Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6D46617718 for ; Mon, 6 Oct 2014 17:30:39 +0000 (UTC) Received: (qmail 94814 invoked by uid 500); 6 Oct 2014 17:30:39 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 94715 invoked by uid 500); 6 Oct 2014 17:30:39 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 94601 invoked by uid 99); 6 Oct 2014 17:30:39 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Oct 2014 17:30:39 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id E32EC3209E9; Mon, 6 Oct 2014 17:30:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Date: Mon, 06 Oct 2014 17:30:39 -0000 Message-Id: <51d31f46e6e147ad830c1b533b0c3065@git.apache.org> In-Reply-To: <01e3166248e64ac5b089b7cbcfecc67a@git.apache.org> References: <01e3166248e64ac5b089b7cbcfecc67a@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [02/10] [CXF-5944] Finalizing the current round of refactorings with introducing a dedicated rt rs security module, idea from Luigi Lo Iacono http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java deleted file mode 100644 index b3d0cbb..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java +++ /dev/null @@ -1,119 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.io.UnsupportedEncodingException; - -import org.apache.cxf.common.util.Base64Exception; -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.JoseHeadersReader; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; - -public class JwsCompactConsumer { - private JoseHeadersReader reader = new JoseHeadersReaderWriter(); - private String encodedSequence; - private String encodedSignature; - private String headersJson; - private String jwsPayload; - public JwsCompactConsumer(String encodedJws) { - this(encodedJws, null); - } - public JwsCompactConsumer(String encodedJws, JoseHeadersReader r) { - if (r != null) { - this.reader = r; - } - String[] parts = encodedJws.split("\\."); - if (parts.length != 3) { - if (parts.length == 2 && encodedJws.endsWith(".")) { - encodedSignature = ""; - } else { - throw new OAuthServiceException("Invalid JWS Compact sequence"); - } - } else { - encodedSignature = parts[2]; - } - headersJson = decodeToString(parts[0]); - jwsPayload = decodeToString(parts[1]); - encodedSequence = parts[0] + "." + parts[1]; - - } - public String getUnsignedEncodedPayload() { - return encodedSequence; - } - public String getEncodedSignature() { - return encodedSignature; - } - public String getDecodedJsonHeaders() { - return headersJson; - } - public String getDecodedJwsPayload() { - return jwsPayload; - } - public byte[] getDecodedJwsPayloadBytes() { - try { - return jwsPayload.getBytes("UTF-8"); - } catch (UnsupportedEncodingException ex) { - throw new SecurityException(ex); - } - } - public byte[] getDecodedSignature() { - return encodedSignature.isEmpty() ? new byte[]{} : decode(encodedSignature); - } - public JwsHeaders getJwsHeaders() { - JoseHeaders joseHeaders = reader.fromJsonHeaders(headersJson); - if (joseHeaders.getHeaderUpdateCount() != null) { - throw new SecurityException(); - } - return new JwsHeaders(joseHeaders); - } - public boolean verifySignatureWith(JwsSignatureVerifier validator) { - try { - if (validator.verify(getJwsHeaders(), getUnsignedEncodedPayload(), getDecodedSignature())) { - return true; - } - } catch (SecurityException ex) { - // ignore - } - return false; - } - public boolean verifySignatureWith(JsonWebKey key) { - return verifySignatureWith(JwsUtils.getSignatureVerifier(key)); - } - private static String decodeToString(String encoded) { - try { - return new String(decode(encoded), "UTF-8"); - } catch (UnsupportedEncodingException ex) { - throw new SecurityException(ex); - } - - } - protected JoseHeadersReader getReader() { - return reader; - } - private static byte[] decode(String encoded) { - try { - return Base64UrlUtility.decode(encoded); - } catch (Base64Exception ex) { - throw new SecurityException(ex); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java deleted file mode 100644 index 307cf26..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; -import org.apache.cxf.rs.security.jose.JoseHeadersWriter; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; - -public class JwsCompactProducer { - private JoseHeadersWriter writer = new JoseHeadersReaderWriter(); - private JwsHeaders headers; - private String plainJwsPayload; - private String signature; - private String plainRep; - - public JwsCompactProducer(String plainJwsPayload) { - this(null, null, plainJwsPayload); - } - public JwsCompactProducer(JwsHeaders headers, String plainJwsPayload) { - this(headers, null, plainJwsPayload); - } - public JwsCompactProducer(JwsHeaders headers, JoseHeadersWriter w, String plainJwsPayload) { - this.headers = headers; - if (w != null) { - this.writer = w; - } - this.plainJwsPayload = plainJwsPayload; - } - public JwsHeaders getHeaders() { - if (headers == null) { - headers = new JwsHeaders(); - } - return headers; - } - public String getUnsignedEncodedJws() { - checkAlgorithm(); - if (plainRep == null) { - plainRep = Base64UrlUtility.encode(writer.headersToJson(getHeaders())) - + "." - + Base64UrlUtility.encode(plainJwsPayload); - } - return plainRep; - } - - public String getSignedEncodedJws() { - checkAlgorithm(); - boolean noSignature = StringUtils.isEmpty(signature); - if (noSignature && !isPlainText()) { - throw new IllegalStateException("Signature is not available"); - } - return getUnsignedEncodedJws() + "." + (noSignature ? "" : signature); - } - - public String signWith(JsonWebKey jwk) { - return signWith(JwsUtils.getSignatureProvider(jwk)); - } - - public String signWith(JwsSignatureProvider signer) { - JwsSignature worker = signer.createJwsSignature(getHeaders()); - try { - byte[] bytes = getUnsignedEncodedJws().getBytes("UTF-8"); - worker.update(bytes, 0, bytes.length); - signWith(worker.sign()); - return getSignedEncodedJws(); - } catch (Exception ex) { - throw new SecurityException(); - } - } - - public String signWith(String signatureText) { - setEncodedSignature(Base64UrlUtility.encode(signatureText)); - return getSignedEncodedJws(); - } - - public String signWith(byte[] signatureOctets) { - setEncodedSignature(Base64UrlUtility.encode(signatureOctets)); - return getSignedEncodedJws(); - } - - private void setEncodedSignature(String sig) { - this.signature = sig; - } - private boolean isPlainText() { - return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm()); - } - private String getAlgorithm() { - return getHeaders().getAlgorithm(); - } - private void checkAlgorithm() { - if (getAlgorithm() == null) { - throw new IllegalStateException("Algorithm header is not set"); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java deleted file mode 100644 index 8ef08a6..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsHeaders.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.util.Map; - -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public class JwsHeaders extends JwtHeaders { - public JwsHeaders() { - } - - public JwsHeaders(JoseHeaders headers) { - super(headers.asMap()); - } - - public JwsHeaders(Map values) { - super(values); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java deleted file mode 100644 index 61138af..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactConsumer.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenJson; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReader; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; - -public class JwsJwtCompactConsumer extends JwsCompactConsumer { - private JwtToken token; - public JwsJwtCompactConsumer(String encodedJws) { - this(encodedJws, null); - } - public JwsJwtCompactConsumer(String encodedJws, JwtTokenReader r) { - super(encodedJws, r == null ? new JwtTokenReaderWriter() : r); - } - public JwtTokenJson getDecodedJsonToken() { - return new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload()); - } - public JwtClaims getJwtClaims() { - return getJwtToken().getClaims(); - } - public JwtToken getJwtToken() { - if (token == null) { - token = ((JwtTokenReaderWriter)getReader()).fromJson( - new JwtTokenJson(getDecodedJsonHeaders(), getDecodedJwsPayload())); - } - return token; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java deleted file mode 100644 index 19c194d..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java +++ /dev/null @@ -1,51 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; -import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter; -import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter; - -public class JwsJwtCompactProducer extends JwsCompactProducer { - - public JwsJwtCompactProducer(JwtToken token) { - this(token, null); - } - public JwsJwtCompactProducer(JwtClaims claims) { - this(new JwtToken(null, claims), null); - } - public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims) { - this(headers, claims, null); - } - public JwsJwtCompactProducer(JwtHeaders headers, JwtClaims claims, JwtTokenWriter w) { - this(new JwtToken(headers, claims), w); - } - public JwsJwtCompactProducer(JwtToken token, JwtTokenWriter w) { - super(new JwsHeaders(token.getHeaders().asMap()), w, serializeClaims(token.getClaims(), w)); - } - - private static String serializeClaims(JwtClaims claims, JwtTokenWriter writer) { - if (writer == null) { - writer = new JwtTokenReaderWriter(); - } - return writer.claimsToJson(claims); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java deleted file mode 100644 index f10f30c..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsOutputStream.java +++ /dev/null @@ -1,66 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.nio.ByteBuffer; - -import org.apache.cxf.common.util.Base64UrlUtility; - -public class JwsOutputStream extends FilterOutputStream { - private boolean flushed; - private JwsSignature signature; - public JwsOutputStream(OutputStream out, JwsSignature signature) { - super(out); - this.signature = signature; - } - - @Override - public void write(int value) throws IOException { - byte[] bytes = ByteBuffer.allocate(Integer.SIZE / 8).putInt(value).array(); - write(bytes, 0, bytes.length); - } - - @Override - public void write(byte b[], int off, int len) throws IOException { - try { - signature.update(b, off, len); - } catch (Throwable ex) { - throw new SecurityException(); - } - out.write(b, off, len); - } - @Override - public void flush() throws IOException { - if (flushed) { - return; - } - try { - byte[] finalBytes = signature.sign(); - out.write(new byte[]{'.'}); - Base64UrlUtility.encodeAndStream(finalBytes, 0, finalBytes.length, out); - } catch (Exception ex) { - throw new SecurityException(); - } - flushed = true; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java deleted file mode 100644 index 778b5cb..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignature.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - - -public interface JwsSignature { - void update(byte[] src, int off, int len); - byte[] sign(); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java deleted file mode 100644 index 010c62e..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - - -public interface JwsSignatureProvider { - String getAlgorithm(); - JwsSignature createJwsSignature(JwsHeaders headers); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java deleted file mode 100644 index ea4a01f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public interface JwsSignatureVerifier { - boolean verify(JwtHeaders headers, String unsignedText, byte[] signature); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java deleted file mode 100644 index 08c59c1..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ /dev/null @@ -1,67 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; -import org.apache.cxf.rs.security.jose.jwk.JwkUtils; - -public final class JwsUtils { - private JwsUtils() { - - } - public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk) { - return getSignatureProvider(jwk, null); - } - public static JwsSignatureProvider getSignatureProvider(JsonWebKey jwk, String defaultAlgorithm) { - String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - JwsSignatureProvider theSigProvider = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - theSigProvider = new PrivateKeyJwsSignatureProvider(JwkUtils.toRSAPrivateKey(jwk), - rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) - && Algorithm.isHmacSign(rsaSignatureAlgo)) { - theSigProvider = - new HmacJwsSignatureProvider((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), - rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk), - rsaSignatureAlgo); - } - return theSigProvider; - } - public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk) { - return getSignatureVerifier(jwk, null); - } - public static JwsSignatureVerifier getSignatureVerifier(JsonWebKey jwk, String defaultAlgorithm) { - String rsaSignatureAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - JwsSignatureVerifier theVerifier = null; - if (JsonWebKey.KEY_TYPE_RSA.equals(jwk.getKeyType())) { - theVerifier = new PublicKeyJwsSignatureVerifier(JwkUtils.toRSAPublicKey(jwk), rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType()) - && Algorithm.isHmacSign(rsaSignatureAlgo)) { - theVerifier = - new HmacJwsSignatureVerifier((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE), rsaSignatureAlgo); - } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), rsaSignatureAlgo); - } - return theVerifier; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java deleted file mode 100644 index c2f5a6a..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ /dev/null @@ -1,87 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; - -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; - -public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { - private PrivateKey key; - private SecureRandom random; - private AlgorithmParameterSpec signatureSpec; - - public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) { - this(key, null, algo); - } - public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) { - this(key, null, spec, algo); - } - public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, - AlgorithmParameterSpec spec, String algo) { - super(algo); - this.key = key; - this.random = random; - this.signatureSpec = spec; - } - protected JwsSignature doCreateJwsSignature(JwsHeaders headers) { - final Signature s = CryptoUtils.getSignature(key, - Algorithm.toJavaName(headers.getAlgorithm()), - random, - signatureSpec); - return new JwsSignature() { - - @Override - public void update(byte[] src, int off, int len) { - try { - s.update(src, off, len); - } catch (SignatureException ex) { - throw new SecurityException(); - } - } - - @Override - public byte[] sign() { - try { - return s.sign(); - } catch (SignatureException ex) { - throw new SecurityException(); - } - } - - }; - } - @Override - protected void checkAlgorithm(String algo) { - super.checkAlgorithm(algo); - if (!isValidAlgorithmFamily(algo)) { - throw new SecurityException(); - } - } - - protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isRsaShaSign(algo); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java deleted file mode 100644 index d485256..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ /dev/null @@ -1,68 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jws; - -import java.security.PublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwt.JwtHeaders; - -public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { - private PublicKey key; - private AlgorithmParameterSpec signatureSpec; - private String supportedAlgo; - - public PublicKeyJwsSignatureVerifier(PublicKey key) { - this(key, null); - } - public PublicKeyJwsSignatureVerifier(PublicKey key, String supportedAlgorithm) { - this(key, null, supportedAlgorithm); - } - public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) { - this.key = key; - this.signatureSpec = spec; - this.supportedAlgo = supportedAlgo; - } - @Override - public boolean verify(JwtHeaders headers, String unsignedText, byte[] signature) { - try { - return CryptoUtils.verifySignature(unsignedText.getBytes("UTF-8"), - signature, - key, - Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())), - signatureSpec); - } catch (Exception ex) { - throw new SecurityException(ex); - } - } - protected String checkAlgorithm(String algo) { - if (algo == null - || !isValidAlgorithmFamily(algo) - || supportedAlgo != null && !supportedAlgo.equals(algo)) { - throw new SecurityException(); - } - return algo; - } - protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isRsaShaSign(algo); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java deleted file mode 100644 index 8944e07..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java +++ /dev/null @@ -1,102 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.Map; - -import org.apache.cxf.rs.security.jose.AbstractJoseObject; - - - - -public class JwtClaims extends AbstractJoseObject { - - public JwtClaims() { - } - - public JwtClaims(Map values) { - super(values); - } - - public void setIssuer(String issuer) { - setClaim(JwtConstants.CLAIM_ISSUER, issuer); - } - - public String getIssuer() { - return (String)getValue(JwtConstants.CLAIM_ISSUER); - } - - public void setSubject(String subject) { - setClaim(JwtConstants.CLAIM_SUBJECT, subject); - } - - public String getSubject() { - return (String)getClaim(JwtConstants.CLAIM_SUBJECT); - } - - public void setAudience(String audience) { - setClaim(JwtConstants.CLAIM_AUDIENCE, audience); - } - - public String getAudience() { - return (String)getClaim(JwtConstants.CLAIM_AUDIENCE); - } - - public void setExpiryTime(Long expiresIn) { - setClaim(JwtConstants.CLAIM_EXPIRY, expiresIn); - } - - public Long getExpiryTime() { - return getLongDate(JwtConstants.CLAIM_EXPIRY); - } - - public void setNotBefore(Long notBefore) { - setClaim(JwtConstants.CLAIM_NOT_BEFORE, notBefore); - } - - public Long getNotBefore() { - return getLongDate(JwtConstants.CLAIM_NOT_BEFORE); - } - - public void setIssuedAt(Long issuedAt) { - setClaim(JwtConstants.CLAIM_ISSUED_AT, issuedAt); - } - - public Long getIssuedAt() { - return getLongDate(JwtConstants.CLAIM_ISSUED_AT); - } - - public void setTokenId(String id) { - setValue(JwtConstants.CLAIM_JWT_ID, id); - } - - public String getTokenId() { - return (String)getClaim(JwtConstants.CLAIM_JWT_ID); - } - - public JwtClaims setClaim(String name, Object value) { - setValue(name, value); - return this; - } - - public Object getClaim(String name) { - return getValue(name); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java deleted file mode 100644 index 2f23e2c..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -public final class JwtConstants { - - public static final String CLAIM_ISSUER = "iss"; - public static final String CLAIM_SUBJECT = "sub"; - public static final String CLAIM_AUDIENCE = "aud"; - public static final String CLAIM_EXPIRY = "exp"; - public static final String CLAIM_NOT_BEFORE = "nbf"; - public static final String CLAIM_ISSUED_AT = "iat"; - public static final String CLAIM_JWT_ID = "jti"; - - - private JwtConstants() { - - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java deleted file mode 100644 index e4a1891..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtHeaders.java +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.rs.security.jose.jwt; - -import java.util.Map; - -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; - -public class JwtHeaders extends JoseHeaders { - - public JwtHeaders() { - } - - public JwtHeaders(String algorithm) { - init(algorithm); - } - - public JwtHeaders(Algorithm algo) { - init(algo.getJwtName()); - } - - public JwtHeaders(Map values) { - super(values); - } - - public JwtHeaders(JoseHeaders headers) { - super(headers.asMap()); - } - - private void init(String algo) { - setType(JoseConstants.TYPE_JWT); - setAlgorithm(algo); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java deleted file mode 100644 index 630813c..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtToken.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public class JwtToken { - private JwtHeaders headers; - private JwtClaims claims; - public JwtToken(JwtHeaders headers, JwtClaims claims) { - this.headers = headers; - this.claims = claims; - } - public JwtHeaders getHeaders() { - return headers; - } - public JwtClaims getClaims() { - return claims; - } - public int hashCode() { - return headers.hashCode() + 37 * claims.hashCode(); - } - - public boolean equals(Object obj) { - return obj instanceof JwtToken - && ((JwtToken)obj).headers.equals(this.headers) - && ((JwtToken)obj).claims.equals(this.claims); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java deleted file mode 100644 index e8e79f0..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenJson.java +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - - - -public class JwtTokenJson { - private String headersJson; - private String claimsJson; - public JwtTokenJson(String headersJson, String claimsJson) { - this.headersJson = headersJson; - this.claimsJson = claimsJson; - } - public String getHeadersJson() { - return headersJson; - } - public String getClaimsJson() { - return claimsJson; - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java deleted file mode 100644 index 09a6a5d..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReader.java +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - -import org.apache.cxf.rs.security.jose.JoseHeadersReader; - - -public interface JwtTokenReader extends JoseHeadersReader { - JwtClaims fromJsonClaims(String jsonClaims); - JwtToken fromJson(JwtTokenJson jsonPair); -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java deleted file mode 100644 index d3e7db4..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenReaderWriter.java +++ /dev/null @@ -1,64 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - -import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; - - - - -public class JwtTokenReaderWriter extends JoseHeadersReaderWriter - implements JwtTokenReader, JwtTokenWriter { - - - @Override - public String claimsToJson(JwtClaims claims) { - return toJson(claims); - } - - @Override - public JwtTokenJson tokenToJson(JwtToken token) { - return new JwtTokenJson(toJson(token.getHeaders()), - toJson(token.getClaims())); - } - - @Override - public JwtClaims fromJsonClaims(String claimsJson) { - JwtClaims claims = new JwtClaims(); - fromJsonInternal(claims, claimsJson); - return claims; - - } - - private JwtToken fromJson(String headersJson, String claimsJson) { - JwtHeaders headers = fromJsonHeaders(headersJson); - JwtClaims claims = fromJsonClaims(claimsJson); - return new JwtToken(headers, claims); - } - - @Override - public JwtToken fromJson(JwtTokenJson pair) { - return fromJson(pair.getHeadersJson(), pair.getClaimsJson()); - } - - @Override - public JwtHeaders fromJsonHeaders(String jsonHeaders) { - return new JwtHeaders(super.fromJsonHeaders(jsonHeaders)); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java deleted file mode 100644 index a2bd02f..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtTokenWriter.java +++ /dev/null @@ -1,30 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwt; - -import org.apache.cxf.rs.security.jose.JoseHeadersWriter; - - - -public interface JwtTokenWriter extends JoseHeadersWriter { - - String claimsToJson(JwtClaims claims); - JwtTokenJson tokenToJson(JwtToken token); - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java deleted file mode 100644 index b62dc87..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ /dev/null @@ -1,211 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import java.security.Security; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; - -import org.apache.cxf.common.util.Base64UrlUtility; -import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -public class JweCompactReaderWriterTest extends Assert { - // A1 example - private static final byte[] CONTENT_ENCRYPTION_KEY_A1 = { - (byte)177, (byte)161, (byte)244, (byte)128, 84, (byte)143, (byte)225, - 115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246, - (byte)138, 7, 110, 91, 112, 46, 34, 105, 47, - (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252}; - private static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" - + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" - + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" - + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" - + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" - + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"; - private static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB"; - private static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = - "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" - + "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" - + "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" - + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" - + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" - + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"; - - private static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219, - (byte)233, 68, (byte)180, (byte)225, 77, (byte)219}; - - // A3 example - private static final byte[] CONTENT_ENCRYPTION_KEY_A3 = { - 4, (byte)211, 31, (byte)197, 84, (byte)157, (byte)252, (byte)254, 11, 100, - (byte)157, (byte)250, 63, (byte)170, 106, (byte)206, 107, 124, (byte)212, - 45, 111, 107, 9, (byte)219, (byte)200, (byte)177, 0, (byte)240, (byte)143, - (byte)156, 44, (byte)207}; - private static final byte[] INIT_VECTOR_A3 = { - 3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101}; - private static final String KEY_ENCRYPTION_KEY_A3 = "GawgguFyGrWKav7AX4VKUg"; - private static final String JWE_OUTPUT_A3 = - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" - + ".6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ" - + ".AxY8DCtDaGlsbGljb3RoZQ" - + ".KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" - + ".U0m_YmjN04DJvceFICbCVQ"; - - @BeforeClass - public static void registerBouncyCastleIfNeeded() throws Exception { - try { - // Java 8 apparently has it - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); - } catch (Throwable t) { - // Oracle Java 7 - Security.addProvider(new BouncyCastleProvider()); - } - } - @AfterClass - public static void unregisterBouncyCastleIfNeeded() throws Exception { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - - @Test - public void testEncryptDecryptAesWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(Algorithm.A128KW.getJwtName()); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - - byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); - - AesWrapKeyEncryptionAlgorithm keyEncryption = - new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, - CONTENT_ENCRYPTION_KEY_A3, - INIT_VECTOR_A3, - keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - assertEquals(JWE_OUTPUT_A3, jweContent); - - AesWrapKeyDecryptionAlgorithm keyDecryption = new AesWrapKeyDecryptionAlgorithm(cekEncryptionKey); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - } - @Test - public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JoseConstants.A128GCMKW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - - byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); - - AesGcmWrapKeyEncryptionAlgorithm keyEncryption = - new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JoseConstants.A128GCMKW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, - CONTENT_ENCRYPTION_KEY_A3, - INIT_VECTOR_A3, - keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - - AesGcmWrapKeyDecryptionAlgorithm keyDecryption = new AesGcmWrapKeyDecryptionAlgorithm(cekEncryptionKey); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - } - - @Test - public void testEncryptDecryptSpecExample() throws Exception { - final String specPlainText = "The true sign of intelligence is not knowledge but imagination."; - String jweContent = encryptContent(specPlainText, true); - - decrypt(jweContent, specPlainText, true); - } - - @Test - public void testDirectKeyEncryptDecrypt() throws Exception { - final String specPlainText = "The true sign of intelligence is not knowledge but imagination."; - SecretKey key = createSecretKey(true); - String jweContent = encryptContentDirect(key, specPlainText); - - decryptDirect(key, jweContent, specPlainText); - } - - @Test - public void testEncryptDecryptJwsToken() throws Exception { - String jweContent = encryptContent(JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false); - decrypt(jweContent, JwsCompactReaderWriterTest.ENCODED_TOKEN_SIGNED_BY_MAC, false); - } - - private String encryptContent(String content, boolean createIfException) throws Exception { - RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, - RSA_PUBLIC_EXPONENT_ENCODED_A1); - SecretKey key = createSecretKey(createIfException); - String jwtKeyName = null; - if (key == null) { - // the encryptor will generate it - jwtKeyName = Algorithm.A128GCM.getJwtName(); - } else { - jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8); - } - KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAOaepKeyEncryptionAlgorithm(publicKey, - Algorithm.RSA_OAEP.getJwtName()); - ContentEncryptionAlgorithm contentEncryptionAlgo = - new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName); - JweEncryptionProvider encryptor = new WrappedKeyJweEncryption(keyEncryptionAlgo, contentEncryptionAlgo); - return encryptor.encrypt(content.getBytes("UTF-8"), null); - } - private String encryptContentDirect(SecretKey key, String content) throws Exception { - DirectKeyJweEncryption encryptor = new DirectKeyJweEncryption( - new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, JoseConstants.A128GCM_ALGO)); - return encryptor.encrypt(content.getBytes("UTF-8"), null); - } - private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception { - RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, - RSA_PRIVATE_EXPONENT_ENCODED_A1); - JweDecryptionProvider decryptor = new WrappedKeyJweDecryption(new RSAOaepKeyDecryptionAlgorithm(privateKey), - new AesGcmContentDecryptionAlgorithm()); - String decryptedText = decryptor.decrypt(jweContent).getContentText(); - assertEquals(decryptedText, plainContent); - } - private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception { - DirectKeyJweDecryption decryptor = new DirectKeyJweDecryption(key, new AesGcmContentDecryptionAlgorithm()); - String decryptedText = decryptor.decrypt(jweContent).getContentText(); - assertEquals(decryptedText, plainContent); - } - private SecretKey createSecretKey(boolean createIfException) throws Exception { - SecretKey key = null; - if (Cipher.getMaxAllowedKeyLength("AES") > 128) { - key = CryptoUtils.createSecretKeySpec(CONTENT_ENCRYPTION_KEY_A1, "AES"); - } else if (createIfException) { - key = CryptoUtils.createSecretKeySpec(CryptoUtils.generateSecureRandomBytes(128 / 8), "AES"); - } - return key; - } -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java deleted file mode 100644 index 05d53c2..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java +++ /dev/null @@ -1,80 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwe; - -import java.security.Security; - -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -public class JwePbeHmacAesWrapTest extends Assert { - @Before - public void registerBouncyCastleIfNeeded() throws Exception { - Security.addProvider(new BouncyCastleProvider()); - } - @After - public void unregisterBouncyCastleIfNeeded() throws Exception { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - @Test - public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128CBC_HS256.getJwtName()); - final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(headers, keyEncryption); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - - PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); - JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - - } - @Test - public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception { - final String specPlainText = "Live long and prosper."; - JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()); - final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = new WrappedKeyJweEncryption(headers, - keyEncryption, - new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName())); - String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); - PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); - JweDecryptionProvider decryption = new WrappedKeyJweDecryption(keyDecryption, - new AesGcmContentDecryptionAlgorithm()); - String decryptedText = decryption.decrypt(jweContent).getContentText(); - assertEquals(specPlainText, decryptedText); - - } -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java deleted file mode 100644 index eb660ae..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ /dev/null @@ -1,222 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.jose.jwk; - -import java.io.InputStream; -import java.security.Security; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; -import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import org.junit.Assert; -import org.junit.Test; - -public class JsonWebKeyTest extends Assert { - private static final String RSA_MODULUS_VALUE = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" - + "VT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf" - + "0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt" - + "-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; - private static final String RSA_PUBLIC_EXP_VALUE = "AQAB"; - private static final String RSA_PRIVATE_EXP_VALUE = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7d" - + "x5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ4" - + "6pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66" - + "jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; - private static final String RSA_FIRST_PRIME_FACTOR_VALUE = "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQ" - + "BQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9" - + "RzzOGVQzXvNEvn7O0nVbfs"; - private static final String RSA_SECOND_PRIME_FACTOR_VALUE = "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3" - + "vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfA" - + "ITAG9LUnADun4vIcb6yelxk"; - private static final String RSA_FIRST_PRIME_CRT_VALUE = "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0o" - + "imYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUm" - + "s6rY3Ob8YeiKkTiBj0"; - private static final String RSA_SECOND_PRIME_CRT_VALUE = "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6hu" - + "UUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvW" - + "rX-L18txXw494Q_cgk"; - private static final String RSA_FIRST_CRT_COEFFICIENT_VALUE = "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfm" - + "t0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKF" - + "YItdldUKGzO6Ia6zTKhAVRU"; - private static final String RSA_KID_VALUE = "2011-04-29"; - private static final String EC_CURVE_VALUE = JsonWebKey.EC_CURVE_P256; - private static final String EC_X_COORDINATE_VALUE = "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4"; - private static final String EC_Y_COORDINATE_VALUE = "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM"; - private static final String EC_PRIVATE_KEY_VALUE = "870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"; - private static final String EC_KID_VALUE = "1"; - private static final String AES_SECRET_VALUE = "GawgguFyGrWKav7AX4VKUg"; - private static final String AES_KID_VALUE = "AesWrapKey"; - private static final String HMAC_SECRET_VALUE = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3" - + "Yj0iPS4hcgUuTwjAzZr1Z9CAow"; - private static final String HMAC_KID_VALUE = "HMACKey"; - - @Test - public void testPublicSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - List keys = jwks.getKeys(); - assertEquals(2, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - } - - @Test - public void testPublicSetAsMap() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPublicSet.txt"); - Map keysMap = jwks.getKeyIdMap(); - assertEquals(2, keysMap.size()); - - JsonWebKey rsaKey = keysMap.get(RSA_KID_VALUE); - assertEquals(5, rsaKey.asMap().size()); - validatePublicRsaKey(rsaKey); - JsonWebKey ecKey = keysMap.get(EC_KID_VALUE); - assertEquals(6, ecKey.asMap().size()); - validatePublicEcKey(ecKey); - } - - @Test - public void testPrivateSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - } - private void validatePrivateSet(JsonWebKeys jwks) throws Exception { - List keys = jwks.getKeys(); - assertEquals(2, keys.size()); - - JsonWebKey ecKey = keys.get(0); - assertEquals(7, ecKey.asMap().size()); - validatePrivateEcKey(ecKey); - JsonWebKey rsaKey = keys.get(1); - assertEquals(11, rsaKey.asMap().size()); - validatePrivateRsaKey(rsaKey); - } - @Test - public void testEncryptDecryptPrivateSet() throws Exception { - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKeys jwks = readKeySet("jwkPrivateSet.txt"); - validatePrivateSet(jwks); - String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, "password".toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet); - assertEquals("jwk-set+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwks = JwkUtils.decryptJwkSet(encryptedKeySet, "password".toCharArray()); - validatePrivateSet(jwks); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - @Test - public void testEncryptDecryptPrivateKey() throws Exception { - final String key = "{\"kty\":\"oct\"," - + "\"alg\":\"A128KW\"," - + "\"k\":\"GawgguFyGrWKav7AX4VKUg\"," - + "\"kid\":\"AesWrapKey\"}"; - Security.addProvider(new BouncyCastleProvider()); - try { - JsonWebKey jwk = readKey(key); - validateSecretAesKey(jwk); - String encryptedKey = JwkUtils.encryptJwkKey(jwk, "password".toCharArray()); - JweCompactConsumer c = new JweCompactConsumer(encryptedKey); - assertEquals("jwk+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); - assertNotNull(c.getJweHeaders().getHeader("p2s")); - assertNotNull(c.getJweHeaders().getHeader("p2c")); - jwk = JwkUtils.decryptJwkKey(encryptedKey, "password".toCharArray()); - validateSecretAesKey(jwk); - } finally { - Security.removeProvider(BouncyCastleProvider.class.getName()); - } - } - - @Test - public void testSecretSetAsList() throws Exception { - JsonWebKeys jwks = readKeySet("jwkSecretSet.txt"); - List keys = jwks.getKeys(); - assertEquals(2, keys.size()); - JsonWebKey aesKey = keys.get(0); - assertEquals(4, aesKey.asMap().size()); - validateSecretAesKey(aesKey); - JsonWebKey hmacKey = keys.get(1); - assertEquals(4, hmacKey.asMap().size()); - validateSecretHmacKey(hmacKey); - } - - private void validateSecretAesKey(JsonWebKey key) { - assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(AES_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.A128KW_ALGO, key.getAlgorithm()); - } - private void validateSecretHmacKey(JsonWebKey key) { - assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); - assertEquals(HMAC_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm()); - } - - private void validatePublicRsaKey(JsonWebKey key) { - assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); - assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); - assertEquals(RSA_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); - assertEquals(JoseConstants.RS_SHA_256_ALGO, key.getAlgorithm()); - } - private void validatePrivateRsaKey(JsonWebKey key) { - validatePublicRsaKey(key); - assertEquals(RSA_PRIVATE_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PRIVATE_EXP)); - assertEquals(RSA_FIRST_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_FACTOR)); - assertEquals(RSA_SECOND_PRIME_FACTOR_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_FACTOR)); - assertEquals(RSA_FIRST_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_PRIME_CRT)); - assertEquals(RSA_SECOND_PRIME_CRT_VALUE, key.getProperty(JsonWebKey.RSA_SECOND_PRIME_CRT)); - assertEquals(RSA_FIRST_CRT_COEFFICIENT_VALUE, key.getProperty(JsonWebKey.RSA_FIRST_CRT_COEFFICIENT)); - } - private void validatePublicEcKey(JsonWebKey key) { - assertEquals(EC_X_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_X_COORDINATE)); - assertEquals(EC_Y_COORDINATE_VALUE, key.getProperty(JsonWebKey.EC_Y_COORDINATE)); - assertEquals(EC_KID_VALUE, key.getKid()); - assertEquals(JsonWebKey.KEY_TYPE_ELLIPTIC, key.getKeyType()); - assertEquals(EC_CURVE_VALUE, key.getProperty(JsonWebKey.EC_CURVE)); - assertEquals(JsonWebKey.PUBLIC_KEY_USE_ENCRYPT, key.getPublicKeyUse()); - } - private void validatePrivateEcKey(JsonWebKey key) { - validatePublicEcKey(key); - assertEquals(EC_PRIVATE_KEY_VALUE, key.getProperty(JsonWebKey.EC_PRIVATE_KEY)); - } - - public JsonWebKeys readKeySet(String fileName) throws Exception { - InputStream is = JsonWebKeyTest.class.getResourceAsStream(fileName); - String s = IOUtils.readStringFromStream(is); - return JwkUtils.readJwkSet(s); - } - public JsonWebKey readKey(String key) throws Exception { - return JwkUtils.readJwkKey(key); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt deleted file mode 100644 index cb30c04..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPrivateSet.txt +++ /dev/null @@ -1,23 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n":"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "d":"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q", - "p":"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs", - "q":"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk", - "dp":"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0", - "dq":"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk", - "qi":"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU", - "alg":"RS256", - "kid":"2011-04-29"} - ] - } http://git-wip-us.apache.org/repos/asf/cxf/blob/8be78044/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt b/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt deleted file mode 100644 index 5a4a839..0000000 --- a/rt/rs/security/oauth-parent/oauth2-jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/jwkPublicSet.txt +++ /dev/null @@ -1,17 +0,0 @@ -{"keys": - [ - {"kty":"EC", - "crv":"P-256", - "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", - "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", - "use":"enc", - "kid":"1"}, - - {"kty":"RSA", - "n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", - "e":"AQAB", - "alg":"RS256", - "kid":"2011-04-29"} - - ] - } \ No newline at end of file