey;
-import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
-
-
-public class JweCompactProducer {
- private StringBuilder jweContentBuilder;
- private String encodedEncryptedContent;
- private String encodedAuthTag;
- public JweCompactProducer(JweHeaders headers,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector,
- byte[] encryptedContentNoTag,
- byte[] authenticationTag) {
- this(getHeadersJson(headers), encryptedContentEncryptionKey,
- cipherInitVector, encryptedContentNoTag, authenticationTag);
- }
-
- public JweCompactProducer(String headersJson,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector,
- byte[] encryptedContentNoTag,
- byte[] authenticationTag) {
- jweContentBuilder = startJweContent(new StringBuilder(), headersJson,
- encryptedContentEncryptionKey, cipherInitVector);
- this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag);
- this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag);
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
- }
-
- public JweCompactProducer(JweHeaders headers,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector,
- byte[] encryptedContentWithTag,
- int authTagLengthBits) {
- jweContentBuilder = startJweContent(new StringBuilder(), headers,
- encryptedContentEncryptionKey, cipherInitVector);
- this.encodedEncryptedContent = Base64UrlUtility.encodeChunk(
- encryptedContentWithTag,
- 0,
- encryptedContentWithTag.length - authTagLengthBits / 8);
- this.encodedAuthTag = Base64UrlUtility.encodeChunk(
- encryptedContentWithTag,
- encryptedContentWithTag.length - authTagLengthBits / 8,
- authTagLengthBits / 8);
+public class JweCompactProducer {
+ private JweHeaders headers;
+ private String data;
+ public JweCompactProducer(String data) {
+ this(new JweHeaders(), data);
}
- public static String startJweContent(JweHeaders headers,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector) {
- return startJweContent(new StringBuilder(),
- headers, encryptedContentEncryptionKey, cipherInitVector).toString();
- }
- public static StringBuilder startJweContent(StringBuilder sb,
- JweHeaders headers,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector) {
- return startJweContent(sb,
- getHeadersJson(headers),
- encryptedContentEncryptionKey,
- cipherInitVector);
+ public JweCompactProducer(JweHeaders joseHeaders, String data) {
+ this.headers = joseHeaders;
+ this.data = data;
}
- private static String getHeadersJson(JweHeaders headers) {
- return new JsonMapObjectReaderWriter().toJson(headers);
+ public String encryptWith(JsonWebKey key) {
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+ return encryptWith(jwe);
}
- public static StringBuilder startJweContent(StringBuilder sb,
- String headersJson,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector) {
- String encodedHeaders = Base64UrlUtility.encode(headersJson);
- String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey);
- String encodedInitVector = Base64UrlUtility.encode(cipherInitVector);
- sb.append(encodedHeaders)
- .append('.')
- .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey)
- .append('.')
- .append(encodedInitVector == null ? "" : encodedInitVector)
- .append('.');
- return sb;
+ public String encryptWith(PublicKey key) {
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+ return encryptWith(jwe);
}
-
- public static void startJweContent(OutputStream os,
- JweHeaders headers,
- byte[] encryptedContentEncryptionKey,
- byte[] cipherInitVector) throws IOException {
- byte[] jsonBytes = StringUtils.toBytesUTF8(getHeadersJson(headers));
- Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
- byte[] dotBytes = new byte[]{'.'};
- os.write(dotBytes);
- Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0,
- encryptedContentEncryptionKey.length, os);
- os.write(dotBytes);
- Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os);
- os.write(dotBytes);
- os.flush();
+ public String encryptWith(SecretKey key) {
+ JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+ return encryptWith(jwe);
}
-
- public String getJweContent() {
- return jweContentBuilder.append(encodedEncryptedContent)
- .append('.')
- .append(encodedAuthTag)
- .toString();
+ public String encryptWith(JweEncryptionProvider jwe) {
+ return jwe.encrypt(StringUtils.toBytesUTF8(data), headers);
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/62fdd5c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java
new file mode 100644
index 0000000..93f15bf
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweCompactProducerBuilder.java
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.jose.jwe;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
+
+
+public class JweCompactProducerBuilder {
+ private StringBuilder jweContentBuilder;
+ private String encodedEncryptedContent;
+ private String encodedAuthTag;
+ public JweCompactProducerBuilder(JweHeaders headers,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector,
+ byte[] encryptedContentNoTag,
+ byte[] authenticationTag) {
+ this(getHeadersJson(headers), encryptedContentEncryptionKey,
+ cipherInitVector, encryptedContentNoTag, authenticationTag);
+ }
+
+ public JweCompactProducerBuilder(String headersJson,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector,
+ byte[] encryptedContentNoTag,
+ byte[] authenticationTag) {
+ jweContentBuilder = startJweContent(new StringBuilder(), headersJson,
+ encryptedContentEncryptionKey, cipherInitVector);
+ this.encodedEncryptedContent = Base64UrlUtility.encode(encryptedContentNoTag);
+ this.encodedAuthTag = Base64UrlUtility.encode(authenticationTag);
+
+ }
+
+ public JweCompactProducerBuilder(JweHeaders headers,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector,
+ byte[] encryptedContentWithTag,
+ int authTagLengthBits) {
+ jweContentBuilder = startJweContent(new StringBuilder(), headers,
+ encryptedContentEncryptionKey, cipherInitVector);
+ this.encodedEncryptedContent = Base64UrlUtility.encodeChunk(
+ encryptedContentWithTag,
+ 0,
+ encryptedContentWithTag.length - authTagLengthBits / 8);
+ this.encodedAuthTag = Base64UrlUtility.encodeChunk(
+ encryptedContentWithTag,
+ encryptedContentWithTag.length - authTagLengthBits / 8,
+ authTagLengthBits / 8);
+
+ }
+ public static String startJweContent(JweHeaders headers,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector) {
+ return startJweContent(new StringBuilder(),
+ headers, encryptedContentEncryptionKey, cipherInitVector).toString();
+ }
+ public static StringBuilder startJweContent(StringBuilder sb,
+ JweHeaders headers,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector) {
+ return startJweContent(sb,
+ getHeadersJson(headers),
+ encryptedContentEncryptionKey,
+ cipherInitVector);
+ }
+ private static String getHeadersJson(JweHeaders headers) {
+ return new JsonMapObjectReaderWriter().toJson(headers);
+
+ }
+ public static StringBuilder startJweContent(StringBuilder sb,
+ String headersJson,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector) {
+ String encodedHeaders = Base64UrlUtility.encode(headersJson);
+ String encodedContentEncryptionKey = Base64UrlUtility.encode(encryptedContentEncryptionKey);
+ String encodedInitVector = Base64UrlUtility.encode(cipherInitVector);
+ sb.append(encodedHeaders)
+ .append('.')
+ .append(encodedContentEncryptionKey == null ? "" : encodedContentEncryptionKey)
+ .append('.')
+ .append(encodedInitVector == null ? "" : encodedInitVector)
+ .append('.');
+ return sb;
+ }
+
+ public static void startJweContent(OutputStream os,
+ JweHeaders headers,
+ byte[] encryptedContentEncryptionKey,
+ byte[] cipherInitVector) throws IOException {
+ byte[] jsonBytes = StringUtils.toBytesUTF8(getHeadersJson(headers));
+ Base64UrlUtility.encodeAndStream(jsonBytes, 0, jsonBytes.length, os);
+ byte[] dotBytes = new byte[]{'.'};
+ os.write(dotBytes);
+ Base64UrlUtility.encodeAndStream(encryptedContentEncryptionKey, 0,
+ encryptedContentEncryptionKey.length, os);
+ os.write(dotBytes);
+ Base64UrlUtility.encodeAndStream(cipherInitVector, 0, cipherInitVector.length, os);
+ os.write(dotBytes);
+ os.flush();
+ }
+
+ public String getJweContent() {
+ return jweContentBuilder.append(encodedEncryptedContent)
+ .append('.')
+ .append(encodedAuthTag)
+ .toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/62fdd5c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
index e74f05e..3020d8e 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
@@ -17,20 +17,12 @@
* under the License.
*/
package org.apache.cxf.rs.security.jose.jwe;
-import java.security.PublicKey;
-
-import javax.crypto.SecretKey;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
-public class JweJwtCompactProducer {
- private JweHeaders headers;
- private String claimsJson;
+public class JweJwtCompactProducer extends JweCompactProducer {
public JweJwtCompactProducer(JwtToken token) {
this(new JweHeaders(token.getJweHeaders()), token.getClaims());
}
@@ -38,23 +30,6 @@ public class JweJwtCompactProducer {
this(new JweHeaders(), claims);
}
public JweJwtCompactProducer(JweHeaders joseHeaders, JwtClaims claims) {
- headers = joseHeaders;
- claimsJson = JwtUtils.claimsToJson(claims);
- }
-
- public String encryptWith(JsonWebKey key) {
- JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
- return encryptWith(jwe);
- }
- public String encryptWith(PublicKey key) {
- JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
- return encryptWith(jwe);
- }
- public String encryptWith(SecretKey key) {
- JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
- return encryptWith(jwe);
- }
- public String encryptWith(JweEncryptionProvider jwe) {
- return jwe.encrypt(StringUtils.toBytesUTF8(claimsJson), headers);
+ super(joseHeaders, JwtUtils.claimsToJson(claims));
}
}