Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 993CA11C93 for ; Fri, 19 Sep 2014 14:47:47 +0000 (UTC) Received: (qmail 7376 invoked by uid 500); 19 Sep 2014 14:47:47 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 7279 invoked by uid 500); 19 Sep 2014 14:47:47 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 7132 invoked by uid 99); 19 Sep 2014 14:47:47 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Sep 2014 14:47:47 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 11C328A5FC2; Fri, 19 Sep 2014 14:47:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Date: Fri, 19 Sep 2014 14:47:48 -0000 Message-Id: In-Reply-To: <3afbddcbfc49444cb08552f06a8a935f@git.apache.org> References: <3afbddcbfc49444cb08552f06a8a935f@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [03/10] Changing the oauth2-jwt source folder to oauth2-jose http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java deleted file mode 100644 index b14effc..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweDecryption.java +++ /dev/null @@ -1,56 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import java.security.Key; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader; - -public class WrappedKeyJweDecryption extends AbstractJweDecryption { - public WrappedKeyJweDecryption(Key cekDecryptionKey) { - this(cekDecryptionKey, true); - } - public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap) { - this(cekDecryptionKey, unwrap, null); - } - public WrappedKeyJweDecryption(Key cekDecryptionKey, JweCryptoProperties props) { - this(cekDecryptionKey, true, props); - } - public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap, - JweCryptoProperties props) { - this(cekDecryptionKey, unwrap, props, null); - } - public WrappedKeyJweDecryption(Key cekDecryptionKey, boolean unwrap, - JweCryptoProperties props, JwtHeadersReader reader) { - this(new WrappedKeyDecryptionAlgorithm(cekDecryptionKey, unwrap), - props, reader); - } - public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo) { - this(keyDecryptionAlgo, null, null); - } - public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo, - JweCryptoProperties props, JwtHeadersReader reader) { - this(keyDecryptionAlgo, props, reader, new AesGcmContentDecryptionAlgorithm()); - } - public WrappedKeyJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo, - JweCryptoProperties props, JwtHeadersReader reader, - ContentDecryptionAlgorithm cipherProps) { - super(props, reader, keyDecryptionAlgo, cipherProps); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java deleted file mode 100644 index 8a40bc2..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwe/WrappedKeyJweEncryption.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter; - -public class WrappedKeyJweEncryption extends AbstractJweEncryption { - public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm, - ContentEncryptionAlgorithm contentEncryptionAlgo) { - this(keyEncryptionAlgorithm, contentEncryptionAlgo, null); - } - public WrappedKeyJweEncryption(KeyEncryptionAlgorithm keyEncryptionAlgorithm, - ContentEncryptionAlgorithm contentEncryptionAlgo, - JwtHeadersWriter writer) { - this(new JweHeaders(keyEncryptionAlgorithm.getAlgorithm(), contentEncryptionAlgo.getAlgorithm()), - keyEncryptionAlgorithm, contentEncryptionAlgo, writer); - } - public WrappedKeyJweEncryption(JweHeaders headers, - KeyEncryptionAlgorithm keyEncryptionAlgorithm, - ContentEncryptionAlgorithm contentEncryptionAlgo) { - this(headers, keyEncryptionAlgorithm, contentEncryptionAlgo, null); - } - public WrappedKeyJweEncryption(JweHeaders headers, - KeyEncryptionAlgorithm keyEncryptionAlgorithm, - ContentEncryptionAlgorithm contentEncryptionAlgo, - JwtHeadersWriter writer) { - super(headers, contentEncryptionAlgo, keyEncryptionAlgorithm, writer); - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java deleted file mode 100644 index be300f4..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/DefaultJwkReaderWriter.java +++ /dev/null @@ -1,48 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import org.apache.cxf.rs.security.jose.jwt.AbstractJwtObjectReaderWriter; - - - - -public class DefaultJwkReaderWriter extends AbstractJwtObjectReaderWriter - implements JwkReaderWriter { - @Override - public String jwkSetToJson(JsonWebKeys jwks) { - return toJson(jwks); - } - @Override - public JsonWebKeys jsonToJwkSet(String jwksJson) { - JsonWebKeys jwks = new JsonWebKeys(); - fromJsonInternal(jwks, jwksJson); - return jwks; - } - @Override - public String jwkToJson(JsonWebKey jwk) { - return toJson(jwk); - } - @Override - public JsonWebKey jsonToJwk(String jwkJson) { - JsonWebKey jwk = new JsonWebKey(); - fromJsonInternal(jwk, jwkJson); - return jwk; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java deleted file mode 100644 index 63c1008..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKey.java +++ /dev/null @@ -1,160 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.rs.security.jose.jwt.AbstractJwtObject; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; - - -public class JsonWebKey extends AbstractJwtObject { - - public static final String KEY_TYPE = "kty"; - public static final String PUBLIC_KEY_USE = "use"; - public static final String KEY_OPERATIONS = "key_ops"; - public static final String KEY_ALGO = JwtConstants.HEADER_ALGORITHM; - public static final String KEY_ID = JwtConstants.HEADER_KEY_ID; - public static final String X509_URL = JwtConstants.HEADER_X509_URL; - public static final String X509_CHAIN = JwtConstants.HEADER_X509_CHAIN; - public static final String X509_THUMBPRINT = JwtConstants.HEADER_X509_THUMBPRINT; - public static final String X509_THUMBPRINT_SHA256 = JwtConstants.HEADER_X509_THUMBPRINT_SHA256; - - public static final String KEY_TYPE_RSA = "RSA"; - public static final String RSA_MODULUS = "n"; - public static final String RSA_PUBLIC_EXP = "e"; - public static final String RSA_PRIVATE_EXP = "d"; - public static final String RSA_FIRST_PRIME_FACTOR = "p"; - public static final String RSA_SECOND_PRIME_FACTOR = "q"; - public static final String RSA_FIRST_PRIME_CRT = "dp"; - public static final String RSA_SECOND_PRIME_CRT = "dq"; - public static final String RSA_FIRST_CRT_COEFFICIENT = "qi"; - - public static final String KEY_TYPE_OCTET = "oct"; - public static final String OCTET_KEY_VALUE = "k"; - - public static final String KEY_TYPE_ELLIPTIC = "EC"; - public static final String EC_CURVE = "crv"; - public static final String EC_CURVE_P256 = "P-256"; - public static final String EC_CURVE_P384 = "P-384"; - public static final String EC_CURVE_P512 = "P-512"; - public static final String EC_X_COORDINATE = "x"; - public static final String EC_Y_COORDINATE = "y"; - public static final String EC_PRIVATE_KEY = "d"; - - public static final String PUBLIC_KEY_USE_SIGN = "sig"; - public static final String PUBLIC_KEY_USE_ENCRYPT = "enc"; - - public static final String KEY_OPER_SIGN = "sign"; - public static final String KEY_OPER_VERIFY = "verify"; - public static final String KEY_OPER_ENCRYPT = "encrypt"; - public static final String KEY_OPER_DECRYPT = "decrypt"; - - public JsonWebKey() { - - } - - public JsonWebKey(Map values) { - super(values); - } - - public void setKeyType(String keyType) { - super.setValue(KEY_TYPE, keyType); - } - - public String getKeyType() { - return (String)super.getValue(KEY_TYPE); - } - - public void setPublicKeyUse(String use) { - super.setValue(PUBLIC_KEY_USE, use); - } - - public String getPublicKeyUse() { - return (String)super.getValue(PUBLIC_KEY_USE); - } - - public void setKeyOperation(List keyOperation) { - super.setValue(KEY_OPERATIONS, keyOperation); - } - - public List getKeyOperation() { - return CastUtils.cast((List)super.getValue(KEY_OPERATIONS)); - } - - public void setAlgorithm(String algorithm) { - super.setValue(KEY_ALGO, algorithm); - } - - public String getAlgorithm() { - return (String)super.getValue(KEY_ALGO); - } - - public void setKid(String kid) { - super.setValue(KEY_ID, kid); - } - - public String getKid() { - return (String)super.getValue(KEY_ID); - } - - public void setX509Url(String x509Url) { - super.setValue(X509_URL, x509Url); - } - - public String getX509Url() { - return (String)super.getValue(X509_URL); - } - - public void setX509Chain(String x509Chain) { - super.setValue(X509_CHAIN, x509Chain); - } - - public String getX509Chain() { - return (String)super.getValue(X509_CHAIN); - } - - public void setX509Thumbprint(String x509Thumbprint) { - super.setValue(X509_THUMBPRINT, x509Thumbprint); - } - - public String getX509Thumbprint() { - return (String)super.getValue(X509_THUMBPRINT); - } - - public void setX509ThumbprintSHA256(String x509Thumbprint) { - super.setValue(X509_THUMBPRINT_SHA256, x509Thumbprint); - } - - public String getX509ThumbprintSHA256() { - return (String)super.getValue(X509_THUMBPRINT_SHA256); - } - - public JsonWebKey setProperty(String name, Object value) { - super.setValue(name, value); - return this; - } - - public Object getProperty(String name) { - return super.getValue(name); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java deleted file mode 100644 index 3c79454..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeys.java +++ /dev/null @@ -1,131 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.util.Collections; -import java.util.LinkedHashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.rs.security.jose.jwt.AbstractJwtObject; - -public class JsonWebKeys extends AbstractJwtObject { - public static final String KEYS_PROPERTY = "keys"; - public List getKeys() { - List list = (List)super.getValue(KEYS_PROPERTY); - if (list != null && !list.isEmpty()) { - Object first = list.get(0); - if (first instanceof JsonWebKey) { - return CastUtils.cast(list); - } else { - List keys = new LinkedList(); - List> listOfMaps = - CastUtils.cast((List)super.getValue(KEYS_PROPERTY)); - for (Map map : listOfMaps) { - keys.add(new JsonWebKey(map)); - } - return keys; - } - } else { - return null; - } - } - - public void setKeys(List keys) { - super.setValue(KEYS_PROPERTY, keys); - } - - public Map getKeyIdMap() { - List keys = getKeys(); - if (keys == null) { - return Collections.emptyMap(); - } - Map map = new LinkedHashMap(); - for (JsonWebKey key : keys) { - String kid = key.getKid(); - if (kid != null) { - map.put(kid, key); - } - } - return map; - } - public JsonWebKey getKey(String kid) { - return getKeyIdMap().get(kid); - } - public Map> getKeyTypeMap() { - return getKeyPropertyMap(JsonWebKey.KEY_TYPE); - } - public Map> getKeyUseMap() { - return getKeyPropertyMap(JsonWebKey.PUBLIC_KEY_USE); - } - private Map> getKeyPropertyMap(String propertyName) { - List keys = getKeys(); - if (keys == null) { - return Collections.emptyMap(); - } - Map> map = new LinkedHashMap>(); - for (JsonWebKey key : keys) { - String propValue = (String)key.getProperty(propertyName); - if (propValue != null) { - List list = map.get(propValue); - if (list == null) { - list = new LinkedList(); - map.put(propValue, list); - } - list.add(key); - } - } - return map; - } - public Map> getKeyOperationMap() { - List keys = getKeys(); - if (keys == null) { - return Collections.emptyMap(); - } - Map> map = new LinkedHashMap>(); - for (JsonWebKey key : keys) { - List ops = key.getKeyOperation(); - if (ops != null) { - for (String op : ops) { - List list = map.get(op); - if (list == null) { - list = new LinkedList(); - map.put(op, list); - } - list.add(key); - } - } - } - return map; - } - public List getKeys(String keyType) { - return getKeyTypeMap().get(keyType); - } - public List getRsaKeys() { - return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_RSA); - } - public List getEllipticKeys() { - return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_ELLIPTIC); - } - public List getSecretKeys() { - return getKeyTypeMap().get(JsonWebKey.KEY_TYPE_OCTET); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java deleted file mode 100644 index 679b7aa..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkReaderWriter.java +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - - -public interface JwkReaderWriter { - String jwkToJson(JsonWebKey jwk); - JsonWebKey jsonToJwk(String jwkJson); - String jwkSetToJson(JsonWebKeys jwkSet); - JsonWebKeys jsonToJwkSet(String jwkSetJson); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java deleted file mode 100644 index 3e61fd4..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java +++ /dev/null @@ -1,249 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Collections; -import java.util.List; -import java.util.Properties; - -import javax.crypto.SecretKey; - -import org.apache.cxf.Bus; -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.jaxrs.utils.ResourceUtils; -import org.apache.cxf.message.Message; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption; -import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption; -import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; -import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; -import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyDecryptionAlgorithm; -import org.apache.cxf.rs.security.jose.jwe.PbesHmacAesWrapKeyEncryptionAlgorithm; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; -import org.apache.cxf.rs.security.oauth2.utils.crypto.PrivateKeyPasswordProvider; - -public final class JwkUtils { - public static final String JWK_KEY_STORE_TYPE = "jwk"; - public static final String RSSEC_KEY_STORE_JWKSET = "rs.security.keystore.jwkset"; - public static final String RSSEC_KEY_STORE_JWKKEY = "rs.security.keystore.jwkkey"; - private JwkUtils() { - - } - public static JsonWebKey readJwkKey(String jwkJson) { - return new DefaultJwkReaderWriter().jsonToJwk(jwkJson); - } - public static JsonWebKeys readJwkSet(String jwksJson) { - return new DefaultJwkReaderWriter().jsonToJwkSet(jwksJson); - } - public static String jwkKeyToJson(JsonWebKey jwkKey) { - return new DefaultJwkReaderWriter().jwkToJson(jwkKey); - } - public static String jwkSetToJson(JsonWebKeys jwkSet) { - return new DefaultJwkReaderWriter().jwkSetToJson(jwkSet); - } - public static String encryptJwkSet(JsonWebKeys jwkSet, char[] password) { - return encryptJwkSet(jwkSet, password, new DefaultJwkReaderWriter()); - } - public static String encryptJwkSet(JsonWebKeys jwkSet, char[] password, JwkReaderWriter writer) { - return encryptJwkSet(jwkSet, createDefaultEncryption(password), writer); - } - public static String encryptJwkSet(JsonWebKeys jwkSet, JweEncryptionProvider jwe, JwkReaderWriter writer) { - return jwe.encrypt(stringToBytes(writer.jwkSetToJson(jwkSet)), "jwk-set+json"); - } - public static JsonWebKeys decryptJwkSet(String jsonJwkSet, char[] password) { - return decryptJwkSet(jsonJwkSet, password, new DefaultJwkReaderWriter()); - } - public static JsonWebKeys decryptJwkSet(String jsonJwkSet, char[] password, JwkReaderWriter reader) { - return decryptJwkSet(jsonJwkSet, createDefaultDecryption(password), reader); - } - public static JsonWebKeys decryptJwkSet(String jsonJwkSet, JweDecryptionProvider jwe, JwkReaderWriter reader) { - return reader.jsonToJwkSet(jwe.decrypt(jsonJwkSet).getContentText()); - } - public static String encryptJwkKey(JsonWebKey jwk, char[] password) { - return encryptJwkKey(jwk, password, new DefaultJwkReaderWriter()); - } - public static String encryptJwkKey(JsonWebKey jwkKey, char[] password, JwkReaderWriter writer) { - return encryptJwkKey(jwkKey, createDefaultEncryption(password), writer); - } - public static String encryptJwkKey(JsonWebKey jwkKey, JweEncryptionProvider jwe, JwkReaderWriter writer) { - return jwe.encrypt(stringToBytes(writer.jwkToJson(jwkKey)), "jwk+json"); - } - public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password) { - return decryptJwkKey(jsonJwkKey, password, new DefaultJwkReaderWriter()); - } - public static JsonWebKey decryptJwkKey(String jsonJwkKey, char[] password, JwkReaderWriter reader) { - return decryptJwkKey(jsonJwkKey, createDefaultDecryption(password), reader); - } - public static JsonWebKey decryptJwkKey(String jsonJwkKey, JweDecryptionProvider jwe, JwkReaderWriter reader) { - return reader.jsonToJwk(jwe.decrypt(jsonJwkKey).getContentText()); - } - private static JweEncryptionProvider createDefaultEncryption(char[] password) { - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, Algorithm.PBES2_HS256_A128KW.getJwtName()); - return new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), keyEncryption); - } - private static JweDecryptionProvider createDefaultDecryption(char[] password) { - KeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); - return new AesCbcHmacJweDecryption(keyDecryption); - } - public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb) { - return loadJwkSet(m, props, cb, new DefaultJwkReaderWriter()); - } - public static JsonWebKeys loadJwkSet(Message m, Properties props, PrivateKeyPasswordProvider cb, - JwkReaderWriter reader) { - JsonWebKeys jwkSet = (JsonWebKeys)m.getExchange().get(props.get(CryptoUtils.RSSEC_KEY_STORE_FILE)); - if (jwkSet == null) { - jwkSet = loadJwkSet(props, m.getExchange().getBus(), cb, reader); - m.getExchange().put((String)props.get(CryptoUtils.RSSEC_KEY_STORE_FILE), jwkSet); - } - return jwkSet; - } - public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb) { - return loadJwkSet(props, bus, cb, new DefaultJwkReaderWriter()); - } - public static JsonWebKeys loadJwkSet(Properties props, Bus bus, PrivateKeyPasswordProvider cb, - JwkReaderWriter reader) { - JweDecryptionProvider decryption = cb != null - ? new AesCbcHmacJweDecryption(new PbesHmacAesWrapKeyDecryptionAlgorithm(cb.getPassword(props))) : null; - return loadJwkSet(props, bus, decryption, reader); - } - public static JsonWebKeys loadJwkSet(Properties props, Bus bus, JweDecryptionProvider jwe, JwkReaderWriter reader) { - String keyContent = null; - String keyStoreLoc = props.getProperty(CryptoUtils.RSSEC_KEY_STORE_FILE); - if (keyStoreLoc != null) { - try { - InputStream is = ResourceUtils.getResourceStream(keyStoreLoc, bus); - keyContent = IOUtils.readStringFromStream(is); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } else { - keyContent = props.getProperty(RSSEC_KEY_STORE_JWKSET); - if (keyContent == null) { - keyContent = props.getProperty(RSSEC_KEY_STORE_JWKKEY); - } - } - if (jwe != null) { - keyContent = jwe.decrypt(keyContent).getContentText(); - } - if (props.getProperty(RSSEC_KEY_STORE_JWKKEY) == null) { - return reader.jsonToJwkSet(keyContent); - } else { - JsonWebKey key = reader.jsonToJwk(keyContent); - JsonWebKeys keys = new JsonWebKeys(); - keys.setKeys(Collections.singletonList(key)); - return keys; - } - } - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper) { - return loadJsonWebKey(m, props, keyOper, new DefaultJwkReaderWriter()); - } - public static JsonWebKey loadJsonWebKey(Message m, Properties props, String keyOper, JwkReaderWriter reader) { - PrivateKeyPasswordProvider cb = - (PrivateKeyPasswordProvider)m.getContextualProperty(CryptoUtils.RSSEC_KEY_PSWD_PROVIDER); - if (cb == null && keyOper != null) { - String propName = keyOper.equals(JsonWebKey.KEY_OPER_SIGN) ? CryptoUtils.RSSEC_SIG_KEY_PSWD_PROVIDER - : keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT) ? CryptoUtils.RSSEC_DECRYPT_KEY_PSWD_PROVIDER : null; - if (propName != null) { - cb = (PrivateKeyPasswordProvider)m.getContextualProperty(propName); - } - } - JsonWebKeys jwkSet = loadJwkSet(m, props, cb, reader); - String kid = props.getProperty(CryptoUtils.RSSEC_KEY_STORE_ALIAS); - if (kid == null && keyOper != null) { - String keyIdProp = null; - if (keyOper.equals(JsonWebKey.KEY_OPER_ENCRYPT)) { - keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jwe"; - } else if (keyOper.equals(JsonWebKey.KEY_OPER_SIGN) - || keyOper.equals(JsonWebKey.KEY_OPER_VERIFY)) { - keyIdProp = CryptoUtils.RSSEC_KEY_STORE_ALIAS + ".jws"; - } - if (keyIdProp != null) { - kid = props.getProperty(keyIdProp); - } - } - if (kid != null) { - return jwkSet.getKey(kid); - } else if (keyOper != null) { - List keys = jwkSet.getKeyUseMap().get(keyOper); - if (keys != null && keys.size() == 1) { - return keys.get(0); - } - } - return null; - } - public static RSAPublicKey toRSAPublicKey(JsonWebKey jwk) { - String encodedModulus = (String)jwk.getProperty(JsonWebKey.RSA_MODULUS); - String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP); - return CryptoUtils.getRSAPublicKey(encodedModulus, encodedPublicExponent); - } - public static RSAPrivateKey toRSAPrivateKey(JsonWebKey jwk) { - String encodedModulus = (String)jwk.getProperty(JsonWebKey.RSA_MODULUS); - String encodedPrivateExponent = (String)jwk.getProperty(JsonWebKey.RSA_PRIVATE_EXP); - String encodedPrimeP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR); - if (encodedPrimeP == null) { - return CryptoUtils.getRSAPrivateKey(encodedModulus, encodedPrivateExponent); - } else { - String encodedPublicExponent = (String)jwk.getProperty(JsonWebKey.RSA_PUBLIC_EXP); - String encodedPrimeQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR); - String encodedPrimeExpP = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT); - String encodedPrimeExpQ = (String)jwk.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT); - String encodedCrtCoefficient = (String)jwk.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT); - return CryptoUtils.getRSAPrivateKey(encodedModulus, - encodedPublicExponent, - encodedPrivateExponent, - encodedPrimeP, - encodedPrimeQ, - encodedPrimeExpP, - encodedPrimeExpQ, - encodedCrtCoefficient); - } - } - public static ECPublicKey toECPublicKey(JsonWebKey jwk) { - String eCurve = (String)jwk.getProperty(JsonWebKey.EC_CURVE); - String encodedXCoord = (String)jwk.getProperty(JsonWebKey.EC_X_COORDINATE); - String encodedYCoord = (String)jwk.getProperty(JsonWebKey.EC_Y_COORDINATE); - return CryptoUtils.getECPublicKey(eCurve, encodedXCoord, encodedYCoord); - } - public static ECPrivateKey toECPrivateKey(JsonWebKey jwk) { - String eCurve = (String)jwk.getProperty(JsonWebKey.EC_CURVE); - String encodedPrivateKey = (String)jwk.getProperty(JsonWebKey.EC_PRIVATE_KEY); - return CryptoUtils.getECPrivateKey(eCurve, encodedPrivateKey); - } - - public static SecretKey toSecretKey(JsonWebKey jwk) { - return CryptoUtils.createSecretKeySpec((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), - Algorithm.toJavaName(jwk.getAlgorithm())); - } - private static byte[] stringToBytes(String str) { - try { - return str.getBytes("UTF-8"); - } catch (UnsupportedEncodingException ex) { - throw new SecurityException(ex); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java deleted file mode 100644 index 4be56f6..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/AbstractJwsSignatureProvider.java +++ /dev/null @@ -1,65 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.util.Set; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public abstract class AbstractJwsSignatureProvider implements JwsSignatureProvider { - private Set supportedAlgorithms; - private String algorithm; - - protected AbstractJwsSignatureProvider(Set supportedAlgorithms, String algo) { - this.supportedAlgorithms = supportedAlgorithms; - this.algorithm = algo; - } - - protected JwtHeaders prepareHeaders(JwtHeaders headers) { - if (headers == null) { - headers = new JwtHeaders(); - } - String algo = headers.getAlgorithm(); - if (algo != null) { - checkAlgorithm(algo); - } else { - checkAlgorithm(algorithm); - headers.setAlgorithm(algorithm); - } - return headers; - } - @Override - public String getAlgorithm() { - return algorithm; - } - @Override - public JwsSignature createJwsSignature(JwtHeaders headers) { - return doCreateJwsSignature(prepareHeaders(headers)); - } - - protected abstract JwsSignature doCreateJwsSignature(JwtHeaders headers); - - protected String checkAlgorithm(String algo) { - if (algo == null || !supportedAlgorithms.contains(algo)) { - throw new SecurityException(); - } - return algo; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java deleted file mode 100644 index e52edec..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/EcDsaJwsSignatureProvider.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.SecureRandom; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; - -public class EcDsaJwsSignatureProvider extends PrivateKeyJwsSignatureProvider { - private static final Set SUPPORTED_ALGORITHMS = new HashSet( - Arrays.asList(Algorithm.SHA256withECDSA.getJwtName(), - Algorithm.SHA384withECDSA.getJwtName(), - Algorithm.SHA512withECDSA.getJwtName())); - - public EcDsaJwsSignatureProvider(ECPrivateKey key, String algo) { - this(key, null, algo); - } - public EcDsaJwsSignatureProvider(ECPrivateKey key, AlgorithmParameterSpec spec, String algo) { - this(key, null, spec, algo); - } - public EcDsaJwsSignatureProvider(ECPrivateKey key, SecureRandom random, AlgorithmParameterSpec spec, - String algo) { - super(key, random, spec, SUPPORTED_ALGORITHMS, algo); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java deleted file mode 100644 index c1fcc46..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureProvider.java +++ /dev/null @@ -1,77 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.spec.AlgorithmParameterSpec; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import javax.crypto.Mac; - -import org.apache.cxf.common.util.Base64Exception; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; - -public class HmacJwsSignatureProvider extends AbstractJwsSignatureProvider { - private static final Set SUPPORTED_ALGORITHMS = new HashSet( - Arrays.asList(Algorithm.HmacSHA256.getJwtName(), - Algorithm.HmacSHA384.getJwtName(), - Algorithm.HmacSHA512.getJwtName())); - private byte[] key; - private AlgorithmParameterSpec hmacSpec; - - public HmacJwsSignatureProvider(byte[] key, String algo) { - this(key, null, algo); - } - public HmacJwsSignatureProvider(byte[] key, AlgorithmParameterSpec spec, String algo) { - super(SUPPORTED_ALGORITHMS, algo); - this.key = key; - this.hmacSpec = spec; - } - public HmacJwsSignatureProvider(String encodedKey, String algo) { - super(SUPPORTED_ALGORITHMS, algo); - try { - this.key = Base64UrlUtility.decode(encodedKey); - } catch (Base64Exception ex) { - throw new SecurityException(); - } - } - - protected JwsSignature doCreateJwsSignature(JwtHeaders headers) { - final Mac mac = HmacUtils.getInitializedMac(key, Algorithm.toJavaName(headers.getAlgorithm()), - hmacSpec); - return new JwsSignature() { - - @Override - public void update(byte[] src, int off, int len) { - mac.update(src, off, len); - } - - @Override - public byte[] sign() { - return mac.doFinal(); - } - - }; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java deleted file mode 100644 index fed7e1f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ /dev/null @@ -1,62 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.spec.AlgorithmParameterSpec; -import java.util.Arrays; - -import org.apache.cxf.common.util.Base64Exception; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; -import org.apache.cxf.rs.security.oauth2.utils.crypto.HmacUtils; - -public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { - private byte[] key; - private AlgorithmParameterSpec hmacSpec; - - public HmacJwsSignatureVerifier(byte[] key) { - this(key, null); - } - public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec) { - this.key = key; - this.hmacSpec = spec; - } - public HmacJwsSignatureVerifier(String encodedKey) { - try { - this.key = Base64UrlUtility.decode(encodedKey); - } catch (Base64Exception ex) { - throw new SecurityException(); - } - } - - @Override - public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) { - byte[] expected = computeMac(headers, unsignedText); - return Arrays.equals(expected, signature); - } - - private byte[] computeMac(JwtHeaders headers, String text) { - return HmacUtils.computeHmac(key, - Algorithm.toJavaName(headers.getAlgorithm()), - hmacSpec, - text); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java deleted file mode 100644 index 422473f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ /dev/null @@ -1,122 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.io.UnsupportedEncodingException; - -import org.apache.cxf.common.util.Base64Exception; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtHeadersReader; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReader; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; - -public class JwsCompactConsumer { - private JwtHeadersReader reader = new JwtTokenReaderWriter(); - private String encodedSequence; - private String encodedSignature; - private String headersJson; - private String jwsPayload; - private JwsSignatureProperties props; - public JwsCompactConsumer(String encodedJws) { - this(encodedJws, null, null); - } - public JwsCompactConsumer(String encodedJws, JwsSignatureProperties props) { - this(encodedJws, props, null); - } - public JwsCompactConsumer(String encodedJws, JwtTokenReader r) { - this(encodedJws, null, r); - } - public JwsCompactConsumer(String encodedJws, JwsSignatureProperties props, JwtHeadersReader r) { - if (r != null) { - this.reader = r; - } - this.props = props; - String[] parts = encodedJws.split("\\."); - if (parts.length != 3) { - if (parts.length == 2 && encodedJws.endsWith(".")) { - encodedSignature = ""; - } else { - throw new OAuthServiceException("Invalid JWS Compact sequence"); - } - } else { - encodedSignature = parts[2]; - } - headersJson = decodeToString(parts[0]); - jwsPayload = decodeToString(parts[1]); - encodedSequence = parts[0] + "." + parts[1]; - - } - public String getUnsignedEncodedPayload() { - return encodedSequence; - } - public String getEncodedSignature() { - return encodedSignature; - } - public String getDecodedJsonHeaders() { - return headersJson; - } - public String getDecodedJwsPayload() { - return jwsPayload; - } - public byte[] getDecodedJwsPayloadBytes() { - try { - return jwsPayload.getBytes("UTF-8"); - } catch (UnsupportedEncodingException ex) { - throw new SecurityException(ex); - } - } - public byte[] getDecodedSignature() { - return encodedSignature.isEmpty() ? new byte[]{} : decode(encodedSignature); - } - public JwtHeaders getJwtHeaders() { - return getReader().fromJsonHeaders(headersJson); - } - public boolean verifySignatureWith(JwsSignatureVerifier validator) { - enforceJweSignatureProperties(); - if (!validator.verify(getJwtHeaders(), getUnsignedEncodedPayload(), getDecodedSignature())) { - throw new SecurityException(); - } - return true; - } - private void enforceJweSignatureProperties() { - if (props != null) { - //TODO: - } - } - private static String decodeToString(String encoded) { - try { - return new String(decode(encoded), "UTF-8"); - } catch (UnsupportedEncodingException ex) { - throw new SecurityException(ex); - } - - } - protected JwtHeadersReader getReader() { - return reader; - } - private static byte[] decode(String encoded) { - try { - return Base64UrlUtility.decode(encoded); - } catch (Base64Exception ex) { - throw new SecurityException(ex); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java deleted file mode 100644 index ef4dd52..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ /dev/null @@ -1,109 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtHeadersWriter; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; - -public class JwsCompactProducer { - private JwtHeadersWriter writer = new JwtTokenReaderWriter(); - private JwtHeaders headers; - private String plainJwsPayload; - private String signature; - private String plainRep; - - public JwsCompactProducer(String plainJwsPayload) { - this(null, null, plainJwsPayload); - } - public JwsCompactProducer(JwtHeaders headers, String plainJwsPayload) { - this(headers, null, plainJwsPayload); - } - public JwsCompactProducer(JwtHeaders headers, JwtHeadersWriter w, String plainJwsPayload) { - this.headers = headers; - if (w != null) { - this.writer = w; - } - this.plainJwsPayload = plainJwsPayload; - } - public JwtHeaders getHeaders() { - if (headers == null) { - headers = new JwtHeaders(); - } - return headers; - } - public String getUnsignedEncodedJws() { - checkAlgorithm(); - if (plainRep == null) { - plainRep = Base64UrlUtility.encode(writer.headersToJson(getHeaders())) - + "." - + Base64UrlUtility.encode(plainJwsPayload); - } - return plainRep; - } - - public String getSignedEncodedJws() { - checkAlgorithm(); - boolean noSignature = StringUtils.isEmpty(signature); - if (noSignature && !isPlainText()) { - throw new IllegalStateException("Signature is not available"); - } - return getUnsignedEncodedJws() + "." + (noSignature ? "" : signature); - } - - public String signWith(JwsSignatureProvider signer) { - JwsSignature worker = signer.createJwsSignature(getHeaders()); - try { - byte[] bytes = getUnsignedEncodedJws().getBytes("UTF-8"); - worker.update(bytes, 0, bytes.length); - signWith(worker.sign()); - return getSignedEncodedJws(); - } catch (Exception ex) { - throw new SecurityException(); - } - } - - public String signWith(String signatureText) { - setEncodedSignature(Base64UrlUtility.encode(signatureText)); - return getSignedEncodedJws(); - } - - public String signWith(byte[] signatureOctets) { - setEncodedSignature(Base64UrlUtility.encode(signatureOctets)); - return getSignedEncodedJws(); - } - - private void setEncodedSignature(String sig) { - this.signature = sig; - } - private boolean isPlainText() { - return JwtConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm()); - } - private String getAlgorithm() { - return getHeaders().getAlgorithm(); - } - private void checkAlgorithm() { - if (getAlgorithm() == null) { - throw new IllegalStateException("Algorithm header is not set"); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java deleted file mode 100644 index e395dc7..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java +++ /dev/null @@ -1,55 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenJson; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReader; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; - -public class JwsJwtCompactConsumer extends JwsCompactConsumer { - private JwtToken token; - public JwsJwtCompactConsumer(String encodedJws) { - this(encodedJws, null, null); - } - public JwsJwtCompactConsumer(String encodedJws, JwsSignatureProperties props) { - this(encodedJws, props, null); - } - public JwsJwtCompactConsumer(String encodedJws, JwtTokenReader r) { - this(encodedJws, null, r); - } - public JwsJwtCompactConsumer(String encodedJws, JwsSignatureProperties props, JwtTokenReader r) { - super(encodedJws, props, r == null ? new JwtTokenReaderWriter() : r); - } - public JwtTokenJson getDecodedJsonToken() { - return new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload()); - } - public JwtClaims getJwtClaims() { - return getJwtToken().getClaims(); - } - public JwtToken getJwtToken() { - if (token == null) { - token = ((JwtTokenReaderWriter)getReader()).fromJson( - new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload())); - } - return token; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java deleted file mode 100644 index cc227af..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java +++ /dev/null @@ -1,51 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; - -public class JwsJwtCompactProducer extends JwsCompactProducer { - - public JwsJwtCompactProducer(JwtToken token) { - this(token, null); - } - public JwsJwtCompactProducer(JwtClaims claims) { - this(new JwtToken(null, claims), null); - } - public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims) { - this(headers, claims, null); - } - public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims, JwtTokenWriter w) { - this(new JwtToken(headers, claims), w); - } - public JwsJwtCompactProducer(JwtToken token, JwtTokenWriter w) { - super(token.getHeaders(), w, serializeClaims(token.getClaims(), w)); - } - - private static String serializeClaims(JwtClaims claims, JwtTokenWriter writer) { - if (writer == null) { - writer = new JwtTokenReaderWriter(); - } - return writer.claimsToJson(claims); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java deleted file mode 100644 index bfb093f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java +++ /dev/null @@ -1,66 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.nio.ByteBuffer; - -import org.apache.cxf.rs.security.oauth2.utils.Base64UrlUtility; - -public class JwsOutputStream extends FilterOutputStream { - private boolean flushed; - private JwsSignature signature; - public JwsOutputStream(OutputStream out, JwsSignature signature) { - super(out); - this.signature = signature; - } - - @Override - public void write(int value) throws IOException { - byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array(); - write(bytes, 0, bytes.length); - } - - @Override - public void write(byte b[], int off, int len) throws IOException { - try { - signature.update(b, off, len); - } catch (Throwable ex) { - throw new SecurityException(); - } - out.write(b, off, len); - } - @Override - public void flush() throws IOException { - if (flushed) { - return; - } - try { - byte[] finalBytes = signature.sign(); - out.write(new byte[]{'.'}); - Base64UrlUtility.encodeAndStream(finalBytes, 0, finalBytes.length, out); - } catch (Exception ex) { - throw new SecurityException(); - } - flushed = true; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java deleted file mode 100644 index 778b5cb..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - - -public interface JwsSignature { - void update(byte[] src, int off, int len); - byte[] sign(); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProperties.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProperties.java deleted file mode 100644 index e07f559..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProperties.java +++ /dev/null @@ -1,23 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - - -public class JwsSignatureProperties { -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java deleted file mode 100644 index a4d12bf..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public interface JwsSignatureProvider { - String getAlgorithm(); - JwsSignature createJwsSignature(JwtHeaders headers); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java deleted file mode 100644 index ea4a01f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public interface JwsSignatureVerifier { - boolean verify(JwtHeaders headers, String unsignedText, byte[] signature); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java deleted file mode 100644 index 20b2672..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ /dev/null @@ -1,64 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwk.JwkUtils; - -public final class JwsUtils { - private JwsUtils() { - - } - public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) { - return getSignatureProvider(jwk, null); - } - public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) { - String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - JwsSignatureProvider theSigProvider = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk), - rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) - && Algorithm.isHmacSign(rsaSignatureAlgo)) { - theSigProvider = - new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), - rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk), - rsaSignatureAlgo); - } - return theSigProvider; - } - public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) { - String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - JwsSignatureVerifier theVerifier = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toRSAPublicKey(jwk)); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) - && Algorithm.isHmacSign(rsaSignatureAlgo)) { - theVerifier = - new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk)); - } - return theVerifier; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java deleted file mode 100644 index bbd92aa..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ /dev/null @@ -1,92 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; - -public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { - private static final Set SUPPORTED_ALGORITHMS = new HashSet( - Arrays.asList(Algorithm.SHA256withRSA.getJwtName(), - Algorithm.SHA384withRSA.getJwtName(), - Algorithm.SHA512withRSA.getJwtName())); - private PrivateKey key; - private SecureRandom random; - private AlgorithmParameterSpec signatureSpec; - - public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) { - this(key, null, algo); - } - public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) { - this(key, null, spec, algo); - } - public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, - AlgorithmParameterSpec spec, String algo) { - this(key, random, spec, SUPPORTED_ALGORITHMS, algo); - } - protected PrivateKeyJwsSignatureProvider(PrivateKey key, - SecureRandom random, - AlgorithmParameterSpec spec, - Set supportedAlgorithms, - String algo) { - super(supportedAlgorithms, algo); - this.key = key; - this.random = random; - this.signatureSpec = spec; - } - protected JwsSignature doCreateJwsSignature(JwtHeaders headers) { - final Signature s = CryptoUtils.getSignature(key, - Algorithm.toJavaName(headers.getAlgorithm()), - random, - signatureSpec); - return new JwsSignature() { - - @Override - public void update(byte[] src, int off, int len) { - try { - s.update(src, off, len); - } catch (SignatureException ex) { - throw new SecurityException(); - } - } - - @Override - public byte[] sign() { - try { - return s.sign(); - } catch (SignatureException ex) { - throw new SecurityException(); - } - } - - }; - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java deleted file mode 100644 index c4748e0..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.oauth2.utils.crypto.CryptoUtils; - -public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { - private PublicKey key; - private AlgorithmParameterSpec signatureSpec; - public PublicKeyJwsSignatureVerifier(PublicKey key) { - this(key, null); - } - public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec) { - this.key = key; - this.signatureSpec = spec; - } - @Override - public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) { - try { - return CryptoUtils.verifySignature(unsignedText.getBytes("UTF-8"), - signature, - key, - Algorithm.toJavaName(headers.getAlgorithm()), - signatureSpec); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/4640cf1e/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObject.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObject.java b/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObject.java deleted file mode 100644 index e8d45e5..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jwt/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJwtObject.java +++ /dev/null @@ -1,61 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.LinkedHashMap; -import java.util.Map; - -public abstract class AbstractJwtObject { - protected Map values = new LinkedHashMap(); - - protected AbstractJwtObject() { - - } - - protected AbstractJwtObject(Map values) { - this.values = values; - } - - protected void setValue(String name, Object value) { - values.put(name, value); - } - - protected Object getValue(String name) { - return values.get(name); - } - - public Map asMap() { - return new LinkedHashMap(values); - } - - protected Long getLongDate(String name) { - Object object = getValue(name); - return object instanceof Long ? (Long)object : Long.valueOf(object.toString()); - } - - public int hashCode() { - return values.hashCode(); - } - - public boolean equals(Object obj) { - return obj instanceof AbstractJwtObject && ((AbstractJwtObject)obj).values.equals(this.values); - } - -}