cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Adding JweJwt helpers
Date Thu, 13 Nov 2014 15:04:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 7d1f30f76 -> 49a78e92b


Adding JweJwt helpers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49a78e92
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49a78e92
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49a78e92

Branch: refs/heads/master
Commit: 49a78e92bf89d82af62a4769b64b4dcbf62f3c27
Parents: 7d1f30f
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Nov 13 15:04:22 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Nov 13 15:04:22 2014 +0000

----------------------------------------------------------------------
 .../jose/jaxrs/JweWriterInterceptor.java        | 10 ++-
 .../jose/jwe/AbstractJweEncryption.java         | 20 +++--
 .../jose/jwe/JweEncryptionProvider.java         |  4 +-
 .../jose/jwe/JweJwtCompactConsumer.java         | 62 +++++++++++++++
 .../jose/jwe/JweJwtCompactProducer.java         | 61 +++++++++++++++
 .../cxf/rs/security/jose/jwe/JweUtils.java      | 80 +++++++++++++++++++-
 .../cxf/rs/security/jose/jwk/JwkUtils.java      | 11 ++-
 .../security/jose/jws/JwsCompactConsumer.java   |  8 ++
 .../security/jose/jws/JwsCompactProducer.java   | 19 +++--
 .../rs/security/jose/jws/JwsJsonConsumer.java   |  7 ++
 .../rs/security/jose/jws/JwsJsonProducer.java   |  7 ++
 .../jose/jws/JwsJwtCompactProducer.java         | 11 +--
 .../cxf/rs/security/jose/jwt/JwtUtils.java      | 44 +++++++++++
 13 files changed, 314 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
index a50c6a5..a80ac67 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JweWriterInterceptor.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.jose.jaxrs;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.util.Collections;
 import java.util.zip.DeflaterOutputStream;
 
 import javax.annotation.Priority;
@@ -41,6 +42,7 @@ import org.apache.cxf.rs.security.jose.JoseHeadersWriter;
 import org.apache.cxf.rs.security.jose.jwe.JweCompactProducer;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionState;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweOutputStream;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 
@@ -73,7 +75,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
         }
         
         if (useJweOutputStream) {
-            JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(ctString);
+            JweEncryptionState encryption = theEncryptionProvider.createJweEncryptionState(toJweHeaders(ctString));
             try {
                 JweCompactProducer.startJweContent(actualOs,
                                                    encryption.getHeaders(), 
@@ -99,7 +101,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
             CachedOutputStream cos = new CachedOutputStream(); 
             ctx.setOutputStream(cos);
             ctx.proceed();
-            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), ctString);
+            String jweContent = theEncryptionProvider.encrypt(cos.getBytes(), toJweHeaders(ctString));
             setJoseMediaType(ctx);
             IOUtils.copy(new ByteArrayInputStream(StringUtils.toBytesUTF8(jweContent)), 
                          actualOs);
@@ -136,5 +138,7 @@ public class JweWriterInterceptor implements WriterInterceptor {
     public void setEncryptionProvider(JweEncryptionProvider encryptionProvider) {
         this.encryptionProvider = encryptionProvider;
     }
-    
+    private static JweHeaders toJweHeaders(String ct) {
+        return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE,
ct));
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
index 9a7764c..02de81a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AbstractJweEncryption.java
@@ -91,8 +91,8 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
     protected byte[] getAAD(JweHeaders theHeaders) {
         return contentEncryptionAlgo.getAdditionalAuthenticationData(writer.headersToJson(theHeaders));
     }
-    public String encrypt(byte[] content, String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
+    public String encrypt(byte[] content, JweHeaders jweHeaders) {
+        JweEncryptionInternal state = getInternalState(jweHeaders);
         
         byte[] cipher = CryptoUtils.encryptBytes(content, createCekSecretKey(state), state.keyProps);
         
@@ -125,8 +125,8 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
         return contentEncryptionAlgo.getAlgorithm();
     }
     @Override
-    public JweEncryptionState createJweEncryptionState(String contentType) {
-        JweEncryptionInternal state = getInternalState(contentType);
+    public JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders) {
+        JweEncryptionInternal state = getInternalState(jweHeaders);
         Cipher c = CryptoUtils.initCipher(createCekSecretKey(state), state.keyProps, 
                                           Cipher.ENCRYPT_MODE);
         return new JweEncryptionState(c, 
@@ -148,7 +148,7 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
         return theCek;
     }
     
-    private JweEncryptionInternal getInternalState(String contentType) {
+    private JweEncryptionInternal getInternalState(JweHeaders jweHeaders) {
         byte[] theCek = getContentEncryptionKey();
         String contentEncryptionAlgoJavaName = Algorithm.toJavaName(headers.getContentEncryptionAlgorithm());
         KeyProperties keyProps = new KeyProperties(contentEncryptionAlgoJavaName);
@@ -160,9 +160,15 @@ public abstract class AbstractJweEncryption implements JweEncryptionProvider
{
         byte[] jweContentEncryptionKey = getEncryptedContentEncryptionKey(theCek);
         
         JweHeaders theHeaders = headers;
-        if (contentType != null) {
+        if (jweHeaders != null) {
+            if (jweHeaders.getKeyEncryptionAlgorithm() != null 
+                && !keyEncryptionAlgo.getAlgorithm().equals(jweHeaders.getKeyEncryptionAlgorithm())
+                || jweHeaders.getAlgorithm() != null 
+                    && !contentEncryptionAlgo.getAlgorithm().equals(jweHeaders.getAlgorithm()))
{
+                throw new SecurityException();
+            }
             theHeaders = new JweHeaders(theHeaders.asMap());
-            theHeaders.setContentType(contentType);
+            theHeaders.asMap().putAll(jweHeaders.asMap());
         }
         byte[] additionalEncryptionParam = getAAD(theHeaders);
         keyProps.setAdditionalData(additionalEncryptionParam);

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
index 548191b..b685a29 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweEncryptionProvider.java
@@ -21,6 +21,6 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 
 public interface JweEncryptionProvider extends JweKeyProperties {
-    String encrypt(byte[] jweContent, String contentType);
-    JweEncryptionState createJweEncryptionState(String contentType);
+    String encrypt(byte[] jweContent, JweHeaders jweHeaders);
+    JweEncryptionState createJweEncryptionState(JweHeaders jweHeaders);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
new file mode 100644
index 0000000..8f4599a
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactConsumer.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+import java.security.interfaces.RSAPrivateKey;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
+
+
+public class JweJwtCompactConsumer  {
+    private JweCompactConsumer jweConsumer;
+    private JweHeaders headers;
+    public JweJwtCompactConsumer(String content) {
+        jweConsumer = new JweCompactConsumer(content);
+        headers = jweConsumer.getJweHeaders();
+    }
+    public JwtToken decryptWith(JsonWebKey key) {
+        return decryptWith(JweUtils.createJweDecryptionProvider(key, headers.getContentEncryptionAlgorithm()));
+    }
+    public JwtToken decryptWith(RSAPrivateKey key) {
+        return decryptWith(JweUtils.createJweDecryptionProvider(key, 
+                                                                headers.getKeyEncryptionAlgorithm(),
+                                                                headers.getContentEncryptionAlgorithm()));
+    }
+    public JwtToken decryptWith(SecretKey key) {
+        return decryptWith(JweUtils.createJweDecryptionProvider(key, 
+                                                                headers.getKeyEncryptionAlgorithm(),
+                                                                headers.getContentEncryptionAlgorithm()));
+    }
+    public JwtToken decryptWith(JweDecryptionProvider jwe) {
+        byte[] bytes = jwe.decrypt(jweConsumer);
+        JwtClaims claims = new JwtTokenReaderWriter().fromJsonClaims(toString(bytes));
+        return new JwtToken(headers, claims);
+    }
+    private static String toString(byte[] bytes) {
+        try {
+            return new String(bytes, "UTF-8");
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
new file mode 100644
index 0000000..f0ce331
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweJwtCompactProducer.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwe;
+import java.security.interfaces.RSAPublicKey;
+
+import javax.crypto.SecretKey;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.jose.JoseHeaders;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
+
+
+public class JweJwtCompactProducer  {
+    private JweHeaders headers;
+    private String claimsJson;
+    public JweJwtCompactProducer(JwtToken token) {
+        this(token.getHeaders(), token.getClaims());
+    }
+    public JweJwtCompactProducer(JwtClaims claims) {
+        this(new JoseHeaders(), claims);
+    }
+    public JweJwtCompactProducer(JoseHeaders joseHeaders, JwtClaims claims) {
+        headers = new JweHeaders(joseHeaders);
+        claimsJson = JwtUtils.claimsToJson(claims, null);
+    }
+    
+    public String encryptWith(JsonWebKey key) {
+        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+        return encryptWith(jwe);
+    }
+    public String encryptWith(RSAPublicKey key) {
+        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+        return encryptWith(jwe);
+    }
+    public String encryptWith(SecretKey key) {
+        JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(key, headers);
+        return encryptWith(jwe);
+    }
+    public String encryptWith(JweEncryptionProvider jwe) {
+        return jwe.encrypt(StringUtils.toBytesUTF8(claimsJson), headers);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
index 628e234..c7a5378 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java
@@ -20,12 +20,14 @@ package org.apache.cxf.rs.security.jose.jwe;
 
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
+import java.util.Collections;
 import java.util.Properties;
 
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
@@ -58,12 +60,20 @@ public final class JweUtils {
             return encryptDirect(key, contentAlgo, content, ct);
         }
     }
+    public static String encrypt(JsonWebKey key, String contentAlgo, byte[] content, String
ct) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        return encrypt(keyEncryptionProvider, contentAlgo, content, ct);
+    }
     public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content)
{
         return encryptDirect(key, contentAlgo, content, null);
     }
     public static String encryptDirect(SecretKey key, String contentAlgo, byte[] content,
String ct) {
         JweEncryptionProvider jwe = getDirectKeyJweEncryption(key, contentAlgo);
-        return jwe.encrypt(content, ct);
+        return jwe.encrypt(content, toJweHeaders(ct));
+    }
+    public static String encryptDirect(JsonWebKey key, byte[] content, String ct) {
+        JweEncryptionProvider jwe = getDirectKeyJweEncryption(key);
+        return jwe.encrypt(content, toJweHeaders(ct));
     }
     public static byte[] decrypt(RSAPrivateKey key, String keyAlgo, String contentAlgo, String
content) {
         KeyDecryptionAlgorithm keyDecryptionProvider = getRSAKeyDecryptionAlgorithm(key,
keyAlgo);
@@ -77,10 +87,18 @@ public final class JweUtils {
             return decryptDirect(key, contentAlgo, content);
         }
     }
+    public static byte[] decrypt(JsonWebKey key, String contentAlgo, String content) {
+        KeyDecryptionAlgorithm keyDecryptionProvider = getKeyDecryptionAlgorithm(key);
+        return decrypt(keyDecryptionProvider, contentAlgo, content);
+    }
     public static byte[] decryptDirect(SecretKey key, String contentAlgo, String content)
{
         JweDecryptionProvider jwe = getDirectKeyJweDecryption(key, contentAlgo);
         return jwe.decrypt(content).getContent();
     }
+    public static byte[] decryptDirect(JsonWebKey key, String content) {
+        JweDecryptionProvider jwe = getDirectKeyJweDecryption(key);
+        return jwe.decrypt(content).getContent();
+    }
     public static KeyEncryptionAlgorithm getKeyEncryptionAlgorithm(JsonWebKey jwk) {
         return getKeyEncryptionAlgorithm(jwk, null);
     }
@@ -177,12 +195,19 @@ public final class JweUtils {
         }
         return null;
     }
+    public static DirectKeyJweEncryption getDirectKeyJweEncryption(JsonWebKey key) {
+        return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(key, key.getAlgorithm()));
+    }
     public static DirectKeyJweEncryption getDirectKeyJweEncryption(SecretKey key, String
algorithm) {
         return new DirectKeyJweEncryption(getContentEncryptionAlgorithm(key, algorithm));
     }
     public static DirectKeyJweDecryption getDirectKeyJweDecryption(SecretKey key, String
algorithm) {
         return new DirectKeyJweDecryption(key, getContentDecryptionAlgorithm(algorithm));
     }
+    public static DirectKeyJweDecryption getDirectKeyJweDecryption(JsonWebKey key) {
+        return new DirectKeyJweDecryption(JwkUtils.toSecretKey(key), 
+                                          getContentDecryptionAlgorithm(key.getAlgorithm()));
+    }
     public static JweEncryptionProvider loadEncryptionProvider(String propLoc, Message m)
{
         KeyEncryptionAlgorithm keyEncryptionProvider = null;
         String keyEncryptionAlgo = null;
@@ -242,6 +267,40 @@ public final class JweUtils {
         }
         return createJweDecryptionProvider(keyDecryptionProvider, ctDecryptionKey, contentEncryptionAlgo);
     }
+    public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key,
+                                                                    String keyAlgo,
+                                                                    String contentEncryptionAlgo,
+                                                                    String compression) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key,
keyAlgo);
+        return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo,
compression);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(RSAPublicKey key, JweHeaders
headers) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getRSAKeyEncryptionAlgorithm(key,

+                                                           headers.getKeyEncryptionAlgorithm());
+        return createJweEncryptionProvider(keyEncryptionProvider, headers);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key,
+                                                                    String keyAlgo,
+                                                                    String contentEncryptionAlgo,
+                                                                    String compression) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key,
keyAlgo);
+        return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo,
compression);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(SecretKey key, JweHeaders
headers) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getSecretKeyEncryptionAlgorithm(key,

+                                                           headers.getKeyEncryptionAlgorithm());
+        return createJweEncryptionProvider(keyEncryptionProvider, headers);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key,
+                                                                    String contentEncryptionAlgo,
+                                                                    String compression) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        return createJweEncryptionProvider(keyEncryptionProvider, contentEncryptionAlgo,
compression);
+    }
+    public static JweEncryptionProvider createJweEncryptionProvider(JsonWebKey key, JweHeaders
headers) {
+        KeyEncryptionAlgorithm keyEncryptionProvider = getKeyEncryptionAlgorithm(key);
+        return createJweEncryptionProvider(keyEncryptionProvider, headers);
+    }
     public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionAlgorithm
keyEncryptionProvider,
                                                                     String contentEncryptionAlgo,
                                                                     String compression) {
@@ -261,6 +320,20 @@ public final class JweUtils {
                                                getContentEncryptionAlgorithm(contentEncryptionAlgo));
         }
     }
+    public static JweDecryptionProvider createJweDecryptionProvider(RSAPrivateKey key,
+                                                                    String keyAlgo,
+                                                                    String contentDecryptionAlgo)
{
+        return createJweDecryptionProvider(getRSAKeyDecryptionAlgorithm(key, keyAlgo), contentDecryptionAlgo);
+    }
+    public static JweDecryptionProvider createJweDecryptionProvider(SecretKey key,
+                                                                    String keyAlgo,
+                                                                    String contentDecryptionAlgo)
{
+        return createJweDecryptionProvider(getSecretKeyDecryptionAlgorithm(key, keyAlgo),
contentDecryptionAlgo);
+    }
+    public static JweDecryptionProvider createJweDecryptionProvider(JsonWebKey key,
+                                                                    String contentDecryptionAlgo)
{
+        return createJweDecryptionProvider(getKeyDecryptionAlgorithm(key), contentDecryptionAlgo);
+    }
     public static JweDecryptionProvider createJweDecryptionProvider(KeyDecryptionAlgorithm
keyDecryptionProvider,
                                                                     String contentDecryptionAlgo)
{
         if (Algorithm.isAesCbcHmac(contentDecryptionAlgo)) { 
@@ -325,10 +398,13 @@ public final class JweUtils {
     private static String encrypt(KeyEncryptionAlgorithm keyEncryptionProvider, 
                                   String contentAlgo, byte[] content, String ct) {
         JweEncryptionProvider jwe = createJweEncryptionProvider(keyEncryptionProvider, contentAlgo,
null);
-        return jwe.encrypt(content, ct);
+        return jwe.encrypt(content, toJweHeaders(ct));
     }
     private static byte[] decrypt(KeyDecryptionAlgorithm keyDecryptionProvider, String contentAlgo,
String content) {
         JweDecryptionProvider jwe = createJweDecryptionProvider(keyDecryptionProvider, contentAlgo);
         return jwe.decrypt(content).getContent();
     }
+    private static JweHeaders toJweHeaders(String ct) {
+        return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE,
ct));
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
index 05ade0d..6d0a2fe 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkUtils.java
@@ -40,6 +40,7 @@ import org.apache.cxf.common.util.crypto.CryptoUtils;
 import org.apache.cxf.helpers.IOUtils;
 import org.apache.cxf.jaxrs.utils.ResourceUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.JoseConstants;
 import org.apache.cxf.rs.security.jose.JoseUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils;
 import org.apache.cxf.rs.security.jose.jaxrs.PrivateKeyPasswordProvider;
@@ -48,6 +49,7 @@ import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweDecryption;
 import org.apache.cxf.rs.security.jose.jwe.AesCbcHmacJweEncryption;
 import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
 import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
 import org.apache.cxf.rs.security.jose.jwe.JweUtils;
 import org.apache.cxf.rs.security.jose.jwe.KeyDecryptionAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.KeyEncryptionAlgorithm;
@@ -105,7 +107,8 @@ public final class JwkUtils {
         return encryptJwkSet(jwkSet, createDefaultEncryption(password), writer);
     }
     public static String encryptJwkSet(JsonWebKeys jwkSet, JweEncryptionProvider jwe, JwkReaderWriter
writer) {
-        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), "jwk-set+json");
+        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkSetToJson(jwkSet)), 
+                           toJweHeaders("jwk-set+json"));
     }
     public static String encryptJwkSet(JsonWebKeys jwkSet, RSAPublicKey key, String keyAlgo,
String contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
@@ -154,7 +157,8 @@ public final class JwkUtils {
         return encryptJwkKey(jwkKey, createDefaultEncryption(password), writer);
     }
     public static String encryptJwkKey(JsonWebKey jwkKey, JweEncryptionProvider jwe, JwkReaderWriter
writer) {
-        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), "jwk+json");
+        return jwe.encrypt(StringUtils.toBytesUTF8(writer.jwkToJson(jwkKey)), 
+                           toJweHeaders("jwk+json"));
     }
     public static String encryptJwkKey(JsonWebKey jwkKey, RSAPublicKey key, String keyAlgo,
String contentAlgo) {
         return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
@@ -415,4 +419,7 @@ public final class JwkUtils {
             throw new RuntimeException(ex);
         }
     }
+    private static JweHeaders toJweHeaders(String ct) {
+        return new JweHeaders(Collections.<String, Object>singletonMap(JoseConstants.HEADER_CONTENT_TYPE,
ct));
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
index f9c43da..105d895 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactConsumer.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.interfaces.RSAPublicKey;
+
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.JoseHeadersReader;
@@ -94,6 +96,12 @@ public class JwsCompactConsumer {
     public boolean verifySignatureWith(JsonWebKey key) {
         return verifySignatureWith(JwsUtils.getSignatureVerifier(key));
     }
+    public boolean verifySignatureWith(RSAPublicKey key, String algo) {
+        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+    }
+    public boolean verifySignatureWith(byte[] key, String algo) {
+        return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
+    }
     public boolean validateCriticalHeaders() {
         return JwsUtils.validateCriticalHeaders(getJoseHeaders());
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index f1413a1..b033afd 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.interfaces.RSAPrivateKey;
+
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.JoseConstants;
@@ -71,7 +73,14 @@ public class JwsCompactProducer {
     }
     
     public String signWith(JsonWebKey jwk) {
-        return signWith(JwsUtils.getSignatureProvider(jwk));
+        return signWith(JwsUtils.getSignatureProvider(jwk, headers.getAlgorithm()));
+    }
+    
+    public String signWith(RSAPrivateKey key) {
+        return signWith(JwsUtils.getRSAKeySignatureProvider(key, headers.getAlgorithm()));
+    }
+    public String signWith(byte[] key) {
+        return signWith(JwsUtils.getHmacSignatureProvider(key, headers.getAlgorithm()));
     }
     
     public String signWith(JwsSignatureProvider signer) { 
@@ -79,17 +88,15 @@ public class JwsCompactProducer {
         
         byte[] bytes = StringUtils.toBytesUTF8(getUnsignedEncodedJws());
         worker.update(bytes, 0, bytes.length);
-        signWith(worker.sign());
-        return getSignedEncodedJws();
-        
+        return setSignatureBytes(worker.sign());
     }
     
-    public String signWith(String signatureText) {
+    public String setSignatureText(String signatureText) {
         setEncodedSignature(Base64UrlUtility.encode(signatureText));
         return getSignedEncodedJws();
     }
     
-    public String signWith(byte[] signatureOctets) {
+    public String setSignatureBytes(byte[] signatureOctets) {
         setEncodedSignature(Base64UrlUtility.encode(signatureOctets));
         return getSignedEncodedJws();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
index b1d2663..90fe02a 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.interfaces.RSAPublicKey;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.LinkedList;
@@ -105,6 +106,12 @@ public class JwsJsonConsumer {
         }
         return false;
     }
+    public boolean verifySignatureWith(RSAPublicKey key, String algo) {
+        return verifySignatureWith(JwsUtils.getRSAKeySignatureVerifier(key, algo));
+    }
+    public boolean verifySignatureWith(byte[] key, String algo) {
+        return verifySignatureWith(JwsUtils.getHmacSignatureVerifier(key, algo));
+    }
     public boolean verifySignatureWith(List<JwsSignatureVerifier> validators) {
         try {
             verifyAndGetNonValidated(validators);

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
index b43dc40..5aaee71 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.interfaces.RSAPrivateKey;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
@@ -81,6 +82,12 @@ public class JwsJsonProducer {
     public String signWith(JsonWebKey jwk) {
         return signWith(JwsUtils.getSignatureProvider(jwk));
     }
+    public String signWith(RSAPrivateKey key, String algo) {
+        return signWith(JwsUtils.getRSAKeySignatureProvider(key, algo));
+    }
+    public String signWith(byte[] key, String algo) {
+        return signWith(JwsUtils.getHmacSignatureProvider(key, algo));
+    }
     public String signWith(JwsSignatureProvider signer,
                            JwsJsonProtectedHeader protectedHeader,
                            JwsJsonUnprotectedHeader unprotectedHeader) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
index bc3cc22..cbfc64c 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJwtCompactProducer.java
@@ -20,8 +20,8 @@ package org.apache.cxf.rs.security.jose.jws;
 import org.apache.cxf.rs.security.jose.JoseHeaders;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.jose.jwt.JwtTokenReaderWriter;
 import org.apache.cxf.rs.security.jose.jwt.JwtTokenWriter;
+import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
 
 
 public class JwsJwtCompactProducer extends JwsCompactProducer {
@@ -39,13 +39,8 @@ public class JwsJwtCompactProducer extends JwsCompactProducer {
         this(new JwtToken(headers, claims), w);
     }
     public JwsJwtCompactProducer(JwtToken token, JwtTokenWriter w) {
-        super(token.getHeaders(), w, serializeClaims(token.getClaims(), w));
+        super(token.getHeaders(), w, JwtUtils.claimsToJson(token.getClaims(), w));
     }
     
-    private static String serializeClaims(JwtClaims claims, JwtTokenWriter writer) {
-        if (writer == null) {
-            writer = new JwtTokenReaderWriter();
-        }
-        return writer.claimsToJson(claims);
-    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/49a78e92/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
new file mode 100644
index 0000000..30d365b
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+
+public final class JwtUtils {
+    private JwtUtils() {
+        
+    }
+    public static String claimsToJson(JwtClaims claims) {
+        return claimsToJson(claims);
+    }
+    public static String claimsToJson(JwtClaims claims, JwtTokenWriter writer) {
+        if (writer == null) {
+            writer = new JwtTokenReaderWriter();
+        }
+        return writer.claimsToJson(claims);
+    }
+    public static JwtClaims jsonToClaims(String json) {
+        return jsonToClaims(json, null);
+    }
+    public static JwtClaims jsonToClaims(String json, JwtTokenReader reader) {
+        if (reader == null) {
+            reader = new JwtTokenReaderWriter();
+        }
+        return reader.fromJsonClaims(json);
+    }
+}


Mime
View raw message