cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5944] Refactoring some of JWE class constractors
Date Thu, 18 Sep 2014 13:13:39 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5a40d6ece -> 1a1259841


[CXF-5944] Refactoring some of JWE class constractors


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1a125984
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1a125984
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1a125984

Branch: refs/heads/master
Commit: 1a1259841d025bce316dbb2400963347bfa92bfc
Parents: 5a40d6e
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Sep 18 14:13:21 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Sep 18 14:13:21 2014 +0100

----------------------------------------------------------------------
 .../jose/jaxrs/JweWriterInterceptor.java        |  8 +++--
 .../jwe/AbstractContentEncryptionAlgorithm.java | 15 ++++-----
 .../jwe/AbstractWrapKeyEncryptionAlgorithm.java | 18 ++++++-----
 .../jose/jwe/AesCbcHmacJweEncryption.java       | 18 ++++++-----
 .../jwe/AesGcmContentEncryptionAlgorithm.java   | 33 ++++++++++++++------
 .../jose/jwe/ContentEncryptionAlgorithm.java    |  1 +
 .../jose/jwe/DirectKeyEncryptionAlgorithm.java  |  5 +++
 .../jose/jwe/DirectKeyJweEncryption.java        |  2 +-
 .../jose/jwe/KeyEncryptionAlgorithm.java        |  1 +
 .../PbesHmacAesWrapKeyEncryptionAlgorithm.java  |  6 +++-
 .../jose/jwe/WrappedKeyJweEncryption.java       | 24 ++++++++------
 .../cxf/rs/security/jose/jwk/JwkUtils.java      |  4 +--
 .../jose/jwe/JweCompactReaderWriterTest.java    | 11 +++----
 .../jose/jwe/JwePbeHmacAesWrapTest.java         |  5 +--
 .../jaxrs/security/jwt/JAXRSJweJwsTest.java     |  3 +-
 .../cxf/systest/jaxrs/security/jwt/server.xml   |  1 -
 16 files changed, 96 insertions(+), 59 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
index 2fac63e..1daf285 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -41,6 +41,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.jwa.Algorithm;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
+import org.apache.cxf.rs.security.jose.jwe.AesGcmContentEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.AesGcmWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.AesWrapKeyEncryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
@@ -171,10 +172,11 @@ public class JweWriterInterceptor implements WriterInterceptor {
             }
             boolean isAesHmac = Algorithm.isAesCbcHmac(contentEncryptionAlgo);
             if (isAesHmac) { 
-                return new AesCbcHmacJweEncryption(
-                    keyEncryptionAlgo, contentEncryptionAlgo, keyEncryptionProvider);
+                return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider);
             } else {
-                return new WrappedKeyJweEncryption(headers, keyEncryptionProvider);
+                return new WrappedKeyJweEncryption(headers, 
+                                                   keyEncryptionProvider,
+                                                   new AesGcmContentEncryptionAlgorithm(contentEncryptionAlgo));
             }
         } catch (SecurityException ex) {
             throw ex;

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index ef1fbbb..adf6d59 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -20,8 +20,6 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.util.concurrent.atomic.AtomicInteger;
 
-import javax.crypto.SecretKey;
-
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 
@@ -31,17 +29,20 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent
     private byte[] cek;
     private byte[] iv;
     private AtomicInteger providedIvUsageCount;
-    protected AbstractContentEncryptionAlgorithm(SecretKey key, byte[] iv) { 
-        this(key.getEncoded(), iv);    
-    }
-    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv) { 
+    private String algorithm;
+    
+    protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
         this.cek = cek;
         this.iv = iv;
         if (iv != null && iv.length > 0) {
             providedIvUsageCount = new AtomicInteger();
         }    
+        this.algorithm = algo;
+    }
+    @Override
+    public String getAlgorithm() { 
+        return algorithm;
     }
-    
     public byte[] getContentEncryptionKey(JweHeaders headers) {
         return cek;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
index 162a8df..6e831a9 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractWrapKeyEncryptionAlgorithm.java
@@ -48,8 +48,12 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
         this.supportedAlgorithms = supportedAlgorithms;
     }
     @Override
+    public String getAlgorithm() {
+        return algorithm;
+    }
+    @Override
     public byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek) {
-        checkAlgorithms(headers, algorithm);
+        checkAlgorithms(headers);
         KeyProperties secretKeyProperties = new KeyProperties(getKeyEncryptionAlgoJava(headers));
         AlgorithmParameterSpec spec = getAlgorithmParameterSpec(headers); 
         if (spec != null) {
@@ -79,17 +83,17 @@ public abstract class AbstractWrapKeyEncryptionAlgorithm implements KeyEncryptio
         }
         return algo;
     }
-    protected void checkAlgorithms(JweHeaders headers, String defaultAlgo) {
+    protected void checkAlgorithms(JweHeaders headers) {
         String providedAlgo = headers.getKeyEncryptionAlgorithm();
-        if ((providedAlgo == null && defaultAlgo == null)
-            || (providedAlgo != null && defaultAlgo != null && !providedAlgo.equals(defaultAlgo)))
{
+        if ((providedAlgo == null && algorithm == null)
+            || (providedAlgo != null && algorithm != null && !providedAlgo.equals(algorithm)))
{
             throw new SecurityException();
         }
         if (providedAlgo != null) {
             checkAlgorithm(providedAlgo);
-        } else if (defaultAlgo != null) {
-            headers.setKeyEncryptionAlgorithm(defaultAlgo);
-            checkAlgorithm(defaultAlgo);
+        } else if (algorithm != null) {
+            headers.setKeyEncryptionAlgorithm(algorithm);
+            checkAlgorithm(algorithm);
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
index 40bba7d..5e3eaa5 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweEncryption.java
@@ -51,11 +51,10 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
         AES_CEK_SIZE_MAP.put(Algorithm.A192CBC_HS384.getJwtName(), 48);
         AES_CEK_SIZE_MAP.put(Algorithm.A256CBC_HS512.getJwtName(), 64);
     }
-    public AesCbcHmacJweEncryption(String keyAlgo, 
-                                   String cekAlgoJwt, 
+    public AesCbcHmacJweEncryption(String cekAlgoJwt, 
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(new JweHeaders(keyAlgo, validateCekAlgorithm(cekAlgoJwt)), 
-             null, null, keyEncryptionAlgorithm);
+        this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), cekAlgoJwt), null, null,

+             keyEncryptionAlgorithm);
     }
     public AesCbcHmacJweEncryption(JweHeaders headers, 
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
@@ -70,8 +69,11 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
                                    byte[] iv, 
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm,
                                    JwtHeadersWriter writer) {
-        super(headers, new AesCbcContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm,
writer);
-        validateCekAlgorithm(headers.getContentEncryptionAlgorithm());
+        super(headers, 
+              new AesCbcContentEncryptionAlgorithm(cek, iv, 
+                                                   validateCekAlgorithm(headers.getContentEncryptionAlgorithm())),
+              keyEncryptionAlgorithm, writer);
+        
     }
     @Override
     protected byte[] getActualCek(byte[] theCek, String algoJwt) {
@@ -166,8 +168,8 @@ public class AesCbcHmacJweEncryption extends AbstractJweEncryption {
     }
     
     private static class AesCbcContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm
{
-        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv) { 
-            super(cek, iv);    
+        public AesCbcContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+            super(cek, iv, algo);    
         }
         @Override
         public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
index 87774e9..fd028c1 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentEncryptionAlgorithm.java
@@ -18,26 +18,41 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.rs.security.jose.jwa.Algorithm;
 import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils;
 
 
 public class AesGcmContentEncryptionAlgorithm extends AbstractContentEncryptionAlgorithm
{
+    private static final Set<String> SUPPORTED_ALGORITHMS = new HashSet<String>(
+        Arrays.asList(Algorithm.A128GCM.getJwtName(),
+                      Algorithm.A192GCM.getJwtName(),
+                      Algorithm.A256GCM.getJwtName()));
     private static final int DEFAULT_IV_SIZE = 96;
-    public AesGcmContentEncryptionAlgorithm() {
-        this((byte[])null, null);
+    public AesGcmContentEncryptionAlgorithm(String algo) {
+        this((byte[])null, null, algo);
     }
-    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv) {
-        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv));
+    public AesGcmContentEncryptionAlgorithm(String encodedCek, String encodedIv, String algo)
{
+        this((byte[])CryptoUtils.decodeSequence(encodedCek), CryptoUtils.decodeSequence(encodedIv),
algo);
     }
-    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv) { 
-        this(key.getEncoded(), iv);    
+    public AesGcmContentEncryptionAlgorithm(SecretKey key, byte[] iv, String algo) { 
+        this(key.getEncoded(), iv, algo);    
     }
-    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv) { 
-        super(cek, iv);    
+    public AesGcmContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+        super(cek, iv, checkAlgorithm(algo));    
     }
     protected int getIvSize() { 
         return DEFAULT_IV_SIZE;
     }
-}
+    private static String checkAlgorithm(String algo) {
+        if (SUPPORTED_ALGORITHMS.contains(algo)) {       
+            return algo;
+        }
+        throw new SecurityException();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
index 6f53f53..07b370e 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionAlgorithm.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 
 public interface ContentEncryptionAlgorithm extends ContentEncryptionCipherProperties {
+    String getAlgorithm();
     byte[] getInitVector();
     byte[] getContentEncryptionKey(JweHeaders headers);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
index 8bbfd29..6714c3c 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyEncryptionAlgorithm.java
@@ -26,4 +26,9 @@ public class DirectKeyEncryptionAlgorithm implements KeyEncryptionAlgorithm
{
         }
         return new byte[0];
     }
+
+    @Override
+    public String getAlgorithm() {
+        return null;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
index 69e4ed9..fdd8658 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/DirectKeyJweEncryption.java
@@ -28,7 +28,7 @@ public class DirectKeyJweEncryption extends AbstractJweEncryption {
                                                 cek.getEncoded().length * 8)), cek.getEncoded(),
iv);
     }
     public DirectKeyJweEncryption(JweHeaders headers, byte[] cek, byte[] iv) {
-        this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv));
+        this(headers, new AesGcmContentEncryptionAlgorithm(cek, iv, headers.getContentEncryptionAlgorithm()));
     }
     public DirectKeyJweEncryption(JweHeaders headers, ContentEncryptionAlgorithm ceAlgo)
{
         super(headers, ceAlgo, new DirectKeyEncryptionAlgorithm());

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
index a6a147b..3885291 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/KeyEncryptionAlgorithm.java
@@ -20,5 +20,6 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 
 public interface KeyEncryptionAlgorithm {
+    String getAlgorithm();
     byte[] getEncryptedContentEncryptionKey(JweHeaders headers, byte[] cek);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
index b67332d..377e186 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/PbesHmacAesWrapKeyEncryptionAlgorithm.java
@@ -99,7 +99,7 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
         
         final String aesAlgoJwt = PBES_AES_MAP.get(keyAlgoJwt);
         KeyEncryptionAlgorithm aesWrap = new AesWrapKeyEncryptionAlgorithm(derivedKey, aesAlgoJwt)
{
-            protected void checkAlgorithms(JweHeaders headers, String defaultAlgo) {
+            protected void checkAlgorithms(JweHeaders headers) {
                 // complete
             }
             protected String getKeyEncryptionAlgoJava(JweHeaders headers) {
@@ -165,5 +165,9 @@ public class PbesHmacAesWrapKeyEncryptionAlgorithm implements KeyEncryptionAlgor
         bb.get(b);
         return b;
     }
+    @Override
+    public String getAlgorithm() {
+        return keyAlgoJwt;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
index 98bad90..8a40bc2 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java
@@ -21,20 +21,26 @@ package org.apache.cxf.rs.security.jose.jwe;
 import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter;
 
 public class WrappedKeyJweEncryption extends AbstractJweEncryption {
-    public WrappedKeyJweEncryption(JweHeaders headers, 
-                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm) {
-        this(headers, null, null, keyEncryptionAlgorithm);
+    public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
+                                   ContentEncryptionAlgorithm contentEncryptionAlgo) {
+        this(keyEncryptionAlgorithm, contentEncryptionAlgo, null);
+    }
+    public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm,
+                                   ContentEncryptionAlgorithm contentEncryptionAlgo,
+                                   JwtHeadersWriter writer) {
+        this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), contentEncryptionAlgo.getAlgorithm()),

+             keyEncryptionAlgorithm, contentEncryptionAlgo, writer);
     }
-    public WrappedKeyJweEncryption(JweHeaders headers, byte[] cek, 
-                                   byte[] iv, KeyEncryptionAlgorithm keyEncryptionAlgorithm)
{
-        this(headers, cek, iv, keyEncryptionAlgorithm, null);
+    public WrappedKeyJweEncryption(JweHeaders headers, 
+                                   KeyEncryptionAlgorithm keyEncryptionAlgorithm,
+                                   ContentEncryptionAlgorithm contentEncryptionAlgo) {
+        this(headers, keyEncryptionAlgorithm, contentEncryptionAlgo, null);
     }
     public WrappedKeyJweEncryption(JweHeaders headers, 
-                                   byte[] cek, 
-                                   byte[] iv, 
                                    KeyEncryptionAlgorithm keyEncryptionAlgorithm,
+                                   ContentEncryptionAlgorithm contentEncryptionAlgo,
                                    JwtHeadersWriter writer) {
-        super(headers, new AesGcmContentEncryptionAlgorithm(cek, iv), keyEncryptionAlgorithm,
writer);
+        super(headers, contentEncryptionAlgo, keyEncryptionAlgorithm, writer);
     }
     
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 9661bdb..8b5b0e9 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -86,9 +86,7 @@ public final class JwkUtils {
     private static JweEncryptionProvider createDefaultEncryption(char[] password) {
         KeyEncryptionAlgorithm keyEncryption = 
             new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName());
-        return new AesCbcHmacJweEncryption(Algorithm.PBES2_HS256_A128KW.getJwtName(),
-                                           Algorithm.A128CBC_HS256.getJwtName(),
-                                           keyEncryption);
+        return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption);
     }
     private static JweDecryptionProvider createDefaultDecryption(char[] password) {
         KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index 554e5db..ca49a38 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -173,12 +173,11 @@ public class JweCompactReaderWriterTest extends Assert {
         } else {
             jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length
* 8);
         }
-        JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(
-                                                        new JweHeaders(Algorithm.RSA_OAEP.getJwtName(),
jwtKeyName),  
-                                                        key == null ? null : key.getEncoded(),

-                                                        INIT_VECTOR_A1,
-                                                        new RSAOaepKeyEncryptionAlgorithm(publicKey,

-                                                            Algorithm.RSA_OAEP.getJwtName()));
+        KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey,

+                                                       Algorithm.RSA_OAEP.getJwtName());

+        ContentEncryptionAlgorithm contentEncryptionAlgo = 
+            new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1,
jwtKeyName);
+        JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(keyEncryptionAlgo,
contentEncryptionAlgo);
         return encryptor.encrypt(content.getBytes("UTF-8"), null);
     }
     private String encryptContentDirect(SecretKey key, String content) throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
index e914b9b..af5ae37 100644
--- a/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
+++ b/rt/rs/security/oauth-parent/oauth2-jwt/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
@@ -65,8 +65,9 @@ public class JwePbeHmacAesWrapTest extends Assert {
         final String password = "Thus from my lips, by yours, my sin is purged."; 
         KeyEncryptionAlgorithm keyEncryption = 
             new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JwtConstants.PBES2_HS256_A128KW_ALGO);
-        JweEncryptionProvider encryption = 
-            new WrappedKeyJweEncryption(headers, keyEncryption);
+        JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers, 
+                                                                       keyEncryption,
+            new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()));
         String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
         PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
         JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, null,
null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
index f4709d9..12fe555 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/JAXRSJweJwsTest.java
@@ -288,8 +288,7 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase {
         final String cekEncryptionKey = "GawgguFyGrWKav7AX4VKUg";
         AesWrapKeyEncryptionAlgorithm keyEncryption = 
             new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName());
-        jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128KW.getJwtName(),

-                                                                    Algorithm.A128CBC_HS256.getJwtName(),
+        jweWriter.setEncryptionProvider(new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(),
                                                                     keyEncryption));
         
         // reader 

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a125984/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
index 874b082..e93cb09 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jwt/server.xml
@@ -54,7 +54,6 @@ under the License.
         <constructor-arg value="A128KW"/>
     </bean>
     <bean id="aesCbcHmacEncryption" class="org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption">
-        <constructor-arg value="A128KW"/>
         <constructor-arg value="A128CBC-HS256"/>
         <constructor-arg ref="aesWrapEncryptionAlgo"/>
     </bean>


Mime
View raw message