cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Minor updates to OAuth2 EncryptionUtils
Date Tue, 06 May 2014 16:13:06 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 6e5cba356 -> 070977558


Minor updates to OAuth2 EncryptionUtils


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/07097755
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/07097755
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/07097755

Branch: refs/heads/master
Commit: 0709775589ac5310bf6a68689f89db8f33463645
Parents: 6e5cba3
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue May 6 17:12:49 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue May 6 17:12:49 2014 +0100

----------------------------------------------------------------------
 .../security/oauth2/utils/EncryptionUtils.java  | 119 +++++++++++++++----
 .../oauth2/utils/SecretKeyProperties.java       |  14 ++-
 2 files changed, 104 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/07097755/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
index bf6f51b..fed8fc2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/EncryptionUtils.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.rs.security.oauth2.utils;
 
+import java.lang.reflect.Method;
 import java.security.Key;
 import java.security.PrivateKey;
 import java.security.PublicKey;
@@ -47,8 +48,7 @@ public final class EncryptionUtils {
     
     public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) 
         throws EncryptionException {
-        SecretKeyProperties props = new SecretKeyProperties();
-        props.setCompressionSupported(false);
+        SecretKeyProperties props = new SecretKeyProperties(publicKey.getAlgorithm());
         return encryptSecretKey(secretKey, publicKey, props);
     }
     
@@ -80,10 +80,14 @@ public final class EncryptionUtils {
                     keyGen.init(algoSpec);
                 }
             } else {
+                int keySize = props.getKeySize();
+                if (keySize == -1) {
+                    keySize = 128;
+                }
                 if (random != null) {
-                    keyGen.init(props.getKeySize(), random);
+                    keyGen.init(keySize, random);
                 } else {
-                    keyGen.init(props.getKeySize());
+                    keyGen.init(keySize);
                 }
             }
             
@@ -159,6 +163,45 @@ public final class EncryptionUtils {
         return processBytes(bytes, secretKey, keyProps, Cipher.DECRYPT_MODE);
     }
     
+    public static byte[] wrapSecretKey(byte[] keyBytes, 
+                                       String keyAlgo,
+                                       Key wrapperKey,
+                                       String wrapperKeyAlgo)  throws EncryptionException
{
+        return wrapSecretKey(new SecretKeySpec(keyBytes, keyAlgo), wrapperKey, 
+                             new SecretKeyProperties(wrapperKeyAlgo));
+    }
+    
+    public static byte[] wrapSecretKey(SecretKey secretKey,
+                                       Key wrapperKey,
+                                       SecretKeyProperties keyProps)  throws EncryptionException
{
+        try {
+            Cipher c = initCipher(wrapperKey, keyProps, Cipher.WRAP_MODE);
+            return c.wrap(secretKey);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }    
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            String unwrapperKeyAlgo)  throws EncryptionException
{
+        return unwrapSecretKey(wrappedBytes, wrappedKeyAlgo, unwrapperKey, 
+                               new SecretKeyProperties(unwrapperKeyAlgo));
+    }
+    
+    public static SecretKey unwrapSecretKey(byte[] wrappedBytes,
+                                            String wrappedKeyAlgo,
+                                            Key unwrapperKey,
+                                            SecretKeyProperties keyProps)  throws EncryptionException
{
+        try {
+            Cipher c = initCipher(unwrapperKey, keyProps, Cipher.UNWRAP_MODE);
+            return (SecretKey)c.unwrap(wrappedBytes, wrappedKeyAlgo, Cipher.SECRET_KEY);
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }    
+    }
+    
     private static byte[] processBytes(byte[] bytes, 
                                       Key secretKey, 
                                       SecretKeyProperties keyProps, 
@@ -168,20 +211,7 @@ public final class EncryptionUtils {
             bytes = CompressionUtils.deflate(bytes, false);
         }
         try {
-            Cipher c = Cipher.getInstance(secretKey.getAlgorithm());
-            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom()
== null) {
-                c.init(mode, secretKey);
-            } else {
-                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
-                SecureRandom random = keyProps.getSecureRandom();
-                if (algoSpec == null) {
-                    c.init(mode, secretKey, random);
-                } else if (random == null) {
-                    c.init(mode, secretKey, algoSpec);
-                } else {
-                    c.init(mode, secretKey, algoSpec, random);
-                }
-            }
+            Cipher c = initCipher(secretKey, keyProps, mode);
             byte[] result = new byte[0];
             int blockSize = keyProps != null ? keyProps.getBlockSize() : -1;
             if (secretKey instanceof SecretKey && blockSize == -1) {
@@ -207,6 +237,35 @@ public final class EncryptionUtils {
         }
     }
     
+    public static Cipher initCipher(Key secretKey, SecretKeyProperties keyProps, int mode)
 throws EncryptionException {
+        try {
+            String algorithm = keyProps != null && keyProps.getKeyAlgo() != null

+                ? keyProps.getKeyAlgo() : secretKey.getAlgorithm();
+            Cipher c = Cipher.getInstance(algorithm);
+            if (keyProps == null || keyProps.getAlgoSpec() == null && keyProps.getSecureRandom()
== null) {
+                c.init(mode, secretKey);
+            } else {
+                AlgorithmParameterSpec algoSpec = keyProps.getAlgoSpec();
+                SecureRandom random = keyProps.getSecureRandom();
+                if (algoSpec == null) {
+                    c.init(mode, secretKey, random);
+                } else if (random == null) {
+                    c.init(mode, secretKey, algoSpec);
+                } else {
+                    c.init(mode, secretKey, algoSpec, random);
+                }
+            }
+            if (keyProps != null && keyProps.getAdditionalData() != null) {
+                // TODO: call updateAAD directly after switching to Java7
+                Method m = Cipher.class.getMethod("updateAAD", new Class[]{byte[].class});
+                m.invoke(c, new Object[]{keyProps.getAdditionalData()});
+            }
+            return c;
+        } catch (Exception ex) {
+            throw new EncryptionException(ex);
+        }
+    }
+    
     private static byte[] addToResult(byte[] prefix, byte[] suffix) {
         byte[] result = new byte[prefix.length + suffix.length];
         System.arraycopy(prefix, 0, result, 0, prefix.length);
@@ -218,25 +277,33 @@ public final class EncryptionUtils {
         return decodeSecretKey(encodedSecretKey, "AES");
     }
     
-    public static SecretKey decodeSecretKey(String encodedSecretKey, String algo) 
+    public static SecretKey decodeSecretKey(String encodedSecretKey, String secretKeyAlgo)

         throws EncryptionException {
         byte[] secretKeyBytes = decodeSequence(encodedSecretKey);
-        return recreateSecretKey(secretKeyBytes, algo);
+        return recreateSecretKey(secretKeyBytes, secretKeyAlgo);
     }
     
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, PrivateKey
privateKey)
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             PrivateKey privateKey) {
+        return decryptSecretKey(encodedEncryptedSecretKey, "AES", privateKey);
+    }
+    
+    
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
+                                             PrivateKey privateKey)
         throws EncryptionException {
-        SecretKeyProperties props = new SecretKeyProperties();
-        props.setCompressionSupported(false);
-        return decryptSecretKey(encodedEncryptedSecretKey, props, privateKey);
+        SecretKeyProperties props = new SecretKeyProperties(privateKey.getAlgorithm());
+        return decryptSecretKey(encodedEncryptedSecretKey, secretKeyAlgo, props, privateKey);
     }
     
-    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey, 
+    public static SecretKey decryptSecretKey(String encodedEncryptedSecretKey,
+                                             String secretKeyAlgo,
                                              SecretKeyProperties props,
                                              PrivateKey privateKey) throws EncryptionException
{
         byte[] encryptedBytes = decodeSequence(encodedEncryptedSecretKey);
         byte[] descryptedBytes = decryptBytes(encryptedBytes, privateKey, props);
-        return recreateSecretKey(descryptedBytes, props.getKeyAlgo());
+        return recreateSecretKey(descryptedBytes, secretKeyAlgo);
     }
     
     public static SecretKey recreateSecretKey(byte[] bytes, String algo) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/07097755/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
index b815337..a1e2639 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/SecretKeyProperties.java
@@ -25,14 +25,16 @@ public class SecretKeyProperties {
     private String keyAlgo;
     private int keySize;
     private int blockSize = -1;
+    private byte[] additionalData;
     private SecureRandom secureRandom;
     private AlgorithmParameterSpec algoSpec;
-    private boolean compressionSupported = true;
+    private boolean compressionSupported;
+    
     public SecretKeyProperties() {
-        this("AES", 128);
     }
+    
     public SecretKeyProperties(String keyAlgo) {
-        this(keyAlgo, 128);
+        this(keyAlgo, -1);
     }
     public SecretKeyProperties(String keyAlgo, int keySize) {
         this.keyAlgo = keyAlgo;
@@ -74,6 +76,12 @@ public class SecretKeyProperties {
     public void setCompressionSupported(boolean compressionSupported) {
         this.compressionSupported = compressionSupported;
     }
+    public byte[] getAdditionalData() {
+        return additionalData;
+    }
+    public void setAdditionalData(byte[] additionalData) {
+        this.additionalData = additionalData;
+    }
     
     
     


Mime
View raw message