cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] [CXF-5311] Working toward finalizing the interfaces
Date Tue, 15 Jul 2014 13:02:30 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 217d41ac0 -> 50c57d9be


http://git-wip-us.apache.org/repos/asf/cxf/blob/50c57d9b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
index 7d34fac..aebc1e4 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jws/PrivateKeyJwsSignatureProvider.java
@@ -52,27 +52,12 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider
         this.random = random;
         this.signatureSpec = spec;
     }
-    
-    @Override
-    public byte[] sign(JwtHeaders headers, String unsignedText) {
-        headers = prepareHeaders(headers);
-        try {
-            return CryptoUtils.signData(unsignedText.getBytes("UTF-8"), 
-                                        key, 
-                                        Algorithm.toJavaName(headers.getAlgorithm()),
-                                        random,
-                                        signatureSpec);
-        } catch (Exception ex) {
-            throw new SecurityException(ex);
-        }
-    }
-    @Override
-    protected JwsSignatureProviderWorker createJwsSignatureWorker(JwtHeaders headers) {
+    protected JwsSignature doCreateJwsSignature(JwtHeaders headers) {
         final Signature s = CryptoUtils.getSignature(key, 
                                                      Algorithm.toJavaName(headers.getAlgorithm()),
                                                      random,
                                                      signatureSpec);
-        return new JwsSignatureProviderWorker() {
+        return new JwsSignature() {
 
             @Override
             public void update(byte[] src, int off, int len) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/50c57d9b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
index 9887c68..38052cc 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/AbstractJweDecryptingFilter.java
@@ -25,21 +25,21 @@ import java.security.PrivateKey;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.jwe.JweCryptoProperties;
+import org.apache.cxf.rs.security.oauth2.jwe.JweDecryption;
 import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptionOutput;
-import org.apache.cxf.rs.security.oauth2.jwe.JweDecryptor;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
-import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryptor;
+import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweDecryption;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 public class AbstractJweDecryptingFilter {
     private static final String RSSEC_ENCRYPTION_IN_PROPS = "rs.security.encryption.in.properties";
     private static final String RSSEC_ENCRYPTION_PROPS = "rs.security.encryption.properties";
         
-    private JweDecryptor decryptor;
+    private JweDecryption decryption;
     private JweCryptoProperties cryptoProperties;
     private String defaultMediaType;
     protected JweDecryptionOutput decrypt(InputStream is) throws IOException {
-        JweDecryptor theDecryptor = getInitializedDecryptor();
+        JweDecryption theDecryptor = getInitializedDecryption();
         JweDecryptionOutput out = theDecryptor.decrypt(new String(IOUtils.readBytesFromStream(is),
"UTF-8"));
         validateHeaders(out.getHeaders());
         return out;
@@ -48,19 +48,19 @@ public class AbstractJweDecryptingFilter {
     protected void validateHeaders(JweHeaders headers) {
         // complete
     }
-    public void setDecryptor(JweDecryptor decryptor) {
-        this.decryptor = decryptor;
+    public void setDecryption(JweDecryption decryptor) {
+        this.decryption = decryptor;
     }
-    protected JweDecryptor getInitializedDecryptor() {
-        if (decryptor != null) {
-            return decryptor;    
+    protected JweDecryption getInitializedDecryption() {
+        if (decryption != null) {
+            return decryption;    
         } 
         try {
             PrivateKey pk = CryptoUtils.loadPrivateKey(JAXRSUtils.getCurrentMessage(), 
                                                        RSSEC_ENCRYPTION_IN_PROPS, 
                                                        RSSEC_ENCRYPTION_PROPS,
                                                        CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER);
-            return new WrappedKeyJweDecryptor(pk, cryptoProperties);
+            return new WrappedKeyJweDecryption(pk, cryptoProperties);
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/50c57d9b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
index ee6516e..d62a8c1 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JweWriterInterceptor.java
@@ -23,6 +23,7 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.security.PublicKey;
 import java.util.Properties;
+import java.util.zip.DeflaterOutputStream;
 
 import javax.annotation.Priority;
 import javax.ws.rs.WebApplicationException;
@@ -37,10 +38,15 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptor;
+import org.apache.cxf.rs.security.oauth2.jwe.JweCompactProducer;
+import org.apache.cxf.rs.security.oauth2.jwe.JweEncryption;
+import org.apache.cxf.rs.security.oauth2.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.oauth2.jwe.JweHeaders;
-import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryptor;
+import org.apache.cxf.rs.security.oauth2.jwe.JweOutputStream;
+import org.apache.cxf.rs.security.oauth2.jwe.WrappedKeyJweEncryption;
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 @Priority(Priorities.JWE_WRITE_PRIORITY)
@@ -49,14 +55,15 @@ public class JweWriterInterceptor implements WriterInterceptor {
     private static final String JSON_ENCRYPTION_PROPS = "rs.security.encryption.properties";
     private static final String JSON_WEB_ENCRYPTION_CEK_ALGO_PROP = "rs.security.jwe.content.encryption.algorithm";
     private static final String JSON_WEB_ENCRYPTION_ZIP_ALGO_PROP = "rs.security.jwe.zip.algorithm";
-    private JweEncryptor encryptor;
+    private JweEncryptionProvider encryptionProvider;
     private boolean contentTypeRequired = true;
     private boolean useJweOutputStream;
+    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
     @Override
     public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException
{
         OutputStream actualOs = ctx.getOutputStream();
         
-        JweEncryptor theEncryptor = getInitializedEncryptor();
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
         
         String ctString = null;
         if (contentTypeRequired) {
@@ -68,7 +75,22 @@ public class JweWriterInterceptor implements WriterInterceptor {
         
         
         if (useJweOutputStream) {
-            OutputStream jweStream = theEncryptor.createJweStream(actualOs, ctString);
+            JweEncryption encryption = theEncryptionProvider.createJweEncryption(ctString);
+            try {
+                JweCompactProducer.startJweContent(actualOs,
+                                                   encryption.getHeaders(), 
+                                                   writer, 
+                                                   encryption.getContentEncryptionKey(),

+                                                   encryption.getIv());
+            } catch (IOException ex) {
+                throw new SecurityException(ex);
+            }
+            OutputStream jweStream = new JweOutputStream(actualOs, encryption.getCipher(),

+                                                         encryption.getAuthTagLen());
+            if (encryption.isCompressionSupported()) {
+                jweStream = new DeflaterOutputStream(jweStream);
+            }
+            
             ctx.setOutputStream(jweStream);
             ctx.proceed();
             jweStream.flush();
@@ -76,15 +98,15 @@ public class JweWriterInterceptor implements WriterInterceptor {
             CachedOutputStream cos = new CachedOutputStream(); 
             ctx.setOutputStream(cos);
             ctx.proceed();
-            String jweContent = theEncryptor.encrypt(cos.getBytes(), ctString);
+            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString);
             IOUtils.copy(new ByteArrayInputStream(jweContent.getBytes("UTF-8")), actualOs);
             actualOs.flush();
         }
     }
     
-    protected JweEncryptor getInitializedEncryptor() {
-        if (encryptor != null) {
-            return encryptor;    
+    protected JweEncryptionProvider getInitializedEncryptionProvider() {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
         } 
         Message m = JAXRSUtils.getCurrentMessage();
         String propLoc = 
@@ -103,7 +125,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
                 headers.setZipAlgorithm(compression);
             }
             
-            return new WrappedKeyJweEncryptor(headers, pk);
+            return new WrappedKeyJweEncryption(headers, pk);
         } catch (SecurityException ex) {
             throw ex;
         } catch (Exception ex) {
@@ -114,5 +136,13 @@ public class JweWriterInterceptor implements WriterInterceptor {
     public void setUseJweOutputStream(boolean useJweOutputStream) {
         this.useJweOutputStream = useJweOutputStream;
     }
+
+    public void setWriter(JwtHeadersWriter writer) {
+        this.writer = writer;
+    }
+
+    public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
+        this.encryptionProvider = encryptionProvider;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/50c57d9b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
index e44dec7..2a0afcd 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/jaxrs/JwsWriterInterceptor.java
@@ -31,13 +31,18 @@ import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.jws.JwsCompactProducer;
 import org.apache.cxf.rs.security.oauth2.jws.JwsOutputStream;
+import org.apache.cxf.rs.security.oauth2.jws.JwsSignature;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeaders;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlOutputStream;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 
 @Priority(Priorities.JWS_WRITE_PRIORITY)
 public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements WriterInterceptor
{
     private boolean contentTypeRequired = true;
     private boolean useJwsOutputStream;
+    private JwtHeadersWriter writer = new JwtTokenReaderWriter();
     @Override
     public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException
{
         OutputStream actualOs = ctx.getOutputStream();
@@ -49,7 +54,16 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements
W
             }
         }
         if (useJwsOutputStream) {
-            JwsOutputStream jwsStream = getInitializedSigProvider().createJwsStream(actualOs,
ctString);
+            JwtHeaders headers = new JwtHeaders();
+            JwsSignature jwsSignature = getInitializedSigProvider().createJwsSignature(headers);
+            if (ctString != null) {
+                headers.setContentType(ctString);
+            }
+            JwsOutputStream jwsStream = new JwsOutputStream(actualOs, jwsSignature);
+            byte[] headerBytes = writer.headersToJson(headers).getBytes("UTF-8");
+            Base64UrlUtility.encodeAndStream(headerBytes, 0, headerBytes.length, jwsStream);
+            jwsStream.write(new byte[]{'.'});
+                        
             Base64UrlOutputStream base64Stream = new Base64UrlOutputStream(jwsStream);
             ctx.setOutputStream(base64Stream);
             ctx.proceed();
@@ -75,5 +89,8 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements
W
     public void setUseJwsOutputStream(boolean useJwsOutputStream) {
         this.useJwsOutputStream = useJwsOutputStream;
     }
+    public void setWriter(JwtHeadersWriter writer) {
+        this.writer = writer;
+    }
         
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/50c57d9b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
index 2a80395..ec7506b 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
@@ -106,24 +106,24 @@ public class JweCompactReaderWriterTest extends Assert {
         } else {
             jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length
* 8);
         }
-        RSAJweEncryptor encryptor = new RSAJweEncryptor(publicKey, 
+        RSAJweEncryption encryptor = new RSAJweEncryption(publicKey, 
                                                         key, 
                                                         jwtKeyName, 
                                                         INIT_VECTOR);
         return encryptor.encrypt(content.getBytes("UTF-8"), null);
     }
     private String encryptContentDirect(SecretKey key, String content) throws Exception {
-        DirectKeyJweEncryptor encryptor = new DirectKeyJweEncryptor(key, INIT_VECTOR);
+        DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption(key, INIT_VECTOR);
         return encryptor.encrypt(content.getBytes("UTF-8"), null);
     }
     private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception
{
         RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
-        RSAJweDecryptor decryptor = new RSAJweDecryptor(privateKey, unwrap);
+        RSAJweDecryption decryptor = new RSAJweDecryption(privateKey, unwrap);
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);
     }
     private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws
Exception {
-        DirectKeyJweDecryptor decryptor = new DirectKeyJweDecryptor(key);
+        DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key);
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);
     }


Mime
View raw message