cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Minor modifications and reverting a previous 'fix' to RSA helpers
Date Fri, 23 May 2014 14:45:57 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b5409a6d6 -> 97a38ec29


[CXF-5311] Minor modifications and reverting a previous 'fix' to RSA helpers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/97a38ec2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/97a38ec2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/97a38ec2

Branch: refs/heads/master
Commit: 97a38ec2966efc4ba8daf916304ba9a70536eac9
Parents: b5409a6
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri May 23 15:45:26 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri May 23 15:45:26 2014 +0100

----------------------------------------------------------------------
 .../rs/security/oauth2/jwe/JweEncryptor.java    |  2 +-
 .../rs/security/oauth2/jwe/RSAJweDecryptor.java |  9 ++++---
 .../rs/security/oauth2/jwe/RSAJweEncryptor.java | 26 ++++++++++----------
 .../cxf/rs/security/oauth2/jwt/Algorithm.java   |  5 ++++
 .../rs/security/oauth2/jwt/JwtConstants.java    |  3 +++
 .../oauth2/jwe/JweCompactReaderWriterTest.java  |  8 +++---
 .../oauth2/utils/crypto/CryptoUtils.java        |  4 +++
 7 files changed, 35 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
index 98a8f73..b1b617f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
@@ -80,7 +80,7 @@ public class JweEncryptor {
     protected byte[] getContentEncryptionKey() {
         if (cek == null && cekEncryptionKey != null) {
             String algo = headers.getContentEncryptionAlgorithm();
-            return CryptoUtils.generateSecureRandomBytes(Algorithm.valueOf(algo).getKeySizeBits()
/ 8);
+            return CryptoUtils.getSecretKey(algo, Algorithm.valueOf(algo).getKeySizeBits()).getEncoded();
         } else {
             return cek;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java
index 7f4829a..a0ddc79 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweDecryptor.java
@@ -18,15 +18,16 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwe;
 
+import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
 
 
 public class RSAJweDecryptor extends JweDecryptor {
-    public RSAJweDecryptor(String jweContent, RSAPublicKey publicKey, boolean unwrap) { 
  
-        super(jweContent, publicKey, unwrap);
+    public RSAJweDecryptor(String jweContent, RSAPrivateKey privateKey, boolean unwrap) {
   
+        super(jweContent, privateKey, unwrap);
     }
-    public RSAJweDecryptor(String jweContent, RSAPublicKey publicKey) {    
-        this(jweContent, publicKey, true);
+    public RSAJweDecryptor(String jweContent, RSAPrivateKey privateKey) {    
+        this(jweContent, privateKey, true);
     }
     protected int getKeyCipherBlockSize() {
         return ((RSAPublicKey)getDecryptionKey()).getModulus().toByteArray().length;

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java
index 387a19e..087d14d 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/RSAJweEncryptor.java
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwe;
 
-import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
 
 import javax.crypto.SecretKey;
 
@@ -26,32 +26,32 @@ import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
 
 public class RSAJweEncryptor extends JweEncryptor {
-    public RSAJweEncryptor(RSAPrivateKey privateKey, String contentEncryptionAlgo) {
+    public RSAJweEncryptor(RSAPublicKey publicKey, String contentEncryptionAlgo) {
         super(new JweHeaders(Algorithm.RSA_OAEP_ALGO.getJwtName(),
-                             contentEncryptionAlgo), privateKey);
+                             contentEncryptionAlgo), publicKey);
     }
-    public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[]
iv) {
-        this(privateKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true);
+    public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[]
iv) {
+        this(publicKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true);
     }
-    public RSAJweEncryptor(RSAPrivateKey privateKey, SecretKey secretKey, byte[] iv) {
-        this(privateKey, 
+    public RSAJweEncryptor(RSAPublicKey publicKey, SecretKey secretKey, byte[] iv) {
+        this(publicKey, 
              new JweHeaders(Algorithm.RSA_OAEP_ALGO.getJwtName(),
                             Algorithm.toJwtName(secretKey.getAlgorithm())), 
              secretKey.getEncoded(), iv, DEFAULT_AUTH_TAG_LENGTH, true);
     }
     
-    public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[]
iv, 
+    public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[]
iv, 
                            int authTagLen, boolean wrap) {
-        this(privateKey, headers, cek, iv, authTagLen, wrap, null);
+        this(publicKey, headers, cek, iv, authTagLen, wrap, null);
     }
     
-    public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[]
iv, 
+    public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[]
iv, 
                               JwtHeadersWriter writer) {
-        this(privateKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true, null);
+        this(publicKey, headers, cek, iv, DEFAULT_AUTH_TAG_LENGTH, true, null);
     }
-    public RSAJweEncryptor(RSAPrivateKey privateKey, JweHeaders headers, byte[] cek, byte[]
iv, 
+    public RSAJweEncryptor(RSAPublicKey publicKey, JweHeaders headers, byte[] cek, byte[]
iv, 
                               int authTagLen, boolean wrap, JwtHeadersWriter writer) {
-        super(headers, privateKey, cek, iv, authTagLen, wrap, writer);
+        super(headers, publicKey, cek, iv, authTagLen, wrap, writer);
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
index 3c08e8e..0d9896b 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
@@ -47,6 +47,8 @@ public enum Algorithm {
     public static final String RS_SHA_384_JAVA = "SHA384withRSA";
     public static final String RS_SHA_512_JAVA = "SHA512withRSA";
     public static final String RSA_OAEP_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-1AndMGF1Padding";
+    public static final String RSA_OAEP_256_ALGO_JAVA = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
+    public static final String RSA_1_5_ALGO_JAVA = "RSA/ECB/PKCS1Padding";
     public static final String A256GCM_ALGO_JAVA = "AES/GCM/NoPadding";
     
     private static final Map<String, String> JAVA_TO_JWT_NAMES;
@@ -60,6 +62,8 @@ public enum Algorithm {
         JAVA_TO_JWT_NAMES.put(RS_SHA_384_JAVA, JwtConstants.RS_SHA_384_ALGO);
         JAVA_TO_JWT_NAMES.put(RS_SHA_512_JAVA, JwtConstants.RS_SHA_512_ALGO);
         JAVA_TO_JWT_NAMES.put(RSA_OAEP_ALGO_JAVA, JwtConstants.RSA_OAEP_ALGO);
+        JAVA_TO_JWT_NAMES.put(RSA_OAEP_256_ALGO_JAVA, JwtConstants.RSA_OAEP_256_ALGO);
+        JAVA_TO_JWT_NAMES.put(RSA_1_5_ALGO_JAVA, JwtConstants.RSA_1_5_ALGO);
         JAVA_TO_JWT_NAMES.put(A256GCM_ALGO_JAVA, JwtConstants.A256GCM_ALGO);
         JWT_TO_JAVA_NAMES = new HashMap<String, String>();
         JWT_TO_JAVA_NAMES.put(JwtConstants.HMAC_SHA_256_ALGO, HMAC_SHA_256_JAVA);
@@ -69,6 +73,7 @@ public enum Algorithm {
         JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_384_ALGO, RS_SHA_384_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.RS_SHA_512_ALGO, RS_SHA_512_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_ALGO, RSA_OAEP_ALGO_JAVA);
+        JWT_TO_JAVA_NAMES.put(JwtConstants.RSA_OAEP_256_ALGO, RSA_OAEP_256_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCM_ALGO, A256GCM_ALGO_JAVA);
     }
     private final String jwtName;

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
index f7fb859..b26f526 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
@@ -57,6 +57,9 @@ public final class JwtConstants {
     public static final String RS_SHA_384_ALGO = "RS384";
     public static final String RS_SHA_512_ALGO = "RS512";
     public static final String RSA_OAEP_ALGO = "RSA-OAEP";
+    public static final String RSA_OAEP_256_ALGO = "RSA-OAEP-256";
+    public static final String RSA_1_5_ALGO = "RSA1_5";
+    
     public static final String A256GCM_ALGO = "A256GCM";
     
     private JwtConstants() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
index f9673a2..c574e83 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
@@ -104,15 +104,15 @@ public class JweCompactReaderWriterTest extends Assert {
     }
     
     private String encryptContent(String content) throws Exception {
-        RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
+        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
         SecretKey key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY, Algorithm.A256GCM_ALGO.getJavaName());
-        RSAJweEncryptor encryptor = new RSAJweEncryptor(privateKey, key, INIT_VECTOR);
+        RSAJweEncryptor encryptor = new RSAJweEncryptor(publicKey, key, INIT_VECTOR);
         return encryptor.getJweContent(content);
     }
     
     private void decrypt(String jweContent, String plainContent) throws Exception {
-        RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
-        RSAJweDecryptor decryptor = new RSAJweDecryptor(jweContent, publicKey);
+        RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
+        RSAJweDecryptor decryptor = new RSAJweDecryptor(jweContent, privateKey);
         String decryptedText = decryptor.getDecryptedContentText();
         assertEquals(decryptedText, plainContent);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/97a38ec2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
index 0a408fc..fda8527 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CryptoUtils.java
@@ -214,6 +214,10 @@ public final class CryptoUtils {
         return getSecretKey(new KeyProperties(symEncAlgo));
     }
     
+    public static SecretKey getSecretKey(String symEncAlgo, int keySize) throws SecurityException
{
+        return getSecretKey(new KeyProperties(symEncAlgo, keySize));
+    }
+    
     public static SecretKey getSecretKey(KeyProperties props) throws SecurityException {
         try {
             KeyGenerator keyGen = KeyGenerator.getInstance(props.getKeyAlgo());


Mime
View raw message