cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] git commit: Updating JWE ContentDecryptionAlgorithm to return the algo it actually supports
Date Wed, 22 Oct 2014 16:11:27 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 1ebe682c6 -> e125ae55f


Updating JWE ContentDecryptionAlgorithm to return the algo it actually supports


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29394922
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29394922
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29394922

Branch: refs/heads/master
Commit: 29394922c5d7f51de88dfa125dfa541a3d342e72
Parents: 1ebe682
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Oct 22 17:09:47 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Oct 22 17:09:47 2014 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwa/Algorithm.java     | 34 ++++++++++++--------
 .../jwe/AbstractContentEncryptionAlgorithm.java |  1 +
 ...stractContentEncryptionCipherProperties.java |  9 +++++-
 .../jose/jwe/AesCbcHmacJweDecryption.java       |  7 ++--
 .../jwe/AesGcmContentDecryptionAlgorithm.java   |  9 ++----
 .../jwe/ContentEncryptionCipherProperties.java  |  1 +
 .../jose/jwe/JweCompactReaderWriterTest.java    |  7 ++--
 .../jose/jwe/JwePbeHmacAesWrapTest.java         |  2 +-
 8 files changed, 43 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
index 6c66825..5b15866 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa/Algorithm.java
@@ -91,6 +91,21 @@ public enum Algorithm {
     public static final Set<String> EC_SHA_SIGN_SET = new HashSet<String>(Arrays.asList(JoseConstants.ES_SHA_256_ALGO,
                                                                          JoseConstants.ES_SHA_384_ALGO,
                                                                          JoseConstants.ES_SHA_512_ALGO));
+    public static final Set<String> RSA_OAEP_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.RSA_OAEP_ALGO,
+                                                                               JoseConstants.RSA_OAEP_256_ALGO));
+    public static final Set<String> AES_GCM_CEK_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128GCM_ALGO,
+                                                                                        JoseConstants.A192GCM_ALGO,
+                                                                                        JoseConstants.A256GCM_ALGO));
+    public static final Set<String> AES_GCM_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A192GCMKW_ALGO,
+                                                                                        JoseConstants.A192GCMKW_ALGO,
+                                                                                        JoseConstants.A256GCMKW_ALGO));
+    public static final Set<String> AES_KW_SET = new HashSet<String>(Arrays.asList(JoseConstants.A128KW_ALGO,
+                                                                                        JoseConstants.A192KW_ALGO,
+                                                                                        JoseConstants.A256KW_ALGO));
+    public static final Set<String> ACBC_HS_SET = 
+        new HashSet<String>(Arrays.asList(JoseConstants.A128CBC_HS256_ALGO,
+                                          JoseConstants.A192CBC_HS384_ALGO,
+                                          JoseConstants.A256CBC_HS512_ALGO));
     
     private static final Map<String, String> JAVA_TO_JWT_NAMES;
     private static final Map<String, String> JWT_TO_JAVA_NAMES;
@@ -199,28 +214,19 @@ public enum Algorithm {
         return javaName;
     }
     public static boolean isRsaOaep(String algo) {
-        return JoseConstants.RSA_OAEP_ALGO.equals(algo)
-               || JoseConstants.RSA_OAEP_256_ALGO.equals(algo);
+        return RSA_OAEP_CEK_SET.contains(algo);
     }
     public static boolean isAesKeyWrap(String algo) {
-        return JoseConstants.A128KW_ALGO.equals(algo)
-               || JoseConstants.A192KW_ALGO.equals(algo)
-               || JoseConstants.A256KW_ALGO.equals(algo);
+        return AES_KW_SET.contains(algo);
     }
     public static boolean isAesGcmKeyWrap(String algo) {
-        return JoseConstants.A128GCMKW_ALGO.equals(algo)
-               || JoseConstants.A192GCMKW_ALGO.equals(algo)
-               || JoseConstants.A256GCMKW_ALGO.equals(algo);
+        return AES_GCM_KW_SET.contains(algo);
     }
     public static boolean isAesGcm(String algo) {
-        return JoseConstants.A128GCM_ALGO.equals(algo)
-               || JoseConstants.A192GCM_ALGO.equals(algo)
-               || JoseConstants.A256GCM_ALGO.equals(algo);
+        return AES_GCM_CEK_SET.contains(algo);
     }
     public static boolean isAesCbcHmac(String algo) {
-        return JoseConstants.A128CBC_HS256_ALGO.equals(algo)
-            || JoseConstants.A192CBC_HS384_ALGO.equals(algo)
-            || JoseConstants.A256CBC_HS512_ALGO.equals(algo); 
+        return ACBC_HS_SET.contains(algo); 
     }
     public static boolean isHmacSign(String algo) {
         return HMAC_SIGN_SET.contains(algo); 

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
index 770ee56..5edf9fa 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionAlgorithm.java
@@ -32,6 +32,7 @@ public abstract class AbstractContentEncryptionAlgorithm extends AbstractContent
     private String algorithm;
     
     protected AbstractContentEncryptionAlgorithm(byte[] cek, byte[] iv, String algo) { 
+        super(algo);
         this.cek = cek;
         this.iv = iv;
         if (iv != null && iv.length > 0) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
index bc30979..ca2d6b9 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractContentEncryptionCipherProperties.java
@@ -26,7 +26,10 @@ import org.apache.cxf.common.util.crypto.CryptoUtils;
 public abstract class AbstractContentEncryptionCipherProperties implements ContentEncryptionCipherProperties
{
     private static final int DEFAULT_AUTH_TAG_LENGTH = 128;
     private int authTagLen = DEFAULT_AUTH_TAG_LENGTH;
-    
+    private String algo;
+    public AbstractContentEncryptionCipherProperties(String algo) {
+        this.algo = algo;
+    }
     public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
         return CryptoUtils.getContentEncryptionCipherSpec(getAuthTagLen(), theIv);
     }
@@ -36,4 +39,8 @@ public abstract class AbstractContentEncryptionCipherProperties implements
Conte
     protected int getAuthTagLen() {
         return authTagLen;
     }
+    @Override
+    public String getAlgorithm() {
+        return algo;    
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
index bf110f3..0ef6580 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java
@@ -37,8 +37,8 @@ public class AesCbcHmacJweDecryption extends AbstractJweDecryption {
     public AesCbcHmacJweDecryption(KeyDecryptionAlgorithm keyDecryptionAlgo,
                                    String supportedAlgo,
                                    JoseHeadersReader reader) {
-        super(reader, keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm());
-        this.supportedAlgo = null;
+        super(reader, keyDecryptionAlgo, new AesCbcContentDecryptionAlgorithm(supportedAlgo));
+        this.supportedAlgo = supportedAlgo;
     }
     protected JweDecryptionOutput doDecrypt(JweCompactConsumer consumer, byte[] cek) {
         validateAuthenticationTag(consumer, cek);
@@ -66,6 +66,9 @@ public class AesCbcHmacJweDecryption extends AbstractJweDecryption {
     }
     private static class AesCbcContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
         implements ContentDecryptionAlgorithm {
+        public AesCbcContentDecryptionAlgorithm(String supportedAlgo) {
+            super(supportedAlgo);
+        }
         @Override
         public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] theIv) {
             return new IvParameterSpec(theIv);

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
index 70b3a00..f1f3388 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesGcmContentDecryptionAlgorithm.java
@@ -24,19 +24,14 @@ import org.apache.cxf.rs.security.jose.jwa.Algorithm;
 
 public class AesGcmContentDecryptionAlgorithm extends AbstractContentEncryptionCipherProperties
     implements ContentDecryptionAlgorithm {
-    private String supportedAlgo; 
-    public AesGcmContentDecryptionAlgorithm() {
-        this(null);
-    }
     public AesGcmContentDecryptionAlgorithm(String supportedAlgo) {
-        this.supportedAlgo = supportedAlgo;
+        super(supportedAlgo);
     }
 
     @Override
     public byte[] getEncryptedSequence(JweHeaders headers, byte[] cipher, byte[] authTag)
{
         String algo = headers.getContentEncryptionAlgorithm();
-        if (!Algorithm.isAesGcm(algo)
-            || supportedAlgo != null && !supportedAlgo.equals(algo)) {
+        if (!Algorithm.isAesGcm(algo) || !getAlgorithm().equals(algo)) {
             throw new SecurityException();
         }
         return JweCompactConsumer.getCipherWithAuthTag(cipher, authTag);

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
index 54da6fd..14ea8f3 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/ContentEncryptionCipherProperties.java
@@ -24,4 +24,5 @@ import java.security.spec.AlgorithmParameterSpec;
 public interface ContentEncryptionCipherProperties {
     byte[] getAdditionalAuthenticationData(String headersJson);
     AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] iv);
+    String getAlgorithm();
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
index b62dc87..c88c5e4 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java
@@ -188,13 +188,16 @@ public class JweCompactReaderWriterTest extends Assert {
     private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception
{
         RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, 
                                                                 RSA_PRIVATE_EXPONENT_ENCODED_A1);
+        String algo = Cipher.getMaxAllowedKeyLength("AES") > 128 
+            ? JoseConstants.A256GCM_ALGO : JoseConstants.A128GCM_ALGO; 
         JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey),
-                                                                      new AesGcmContentDecryptionAlgorithm());
+                                              new AesGcmContentDecryptionAlgorithm(algo));
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);
     }
     private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws
Exception {
-        DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key, new AesGcmContentDecryptionAlgorithm());
+        DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key, 
+                                               new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO));
         String decryptedText = decryptor.decrypt(jweContent).getContentText();
         assertEquals(decryptedText, plainContent);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/29394922/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
index 05d53c2..e21cde0 100644
--- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
+++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java
@@ -71,7 +71,7 @@ public class JwePbeHmacAesWrapTest extends Assert {
         String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null);
         PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password);
         JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, 
-                                                                       new AesGcmContentDecryptionAlgorithm());
+                                               new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO));
         String decryptedText = decryption.decrypt(jweContent).getContentText();
         assertEquals(specPlainText, decryptedText);
         


Mime
View raw message