cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5311] One more refactoring
Date Tue, 15 Jul 2014 15:57:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 50c57d9be -> 4e3ffb95a


[CXF-5311] One more refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4e3ffb95
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4e3ffb95
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4e3ffb95

Branch: refs/heads/master
Commit: 4e3ffb95a8bdb049cbc6b320d0dd9b8b1751c6af
Parents: 50c57d9
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jul 15 16:57:26 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jul 15 16:57:26 2014 +0100

----------------------------------------------------------------------
 .../oauth2/jwe/AbstractJweDecryption.java       | 52 +++++++++++---------
 .../oauth2/jwe/ContentEncryptionProvider.java   | 29 -----------
 .../oauth2/jwe/DirectKeyJweDecryption.java      |  8 ++-
 .../security/oauth2/jwe/JweCompactConsumer.java | 41 ++++-----------
 .../rs/security/oauth2/jwe/JweDecryption.java   |  2 +
 .../oauth2/jwe/WrappedKeyJweDecryption.java     |  7 ++-
 6 files changed, 52 insertions(+), 87 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
index 5837e66..2cb23bf 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
@@ -18,33 +18,55 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwe;
 
+import java.security.Key;
 import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 
 public abstract class AbstractJweDecryption implements JweDecryption {
     private JweCryptoProperties props;
-    protected AbstractJweDecryption(JweCryptoProperties props) {
+    private JwtHeadersReader reader = new JwtTokenReaderWriter();
+    protected AbstractJweDecryption(JweCryptoProperties props, JwtHeadersReader thereader)
{
         this.props = props;
+        if (thereader != null) {
+            reader = thereader;
+        }
     }
     
     protected abstract byte[] getContentEncryptionKey(JweCompactConsumer consumer);
     
     public JweDecryptionOutput decrypt(String content) {
-        JweCompactConsumer consumer = new JweCompactConsumer(content, props);
+        JweCompactConsumer consumer = new JweCompactConsumer(content, reader);
         return doDecrypt(consumer);
     }
+    public byte[] decrypt(JweCompactConsumer consumer) {
+        return doDecrypt(consumer).getContent();
+    }
     
     protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer) {
-        CeProvider ceProvider = new CeProvider(consumer);
-        byte[] bytes = consumer.getDecryptedContent(ceProvider);
+        consumer.enforceJweCryptoProperties(props);
+        byte[] cek = getContentEncryptionKey(consumer);
+        KeyProperties keyProperties = new KeyProperties(getContentEncryptionAlgorithm(consumer));
+        keyProperties.setAdditionalData(getContentEncryptionCipherAAD(consumer));
+        AlgorithmParameterSpec spec = getContentEncryptionCipherSpec(consumer);
+        keyProperties.setAlgoSpec(spec);
+        boolean compressionSupported = 
+            JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(consumer.getJweHeaders().getZipAlgorithm());
+        keyProperties.setCompressionSupported(compressionSupported);
+        Key secretKey = CryptoUtils.createSecretKeySpec(cek, keyProperties.getKeyAlgo());
+        byte[] bytes = 
+            CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(consumer), secretKey,
keyProperties);
         return new JweDecryptionOutput(consumer.getJweHeaders(), bytes);
     }
     protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
         return consumer.getEncryptedContentEncryptionKey();
     }
-    protected AlgorithmParameterSpec getContentDecryptionCipherSpec(JweCompactConsumer consumer)
{
+    protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweCompactConsumer consumer)
{
         return CryptoUtils.getContentEncryptionCipherSpec(getEncryptionAuthenticationTagLenBits(consumer),

                                                    getContentEncryptionCipherInitVector(consumer));
     }
@@ -67,23 +89,5 @@ public abstract class AbstractJweDecryption implements JweDecryption {
         return getEncryptionAuthenticationTag(consumer).length * 8;
     }
     
-    protected class CeProvider implements ContentEncryptionProvider {
-
-        private JweCompactConsumer consumer;
-        public CeProvider(JweCompactConsumer consumer) {
-            this.consumer = consumer;
-        }
-        @Override
-        public byte[] getContentEncryptionKey(JweHeaders headers, byte[] encryptedKey) {
-            return AbstractJweDecryption.this.getContentEncryptionKey(consumer);
-        }
-
-        @Override
-        public AlgorithmParameterSpec getContentEncryptionCipherSpec(JweHeaders headers,
-                                                                     int authTagLength,
-                                                                     byte[] initVector) {
-            return getContentDecryptionCipherSpec(consumer);
-        }
-        
-    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
deleted file mode 100644
index 0c1a8a1..0000000
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionProvider.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.jwe;
-
-import java.security.spec.AlgorithmParameterSpec;
-
-public interface ContentEncryptionProvider {
-    byte[] getContentEncryptionKey(JweHeaders headers, byte[] encryptedKey);
-    
-    AlgorithmParameterSpec getContentEncryptionCipherSpec(JweHeaders headers, 
-                                                          int authTagLength,
-                                                          byte[] initVector);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
index d7f3801..a096965 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
@@ -20,13 +20,19 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 
 import java.security.Key;
 
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
+
 public class DirectKeyJweDecryption extends AbstractJweDecryption {
     private byte[] contentDecryptionKey;
     public DirectKeyJweDecryption(Key contentDecryptionKey) {    
         this(contentDecryptionKey, null);
     }
     public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props) {
   
-        super(props);
+        this(contentDecryptionKey, props, null);
+    }
+    public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props, 
+                                  JwtHeadersReader reader) {    
+        super(props, reader);
         this.contentDecryptionKey = contentDecryptionKey.getEncoded();
     }
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
index 042ceda..6a1954f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
@@ -20,17 +20,11 @@
 package org.apache.cxf.rs.security.oauth2.jwe;
 
 import java.io.UnsupportedEncodingException;
-import java.security.Key;
-import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
-import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
 import org.apache.cxf.rs.security.oauth2.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
-import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 
 
 public class JweCompactConsumer {
@@ -41,12 +35,9 @@ public class JweCompactConsumer {
     private byte[] authTag;
     private JweHeaders jweHeaders;
     public JweCompactConsumer(String jweContent) {
-        this(jweContent, null);
+        this(jweContent, new JwtTokenReaderWriter());
     }
-    public JweCompactConsumer(String jweContent, JweCryptoProperties props) {
-        this(jweContent, props, new JwtTokenReaderWriter());
-    }
-    public JweCompactConsumer(String jweContent, JweCryptoProperties props, JwtHeadersReader
reader) {
+    public JweCompactConsumer(String jweContent, JwtHeadersReader reader) {
         String[] parts = jweContent.split("\\.");
         if (parts.length != 5) {
             throw new SecurityException("5 JWE parts are expected");
@@ -62,15 +53,14 @@ public class JweCompactConsumer {
             System.arraycopy(cipherText, 0, encryptedContentWithTag, 0, cipherText.length);
             System.arraycopy(authTag, 0, encryptedContentWithTag, cipherText.length, authTag.length);
             jweHeaders = new JweHeaders(reader.fromJsonHeaders(headersJson).asMap());
-            enforceJweCryptoProperties(props);
         } catch (Base64Exception ex) {
             throw new SecurityException(ex);
         }
     }
     
-    private void enforceJweCryptoProperties(JweCryptoProperties props) {
-        if (props != null) {
-            //TODO: Validate
+    public void enforceJweCryptoProperties(JweCryptoProperties props) {
+        if (props != null) { 
+            //TODO
         }
     }
     
@@ -102,25 +92,12 @@ public class JweCompactConsumer {
         return encryptedContentWithTag;
     }
     
-    public byte[] getDecryptedContent(ContentEncryptionProvider provider) {
-        byte[] cek = provider.getContentEncryptionKey(getJweHeaders(), getEncryptedContentEncryptionKey());
-        KeyProperties keyProperties = new KeyProperties(
-            Algorithm.toJavaName(getJweHeaders().getContentEncryptionAlgorithm()));
-        keyProperties.setAdditionalData(getContentEncryptionCipherAAD());
-        
-        AlgorithmParameterSpec spec = provider.getContentEncryptionCipherSpec(getJweHeaders(),
-                                                         getEncryptionAuthenticationTag().length
* 8,
-                                                         getContentDecryptionCipherInitVector());
-        keyProperties.setAlgoSpec(spec);
-        boolean compressionSupported = 
-            JwtConstants.DEFLATE_ZIP_ALGORITHM.equals(getJweHeaders().getZipAlgorithm());
-        keyProperties.setCompressionSupported(compressionSupported);
-        Key secretKey = CryptoUtils.createSecretKeySpec(cek, keyProperties.getKeyAlgo());
-        return CryptoUtils.decryptBytes(getEncryptedContentWithAuthTag(), secretKey, keyProperties);
+    public byte[] getDecryptedContent(JweDecryption decryption) {
+        return decryption.decrypt(this);
     }
-    public String getDecryptedContentText(ContentEncryptionProvider provider) {
+    public String getDecryptedContentText(JweDecryption decryption) {
         try {
-            return new String(getDecryptedContent(provider), "UTF-8");
+            return new String(getDecryptedContent(decryption), "UTF-8");
         } catch (UnsupportedEncodingException ex) {
             throw new SecurityException(ex);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
index 814c0a7..e910884 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweDecryption.java
@@ -19,6 +19,8 @@
 package org.apache.cxf.rs.security.oauth2.jwe;
 
 
+
 public interface JweDecryption {
     JweDecryptionOutput decrypt(String jweContent);
+    byte[] decrypt(JweCompactConsumer consumer);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4e3ffb95/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
index 62a69eb..b3fe9ac 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oauth2.jwe;
 import java.security.Key;
 
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersReader;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 
@@ -38,7 +39,11 @@ public class WrappedKeyJweDecryption extends AbstractJweDecryption {
     }
     public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap,
                                   JweCryptoProperties props) {    
-        super(props);
+        this(cekDecryptionKey, unwrap, props, null);
+    }
+    public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap,
+                                   JweCryptoProperties props, JwtHeadersReader reader) {
   
+        super(props, reader);
         this.cekDecryptionKey = cekDecryptionKey;
         this.unwrap = unwrap;
     }


Mime
View raw message