cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5902] More refactoring to get the utility AesCbcHmac decryption working
Date Tue, 12 Aug 2014 10:35:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 101beb08d -> 49791d37e


[CXF-5902] More refactoring to get the utility AesCbcHmac decryption working


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49791d37
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49791d37
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49791d37

Branch: refs/heads/master
Commit: 49791d37e9f339b935e19d7ca1bfcd3135568c0d
Parents: 101beb0
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Aug 12 11:35:10 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Aug 12 11:35:10 2014 +0100

----------------------------------------------------------------------
 .../jwe/AbstractContentEncryptionAlgorithm.java | 17 +--------
 ...stractContentEncryptionCipherProperties.java | 39 ++++++++++++++++++++
 .../oauth2/jwe/AbstractJweDecryption.java       | 10 +++--
 .../oauth2/jwe/AbstractJweEncryption.java       |  2 +-
 .../oauth2/jwe/AesCbcHmacJweEncryption.java     |  2 +-
 .../jwe/AesGcmContentDecryptionAlgorithm.java   | 24 ++++++++++++
 .../oauth2/jwe/ContentEncryptionAlgorithm.java  |  7 +---
 .../jwe/ContentEncryptionCipherProperties.java  | 27 ++++++++++++++
 .../oauth2/jwe/DirectKeyJweDecryption.java      | 10 ++++-
 .../oauth2/jwe/WrappedKeyJweDecryption.java     |  7 +++-
 10 files changed, 116 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
index c452992..9dde55d 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionAlgorithm.java
@@ -18,22 +18,19 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwe;
 
-import java.security.spec.AlgorithmParameterSpec;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import javax.crypto.SecretKey;
 
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 
-public abstract class AbstractContentEncryptionAlgorithm implements ContentEncryptionAlgorithm
{
+public abstract class AbstractContentEncryptionAlgorithm extends AbstractContentEncryptionCipherProperties
+    implements ContentEncryptionAlgorithm {
     private static final int DEFAULT_IV_SIZE = 128;
-    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
     private byte[] cek;
     private byte[] iv;
     private AtomicInteger providedIvUsageCount;
-    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
     protected AbstractContentEncryptionAlgorithm(SecretKey key, byte[] iv) { 
         this(key.getEncoded(), iv);    
     }
@@ -45,16 +42,9 @@ public abstract class AbstractContentEncryptionAlgorithm implements ContentEncry
         }    
     }
     
-    
     public byte[] getContentEncryptionKey(JweHeaders headers) {
         return cek;
     }
-    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
-        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
-    }
-    public byte[] getAAD(JweHeaders theHeaders, JwtHeadersWriter writer) {
-        return theHeaders.toCipherAdditionalAuthData(writer);
-    }
     public byte[] getInitVector() {
         if (iv == null) {
             return CryptoUtils.generateSecureRandomBytes(getIvSize());
@@ -64,9 +54,6 @@ public abstract class AbstractContentEncryptionAlgorithm implements ContentEncry
             return iv;
         }
     }
-    protected int getAuthTagLen() {
-        return authTagLen;
-    }
     protected int getIvSize() { 
         return DEFAULT_IV_SIZE;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionCipherProperties.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionCipherProperties.java
new file mode 100644
index 0000000..7f06abf
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractContentEncryptionCipherProperties.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+
+public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties
{
+    private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
+    private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
+    
+    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
+        return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
+    }
+    public byte[] getAdditionalAuthenticationData(String headersJson) {
+        return JweHeaders.toCipherAdditionalAuthData(headersJson);
+    }
+    protected int getAuthTagLen() {
+        return authTagLen;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
index e4ea003..04bcde6 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweDecryption.java
@@ -31,15 +31,18 @@ import org.apache.cxf.rs.security.oauth2.utils.crypto.KeyProperties;
 public abstract class AbstractJweDecryption implements JweDecryption {
     private JweCryptoProperties props;
     private KeyDecryptionAlgorithm keyDecryptionAlgo;
+    private ContentEncryptionCipherProperties contentEncryptionProps;
     private JwtHeadersReader reader = new JwtTokenReaderWriter();
     protected AbstractJweDecryption(JweCryptoProperties props, 
                                     JwtHeadersReader theReader,
-                                    KeyDecryptionAlgorithm keyDecryptionAlgo) {
+                                    KeyDecryptionAlgorithm keyDecryptionAlgo,
+                                    ContentEncryptionCipherProperties contentEncryptionProps)
{
         this.props = props;
         if (theReader != null) {
             reader = theReader;
         }
         this.keyDecryptionAlgo = keyDecryptionAlgo;
+        this.contentEncryptionProps = contentEncryptionProps;
     }
     
     protected byte[] getContentEncryptionKey(JweCompactConsumer consumer) {
@@ -73,14 +76,13 @@ public abstract class AbstractJweDecryption implements JweDecryption {
         return consumer.getEncryptedContentEncryptionKey();
     }
     protected AlgorithmParameterSpec getContentEncryptionCipherSpec(JweCompactConsumer consumer)
{
-        return CryptoUtils.getContentEncryptionCipherSpec(getEncryptionAuthenticationTagLenBits(consumer),

-                                                   getContentEncryptionCipherInitVector(consumer));
+        return contentEncryptionProps.getAlgorithmParameterSpec(getContentEncryptionCipherInitVector(consumer));
     }
     protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
         return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
     }
     protected byte[] getContentEncryptionCipherAAD(JweCompactConsumer consumer) {
-        return consumer.getContentEncryptionCipherAAD();
+        return contentEncryptionProps.getAdditionalAuthenticationData(consumer.getDecodedJsonHeaders());
     }
     protected byte[] getEncryptedContentWithAuthTag(JweCompactConsumer consumer) {
         return consumer.getEncryptedContentWithAuthTag();

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
index 1d0f8eb..357a300 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractJweEncryption.java
@@ -85,7 +85,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
         return DEFAULT_AUTH_TAG_LENGTH;
     }
     protected byte[] getAAD(JweHeaders theHeaders) {
-        return contentEncryptionAlgo.getAAD(theHeaders, writer);
+        return contentEncryptionAlgo.getAdditionalAuthenticationData(writer.headersToJson(theHeaders));
     }
     public String encrypt(byte[] content, String contentType) {
         JweEncryptionInternal state = getInternalState(contentType);

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
index c40a7dc..d79452a 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesCbcHmacJweEncryption.java
@@ -159,7 +159,7 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
             return new IvParameterSpec(theIv);
         }
         @Override
-        public byte[] getAAD(JweHeaders theHeaders, JwtHeadersWriter writer) {
+        public byte[] getAdditionalAuthenticationData(String headersJson) {
             return null;
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
new file mode 100644
index 0000000..9397bd4
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
@@ -0,0 +1,24 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+
+
+public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
{
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
index 709cffc..1fcf25c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionAlgorithm.java
@@ -18,14 +18,9 @@
  */
 package org.apache.cxf.rs.security.oauth2.jwe;
 
-import java.security.spec.AlgorithmParameterSpec;
 
-import org.apache.cxf.rs.security.oauth2.jwt.JwtHeadersWriter;
 
-
-interface ContentEncryptionAlgorithm {
+interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
     byte[] getInitVector();
     byte[] getContentEncryptionKey(JweHeaders headers);
-    byte[] getAAD(JweHeaders headers, JwtHeadersWriter writer);
-    AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
new file mode 100644
index 0000000..6cbe869
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/ContentEncryptionCipherProperties.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+
+interface ContentEncryptionCipherProperties {
+    byte[] getAdditionalAuthenticationData(String headersJson);
+    AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
index 3ab3f31..9ef9ae1 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/DirectKeyJweDecryption.java
@@ -31,7 +31,15 @@ public class DirectKeyJweDecryption extends AbstractJweDecryption {
     }
     public DirectKeyJweDecryption(Key contentDecryptionKey, JweCryptoProperties props, 
                                   JwtHeadersReader reader) {    
-        super(props, reader, new DirectKeyDecryptionAlgorithm(contentDecryptionKey));
+        this(contentDecryptionKey, props, reader,
+             new AesGcmContentDecryptionAlgorithm());
+    }
+    public DirectKeyJweDecryption(Key contentDecryptionKey, 
+                                  JweCryptoProperties props, 
+                                  JwtHeadersReader reader,
+                                  ContentEncryptionCipherProperties cipherProps) {    
+        super(props, reader, new DirectKeyDecryptionAlgorithm(contentDecryptionKey),
+              cipherProps);
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49791d37/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
index 962261e..05d1098 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyJweDecryption.java
@@ -43,6 +43,11 @@ public class WrappedKeyJweDecryption extends AbstractJweDecryption {
     }
     public WrappedKeyJweDecryption(WrappedKeyDecryptionAlgorithm keyDecryptionAlgo,
                                    JweCryptoProperties props, JwtHeadersReader reader) {
   
-        super(props, reader, keyDecryptionAlgo);
+        this(keyDecryptionAlgo, props, reader, new AesGcmContentDecryptionAlgorithm());
+    }
+    public WrappedKeyJweDecryption(WrappedKeyDecryptionAlgorithm keyDecryptionAlgo,
+                                   JweCryptoProperties props, JwtHeadersReader reader,
+                                   ContentEncryptionCipherProperties cipherProps) {    
+        super(props, reader, keyDecryptionAlgo, cipherProps);
     }
 }


Mime
View raw message