cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5954] Adding AesGcm Key Wrap test
Date Tue, 02 Sep 2014 12:43:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 985b6be4c -> d974aaa40


[CXF-5954] Adding AesGcm Key Wrap test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d974aaa4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d974aaa4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d974aaa4

Branch: refs/heads/3.0.x-fixes
Commit: d974aaa4070ef29e3873c66d380fbf6d1364d7a0
Parents: 985b6be
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Sep 2 13:39:56 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Sep 2 13:43:12 2014 +0100

----------------------------------------------------------------------
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java |  4 +-
 .../jwe/AesGcmContentDecryptionAlgorithm.java   |  2 +-
 .../jwe/AesGcmWrapKeyDecryptionAlgorithm.java   | 57 +++++++++++++++++
 .../jwe/AesGcmWrapKeyEncryptionAlgorithm.java   | 64 ++++++++++++++++++++
 .../security/oauth2/jwe/JweCompactConsumer.java |  4 +-
 .../jwe/WrappedKeyDecryptionAlgorithm.java      | 16 ++++-
 .../cxf/rs/security/oauth2/jwt/Algorithm.java   |  6 ++
 .../rs/security/oauth2/jwt/JwtConstants.java    |  4 +-
 .../oauth2/jwe/JweCompactReaderWriterTest.java  | 25 +++++++-
 9 files changed, 173 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index ada022c..a689529 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -51,7 +51,7 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
         checkAlgorithms(headers, algorithm);
         KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
-        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(); 
+        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
         if (spec != null) {
             secretKeyProperties.setAlgoSpec(spec);
         }
@@ -70,7 +70,7 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
     protected String getContentEncryptionAlgoJava(JweHeaders headers) {
         return Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
     }
-    protected AlgorithmParameterSpec getAlgorithmParameterSpec() {
+    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
         return null;
     }
     private static String checkAlgorithm(Set<String> supportedAlgorithms, String algo)
{

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
index 7c3f3ca..872d565 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmContentDecryptionAlgorithm.java
@@ -25,6 +25,6 @@ public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionC
 
     @Override
     public byte[] getEncryptedSequence(byte[] cipher, byte[] authTag) {
-        return JweCompactConsumer.getEncryptedContentWithAuthTag(cipher, authTag);
+        return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
new file mode 100644
index 0000000..d089eec
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyDecryptionAlgorithm.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+public class AesGcmWrapKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm {
+    public AesGcmWrapKeyDecryptionAlgorithm(String encodedKey) {    
+        this(CryptoUtils.decodeSequence(encodedKey));
+    }
+    public AesGcmWrapKeyDecryptionAlgorithm(byte[] secretKey) {    
+        this(CryptoUtils.createSecretKeySpec(secretKey, Algorithm.AES_ALGO_JAVA));
+    }
+    public AesGcmWrapKeyDecryptionAlgorithm(SecretKey secretKey) {    
+        super(secretKey, true);
+    }
+    @Override
+    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
+        byte[] encryptedCekKey = super.getEncryptedContentEncryptionKey(consumer);
+        byte[] tag = getDecodedBytes(consumer, "tag");
+        return JweCompactConsumer.getCipherWithAuthTag(encryptedCekKey, tag);
+    }
+    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer)
{
+        byte[] iv = getDecodedBytes(consumer, "iv");
+        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
+    }
+    private byte[] getDecodedBytes(JweCompactConsumer consumer, String headerName) {
+        try {
+            Object ivHeader = consumer.getJweHeaders().getHeader(headerName);
+            return Base64UrlUtility.decode(ivHeader.toString());
+        } catch (Exception ex) {
+            throw new SecurityException(ex);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
new file mode 100644
index 0000000..9d8861b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/AesGcmWrapKeyEncryptionAlgorithm.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.jwe;
+
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
+import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
+
+public class AesGcmWrapKeyEncryptionAlgorithm extends AbstractWrapKeyEncryptionAlgorithm
{
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.A128GCMKW.getJwtName(),
+                      Algorithm.A192GCMKW.getJwtName(),
+                      Algorithm.A256GCMKW.getJwtName()));
+    public AesGcmWrapKeyEncryptionAlgorithm(String encodedKey, String keyAlgoJwt) {    
+        this(CryptoUtils.decodeSequence(encodedKey), keyAlgoJwt);
+    }
+    public AesGcmWrapKeyEncryptionAlgorithm(byte[] keyBytes, String keyAlgoJwt) {
+        this(CryptoUtils.createSecretKeySpec(keyBytes, Algorithm.AES_ALGO_JAVA),
+             keyAlgoJwt);
+    }
+    public AesGcmWrapKeyEncryptionAlgorithm(SecretKey key, String keyAlgoJwt) {
+        super(key, keyAlgoJwt, true, SUPPORTED_ALGORITHMS);
+    }
+    
+    @Override
+    public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
+        byte[] wrappedKeyAndTag = super.getEncryptedContentEncryptionKey(headers, cek);
+        byte[] wrappedKey = new byte[wrappedKeyAndTag.length - 128 / 8]; 
+        System.arraycopy(wrappedKeyAndTag, 0, wrappedKey, 0, wrappedKeyAndTag.length - 128
/ 8);
+        String encodedTag = Base64UrlUtility.encodeChunk(wrappedKeyAndTag, 
+                                                         wrappedKeyAndTag.length - 128 /
8, 128 / 8);
+        headers.setHeader("tag", encodedTag);
+        return wrappedKey;
+    }
+    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweHeaders headers) {
+        byte[] iv = CryptoUtils.generateSecureRandomBytes(96 / 8);
+        String encodedIv = Base64UrlUtility.encode(iv);
+        headers.setHeader("iv", encodedIv);
+        return CryptoUtils.getContentEncryptionCipherSpec(128, iv);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
index 24631ed..9a80e4f 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactConsumer.java
@@ -90,10 +90,10 @@ public class JweCompactConsumer {
     }
     
     public byte[] getEncryptedContentWithAuthTag() {
-        return getEncryptedContentWithAuthTag(encryptedContent, authTag);
+        return getCipherWithAuthTag(encryptedContent, authTag);
     }
     
-    public static byte[] getEncryptedContentWithAuthTag(byte[] cipher, byte[] authTag) {
+    public static byte[] getCipherWithAuthTag(byte[] cipher, byte[] authTag) {
         byte[] encryptedContentWithTag = new byte[cipher.length + authTag.length];
         System.arraycopy(cipher, 0, encryptedContentWithTag, 0, cipher.length);
         System.arraycopy(authTag, 0, encryptedContentWithTag, cipher.length, authTag.length);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
index 18979a0..40cf8d9 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwe/WrappedKeyDecryptionAlgorithm.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.jwe;
 
 import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
 
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
@@ -36,17 +37,22 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm
{
     }
     public byte[] getDecryptedContentEncryptionKey(JweCompactConsumer consumer) {
         KeyProperties keyProps = new KeyProperties(getKeyEncryptionAlgorithm(consumer));
+        AlgorithmParameterSpec spec = getAlgorithmParameterSpec(consumer); 
+        if (spec != null) {
+            keyProps.setAlgoSpec(spec);
+        }
         if (!unwrap) {
             keyProps.setBlockSize(getKeyCipherBlockSize());
-            return CryptoUtils.decryptBytes(consumer.getEncryptedContentEncryptionKey(),

+            return CryptoUtils.decryptBytes(getEncryptedContentEncryptionKey(consumer), 
                                             getCekDecryptionKey(), keyProps);
         } else {
-            return CryptoUtils.unwrapSecretKey(consumer.getEncryptedContentEncryptionKey(),

+            return CryptoUtils.unwrapSecretKey(getEncryptedContentEncryptionKey(consumer),

                                                getContentEncryptionAlgorithm(consumer), 
                                                getCekDecryptionKey(), 
                                                keyProps).getEncoded();
         }
     }
+    
     protected Key getCekDecryptionKey() {
         return cekDecryptionKey;
     }
@@ -59,4 +65,10 @@ public class WrappedKeyDecryptionAlgorithm implements KeyDecryptionAlgorithm
{
     protected String getContentEncryptionAlgorithm(JweCompactConsumer consumer) {
         return Algorithm.toJavaName(consumer.getJweHeaders().getContentEncryptionAlgorithm());
     }
+    protected AlgorithmParameterSpec getAlgorithmParameterSpec(JweCompactConsumer consumer)
{
+        return null;
+    }
+    protected byte[] getEncryptedContentEncryptionKey(JweCompactConsumer consumer) {
+        return consumer.getEncryptedContentEncryptionKey();
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
index e2807f9..b3e7914 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/Algorithm.java
@@ -46,6 +46,9 @@ public enum Algorithm {
     A128KW(JwtConstants.A128KW_ALGO, "AESWrap", 128),
     A192KW(JwtConstants.A192KW_ALGO, "AESWrap", 192),
     A256KW(JwtConstants.A256KW_ALGO, "AESWrap", 256),
+    A128GCMKW(JwtConstants.A128GCMKW_ALGO, "AES/GCM/NoPadding", 128),
+    A192GCMKW(JwtConstants.A192GCMKW_ALGO, "AES/GCM/NoPadding", 192),
+    A256GCMKW(JwtConstants.A256GCMKW_ALGO, "AES/GCM/NoPadding", 256),
     // Content Encryption
     A128GCM(JwtConstants.A128GCM_ALGO, "AES/GCM/NoPadding", 128),
     A192GCM(JwtConstants.A192GCM_ALGO, "AES/GCM/NoPadding", 192),
@@ -115,6 +118,9 @@ public enum Algorithm {
         JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCM_ALGO, AES_GCM_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A192GCM_ALGO, AES_GCM_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A128GCM_ALGO, AES_GCM_ALGO_JAVA);
+        JWT_TO_JAVA_NAMES.put(JwtConstants.A256GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+        JWT_TO_JAVA_NAMES.put(JwtConstants.A192GCMKW_ALGO, AES_GCM_ALGO_JAVA);
+        JWT_TO_JAVA_NAMES.put(JwtConstants.A128GCMKW_ALGO, AES_GCM_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A128CBC_HS256_ALGO, AES_CBC_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A192CBC_HS384_ALGO, AES_CBC_ALGO_JAVA);
         JWT_TO_JAVA_NAMES.put(JwtConstants.A256CBC_HS512_ALGO, AES_CBC_ALGO_JAVA);

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
index 461d7b2..b4e8fce 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/oauth2/jwt/JwtConstants.java
@@ -68,7 +68,9 @@ public final class JwtConstants {
     public static final String A128KW_ALGO = "A128KW";
     public static final String A192KW_ALGO = "A192KW";
     public static final String A256KW_ALGO = "A256KW";
-    
+    public static final String A128GCMKW_ALGO = "A128GCMKW";
+    public static final String A192GCMKW_ALGO = "A192GCMKW";
+    public static final String A256GCMKW_ALGO = "A256GCMKW";
     // Content Encryption
     public static final String A128CBC_HS256_ALGO = "A128CBC-HS256";
     public static final String A192CBC_HS384_ALGO = "A192CBC-HS384";

http://git-wip-us.apache.org/repos/asf/cxf/blob/d974aaa4/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
index cd7312b..f59e602 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/oauth2/jwe/JweCompactReaderWriterTest.java
@@ -27,6 +27,7 @@ import javax.crypto.SecretKey;
 
 import org.apache.cxf.rs.security.oauth2.jws.JwsCompactReaderWriterTest;
 import org.apache.cxf.rs.security.oauth2.jwt.Algorithm;
+import org.apache.cxf.rs.security.oauth2.jwt.JwtConstants;
 import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -93,7 +94,7 @@ public class JweCompactReaderWriterTest extends Assert {
     }
     
     @Test
-    public void testEncryptDecryptA128CBCHS256() throws Exception {
+    public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception {
         final String specPlainText = "Live long and prosper.";
         JweHeaders headers = new JweHeaders();
         headers.setAlgorithm(Algorithm.A128KW.getJwtName());
@@ -115,6 +116,28 @@ public class JweCompactReaderWriterTest extends Assert {
         String decryptedText = decryption.decrypt(jweContent).getContentText();
         assertEquals(specPlainText, decryptedText);
     }
+    @Test
+    public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception {
+        final String specPlainText = "Live long and prosper.";
+        JweHeaders headers = new JweHeaders();
+        headers.setAlgorithm(JwtConstants.A128GCMKW_ALGO);
+        headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName());
+        
+        byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3);
+        
+        AesGcmWrapKeyEncryptionAlgorithm keyEncryption = 
+            new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JwtConstants.A128GCMKW_ALGO);
+        JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers,
+                                                           CONTENT_ENCRYPTION_KEY_A3, 
+                                                           INIT_VECTOR_A3,
+                                                           keyEncryption);
+        String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
+        
+        AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey);
+        JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
+        String decryptedText = decryption.decrypt(jweContent).getContentText();
+        assertEquals(specPlainText, decryptedText);
+    }
     
     @Test
     public void testEncryptDecryptSpecExample() throws Exception {


Mime
View raw message