cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] Experimenting with JWS interfaces
Date Mon, 16 Jun 2014 12:39:53 GMT
Repository: cxf
Updated Branches:
  refs/heads/master ad4e3dde6 -> 8515dcba6


[CXF-5311] Experimenting with JWS interfaces


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8515dcba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8515dcba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8515dcba

Branch: refs/heads/master
Commit: 8515dcba6d14a4a4b96bae40a51aef3295c04c30
Parents: ad4e3dd
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Jun 16 13:39:34 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Jun 16 13:39:34 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jwe/AbstractJweEncryptor.java        |  9 ++--
 .../rs/security/oauth2/jwe/JweEncryptor.java    |  4 +-
 .../jws/AbstractJwsSignatureProvider.java       | 52 ++++++++++++++++++++
 .../oauth2/jws/HmacJwsSignatureProvider.java    | 12 ++++-
 .../security/oauth2/jws/JwsCompactProducer.java | 47 +++++++++++++-----
 .../oauth2/jws/JwsJwtCompactProducer.java       |  3 ++
 .../oauth2/jws/JwsSignatureProvider.java        |  1 +
 .../jws/PrivateKeyJwsSignatureProvider.java     | 11 ++++-
 .../jwt/jaxrs/AbstractJweDecryptingFilter.java  | 13 ++++-
 .../jwt/jaxrs/JweClientResponseFilter.java      | 14 ++++--
 .../jwt/jaxrs/JweContainerRequestFilter.java    | 13 ++++-
 .../oauth2/jwt/jaxrs/JweWriterInterceptor.java  | 13 ++++-
 .../jwt/jaxrs/JwsClientResponseFilter.java      |  2 +-
 .../jwt/jaxrs/JwsContainerRequestFilter.java    |  2 +-
 .../oauth2/jwt/jaxrs/JwsWriterInterceptor.java  |  5 +-
 .../oauth2/jwe/JweCompactReaderWriterTest.java  |  4 +-
 16 files changed, 171 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
index 316d091..798ae61 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryptor.java
@@ -90,7 +90,7 @@ public abstract class AbstractJweEncryptor implements JweEncryptor {
     protected JweHeaders getJweHeaders() {
         return headers;
     }
-    public String encrypt(byte[] content) {
+    public String encrypt(byte[] content, String contentType) {
         byte[] theCek = getContentEncryptionKey();
         String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
         KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
@@ -107,6 +107,9 @@ public abstract class AbstractJweEncryptor implements JweEncryptor {
             keyProps);
         
         byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
+        if (contentType != null) {
+            headers.setContentType(contentType);
+        }
         JweCompactProducer producer = new JweCompactProducer(headers, 
                                              jweContentEncryptionKey,
                                              theIv,
@@ -115,9 +118,9 @@ public abstract class AbstractJweEncryptor implements JweEncryptor {
         return producer.getJweContent();
     }
     
-    public String encryptText(String text) {
+    public String encryptText(String text, String contentType) {
         try {
-            return encrypt(text.getBytes("UTF-8"));
+            return encrypt(text.getBytes("UTF-8"), contentType);
         } catch (UnsupportedEncodingException ex) {
             throw new SecurityException(ex);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
index 09554fe..f8eb013 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweEncryptor.java
@@ -20,6 +20,6 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 
 
 public interface JweEncryptor {
-    String encrypt(byte[] jweContent);
-    String encryptText(String jweContent);
+    String encrypt(byte[] jweContent, String contentType);
+    String encryptText(String jweContent, String contentType);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
new file mode 100644
index 0000000..5a5dd71
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/AbstractJwsSignatureProvider.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jws;
+
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+
+public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider {
+    private Set<String> supportedAlgorithms;
+    private String defaultJwtAlgorithm;
+    
+    public AbstractJwsSignatureProvider(Set<String> supportedAlgorithms, String algo)
{
+        this.supportedAlgorithms = supportedAlgorithms;
+        this.defaultJwtAlgorithm = algo;
+    }
+    @Override
+    public void prepareHeaders(JwtHeaders headers) {
+        String algo = headers.getAlgorithm();
+        if (algo != null) {
+            checkAlgorithm(algo);
+        } else {
+            headers.setAlgorithm(defaultJwtAlgorithm);
+        }
+        
+    }
+    public void setDefaultJwtAlgorithm(String algo) {
+        this.defaultJwtAlgorithm = algo;
+    }
+    protected void checkAlgorithm(String algo) {
+        if (algo == null || !supportedAlgorithms.contains(algo)) {
+            throw new SecurityException();
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
index e2ed53c..642d908 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/HmacJwsSignatureProvider.java
@@ -19,6 +19,8 @@
 package org.apache.cxf.rs.security.oauth2.jws;
 
 import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.cxf.common.util.Base64Exception;
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
@@ -26,12 +28,19 @@ import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils;
 
-public class HmacJwsSignatureProvider implements JwsSignatureProvider, JwsSignatureVerifier
{
+public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider implements JwsSignatureVerifier
{
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.HmacSHA256.getJwtName(),
+                      Algorithm.HmacSHA384.getJwtName(),
+                      Algorithm.HmacSHA512.getJwtName())); 
     private byte[] key;
+    
     public HmacJwsSignatureProvider(byte[] key) {
+        super(SUPPORTED_ALGORITHMS, Algorithm.HmacSHA256.getJwtName());
         this.key = key;
     }
     public HmacJwsSignatureProvider(String encodedKey) {
+        super(SUPPORTED_ALGORITHMS, Algorithm.HmacSHA256.getJwtName());
         try {
             this.key = Base64UrlUtility.decode(encodedKey);
         } catch (Base64Exception ex) {
@@ -41,6 +50,7 @@ public class HmacJwsSignatureProvider implements JwsSignatureProvider, JwsSignat
     
     @Override
     public byte[] sign(JwtHeaders headers, String unsignedText) {
+        checkAlgorithm(headers.getAlgorithm());
         return computeMac(headers, unsignedText);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
index cc41731..0e0b1f7 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsCompactProducer.java
@@ -32,8 +32,11 @@ public class JwsCompactProducer {
     private String signature;
     private String plainRep;
     
-    public JwsCompactProducer(JwtHeaders headers, String payload) {
-        this(headers, null, payload);
+    public JwsCompactProducer(String plainJwsPayload) {
+        this(null, null, plainJwsPayload);
+    }
+    public JwsCompactProducer(JwtHeaders headers, String plainJwsPayload) {
+        this(headers, null, plainJwsPayload);
     }
     public JwsCompactProducer(JwtHeaders headers, JwtHeadersWriter w, String plainJwsPayload)
{
         this.headers = headers;
@@ -42,10 +45,16 @@ public class JwsCompactProducer {
         }
         this.plainJwsPayload = plainJwsPayload;
     }
-    
+    public JwtHeaders getHeaders() {
+        if (headers == null) {
+            headers = new JwtHeaders();
+        }
+        return headers;
+    }
     public String getUnsignedEncodedJws() {
+        checkAlgorithm();
         if (plainRep == null) {
-            plainRep = Base64UrlUtility.encode(writer.headersToJson(headers)) 
+            plainRep = Base64UrlUtility.encode(writer.headersToJson(getHeaders())) 
                 + "." 
                 + Base64UrlUtility.encode(plainJwsPayload);
         }
@@ -53,26 +62,42 @@ public class JwsCompactProducer {
     }
     
     public String getSignedEncodedJws() {
+        checkAlgorithm();
         boolean noSignature = StringUtils.isEmpty(signature);
         if (noSignature && !isPlainText()) {
             throw new IllegalStateException("Signature is not available");
         }
         return getUnsignedEncodedJws() + "." + (noSignature ? "" : signature);
     }
-    public void signWith(JwsSignatureProvider signer) { 
-        setSignatureOctets(signer.sign(headers, getUnsignedEncodedJws()));
+    
+    public String signWith(JwsSignatureProvider signer) { 
+        signer.prepareHeaders(getHeaders());
+        signWith(signer.sign(getHeaders(), getUnsignedEncodedJws()));
+        return getSignedEncodedJws();
     }
     
-    public void setSignatureText(String sig) {
-        setEncodedSignature(Base64UrlUtility.encode(sig));
+    public String signWith(String signatureText) {
+        setEncodedSignature(Base64UrlUtility.encode(signatureText));
+        return getSignedEncodedJws();
     }
-    public void setSignatureOctets(byte[] bytes) {
-        setEncodedSignature(Base64UrlUtility.encode(bytes));
+    
+    public String signWith(byte[] signatureOctets) {
+        setEncodedSignature(Base64UrlUtility.encode(signatureOctets));
+        return getSignedEncodedJws();
     }
+    
     private void setEncodedSignature(String sig) {
         this.signature = sig;
     }
     private boolean isPlainText() {
-        return JwtConstants.PLAIN_TEXT_ALGO.equals(headers.getAlgorithm());
+        return JwtConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm());
+    }
+    private String getAlgorithm() {
+        return getHeaders().getAlgorithm();
+    }
+    private void checkAlgorithm() {
+        if (getAlgorithm() == null) {
+            throw new IllegalStateException("Algorithm header is not set");
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsJwtCompactProducer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsJwtCompactProducer.java
index 7d43a8d..149dfba 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsJwtCompactProducer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsJwtCompactProducer.java
@@ -29,6 +29,9 @@ public class JwsJwtCompactProducer extends JwsCompactProducer {
     public JwsJwtCompactProducer(JwtToken token) {
         this(token, null);
     }
+    public JwsJwtCompactProducer(JwtClaims claims) {
+        this(new JwtToken(null, claims), null);
+    }
     public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims) {
         this(headers, claims, null);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
index 6c7a84f..6fe5e3c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/JwsSignatureProvider.java
@@ -21,5 +21,6 @@ package org.apache.cxf.rs.security.oauth2.jws;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
 
 public interface JwsSignatureProvider {
+    void prepareHeaders(JwtHeaders headers);
     byte[] sign(JwtHeaders headers, String unsignedText);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
index 2647915..64de375 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
@@ -21,12 +21,19 @@ package org.apache.cxf.rs.security.oauth2.jws;
 import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
-public class PrivateKeyJwsSignatureProvider implements JwsSignatureProvider {
+public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider {
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.SHA256withRSA.getJwtName(),
+                      Algorithm.SHA384withRSA.getJwtName(),
+                      Algorithm.SHA512withRSA.getJwtName())); 
     private PrivateKey key;
     private SecureRandom random; 
     private AlgorithmParameterSpec signatureSpec;
@@ -38,6 +45,7 @@ public class PrivateKeyJwsSignatureProvider implements JwsSignatureProvider
{
         this(key, null, spec);
     }
     public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, AlgorithmParameterSpec
spec) {
+        super(SUPPORTED_ALGORITHMS, Algorithm.SHA256withRSA.getJwtName());
         this.key = key;
         this.random = random;
         this.signatureSpec = spec;
@@ -46,6 +54,7 @@ public class PrivateKeyJwsSignatureProvider implements JwsSignatureProvider
{
     
     @Override
     public byte[] sign(JwtHeaders headers, String unsignedText) {
+        checkAlgorithm(headers.getAlgorithm());
         try {
             return CryptoUtils.signData(unsignedText.getBytes("UTF-8"), 
                                         key, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 6df6647..20d1281 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -41,14 +41,15 @@ public class AbstractJweDecryptingFilter {
     
     private JweDecryptor decryptor;
     private JweCryptoProperties cryptoProperties;
-    protected byte[] decrypt(InputStream is) throws IOException {
+    private String defaultMediaType;
+    protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
         JweDecryptor theDecryptor = getInitializedDecryptor();
         if (theDecryptor == null) {
             throw new SecurityException();
         }
         JweDecryptionOutput out = theDecryptor.decrypt(new String(IOUtils.readBytesFromStream(is),
"UTF-8"));
         validateHeaders(out.getHeaders());
-        return out.getContent();
+        return out;
     }
 
     protected void validateHeaders(JweHeaders headers) {
@@ -79,4 +80,12 @@ public class AbstractJweDecryptingFilter {
         this.cryptoProperties = cryptoProperties;
     }
 
+    public String getDefaultMediaType() {
+        return defaultMediaType;
+    }
+
+    public void setDefaultMediaType(String defaultMediaType) {
+        this.defaultMediaType = defaultMediaType;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
index 1cc35f6..53b9890 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweClientResponseFilter.java
@@ -26,13 +26,21 @@ import javax.ws.rs.client.ClientRequestContext;
 import javax.ws.rs.client.ClientResponseContext;
 import javax.ws.rs.client.ClientResponseFilter;
 
+import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
+
 @Priority(Priorities.JWE_CLIENT_READ_PRIORITY)
 public class JweClientResponseFilter extends AbstractJweDecryptingFilter implements ClientResponseFilter
{
     @Override
     public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException
{
-        res.setEntityStream(new ByteArrayInputStream(
-            decrypt(res.getEntityStream())));
-        
+        JweDecryptionOutput out = decrypt(res.getEntityStream());
+        byte[] bytes = out.getContent();
+        res.setEntityStream(new ByteArrayInputStream(bytes));
+        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        String ct = JwtUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            res.getHeaders().putSingle("Content-Type", ct);
+        }
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
index 10a8ef2..e12a251 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweContainerRequestFilter.java
@@ -26,12 +26,21 @@ import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
 
+import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtUtils;
+
 @PreMatching
 @Priority(Priorities.JWE_SERVER_READ_PRIORITY)
 public class JweContainerRequestFilter extends AbstractJweDecryptingFilter implements ContainerRequestFilter
{
     @Override
     public void filter(ContainerRequestContext context) throws IOException {
-        context.setEntityStream(new ByteArrayInputStream(
-            decrypt(context.getEntityStream())));
+        JweDecryptionOutput out = decrypt(context.getEntityStream());
+        byte[] bytes = out.getContent();
+        context.setEntityStream(new ByteArrayInputStream(bytes));
+        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
+        String ct = JwtUtils.checkContentType(out.getHeaders().getContentType(), getDefaultMediaType());
+        if (ct != null) {
+            context.getHeaders().putSingle("Content-Type", ct);
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index fc6719b..ee30d9d 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -25,6 +25,7 @@ import java.security.PublicKey;
 
 import javax.annotation.Priority;
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.ext.WriterInterceptor;
 import javax.ws.rs.ext.WriterInterceptorContext;
 
@@ -44,7 +45,8 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 public class JweWriterInterceptor implements WriterInterceptor {
     private static final String RSSEC_ENCRYPTION_PROPS = "rs-security.encryption.properties";
     private JweEncryptor encryptor;
-
+    private boolean contentTypeRequired = true;
+    
     @Override
     public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException
{
         OutputStream actualOs = ctx.getOutputStream();
@@ -53,7 +55,14 @@ public class JweWriterInterceptor implements WriterInterceptor {
         ctx.proceed();
         
         JweEncryptor theEncryptor = getInitializedEncryptor();
-        String jweContent = theEncryptor.encrypt(cos.getBytes());
+        String ctString = null;
+        if (contentTypeRequired) {
+            MediaType mt = ctx.getMediaType();
+            if (mt != null) {
+                ctString = JAXRSUtils.mediaTypeToString(mt);
+            }
+        }
+        String jweContent = theEncryptor.encrypt(cos.getBytes(), ctString);
         IOUtils.copy(new ByteArrayInputStream(jweContent.getBytes("UTF-8")), actualOs);
         actualOs.flush();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
index 715f65f..e5a872e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsClientResponseFilter.java
@@ -41,10 +41,10 @@ public class JwsClientResponseFilter extends AbstractJwsReaderProvider
implement
         p.verifySignatureWith(theSigVerifier);
         byte[] bytes = p.getDecodedJwsPayloadBytes();
         res.setEntityStream(new ByteArrayInputStream(bytes));
+        res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
         String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
         if (ct != null) {
             res.getHeaders().putSingle("Content-Type", ct);
-            res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
index 3f05670..d431cc1 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsContainerRequestFilter.java
@@ -43,11 +43,11 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider
impleme
         p.verifySignatureWith(theSigVerifier);
         byte[] bytes = p.getDecodedJwsPayloadBytes();
         context.setEntityStream(new ByteArrayInputStream(bytes));
+        context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
         
         String ct = JwtUtils.checkContentType(p.getJwtHeaders().getContentType(), getDefaultMediaType());
         if (ct != null) {
             context.getHeaders().putSingle("Content-Type", ct);
-            context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
         }
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
index 3ec449b..62c4126 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
@@ -30,12 +30,11 @@ import javax.ws.rs.ext.WriterInterceptorContext;
 import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
 
 @Priority(Priorities.JWS_WRITE_PRIORITY)
 public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor
{
-    private boolean contentTypeRequired;
+    private boolean contentTypeRequired = true;
     @Override
     public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException
{
         OutputStream actualOs = ctx.getOutputStream();
@@ -43,7 +42,7 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements
W
         ctx.setOutputStream(cos);
         ctx.proceed();
         
-        JwtHeaders headers = new JwtHeaders(Algorithm.SHA256withRSA.getJwtName());
+        JwtHeaders headers = new JwtHeaders();
         if (contentTypeRequired) {
             MediaType mt = ctx.getMediaType();
             if (mt != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8515dcba/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
index 981ffd8..e2de7f6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
@@ -110,11 +110,11 @@ public class JweCompactReaderWriterTest extends Assert {
                                                         key, 
                                                         jwtKeyName, 
                                                         INIT_VECTOR);
-        return encryptor.encryptText(content);
+        return encryptor.encryptText(content, null);
     }
     private String encryptContentDirect(SecretKey key, String content) throws Exception {
         DirectKeyJweEncryptor encryptor = new DirectKeyJweEncryptor(key, INIT_VECTOR);
-        return encryptor.encryptText(content);
+        return encryptor.encryptText(content, null);
     }
     private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception
{
         RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);


Mime
View raw message